Solved Windows 7 Checking for updates but doesnt update info included

kiddk · 2011/02/24

[Resolved] Windows 7 Checking for updates but doesnt update info included

Malwarebytes log
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

2/24/2011 11:44:58 AM
mbam-log-2011-02-24 (11-44-58).txt

Scan type: Full scan (C:\|D:\|E:\|P:\|)
Objects scanned: 508245
Time elapsed: 2 hour(s), 14 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 16
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{8e9cf769-3d3b-40eb-9e2d-76e7a205e4d2} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MyWebSearchService (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@mywebsearch.com/Plugin (Adware.MyWebSearch) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files (x86)\MyWebSearch (Adware.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar (Adware.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> No action taken.

Files Infected:
C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files (x86)\ThunderSoft\Flash to Video Converter\MeSetupInfo.exe (Trojan.Downloader) -> No action taken.
C:\Program Files (x86)\Windows Live\Messenger\riched20.dll (Adware.MyWebSearch) -> No action taken.
C:\Users\Kamal\AppData\Local\Temp\CSMA5F9.tmp (Adware.RelevantKnowledge) -> No action taken.

GMER
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-02-24 14:05:12
Windows 6.1.7600
Running: 9sjzvlc6.exe

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Pro\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xF7 0x65 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x94 0x6B 0xEE 0x7D ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x6D 0xC8 0xD1 0x6C ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x6C 0x1F 0x63 0x64 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xF7 0x65 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x94 0x6B 0xEE 0x7D ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x6D 0xC8 0xD1 0x6C ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x6C 0x1F 0x63 0x64 ...

---- EOF - GMER 1.0.15 ----

MBRCHECK
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Hewlett-Packard
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP G62 Notebook PC
Logical Drives Mask: 0x000081fc

Kernel Drivers (total 256):
0x0301F000 \SystemRoot\system32\ntoskrnl.exe
0x035FB000 \SystemRoot\system32\hal.dll
0x00BBB000 \SystemRoot\system32\kdcom.dll
0x00C72000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00CB6000 \SystemRoot\system32\PSHED.dll
0x00CCA000 \SystemRoot\system32\CLFS.SYS
0x00D28000 \SystemRoot\system32\CI.dll
0x00E83000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F27000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x0109D000 \SystemRoot\System32\Drivers\spsh.sys
0x011C4000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x011CD000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x01000000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x01057000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x01061000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00F36000 \SystemRoot\system32\DRIVERS\pci.sys
0x0106E000 \SystemRoot\system32\DRIVERS\isapnp.sys
0x00F69000 \SystemRoot\system32\DRIVERS\mpio.sys
0x01077000 \SystemRoot\System32\drivers\partmgr.sys
0x0108C000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00F93000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00F9F000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00E00000 \SystemRoot\System32\drivers\volmgrx.sys
0x01095000 \SystemRoot\system32\DRIVERS\intelide.sys
0x00E5C000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00E6C000 \SystemRoot\system32\DRIVERS\aliide.sys
0x00E73000 \SystemRoot\system32\DRIVERS\amdide.sys
0x00E7A000 \SystemRoot\system32\DRIVERS\cmdide.sys
0x00FB4000 \SystemRoot\System32\drivers\mountmgr.sys
0x00FCE000 \SystemRoot\system32\DRIVERS\msdsm.sys
0x00C00000 \SystemRoot\system32\DRIVERS\nvraid.sys
0x00C29000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x00FF4000 \SystemRoot\system32\DRIVERS\pciide.sys
0x00C59000 \SystemRoot\system32\DRIVERS\viaide.sys
0x01277000 \SystemRoot\system32\DRIVERS\iaStorV.sys
0x0149F000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x015BB000 \SystemRoot\system32\DRIVERS\atapi.sys
0x015C4000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x01400000 \SystemRoot\system32\DRIVERS\lsi_sas.sys
0x0141D000 \SystemRoot\system32\DRIVERS\storport.sys
0x0147F000 \SystemRoot\system32\DRIVERS\msahci.sys
0x01395000 \SystemRoot\system32\DRIVERS\HpSAMD.sys
0x016CB000 \SystemRoot\system32\DRIVERS\adp94xx.sys
0x01746000 \SystemRoot\system32\DRIVERS\adpahci.sys
0x0179C000 \SystemRoot\system32\DRIVERS\adpu320.sys
0x017CB000 \SystemRoot\system32\DRIVERS\amdsata.sys
0x01600000 \SystemRoot\system32\DRIVERS\amdsbs.sys
0x01647000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x01652000 \SystemRoot\system32\DRIVERS\arc.sys
0x0166B000 \SystemRoot\system32\DRIVERS\arcsas.sys
0x0186F000 \SystemRoot\system32\DRIVERS\elxstor.sys
0x018F6000 \SystemRoot\system32\DRIVERS\iirsp.sys
0x01907000 \SystemRoot\system32\DRIVERS\lsi_fc.sys
0x01926000 \SystemRoot\system32\DRIVERS\lsi_sas2.sys
0x01939000 \SystemRoot\system32\DRIVERS\lsi_scsi.sys
0x01958000 \SystemRoot\system32\DRIVERS\megasas.sys
0x01ACB000 \SystemRoot\system32\DRIVERS\MegaSR.sys
0x01B6F000 \SystemRoot\system32\DRIVERS\nfrd960.sys
0x01B7F000 \SystemRoot\system32\DRIVERS\nvstor.sys
0x01C03000 \SystemRoot\system32\DRIVERS\ql2300.sys
0x01A00000 \SystemRoot\system32\DRIVERS\ql40xx.sys
0x01DA7000 \SystemRoot\system32\DRIVERS\SiSRaid2.sys
0x01DB5000 \SystemRoot\system32\DRIVERS\sisraid4.sys
0x01DCD000 \SystemRoot\system32\DRIVERS\stexstor.sys
0x01A5F000 \SystemRoot\system32\DRIVERS\vsmraid.sys
0x01BAA000 \SystemRoot\system32\drivers\fltmgr.sys
0x01DD7000 \SystemRoot\system32\drivers\fileinfo.sys
0x01A89000 \SystemRoot\sysWOW64\DRIVERS\CBUFS.sys
0x01E31000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01964000 \SystemRoot\System32\Drivers\msrpc.sys
0x01FD4000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01200000 \SystemRoot\System32\Drivers\cng.sys
0x01FEE000 \SystemRoot\System32\drivers\pcw.sys
0x01E00000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x020A4000 \SystemRoot\system32\drivers\ndis.sys
0x02196000 \SystemRoot\system32\drivers\NETIO.SYS
0x02000000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x02201000 \SystemRoot\System32\drivers\tcpip.sys
0x0202B000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x02468000 \SystemRoot\system32\DRIVERS\timntr.sys
0x02551000 \SystemRoot\system32\DRIVERS\wd.sys
0x02559000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x0268C000 \SystemRoot\system32\DRIVERS\tdrpm258.sys
0x027F8000 \SystemRoot\System32\Drivers\spldr.sys
0x02600000 \SystemRoot\system32\DRIVERS\snapman.sys
0x02644000 \SystemRoot\system32\DRIVERS\sbp2port.sys
0x025A5000 \SystemRoot\System32\drivers\rdyboost.sys
0x02661000 \SystemRoot\System32\Drivers\mup.sys
0x02673000 \SystemRoot\System32\drivers\hwpolicy.sys
0x0267C000 \SystemRoot\system32\DRIVERS\hotcore3.sys
0x02400000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x0243A000 \SystemRoot\system32\DRIVERS\disk.sys
0x02450000 \SystemRoot\system32\DRIVERS\CLBStor.sys
0x025DF000 \SystemRoot\SysWOW64\drivers\bdisk.sys
0x03B55000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x03B7F000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x03BAC000 \SystemRoot\System32\Drivers\Null.SYS
0x03BB5000 \SystemRoot\System32\Drivers\Beep.SYS
0x03BBC000 \SystemRoot\System32\drivers\vga.sys
0x03BCA000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x03BEF000 \SystemRoot\System32\drivers\watchdog.sys
0x03A00000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x03A09000 \SystemRoot\system32\drivers\rdpencdd.sys
0x03A12000 \SystemRoot\system32\drivers\rdprefmp.sys
0x03A1B000 \SystemRoot\System32\Drivers\Msfs.SYS
0x02075000 \SystemRoot\System32\Drivers\Npfs.SYS
0x02086000 \SystemRoot\system32\DRIVERS\tdx.sys
0x01E0A000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x01800000 \SystemRoot\System32\DRIVERS\netbt.sys
0x0485A000 \SystemRoot\system32\drivers\afd.sys
0x048E4000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x048ED000 \SystemRoot\system32\DRIVERS\pacer.sys
0x04913000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x04929000 \SystemRoot\system32\DRIVERS\netbios.sys
0x04955000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x04970000 \SystemRoot\System32\Drivers\Uim_IMx64.sys
0x04A20000 \SystemRoot\System32\Drivers\UimFIO.SYS
0x04A92000 \SystemRoot\system32\DRIVERS\uimx64.sys
0x04AA0000 \SystemRoot\system32\DRIVERS\termdd.sys
0x04AB4000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x04B05000 \SystemRoot\system32\drivers\nsiproxy.sys
0x04B11000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x04B1C000 \??\C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys
0x04B3A000 \SystemRoot\System32\drivers\discache.sys
0x04B49000 \SystemRoot\System32\Drivers\dfsc.sys
0x04B67000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x04B78000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x04B9E000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x05649000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x050DD000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x05000000 \SystemRoot\System32\drivers\dxgmms1.sys
0x05046000 \SystemRoot\system32\DRIVERS\HECIx64.sys
0x05057000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x05068000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x051D1000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x0523E000 \SystemRoot\system32\DRIVERS\athrx.sys
0x053C7000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x04BA3000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x053D4000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x053F2000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x05200000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x04800000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x0520F000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x05211000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x05220000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x05600000 \SystemRoot\System32\Drivers\acgb3uii.SYS
0x0522D000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x050BE000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x04A00000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x019C2000 \SystemRoot\system32\DRIVERS\scrcamhrdrv_x64.sys
0x04938000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0x01686000 \SystemRoot\system32\DRIVERS\ks.sys
0x05236000 \SystemRoot\system32\drivers\ksthunk.sys
0x013AC000 \SystemRoot\System32\Drivers\fastfat.SYS
0x04A10000 \SystemRoot\system32\drivers\ScreamingBAudio64.sys
0x05E2C000 \SystemRoot\system32\drivers\portcls.sys
0x05E69000 \SystemRoot\system32\drivers\drmk.sys
0x05E8B000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x05EA1000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x05EC5000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x05ED1000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x05F00000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x05F1B000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x05F3C000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x05F56000 \SystemRoot\system32\DRIVERS\swenum.sys
0x05F58000 \SystemRoot\system32\DRIVERS\umbus.sys
0x05F6A000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x05FC4000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x06692000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x068D5000 \SystemRoot\system32\DRIVERS\IntcDAud.sys
0x06916000 \SystemRoot\system32\DRIVERS\dc3d.sys
0x06922000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x0692B000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x06939000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x06952000 \SystemRoot\system32\DRIVERS\NuidFltr.sys
0x0695B000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x06968000 \SystemRoot\System32\Drivers\crashdmp.sys
0x03A26000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x06976000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x00040000 \SystemRoot\System32\win32k.sys
0x06989000 \SystemRoot\System32\drivers\Dxapi.sys
0x06995000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00430000 \SystemRoot\System32\TSDDD.dll
0x00610000 \SystemRoot\System32\cdd.dll
0x008B0000 \SystemRoot\System32\ATMFD.DLL
0x069A3000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x069C0000 \SystemRoot\System32\Drivers\usbvideo.sys
0x06600000 \SystemRoot\system32\drivers\luafv.sys
0x06623000 \SystemRoot\system32\drivers\WudfPf.sys
0x0303C000 \SystemRoot\System32\Drivers\CLBUDF.SYS
0x030A6000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x030C3000 \SystemRoot\system32\DRIVERS\udfs.sys
0x03118000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x03133000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x0313F000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x03154000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x031A7000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x031BA000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x04C75000 \SystemRoot\system32\drivers\HTTP.sys
0x04D3D000 \SystemRoot\system32\DRIVERS\bowser.sys
0x04D5B000 \SystemRoot\System32\drivers\mpsdrv.sys
0x04D73000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x04DA0000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x04C00000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x04C23000 \SystemRoot\system32\DRIVERS\afcdp.sys
0x04C63000 \??\C:\Program Files (x86)\ASTRA32\ASTRA64.sys
0x04C6B000 \SystemRoot\system32\DRIVERS\vwifimp.sys
0x04DEE000 \SystemRoot\system32\drivers\npf.sys
0x06A56000 \SystemRoot\system32\drivers\peauth.sys
0x06AFC000 \SystemRoot\system32\DRIVERS\MpNWMon.sys
0x06B0C000 \SystemRoot\System32\Drivers\secdrv.SYS
0x06B17000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x06B44000 \SystemRoot\System32\drivers\tcpipreg.sys
0x06B56000 \SystemRoot\System32\DRIVERS\srv2.sys
0x07213000 \SystemRoot\System32\DRIVERS\srv.sys
0x072A9000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x779E0000 \Windows\System32\ntdll.dll
0x47600000 \Windows\System32\smss.exe
0xFFD00000 \Windows\System32\apisetschema.dll
0xFFEA0000 \Windows\System32\autochk.exe
0xFFCD0000 \Windows\System32\imagehlp.dll
0xFFCB0000 \Windows\System32\sechost.dll
0x77BB0000 \Windows\System32\psapi.dll
0xFFCA0000 \Windows\System32\lpk.dll
0xFFB90000 \Windows\System32\msctf.dll
0xFFB80000 \Windows\System32\nsi.dll
0xFFAB0000 \Windows\System32\usp10.dll
0xFFA60000 \Windows\System32\Wldap32.dll
0xFFA10000 \Windows\System32\ws2_32.dll
0xFF9A0000 \Windows\System32\gdi32.dll
0xFF740000 \Windows\System32\iertutil.dll
0xFF6C0000 \Windows\System32\shlwapi.dll
0xFF620000 \Windows\System32\msvcrt.dll
0xFF4A0000 \Windows\System32\urlmon.dll
0xFF290000 \Windows\System32\ole32.dll
0xFF0B0000 \Windows\System32\setupapi.dll
0x778C0000 \Windows\System32\kernel32.dll
0x777C0000 \Windows\System32\user32.dll
0xFF010000 \Windows\System32\clbcatq.dll
0xFEF30000 \Windows\System32\advapi32.dll
0xFEF00000 \Windows\System32\imm32.dll
0xFEE60000 \Windows\System32\comdlg32.dll
0xFE0D0000 \Windows\System32\shell32.dll
0xFDFA0000 \Windows\System32\rpcrt4.dll
0xFDF20000 \Windows\System32\difxapi.dll
0xFDE40000 \Windows\System32\oleaut32.dll
0x77BA0000 \Windows\System32\normaliz.dll
0xFDD10000 \Windows\System32\wininet.dll
0xFDCA0000 \Windows\System32\KernelBase.dll
0xFDC00000 \Windows\System32\comctl32.dll
0xFDBC0000 \Windows\System32\cfgmgr32.dll
0xFDB80000 \Windows\System32\wintrust.dll
0xFDA10000 \Windows\System32\crypt32.dll
0xFD9F0000 \Windows\System32\devobj.dll
0xFD9E0000 \Windows\System32\msasn1.dll
0x76810000 \Windows\SysWOW64\normaliz.dll

Processes (total 103):
0 System Idle Process
4 System
468 C:\Windows\System32\smss.exe
688 csrss.exe
748 C:\Windows\System32\wininit.exe
768 csrss.exe
804 C:\Windows\System32\services.exe
840 C:\Windows\System32\lsass.exe
848 C:\Windows\System32\lsm.exe
956 C:\Windows\System32\svchost.exe
500 C:\Windows\System32\svchost.exe
596 C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
708 C:\Windows\System32\svchost.exe
796 C:\Windows\System32\svchost.exe
532 C:\Windows\System32\svchost.exe
1180 C:\Windows\System32\svchost.exe
1308 C:\Windows\System32\svchost.exe
1372 C:\Windows\System32\winlogon.exe
1468 C:\Windows\System32\wlanext.exe
1572 C:\Windows\System32\conhost.exe
1676 C:\Windows\System32\spoolsv.exe
1724 C:\Windows\System32\svchost.exe
1848 C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
1868 C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
1908 C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
1928 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2004 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
1128 C:\Windows\System32\svchost.exe
1280 C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
756 C:\IDrive\IDriveE Service.exe
1520 C:\Program Files (x86)\IObit\IObit Security 360\is360srv.exe
2056 C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
2100 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
2136 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
2160 C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
2192 C:\Windows\SysWOW64\NLSSRV32.EXE
2216 C:\Program Files (x86)\Digiarty\WinX DVD Author 5.5\NMSAccessU.exe
2276 C:\Program Files\Macrium\Reflect\ReflectService.exe
2432 C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2460 C:\Windows\System32\svchost.exe
2484 C:\Program Files (x86)\COMODO\COMODO BackUp\SynchronizationService.exe
2704 C:\Program Files (x86)\Winstep\WsxService.exe
2724 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2748 C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
2776 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2428 C:\Windows\System32\svchost.exe
2676 WUDFHost.exe
3144 HP1006MC.EXE
3252 C:\Windows\System32\taskhost.exe
3304 C:\Windows\System32\taskeng.exe
3376 C:\Windows\System32\dwm.exe
3416 C:\Program Files (x86)\IObit\Advanced SystemCare 3\AWC.exe
3508 C:\Windows\explorer.exe
3812 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3824 C:\Windows\System32\igfxtray.exe
3844 C:\Windows\System32\hkcmd.exe
3856 C:\Windows\System32\igfxpers.exe
3868 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
3876 C:\Program Files\Microsoft Security Essentials\msseces.exe
3976 C:\Windows\System32\igfxsrvc.exe
4012 C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe
4060 C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
3080 C:\Program Files\Windows Sidebar\sidebar.exe
3384 C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
3232 C:\Program Files (x86)\DoubleSafety\DoubleSafety.exe
4192 C:\Program Files (x86)\Start Menu 7\StartMenu7.exe
4212 C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
4436 C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
4484 C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
4492 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
4508 C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\IBurn.exe
4516 C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
4632 C:\Windows\System32\SearchIndexer.exe
4644 C:\Program Files (x86)\Visagesoft\eXPert PDF 6\vspdfprsrv.exe
4700 C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
4808 C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
4952 C:\Program Files\Windows Media Player\wmpnetwk.exe
5048 C:\Program Files (x86)\IObit\IObit Security 360\is360tray.exe
1552 C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
4320 WmiPrvSE.exe
4388 C:\Program Files (x86)\Start Menu 7\VistaHookApp.exe
5316 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
5572 C:\Program Files (x86)\Orb Networks\Orb\bin\OrbLauncher.exe
5872 C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
5956 C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
5504 C:\Windows\System32\svchost.exe
5288 C:\Program Files (x86)\Orb Networks\Orb\bin\Orb.exe
2644 dllhost.exe
6592 C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
6672 C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
6760 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
6432 C:\Program Files (x86)\IObit\IObit Security 360\is360.exe
4076 C:\Program Files (x86)\Internet Explorer\iexplore.exe
5108 C:\Program Files (x86)\Internet Explorer\iexplore.exe
3556 C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
3400 C:\Program Files (x86)\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
4912 C:\Program Files (x86)\Internet Explorer\iexplore.exe
6780 C:\Program Files (x86)\Internet Explorer\iexplore.exe
7448 C:\Windows\System32\SearchProtocolHost.exe
7784 C:\Windows\System32\audiodg.exe
7988 C:\Windows\System32\SearchFilterHost.exe
8696 C:\Users\Kamal\Desktop\MBRCheck.exe
8704 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`0c800000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000071`4ba00000 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000074`6a400000 (FAT32)
\\.\P: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS725050A9A364, Rev: PC4OC72E

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 00F471E5C35C8D3A9591C421C0281B3436BC613F

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice:

Done!

kiddk · 2011/02/24

DDS

DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by Kamal at 14:07:11.73 on Thu 02/24/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3894.1945 [GMT -5:00]

AV: Microsoft Security Essentials *Enabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: Microsoft Security Essentials *Enabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: IObit Security 360 *Disabled/Updated* {FAE2835A-B90A-9E7A-85DA-82DBDA7C1E3A}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\IDrive\IDriveE Service.exe
C:\Program Files (x86)\IObit\IObit Security 360\IS360srv.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\SysWOW64\NLSSRV32.EXE
C:\Program Files (x86)\Digiarty\WinX DVD Author 5.5\NMSAccessU.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\COMODO\COMODO BackUp\SynchronizationService.exe
C:\Program Files (x86)\Winstep\WsxService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\spool\DRIVERS\x64\3\HP1006MC.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 3\AWC.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\DoubleSafety\DoubleSafety.exe
C:\Program Files (x86)\Start Menu 7\StartMenu7.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\IBurn.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Visagesoft\eXPert PDF 6\vspdfprsrv.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\IObit\IObit Security 360\is360tray.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Start Menu 7\VistaHookApp.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files (x86)\Orb Networks\Orb\bin\Orblauncher.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Orb Networks\Orb\bin\Orb.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\IObit\IObit Security 360\is360.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files (x86)\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Kamal\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\tbFre2.dll
mURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\tbFre2.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\tbFre2.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Ript: {91d9091b-2046-42f7-903e-1215a29e21ea} - C:\Program Files (x86)\Ript\mscoree.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
TB: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\tbFre2.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [DoubleSafety] "C:\Program Files (x86)\DoubleSafety\DoubleSafety.exe" /logon
uRun: [Nexus]
uRun: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
uRun: [StartMenu7] "C:\Program Files (x86)\Start Menu 7\StartMenu7.exe "
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe "
mRun: [UpdatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" update "Software\CyberLink\PowerProducer\5.0 "
mRun: [UpdatePDRShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter "
mRun: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe "
mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [P2Go_Menu] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0 "
mRun: [InstantBurn] C:\PROGRA~2\CYBERL~1\INSTAN~1\Win2K\IBurn.exe
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe "
mRun: [vspdfprsrv.exe] C:\Program Files (x86)\Visagesoft\eXPert PDF 6\vspdfprsrv.exe --background
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
mRun: [ESDRWSTT] C:\Program Files (x86)\wGXe SOFTWARE\wGXe Data Recovery Professional\esdrwstt.exe
mRun: [IObit Security 360] "C:\Program Files (x86)\IObit\IObit Security 360\IS360tray.exe" /autostart
StartupFolder: C:\Users\Kamal\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Download with mediAvatar YouTube Video Converter - C:\Program Files (x86)\mediAvatar\YouTube Video Converter\upod_link.HTM
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Locate Spot on Map by GPS - C:\Program Files (x86)\Opanda\IExif 2.3\IExifMap.htm
IE: View Exif/GPS/IPTC with IExif - C:\Program Files (x86)\Opanda\IExif 2.3\IExifCom.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe "
mASetup: Nitro PDF Professional - cscript //B "C:\Program Files (x86)\Nitro PDF\Professional\RemoveOldAddins.vbs "
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB-X64: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
TB-X64: {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [IgfxTray] C:\Windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe
mRun-x64: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
mRun-x64: [RtkOSD] C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe
mRun-x64: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Kamal\AppData\Roaming\Mozilla\Firefox\Profiles\5oc8nszz.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: C:\Users\Kamal\AppData\Roaming\Mozilla\Firefox\Profiles\5oc8nszz.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\FFExternalAlert.dll
FF - component: C:\Users\Kamal\AppData\Roaming\Mozilla\Firefox\Profiles\5oc8nszz.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCore.dll
FF - component: C:\Users\Kamal\AppData\Roaming\Mozilla\Firefox\Profiles\5oc8nszz.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\XPATLCOM.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - %profile%\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

============= SERVICES / DRIVERS ===============

R0 CLBStor;CLBStor;C:\Windows\System32\drivers\CLBStor.sys [2010-6-25 24560]
R0 hotcore3;hc3ServiceName;C:\Windows\System32\drivers\hotcore3.sys [2010-3-10 37456]
R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);C:\Windows\System32\drivers\tdrpm258.sys [2010-6-21 1477728]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2009-12-2 173984]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-2-5 98208]
R2 afcdpsrv;Acronis Nonstop Backup service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2010-6-21 2480048]
R2 ASTRA64;ASTRA64 Kernel Driver 1.0.0.1;C:\Program Files (x86)\ASTRA32\astra64.sys [2007-2-22 21200]
R2 CLBUDF;CyberLink InstantBurn UDF Filesystem;C:\Windows\System32\drivers\CLBUDF.sys [2010-6-25 375280]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
R2 IDriveE Service;IDriveE Service;C:\IDrive\IDriveE Service.exe [2011-1-1 148936]
R2 IS360service;IS360service;C:\Program Files (x86)\IObit\IObit Security 360\is360srv.exe [2010-7-10 312152]
R2 nlsX86cc;NLS Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2010-2-2 65856]
R2 ReflectService;Macrium Reflect Image Mounting Service;C:\Program Files\Macrium\Reflect\ReflectService.exe [2010-3-17 301024]
R2 RtVOsdService;RtVOsdService Installer;C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [2010-4-19 315392]
R2 SynchronizationService.exe;Comodo BackUp Service;C:\Program Files (x86)\COMODO\COMODO BackUp\SynchronizationService.exe [2010-1-7 1143032]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-2-5 2320920]
R2 Winstep Xtreme Service;Winstep Xtreme Service;C:\Program Files (x86)\Winstep\WsxService --> C:\Program Files (x86)\Winstep\WsxService [?]
R3 afcdp;afcdp;C:\Windows\System32\drivers\afcdp.sys [2010-6-21 252512]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-1-15 227896]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2009-10-30 244736]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2009-12-2 40832]
R3 PCWinSoft;ScreenCamera HR;C:\Windows\System32\drivers\scrcamhrdrv_x64.sys [2011-1-31 243216]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-10-19 347680]
R3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\System32\drivers\ScreamingBAudio64.sys [2009-12-1 38992]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
S1 SASDIFSV;SASDIFSV;C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS [2009-10-12 12872]
S1 SASKUTIL;SASKUTIL;C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS [2009-10-12 67656]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-22 136176]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\drivers\ssadadb.sys [2009-9-4 36256]
S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2010-9-2 16776]
S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2010-9-2 9096]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-10-19 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-22 1493352]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 NMgamingmsFltr;USB Optical Mouse;C:\Windows\System32\drivers\NMgamingms.sys [2009-7-24 11264]
S3 Paragon System Backup Service;Paragon System Backup Service;C:\Program Files (x86)\Paragon Software\System Backup 9.5\program\dbhservice.exe [2010-5-6 150096]
S3 pnetmdm;PdaNet Modem;C:\Windows\System32\drivers\pnetmdm64.sys [2010-4-26 17920]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-2-5 225280]
S3 SASENUM;SASENUM;C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS [2009-10-12 12872]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2009-9-11 116224]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2009-9-11 18944]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2009-9-11 157696]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-9-28 51712]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-14 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

=============== Created Last 30 ================

2011-02-23 23:41:24 -------- d-----w- C:\Windows\pss
2011-02-22 16:41:51 7844688 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{3DF327C9-D088-43F3-962F-30B581BD9B74}\mpengine.dll
2011-02-22 16:35:25 -------- d-----w- C:\Program Files (x86)\ThunderSoft
2011-02-20 14:43:49 -------- d-----w- C:\Users\Kamal\AppData\Local\Deployment
2011-02-19 21:52:36 -------- d-----w- C:\Program Files (x86)\ZW Photo Printer
2011-02-18 22:06:50 -------- d-----w- C:\Windows\SysWow64\directx
2011-02-18 22:05:32 -------- d-----w- C:\Program Files (x86)\Telltale Games
2011-02-18 13:40:31 -------- d-----w- C:\PROGRA~3\Aiseesoft Total Media Converter
2011-02-16 21:57:13 -------- d-----w- C:\Users\Kamal\AppData\Roaming\SuperEasy
2011-02-16 21:56:47 -------- d-----w- C:\Program Files (x86)\SuperEasy Software
2011-02-15 16:04:17 -------- d-----w- C:\PROGRA~3\{23D58E70-3B83-4B83-A227-68770F84F5EC}
2011-02-14 21:39:33 -------- d-----w- C:\Users\Kamal\AppData\Roaming\FastStone
2011-02-14 21:39:29 -------- d-----w- C:\Program Files (x86)\FastStone Capture
2011-02-14 21:34:36 -------- d-----w- C:\Program Files (x86)\Wisdom-soft ScreenHunter 5 Free
2011-02-14 14:16:00 -------- d-----w- C:\PROGRA~3\Licenses
2011-02-14 14:15:50 -------- d-----w- C:\PROGRA~3\CDRWIN 8
2011-02-14 13:59:55 -------- d-----w- C:\Program Files (x86)\CDRWIN 8
2011-02-13 16:31:34 -------- d-----w- C:\Users\Kamal\AppData\Local\Amazon
2011-02-11 14:14:32 364544 ----a-w- C:\Windows\SysWow64\prScrCamFXControls.ocx
2011-02-08 21:33:47 -------- d-----w- C:\Program Files (x86)\ReadWrite Arabic
2011-02-08 21:31:18 -------- d-----w- C:\Program Files (x86)\Declan's Arabic FlashCards
2011-02-07 13:52:11 -------- d-----w- C:\Users\Kamal\AppData\Roaming\Sound Editor Deluxe
2011-02-07 13:51:24 417792 ----a-w- C:\Windows\SysWow64\NCTTextToAudio2.dll
2011-02-07 13:51:23 880640 ----a-w- C:\Windows\SysWow64\NCTAudioEditor2.dll
2011-02-07 13:51:23 602112 ----a-w- C:\Windows\SysWow64\NCTAudioTransform2.dll
2011-02-07 13:51:23 479232 ----a-w- C:\Windows\SysWow64\NCTAudioVisualization2.dll
2011-02-07 13:51:23 2084864 ----a-w- C:\Windows\SysWow64\NCTAudioDesign2.dll
2011-02-07 13:51:21 -------- d-----w- C:\Program Files (x86)\Sound Editor Deluxe
2011-02-05 15:01:16 -------- d-----w- C:\Users\Kamal\AppData\Roaming\Binary Fortress Software
2011-02-05 15:01:04 -------- d-----w- C:\Program Files (x86)\iTunes Sync
2011-02-03 13:51:48 -------- d-----w- C:\Program Files (x86)\Audio Recorder
2011-02-01 13:59:21 -------- d-----w- C:\Program Files (x86)\Common Files\iSpring Solutions
2011-02-01 13:59:20 -------- d-----w- C:\Program Files (x86)\iSpring
2011-01-31 20:05:47 243216 ----a-w- C:\Windows\System32\drivers\scrcamhrdrv_x64.sys
2011-01-30 19:57:00 103864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2011-01-30 19:57:00 103864 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2011-01-27 13:50:32 -------- d-----w- C:\Program Files (x86)\DVDFab 8

==================== Find3M ====================

2011-02-05 13:50:14 53248 ----a-w- C:\Windows\SysWow64\BSwitch.ax
2011-01-21 17:30:06 311296 ----a-w- C:\Windows\SysWow64\EMRegSys.dll
2011-01-17 15:49:26 18420224 ----a-w- C:\Pixo.msi
2010-12-22 11:36:40 73728 ----a-w- C:\Windows\SysWow64\TOverlay.ax
2010-12-20 16:21:14 1302528 ----a-w- C:\Windows\SysWow64\IDriveEService.dll
2010-11-29 22:38:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2010-11-29 22:38:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts

============= FINISH: 14:07:57.09 ===============
ATTACH

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 3/10/2010 12:52:37 PM
System Uptime: 2/24/2011 1:20:12 PM (1 hours ago)

Motherboard: Hewlett-Packard | | 1425
Processor: Intel(R) Core(TM) i3 CPU M 330 @ 2.13GHz | CPU | 2133/1066mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 453 GiB total, 220.341 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 2.079 GiB free.
E: is FIXED (FAT32) - 0 GiB total, 0.093 GiB free.
F: is CDROM ()
G: is CDROM ()
H: is CDROM ()
I: is Removable
P: is FIXED (NTFS) - 0 GiB total, 0.153 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

1AVCenter version 2.2.7.21
2007 Microsoft Office Suite Service Pack 2 (SP2)
3D Ebook Cover 1.0
3D Text 1.00
3DVIA player 5.0
7-Zip 4.65
Absolute Audio Converter 4.1
Acrobat.com
Acronis True Image Home
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.2 MUI
Adobe Shockwave Player
Advanced SystemCare 3
Advertising Center
Aimersoft Video Converter Std(Build 4.0.2.0)
Aiseesoft Blu-ray Ripper
Aiseesoft MP4 Converter Suite
Aiseesoft Streaming Video Recorder
Aiseesoft Total Media Converter 5.2.30
Aiseesoft Total Video Converter
All My Books 1.9 FULL for GOTD
AllMedia Grabber
AllMySongs Database
Almeza MultiSet Professional 7.8.1
Amazon Kindle For PC
Amazon MP3 Downloader 1.0.10
Aneesoft Flash Gallery Classic GOTD Edition
Apple Application Support
Apple Software Update
Artensoft Photo Mosaic Wizard
Ashampoo Burning Studio 2010 Advanced
Ashampoo Home Designer1.0.0
Ashampoo Photo Commander 7.40
ASTRA32 - Advanced System Information Tool 2.08
Astroburn Pro
Atheros Driver Installation Program
Atmosphere Lite Plus v6.0
Audible Download Manager
AudibleManager
Audio Recorder 1.5
Audio Speed Changer Pro 1.2
AV MP3 Player-Morpher
Avanquest update
Back to the Future The Game - Episode 1
BitComet 1.21
Boxoft Screen OCR 1.2.1
BurnAware Free 3.0.1
BurnOn CD&DVD, Version 3.1.3 ( Build 2009-2-22, Win32, )
BurnPro Version 5.1.1
Canon RAW Codec
CardRecovery 5.30
CCleaner
CDRWIN 8
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Cleanse Uninstaller Pro 6.5
Codec Checker
COMODO BackUp
Compatibility Pack for the 2007 Office system
CopyTrans Suite Remove Only
CoverCreator 4.2
CyberLink DVD Suite
CyberLink InstantBurn
CyberLink LabelPrint
CyberLink MediaShow
CyberLink PhotoNow
CyberLink Power2Go
CyberLink PowerBackup
CyberLink PowerDirector
CyberLink PowerDVD 8
CyberLink PowerDVD Copy
CyberLink PowerProducer
CyberLink YouCam
D3DX10
Daniusoft DVD Creator(Build 1.5.1.25)
Declan's Arabic FlashCards v1.6
Dell Driver Download Manager
Digital Physiognomy (remove only)
DoubleSafety
Dr Paper 4
Dragon NaturallySpeaking 10
Driver Magician 3.5
Dropbox
DVD Flick 1.3.0.7
DVDFab 8.0.7.2 (26/01/2011)
EarthSoft Audio Jukebox 1.0.0
EASEUS Partition Master 6.1.1 Professional
Easy Photo Sorter version 2.6
easyQuizzy 1.8
EndNote X4
Epson Print CD
ESU for Microsoft Windows 7
ExeIcon.com 3D Box Maker (remove only)
eXPert PDF 6
FastStone Capture 5.3
FastStone Image Viewer 4.1
FastStone Photo Resizer 2.8
Film Factory
Flash Video Capture 4.2.0 build 4557
Focus CD Cover Maker 1.9
FormatFactory
FormatFactory 2.30
Foxonic Professional 4.0 (build 0077)
Freecorder 4.02 Application
Freecorder Toolbar
GameTap Web Player
Google Earth
Google Update Helper
Handbrake 0.9.4
HP Advisor
HP Customer Experience Enhancements
HP Games
HP Product Detection
HP Quick Launch Buttons
HP Setup
HP Support Assistant
HP Update
HP User Guides
HP Wireless Assistant
HPAsset component for HP Active Support Library
iCare Data Recovery 4.1
iCare Format Recovery Software1.2
IDrive version 3.3.4 December 29, 2010
ImageConverter Plus 8.0
ImagXpress
InfraRecorder
Inpaint 2.4
Inpaint 3.0
Intel AppUp(SM) center
Intel(R) Control Center
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Components
Internet TV for Windows Media Center
IObit Security 360
iPhone Video Converter Factory Pro
ISOBuddy
iSpring Presenter 5
iToolSoft PPT To Video V3.1.1.2
iTunes Sync 1.5.1
Java Auto Updater
Java(TM) 6 Update 20
JPG2PDF 2.2
Junk Mail filter update
LeapFrog Connect
LeapFrog Leapster2 Plugin
LightScribe Applications
LightScribe System Software
LightScribe Template Labeler
Magic Collage
Malwarebytes' Anti-Malware
MAXA Security Tools 2.2
MediaMonkey 3.2
mediAvatar DVD Converter
mediAvatar HD Video Converter
mediAvatar YouTube Video Converter
Mendeley Desktop 0.9.7.1
Merge Version 2.1
Mesh Runtime
Microsoft Live Search Toolbar
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Primary Interoperability Assemblies 2005
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Works
MKV Converter Studio V2.0.1
MorphVOX Junior
Mozilla Firefox (3.6.13)
Mp3tag v2.46a
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music Making
MusicBrainz Picard
muvee Reveal
MX-700 Editor
Nature Illusion Studio
Ncesoft Flip Book Maker 2.3.1
NEF Codec
neroxml
Nexus Ultimate 10.7
Norton Online Backup
Opanda IExif 2.3
Opanda PowerExif 1.2 Professional Trial
Orb
Orb Runtime libraries
Paragon Backup & Recovery™ 10 Home Special Edition
Paragon Partition Manager™ 11 SE Personal
Paragon System Backup 9.5
PCHand Media Converter Pro 1.2.0.0
PCHand Screen Capture 1.8.0.2
PCHand Screen Recorder 1.8.5.4
PDF OCR 4.0
PDFZilla V1.2.9
Photo Magician Converter 1.0.0.5
PhotoFilter 1.0
PicPick
Picture Collage Maker Pro 2.2.8
Pixo
QLBCASL
Quick Image Resizer 2.7.1
QuickTime
ReadWrite Arabic version 1.3
RealPlayer
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
RealUpgrade 1.0
Recovery Manager
ResearchSoft Direct Export Helper
Ript
SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
SAMSUNG USB Driver for Mobile Phones V5.2.0.0
SamsungSimpleDL
Scanitto Pro
ScreenCamera version 2.2.3.11
Security Update for 2007 Microsoft Office System (KB2277947)
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB2288953)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2251419)
SimplyGoodPictures
Simpo Word to PDF 2.0.0.5
SIW version 2010.03.11
SmartWebPrinting
SnagIt Screen Capture Plugin for Windows Live Writer
SnowFox DVD Ripper 1.7.0.3
SnowFox Total Video Converter 2.8.1.1
Sound Editor Deluxe v6.0.1
Start Menu 7 3.84
SUPERAntiSpyware Free Edition
TagScanner 5.1 build 594
ThunderSoft Flash to Video Converter (1.1.5.1)
Total Screen Recorder Gold 1.5
Ultima Steganography 1.1
UltraISO Premium V9.36
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb2291599)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster2 Plugin)
UseNeXT
Virtual Audio Streaming 1.0
Visual C++ 8.0 Runtime Setup Package (x64)
Web Page Maker V3.21
wGXe Data Recovery Professional
Windows 7 USB/DVD Download Tool
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Center Add-in for Flash
WinPcap 4.1.2
WinRAR archiver
WinUtilities 9.66 Pro
WinX Cell Phone Video Converter 4.0
WinX DVD Author 5.5.1
WinX HD Video Converter Deluxe 3.7
WinZip 12.1
Wondershare DemoCreator (Build 3.0.6)
Wondershare DVD Ripper Platinum(Build 4.4.2.0)
Wondershare DVD Slideshow Builder Standard(Build 6.0.4.25)
Wondershare Flash Gallery Factory Standard 4.8.0.1
Wondershare Photo Collage Studio 4.2.13.3
Wondershare PPT2Video Pro 6.1.8
Xilisoft DVD Ripper Ultimate
Xilisoft HD Video Converter 6
xVideoServiceThief
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Mail Advisor
Yahoo! Software Update
Yahoo! Toolbar
Your monster voice 1
Youtube Music Downloader V3.2
Zortam Mp3 Media Studio 11.10
ZW Photo Printer 2.0

==== Event Viewer Messages From Past Week ========

2/24/2011 9:24:21 AM, Error: Service Control Manager [7000] - The My Web Search Service service failed to start due to the following error: The system cannot find the file specified.
2/24/2011 11:57:18 AM, Error: Service Control Manager [7034] - The Acronis Nonstop Backup service service terminated unexpectedly. It has done this 1 time(s).
2/24/2011 1:36:56 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.97.2310.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6502.0 Error code: 0x80248007 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
2/24/2011 1:36:44 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.97.2310.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6502.0 Error code: 0x80248007 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
2/24/2011 1:34:55 PM, Error: Service Control Manager [7000] - The SASKUTIL service failed to start due to the following error: This driver has been blocked from loading
2/24/2011 1:34:55 PM, Error: Application Popup [1060] - \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
2/24/2011 1:34:52 PM, Error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: This driver has been blocked from loading
2/24/2011 1:34:52 PM, Error: Application Popup [1060] - \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
2/24/2011 1:20:40 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASDIFSV SASKUTIL
2/24/2011 1:20:32 PM, Error: Service Control Manager [7000] - The Nero BackItUp Scheduler 4.0 service failed to start due to the following error: The system cannot find the file specified.
2/23/2011 9:04:44 AM, Error: Microsoft-Windows-BitLocker-Driver [24620] - Encrypted volume check: Volume information on \\?\Volume{a4f2e953-3dc4-11e0-b850-00269ef85b05} cannot be read.
2/23/2011 9:00:50 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.
2/23/2011 5:45:32 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004
2/23/2011 5:45:21 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Paragon System Backup Service service.
2/23/2011 5:14:06 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: D@01010004
2/23/2011 4:57:50 PM, Error: Virtual Disk Service [9] - Unexpected provider failure. Restarting the service may fix the problem. Error code: 80004005@02000014
2/23/2011 4:50:49 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR8.
2/23/2011 4:46:55 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.97.2310.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6502.0 Error code: 0x80248007 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
2/23/2011 4:36:50 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR3.
2/22/2011 11:41:33 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.97.1877.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6502.0 Error code: 0x80248007 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
2/21/2011 11:00:25 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.97.1877.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6502.0 Error code: 0x80248007 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
2/20/2011 9:39:24 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.97.1877.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6502.0 Error code: 0x80248007 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
2/20/2011 9:13:53 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR6.
2/20/2011 7:06:41 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR3.
2/20/2011 6:10:57 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer KID-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{C56154F1-0F3F-4AF1-AC8C-D3E6BA4081CB}. The master browser is stopping or an election is being forced.
2/19/2011 9:17:38 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.97.1877.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6502.0 Error code: 0x80248007 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
2/17/2011 8:00:07 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.97.1877.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6502.0 Error code: 0x80248007 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

==== End Of File ===========================

broni · 2011/02/24

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running tools or applying updates other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

================================================================

Your Malwarebytes log says "No action taken" after each line.
Rerun it, FIX all issues and post new log.

When done....

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

kiddk · 2011/02/24

malwarebytes asked me to "remove selected" when i was finished and I did, dont know why it says no action taken. maybe I saved the log before hand? I will go ahead and do what you suggested above and post.

broni · 2011/02/24

Ok...

kiddk · 2011/02/25

Combo fix log

ComboFix 11-02-24.05 - Kamal 02/25/2011 14:31:44.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3894.2048 [GMT -5:00]
Running from: c:\users\Kamal\Desktop\ComboFix.exe
SP: IObit Security 360 *Disabled/Updated* {FAE2835A-B90A-9E7A-85DA-82DBDA7C1E3A}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files (x86)\Visagesoft\eXPert PDF 6\vspdfprsrv.exe
c:\users\Kamal\AppData\Roaming\EurekaLog

.
((((((((((((((((((((((((( Files Created from 2011-01-25 to 2011-02-25 )))))))))))))))))))))))))))))))
.

2011-02-25 19:23 . 2011-02-25 19:23 -------- d-----w- c:\users\Kamal\AppData\Roaming\HPAppData
2011-02-22 16:35 . 2011-02-22 16:35 -------- d-----w- c:\program files (x86)\ThunderSoft
2011-02-20 14:43 . 2011-02-20 14:46 -------- d-----w- c:\users\Kamal\AppData\Local\Deployment
2011-02-19 21:52 . 2011-02-19 21:52 -------- d-----w- c:\program files (x86)\ZW Photo Printer
2011-02-18 22:05 . 2011-02-18 22:05 -------- d-----w- c:\program files (x86)\Telltale Games
2011-02-18 13:40 . 2011-02-18 13:40 -------- d-----w- c:\programdata\Aiseesoft Total Media Converter
2011-02-16 21:57 . 2011-02-16 21:57 -------- d-----w- c:\users\Kamal\AppData\Roaming\SuperEasy
2011-02-16 21:56 . 2011-02-16 21:56 -------- d-----w- c:\program files (x86)\SuperEasy Software
2011-02-15 16:04 . 2011-02-15 16:04 -------- d-----w- c:\programdata\{23D58E70-3B83-4B83-A227-68770F84F5EC}
2011-02-14 21:39 . 2011-02-14 21:39 -------- d-----w- c:\users\Kamal\AppData\Roaming\FastStone
2011-02-14 21:39 . 2011-02-14 21:39 -------- d-----w- c:\program files (x86)\FastStone Capture
2011-02-14 21:34 . 2011-02-20 15:28 -------- d-----w- c:\program files (x86)\Wisdom-soft ScreenHunter 5 Free
2011-02-14 14:16 . 2011-02-14 14:16 -------- d-----w- c:\programdata\Licenses
2011-02-14 14:15 . 2011-02-14 14:16 -------- d-----w- c:\programdata\CDRWIN 8
2011-02-14 13:59 . 2011-02-14 14:15 -------- d-----w- c:\program files (x86)\CDRWIN 8
2011-02-13 16:31 . 2011-02-13 16:31 -------- d-----w- c:\users\Kamal\AppData\Local\Amazon
2011-02-11 14:14 . 2011-02-03 20:34 364544 ----a-w- c:\windows\SysWow64\prScrCamFXControls.ocx
2011-02-08 21:33 . 2011-02-08 21:33 -------- d-----w- c:\program files (x86)\ReadWrite Arabic
2011-02-08 21:31 . 2011-02-08 21:31 -------- d-----w- c:\program files (x86)\Declan's Arabic FlashCards
2011-02-07 13:52 . 2011-02-07 13:54 -------- d-----w- c:\users\Kamal\AppData\Roaming\Sound Editor Deluxe
2011-02-07 13:51 . 2005-03-28 20:52 417792 ----a-w- c:\windows\SysWow64\NCTTextToAudio2.dll
2011-02-07 13:51 . 2005-04-15 17:08 880640 ----a-w- c:\windows\SysWow64\NCTAudioEditor2.dll
2011-02-07 13:51 . 2005-04-04 22:21 602112 ----a-w- c:\windows\SysWow64\NCTAudioTransform2.dll
2011-02-07 13:51 . 2005-03-29 12:57 2084864 ----a-w- c:\windows\SysWow64\NCTAudioDesign2.dll
2011-02-07 13:51 . 2005-03-28 20:54 479232 ----a-w- c:\windows\SysWow64\NCTAudioVisualization2.dll
2011-02-07 13:51 . 2011-02-07 13:51 -------- d-----w- c:\program files (x86)\Sound Editor Deluxe
2011-02-05 15:01 . 2011-02-05 15:01 -------- d-----w- c:\users\Kamal\AppData\Roaming\Binary Fortress Software
2011-02-05 15:01 . 2011-02-05 15:01 -------- d-----w- c:\program files (x86)\iTunes Sync
2011-02-03 13:51 . 2011-02-03 13:52 -------- d-----w- c:\program files (x86)\Audio Recorder
2011-02-01 13:59 . 2011-02-01 13:59 -------- d-----w- c:\program files (x86)\Common Files\iSpring Solutions
2011-02-01 13:59 . 2011-02-01 13:59 -------- d-----w- c:\program files (x86)\iSpring
2011-01-31 20:05 . 2010-11-15 12:15 243216 ----a-w- c:\windows\system32\drivers\scrcamhrdrv_x64.sys
2011-01-30 19:57 . 2011-01-30 19:57 103864 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2011-01-30 19:57 . 2011-01-30 19:57 103864 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2011-01-27 13:50 . 2011-01-27 13:50 -------- d-----w- c:\program files (x86)\DVDFab 8

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-05 13:50 . 2010-06-05 12:42 53248 ----a-w- c:\windows\SysWow64\BSwitch.ax
2011-01-21 17:30 . 2011-01-21 17:30 311296 ----a-w- c:\windows\SysWow64\EMRegSys.dll
2011-01-17 15:49 . 2011-01-18 13:59 18420224 ----a-w- C:\Pixo.msi
2010-12-22 11:36 . 2010-04-13 13:08 73728 ----a-w- c:\windows\SysWow64\TOverlay.ax
2010-12-20 16:21 . 2011-01-01 21:26 1302528 ----a-w- c:\windows\SysWow64\IDriveEService.dll
2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612} "= "c:\program files (x86)\Freecorder\tbFre2.dll" [2010-10-18 3908192]

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
2010-10-18 10:26 3908192 ----a-w- c:\program files (x86)\Freecorder\tbFre2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612} "= "c:\program files (x86)\Freecorder\tbFre2.dll" [2010-10-18 3908192]

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@= "{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Kamal\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@= "{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Kamal\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@= "{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Kamal\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware "= "c:\program files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-02-24 2423752]
"Sidebar "= "c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"msnmsgr "= "c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-09-23 4240760]
"LightScribe Control Panel "= "c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-06-16 2736128]
"DoubleSafety "= "c:\program files (x86)\DoubleSafety\DoubleSafety.exe" [2010-04-21 3238912]
"ISUSPM Startup "= "c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"StartMenu7 "= "c:\program files (x86)\Start Menu 7\StartMenu7.exe" [2010-10-18 2754448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update "= "c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"GrooveMonitor "= "c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"UpdatePPShortCut "= "c:\program files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"UpdatePDRShortCut "= "c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-30 210216]
"RemoteControl8 "= "c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-21 83240]
"QlbCtrl.exe "= "c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 323640]
"P2Go_Menu "= "c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"InstantBurn "= "c:\progra~2\CYBERL~1\INSTAN~1\Win2K\IBurn.exe" [2007-10-26 681256]
"CLMLServer "= "c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2008-07-18 104936]
"WirelessAssistant "= "c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-05-20 500792]
"TkBellExe "= "c:\program files (x86)\Common Files\Real\Update_OB\realsched.exe" [2010-08-14 202256]
"ESDRWSTT "= "c:\program files (x86)\wGXe SOFTWARE\wGXe Data Recovery Professional\esdrwstt.exe" [2009-12-16 217088]
"IObit Security 360 "= "c:\program files (x86)\IObit\IObit Security 360\IS360tray.exe" [2010-06-11 1280344]

c:\users\Kamal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin "= 0 (0x0)
"ConsentPromptBehaviorUser "= 3 (0x3)
"EnableLUA "= 0 (0x0)
"EnableUIADesktopToggle "= 0 (0x0)
"PromptOnSecureDesktop "= 0 (0x0)

[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files (x86)\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files (x86)\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@= "Driver "

R1 SASDIFSV;SASDIFSV;c:\program files (x86)\SUPERAntiSpyware\SASDIFSV.SYS [2010-04-01 12872]
R1 SASKUTIL;SASKUTIL;c:\program files (x86)\SUPERAntiSpyware\SASKUTIL.sys [2010-06-22 67656]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-22 136176]
R2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-04-19 315392]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2009-09-04 36256]
R3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-07-15 16776]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-07-15 9096]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 NMgamingmsFltr;USB Optical Mouse;c:\windows\system32\drivers\NMgamingms.sys [2009-07-24 11264]
R3 Paragon System Backup Service;Paragon System Backup Service;c:\program files (x86)\Paragon Software\System Backup 9.5\program\dbhservice.exe [2010-05-06 150096]
R3 pnetmdm;PdaNet Modem;c:\windows\system32\DRIVERS\pnetmdm64.sys [2007-03-07 17920]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-23 225280]
R3 SASENUM;SASENUM;c:\program files (x86)\SUPERAntiSpyware\SASENUM.SYS [2010-04-01 12872]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2009-09-11 116224]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2009-09-11 18944]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2009-09-11 157696]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-09-28 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-14 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 bdisk;C.O.M.O.D.O. Disk Raw Access Filter;c:\windows\SysWOW64\drivers\bdisk.sys [2010-01-07 74328]
S0 CBUfs;CBUfs;c:\windows\sysWOW64\DRIVERS\CBUFS.sys [2010-01-07 140760]
S0 CLBStor;CLBStor;c:\windows\system32\DRIVERS\CLBStor.sys [2007-10-26 24560]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [2010-09-03 37456]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-06-17 828912]
S0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\DRIVERS\tdrpm258.sys [2010-06-21 1477728]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2010-06-21 2480048]
S2 ASTRA64;ASTRA64 Kernel Driver 1.0.0.1;c:\program files (x86)\ASTRA32\ASTRA64.sys [2007-02-22 21200]
S2 CLBUDF;CyberLink InstantBurn UDF Filesystem; [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
S2 IDriveE Service;IDriveE Service;c:\idrive\IDriveE Service.exe [2010-12-21 148936]
S2 IS360service;IS360service;c:\program files (x86)\IObit\IObit Security 360\IS360srv.exe [2010-06-11 312152]
S2 nlsX86cc;NLS Service;c:\windows\SysWOW64\NLSSRV32.EXE [2010-02-02 65856]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]
S2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [2010-03-17 301024]
S2 SynchronizationService.exe;Comodo BackUp Service;c:\program files (x86)\COMODO\COMODO BackUp\SynchronizationService.exe [2010-01-07 1143032]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
S2 Winstep Xtreme Service;Winstep Xtreme Service;c:\program files (x86)\Winstep\WsxService [x]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2010-06-21 252512]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896]
S3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [2009-11-04 22528]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2009-10-30 244736]
S3 PCWinSoft;ScreenCamera HR;c:\windows\system32\DRIVERS\scrcamhrdrv_x64.sys [2010-11-15 243216]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-10-19 347680]
S3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [2009-12-01 38992]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-06-16 17:38 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2011-02-25 c:\windows\Tasks\AWC Startup.job
- c:\program files (x86)\IObit\Advanced SystemCare 3\AWC.exe [2010-05-16 18:54]

2011-02-25 c:\windows\Tasks\AWC Update.job
- c:\program files (x86)\IObit\Advanced SystemCare 3\IObitUpdate.exe [2010-05-16 17:38]

2011-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-22 23:20]

2011-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-22 23:20]

2011-02-23 c:\windows\Tasks\HPCeeScheduleForKamal.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 12:22]
.

--------- x86-64 -----------

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@= "{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 97792 ----a-w- c:\users\Kamal\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@= "{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 97792 ----a-w- c:\users\Kamal\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@= "{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 97792 ----a-w- c:\users\Kamal\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2010-03-17 166424]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2010-03-17 390680]
"Persistence "= "c:\windows\system32\igfxpers.exe" [2010-03-17 410136]
"RtkOSD "= "c:\program files (x86)\Realtek\Audio\OSD\RtVOsd64.exe" [2010-07-07 995840]
"RTHDVCPL "= "c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-10-19 6245408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs "=0x1
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Download with mediAvatar YouTube Video Converter - c:\program files (x86)\mediAvatar\YouTube Video Converter\upod_link.HTM
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Locate Spot on Map by GPS - c:\program files (x86)\Opanda\IExif 2.3\IExifMap.htm
IE: View Exif/GPS/IPTC with IExif - c:\program files (x86)\Opanda\IExif 2.3\IExifCom.htm
DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab
FF - ProfilePath - c:\users\Kamal\AppData\Roaming\Mozilla\Firefox\Profiles\5oc8nszz.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - %profile%\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
.
- - - - ORPHANS REMOVED - - - -

Wow6432Node-HKCU-Run-Nexus - (no file)
Wow6432Node-HKLM-Run-vspdfprsrv.exe - c:\program files (x86)\Visagesoft\eXPert PDF 6\vspdfprsrv.exe
HKLM_Wow6432Node-ActiveSetup-Nitro PDF Professional - (no file)
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
WebBrowser-{1392B8D2-5C05-419F-A8F6-B9F15A596612} - (no file)
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Yahoo! Mail - c:\windows\system32\regsvr32
AddRemove-YInstHelper - c:\windows\system32\regsvr32
AddRemove-{08DB3902-2CE0-474D-BCE3-0177766CE9F1} - c:\program files (x86)\InstallShield Installation Information\{08DB3902-2CE0-474D-BCE3-0177766CE9F1}\setup.exe
AddRemove-{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA} - c:\program files (x86)\Intel\Intel(R) Graphics Media Accelerator Driver\Uninstall\setup.exe
AddRemove-{F8A9085D-4C7A-41a9-8A77-C8998A96C421} - c:\program files (x86)\Intel\Intel Control Center\uninstaller\SetupICC.exe

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winstep Xtreme Service]
"ImagePath "= "c:\program files (x86)\Winstep\WsxService "
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,78,a8,2e,69,82,57,6e,43,a3,c2,b2,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,78,a8,2e,69,82,57,6e,43,a3,c2,b2,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled "=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@= "Shockwave Flash Object "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx "
"ThreadingModel "= "Apartment "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@= "ShockwaveFlash.ShockwaveFlash.10 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@= "{D27CDB6B-AE6D-11cf-96B8-444553540000} "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@= "1.0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@= "ShockwaveFlash.ShockwaveFlash "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@= "Macromedia Flash Factory Object "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx "
"ThreadingModel "= "Apartment "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@= "FlashFactory.FlashFactory.1 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@= "{D27CDB6B-AE6D-11cf-96B8-444553540000} "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@= "1.0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@= "FlashFactory.FlashFactory "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker4 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files (x86)\Digiarty\WinX DVD Author 5.5\NMSAccessU.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Winstep\WsxService.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\CyberLink\InstantBurn\Win2K\IBurn.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
.
**************************************************************************
.
Completion time: 2011-02-25 14:50:40 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-25 19:50

Pre-Run: 236,359,413,760 bytes free
Post-Run: 236,386,668,544 bytes free

- - End Of File - - 531DD62858A542796486A277BE1809D4

kiddk · 2011/02/25

also for some reason microsoft security essentials will not let me update, there is no connectivity issue as far as I know, malwarebytes updates fine as does super antispyware and i am able to get online.

http://i116.photobucket.com/albums/o3/kiddk1/MSE.jpg

broni · 2011/02/25

Download TDSSKiller and save it to your desktop.

Extract (unzip) its contents to your desktop.

Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

If an infected file is detected, the default action will be Cure, click on Continue.

If a suspicious file is detected, the default action will be Skip, click on Continue.

It may ask you to reboot the computer to complete the process. Click on Reboot Now.

If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

kiddk · 2011/02/25

2011/02/25 19:20:56.0216 9220 TDSS rootkit removing tool 2.4.18.0 Feb 21 2011 11:08:08
2011/02/25 19:20:56.0366 9220 ================================================================================
2011/02/25 19:20:56.0366 9220 SystemInfo:
2011/02/25 19:20:56.0366 9220
2011/02/25 19:20:56.0366 9220 OS Version: 6.1.7600 ServicePack: 0.0
2011/02/25 19:20:56.0366 9220 Product type: Workstation
2011/02/25 19:20:56.0366 9220 ComputerName: KAMAL-PC
2011/02/25 19:20:56.0366 9220 UserName: Kamal
2011/02/25 19:20:56.0366 9220 Windows directory: C:\Windows
2011/02/25 19:20:56.0366 9220 System windows directory: C:\Windows
2011/02/25 19:20:56.0366 9220 Running under WOW64
2011/02/25 19:20:56.0366 9220 Processor architecture: Intel x64
2011/02/25 19:20:56.0366 9220 Number of processors: 4
2011/02/25 19:20:56.0366 9220 Page size: 0x1000
2011/02/25 19:20:56.0366 9220 Boot type: Normal boot
2011/02/25 19:20:56.0366 9220 ================================================================================
2011/02/25 19:21:00.0346 9220 Initialize success
2011/02/25 19:21:04.0416 9764 ================================================================================
2011/02/25 19:21:04.0416 9764 Scan started
2011/02/25 19:21:04.0416 9764 Mode: Manual;
2011/02/25 19:21:04.0416 9764 ================================================================================
2011/02/25 19:21:04.0666 9764 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/02/25 19:21:04.0716 9764 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/02/25 19:21:04.0756 9764 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/02/25 19:21:04.0826 9764 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/02/25 19:21:04.0936 9764 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/02/25 19:21:04.0976 9764 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/02/25 19:21:05.0076 9764 afcdp (d9a76e6e541e2e61c78140b65db63e6a) C:\Windows\system32\DRIVERS\afcdp.sys
2011/02/25 19:21:05.0146 9764 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2011/02/25 19:21:05.0246 9764 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\Windows\system32\DRIVERS\agrsm64.sys
2011/02/25 19:21:05.0276 9764 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/02/25 19:21:05.0316 9764 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/02/25 19:21:05.0396 9764 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/02/25 19:21:05.0436 9764 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/02/25 19:21:05.0466 9764 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/02/25 19:21:05.0486 9764 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2011/02/25 19:21:05.0536 9764 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/02/25 19:21:05.0556 9764 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2011/02/25 19:21:05.0646 9764 androidusb (27466e519371c6fc3a39b1f7b8a297fc) C:\Windows\system32\Drivers\ssadadb.sys
2011/02/25 19:21:05.0696 9764 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/02/25 19:21:05.0846 9764 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/02/25 19:21:05.0886 9764 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/02/25 19:21:05.0956 9764 ASTRA64 (748b2514db1438fe16a2ddb56bfcf011) C:\Program Files (x86)\ASTRA32\ASTRA64.sys
2011/02/25 19:21:06.0046 9764 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/02/25 19:21:06.0086 9764 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/02/25 19:21:06.0146 9764 athr (f8633cdd09647a64ee8db550630427ff) C:\Windows\system32\DRIVERS\athrx.sys
2011/02/25 19:21:06.0276 9764 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/02/25 19:21:06.0326 9764 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/02/25 19:21:06.0386 9764 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/02/25 19:21:06.0496 9764 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/02/25 19:21:06.0536 9764 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2011/02/25 19:21:06.0566 9764 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/02/25 19:21:06.0586 9764 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/02/25 19:21:06.0626 9764 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/02/25 19:21:06.0696 9764 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/02/25 19:21:06.0726 9764 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/02/25 19:21:06.0766 9764 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/02/25 19:21:06.0816 9764 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/02/25 19:21:06.0946 9764 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/02/25 19:21:07.0036 9764 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/02/25 19:21:07.0086 9764 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/02/25 19:21:07.0126 9764 CLBStor (dc923c278d82f299f45cc4c5bbe7afb8) C:\Windows\system32\DRIVERS\CLBStor.sys
2011/02/25 19:21:07.0196 9764 CLBUDF (0fca6da0b344facdc77c9b75e4710c67) C:\Windows\system32\drivers\CLBUDF.sys
2011/02/25 19:21:07.0236 9764 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/02/25 19:21:07.0316 9764 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/02/25 19:21:07.0336 9764 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/02/25 19:21:07.0386 9764 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/02/25 19:21:07.0506 9764 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/02/25 19:21:07.0546 9764 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/02/25 19:21:07.0576 9764 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/02/25 19:21:07.0626 9764 dc3d (db0459afd124ce5ccb649e33f95d715f) C:\Windows\system32\DRIVERS\dc3d.sys
2011/02/25 19:21:07.0686 9764 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2011/02/25 19:21:07.0756 9764 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/02/25 19:21:07.0806 9764 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/02/25 19:21:07.0856 9764 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/02/25 19:21:07.0896 9764 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
2011/02/25 19:21:08.0076 9764 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/02/25 19:21:08.0206 9764 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/02/25 19:21:08.0236 9764 epmntdrv (9eafb3b3b60b8ad958985152a9309aca) C:\Windows\system32\epmntdrv.sys
2011/02/25 19:21:08.0286 9764 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/02/25 19:21:08.0366 9764 EuGdiDrv (fb949ed2c93c878a189039f3d7730942) C:\Windows\system32\EuGdiDrv.sys
2011/02/25 19:21:08.0426 9764 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/02/25 19:21:08.0446 9764 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/02/25 19:21:08.0496 9764 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/02/25 19:21:08.0516 9764 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/02/25 19:21:08.0536 9764 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/02/25 19:21:08.0566 9764 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/02/25 19:21:08.0686 9764 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/02/25 19:21:08.0746 9764 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/02/25 19:21:08.0786 9764 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
2011/02/25 19:21:08.0836 9764 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/02/25 19:21:08.0896 9764 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/02/25 19:21:08.0986 9764 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/02/25 19:21:09.0066 9764 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/02/25 19:21:09.0186 9764 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/02/25 19:21:09.0276 9764 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/02/25 19:21:09.0306 9764 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/02/25 19:21:09.0336 9764 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
2011/02/25 19:21:09.0366 9764 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/02/25 19:21:09.0386 9764 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/02/25 19:21:09.0436 9764 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/02/25 19:21:09.0516 9764 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/02/25 19:21:09.0576 9764 hotcore3 (8df34474b0789edf5007db8cbcbf9c18) C:\Windows\system32\DRIVERS\hotcore3.sys
2011/02/25 19:21:09.0646 9764 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
2011/02/25 19:21:09.0676 9764 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/02/25 19:21:09.0776 9764 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/02/25 19:21:09.0806 9764 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/02/25 19:21:09.0846 9764 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/02/25 19:21:09.0946 9764 iaStor (be7d72fcf442c26975942007e0831241) C:\Windows\system32\DRIVERS\iaStor.sys
2011/02/25 19:21:09.0986 9764 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/02/25 19:21:10.0196 9764 igfx (8e509de232cfa4f8a5b34f01802f500e) C:\Windows\system32\DRIVERS\igdkmd64.sys
2011/02/25 19:21:10.0396 9764 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/02/25 19:21:10.0486 9764 IntcAzAudAddService (b88e24bd77a0ce2cffee2facf1151be0) C:\Windows\system32\drivers\RTKVHD64.sys
2011/02/25 19:21:10.0606 9764 IntcDAud (408b401cd7cdb075c7470b0ff7ba8d0b) C:\Windows\system32\DRIVERS\IntcDAud.sys
2011/02/25 19:21:10.0646 9764 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/02/25 19:21:10.0686 9764 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/02/25 19:21:10.0736 9764 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/02/25 19:21:10.0756 9764 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/02/25 19:21:10.0776 9764 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/02/25 19:21:10.0946 9764 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/02/25 19:21:10.0996 9764 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/02/25 19:21:11.0036 9764 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/02/25 19:21:11.0126 9764 ISODrive (9c6f3f69163133fb8e56ac4a6e163452) C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys
2011/02/25 19:21:11.0226 9764 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/02/25 19:21:11.0256 9764 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/02/25 19:21:11.0296 9764 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/02/25 19:21:11.0346 9764 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/02/25 19:21:11.0366 9764 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/02/25 19:21:11.0516 9764 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/02/25 19:21:11.0586 9764 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/02/25 19:21:11.0626 9764 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/02/25 19:21:11.0656 9764 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/02/25 19:21:11.0696 9764 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/02/25 19:21:11.0746 9764 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/02/25 19:21:11.0786 9764 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/02/25 19:21:11.0816 9764 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/02/25 19:21:11.0846 9764 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/02/25 19:21:11.0896 9764 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/02/25 19:21:11.0946 9764 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/02/25 19:21:12.0016 9764 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/02/25 19:21:12.0066 9764 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/02/25 19:21:12.0116 9764 MpFilter (e6ba8e5a4a871899e23d64573ef58ee9) C:\Windows\system32\DRIVERS\MpFilter.sys
2011/02/25 19:21:12.0156 9764 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/02/25 19:21:12.0196 9764 MpNWMon (98b09a4f2c462441030b83a80a3f6fb3) C:\Windows\system32\DRIVERS\MpNWMon.sys
2011/02/25 19:21:12.0226 9764 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/02/25 19:21:12.0296 9764 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/02/25 19:21:12.0346 9764 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/02/25 19:21:12.0376 9764 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/02/25 19:21:12.0406 9764 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/02/25 19:21:12.0436 9764 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/02/25 19:21:12.0456 9764 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/02/25 19:21:12.0506 9764 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/02/25 19:21:12.0556 9764 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/02/25 19:21:12.0606 9764 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/02/25 19:21:12.0666 9764 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/02/25 19:21:12.0726 9764 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/02/25 19:21:12.0756 9764 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/02/25 19:21:12.0786 9764 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/02/25 19:21:12.0836 9764 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/02/25 19:21:12.0886 9764 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/02/25 19:21:12.0916 9764 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/02/25 19:21:12.0936 9764 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/02/25 19:21:12.0986 9764 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/02/25 19:21:13.0046 9764 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/02/25 19:21:13.0106 9764 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/02/25 19:21:13.0156 9764 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/02/25 19:21:13.0186 9764 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/02/25 19:21:13.0236 9764 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/02/25 19:21:13.0266 9764 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/02/25 19:21:13.0366 9764 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/02/25 19:21:13.0396 9764 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/02/25 19:21:13.0546 9764 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
2011/02/25 19:21:13.0676 9764 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/02/25 19:21:13.0726 9764 NisDrv (3713e8452b88d3e0be095e06b6fbc776) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
2011/02/25 19:21:13.0806 9764 NMgamingmsFltr (fbca3fd51604147770eb4fb53d6144a8) C:\Windows\system32\drivers\NMgamingms.sys
2011/02/25 19:21:13.0936 9764 NPF (351533acc2a069b94e80bbfc177e8fdf) C:\Windows\system32\drivers\npf.sys
2011/02/25 19:21:13.0976 9764 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/02/25 19:21:13.0996 9764 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/02/25 19:21:14.0046 9764 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2011/02/25 19:21:14.0156 9764 NuidFltr (d4012918d3a3847b44b888d56bc095d6) C:\Windows\system32\DRIVERS\NuidFltr.sys
2011/02/25 19:21:14.0186 9764 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/02/25 19:21:14.0236 9764 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/02/25 19:21:14.0266 9764 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2011/02/25 19:21:14.0296 9764 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/02/25 19:21:14.0376 9764 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/02/25 19:21:14.0436 9764 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/02/25 19:21:14.0466 9764 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/02/25 19:21:14.0506 9764 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/02/25 19:21:14.0526 9764 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/02/25 19:21:14.0566 9764 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/02/25 19:21:14.0586 9764 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/02/25 19:21:14.0646 9764 PCWinSoft (6362e1e139106292d131c826743a55b2) C:\Windows\system32\DRIVERS\scrcamhrdrv_x64.sys
2011/02/25 19:21:14.0736 9764 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/02/25 19:21:14.0856 9764 pnetmdm (06841f5cd8410b6bdc0b5a631b8f8787) C:\Windows\system32\DRIVERS\pnetmdm64.sys
2011/02/25 19:21:14.0956 9764 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/02/25 19:21:14.0996 9764 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/02/25 19:21:15.0036 9764 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/02/25 19:21:15.0096 9764 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/02/25 19:21:15.0166 9764 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/02/25 19:21:15.0206 9764 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/02/25 19:21:15.0226 9764 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/02/25 19:21:15.0256 9764 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/02/25 19:21:15.0286 9764 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/02/25 19:21:15.0316 9764 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/02/25 19:21:15.0336 9764 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/02/25 19:21:15.0366 9764 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/02/25 19:21:15.0406 9764 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/02/25 19:21:15.0496 9764 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/02/25 19:21:15.0526 9764 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/02/25 19:21:15.0546 9764 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/02/25 19:21:15.0576 9764 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/02/25 19:21:15.0606 9764 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/02/25 19:21:15.0736 9764 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
2011/02/25 19:21:15.0786 9764 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/02/25 19:21:15.0896 9764 RSUSBSTOR (483df0b58ca532e5240e59dc41f30aa2) C:\Windows\system32\Drivers\RtsUStor.sys
2011/02/25 19:21:16.0016 9764 RTL8167 (4fbda07ef0a3097ce14c5cabf723b278) C:\Windows\system32\DRIVERS\Rt64win7.sys
2011/02/25 19:21:16.0086 9764 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS
2011/02/25 19:21:16.0116 9764 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS
2011/02/25 19:21:16.0136 9764 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys
2011/02/25 19:21:16.0196 9764 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/02/25 19:21:16.0236 9764 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/02/25 19:21:16.0296 9764 ScreamBAudioSvc (490b0b68bb938d5c628ec4a67277be75) C:\Windows\system32\drivers\ScreamingBAudio64.sys
2011/02/25 19:21:16.0326 9764 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys
2011/02/25 19:21:16.0366 9764 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/02/25 19:21:16.0446 9764 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/02/25 19:21:16.0476 9764 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/02/25 19:21:16.0536 9764 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/02/25 19:21:16.0576 9764 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/02/25 19:21:16.0606 9764 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/02/25 19:21:16.0626 9764 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/02/25 19:21:16.0646 9764 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/02/25 19:21:16.0716 9764 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/02/25 19:21:16.0756 9764 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/02/25 19:21:16.0806 9764 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/02/25 19:21:16.0866 9764 snapman (0775cb5147953cce129bc3414740d109) C:\Windows\system32\DRIVERS\snapman.sys
2011/02/25 19:21:16.0896 9764 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/02/25 19:21:17.0006 9764 sptd (51de15ca5c05bca46d8b110cd00a02fb) C:\Windows\system32\Drivers\sptd.sys
2011/02/25 19:21:17.0006 9764 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 51de15ca5c05bca46d8b110cd00a02fb
2011/02/25 19:21:17.0016 9764 sptd - detected Locked file (1)
2011/02/25 19:21:17.0086 9764 srv (43067a65522eaec33d31a12d6fa8e3f4) C:\Windows\system32\DRIVERS\srv.sys
2011/02/25 19:21:17.0136 9764 srv2 (03715cf9c30b563da35fc5f2b8f7b8e0) C:\Windows\system32\DRIVERS\srv2.sys
2011/02/25 19:21:17.0186 9764 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
2011/02/25 19:21:17.0236 9764 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
2011/02/25 19:21:17.0296 9764 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
2011/02/25 19:21:17.0386 9764 srvnet (fbd09635227a8026c0f7790f604343c6) C:\Windows\system32\DRIVERS\srvnet.sys
2011/02/25 19:21:17.0436 9764 ssadbus (9dc17d4dd327791c8839aacf3afbced0) C:\Windows\system32\DRIVERS\ssadbus.sys
2011/02/25 19:21:17.0506 9764 ssadmdfl (172fb698b9e08775fd4ce706a77a5f87) C:\Windows\system32\DRIVERS\ssadmdfl.sys
2011/02/25 19:21:17.0546 9764 ssadmdm (113e29e48d8eb55cb087f50f7269c5bc) C:\Windows\system32\DRIVERS\ssadmdm.sys
2011/02/25 19:21:17.0636 9764 sscdbus (fc8211220f53fdbba23626c794790fd5) C:\Windows\system32\DRIVERS\sscdbus.sys
2011/02/25 19:21:17.0676 9764 sscdmdfl (fbed7d7d14934d20cf757555cf66d3d5) C:\Windows\system32\DRIVERS\sscdmdfl.sys
2011/02/25 19:21:17.0696 9764 sscdmdm (b977d8295735d39f3d896894002aae51) C:\Windows\system32\DRIVERS\sscdmdm.sys
2011/02/25 19:21:17.0796 9764 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/02/25 19:21:17.0876 9764 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/02/25 19:21:17.0956 9764 SynTP (868dfb220a18312a12cef01ba9ac069b) C:\Windows\system32\DRIVERS\SynTP.sys
2011/02/25 19:21:18.0066 9764 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2011/02/25 19:21:18.0206 9764 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/02/25 19:21:18.0246 9764 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/02/25 19:21:18.0276 9764 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/02/25 19:21:18.0386 9764 tdrpman258 (bf7ac81df6fbe09438d9dc7188178ea9) C:\Windows\system32\DRIVERS\tdrpm258.sys
2011/02/25 19:21:18.0426 9764 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/02/25 19:21:18.0456 9764 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/02/25 19:21:18.0536 9764 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/02/25 19:21:18.0606 9764 timounter (2c1caf5563548a15515eab07d2a069c6) C:\Windows\system32\DRIVERS\timntr.sys
2011/02/25 19:21:18.0656 9764 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/02/25 19:21:18.0736 9764 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/02/25 19:21:18.0776 9764 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/02/25 19:21:18.0836 9764 udfs (c06e6f4679ceb8f430b90a51d76d8d3c) C:\Windows\system32\DRIVERS\udfs.sys
2011/02/25 19:21:18.0926 9764 UimBus (ba1b69c9b7f8c952201b30d26a4bc0b2) C:\Windows\system32\DRIVERS\uimx64.sys
2011/02/25 19:21:18.0976 9764 Uim_IM (56060b99d10f381caa70d2684e6512d3) C:\Windows\system32\Drivers\Uim_IMx64.sys
2011/02/25 19:21:19.0076 9764 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/02/25 19:21:19.0116 9764 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/02/25 19:21:19.0146 9764 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/02/25 19:21:19.0206 9764 USBAAPL64 (f724b03c3dfaacf08d17d38bf3333583) C:\Windows\system32\Drivers\usbaapl64.sys
2011/02/25 19:21:19.0246 9764 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/02/25 19:21:19.0286 9764 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/02/25 19:21:19.0356 9764 usbehci (cb490987a7f6928a04bb838e3bd8a936) C:\Windows\system32\DRIVERS\usbehci.sys
2011/02/25 19:21:19.0396 9764 usbhub (18124ef0a881a00ee222d02a3ee30270) C:\Windows\system32\DRIVERS\usbhub.sys
2011/02/25 19:21:19.0436 9764 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/02/25 19:21:19.0476 9764 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/02/25 19:21:19.0496 9764 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/02/25 19:21:19.0516 9764 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/02/25 19:21:19.0566 9764 usbvideo (d501e12614b00a3252073101d6a1a74b) C:\Windows\system32\Drivers\usbvideo.sys
2011/02/25 19:21:19.0646 9764 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/02/25 19:21:19.0696 9764 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/02/25 19:21:19.0716 9764 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/02/25 19:21:19.0746 9764 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/02/25 19:21:19.0776 9764 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/02/25 19:21:19.0816 9764 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/02/25 19:21:19.0906 9764 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/02/25 19:21:19.0946 9764 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/02/25 19:21:19.0996 9764 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/02/25 19:21:20.0026 9764 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/02/25 19:21:20.0056 9764 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/02/25 19:21:20.0136 9764 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
2011/02/25 19:21:20.0176 9764 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/02/25 19:21:20.0206 9764 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/02/25 19:21:20.0226 9764 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/02/25 19:21:20.0306 9764 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/02/25 19:21:20.0396 9764 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/02/25 19:21:20.0476 9764 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/02/25 19:21:20.0556 9764 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/02/25 19:21:20.0646 9764 WinUSB (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUSB.sys
2011/02/25 19:21:20.0726 9764 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/02/25 19:21:20.0846 9764 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/02/25 19:21:20.0906 9764 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/02/25 19:21:20.0936 9764 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/02/25 19:21:20.0996 9764 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
2011/02/25 19:21:21.0056 9764 ================================================================================
2011/02/25 19:21:21.0056 9764 Scan finished
2011/02/25 19:21:21.0056 9764 ================================================================================
2011/02/25 19:21:21.0066 7844 Detected object count: 1
2011/02/25 19:21:38.0806 7844 Locked file(sptd) - User select action: Skip

broni · 2011/02/25

I don't see much so far....

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

kiddk · 2011/02/26

OTL logfile created on: 2/26/2011 9:01:52 AM - Run 1
OTL by OldTimer - Version 3.2.22.0 Folder = C:\Users\Kamal\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.99 Gb Total Space | 220.09 Gb Free Space | 48.59% Space Free | Partition Type: NTFS
Drive D: | 12.48 Gb Total Space | 2.08 Gb Free Space | 16.66% Space Free | Partition Type: NTFS
Drive E: | 99.02 Mb Total Space | 95.37 Mb Free Space | 96.31% Space Free | Partition Type: FAT32
Drive P: | 199.00 Mb Total Space | 156.86 Mb Free Space | 78.83% Space Free | Partition Type: NTFS

Computer Name: KAMAL-PC | User Name: Kamal | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/26 09:00:53 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Kamal\Desktop\OTL.exe
PRC - [2011/02/24 13:34:50 | 002,423,752 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2010/12/21 18:42:50 | 000,148,936 | ---- | M] (Pro Softnet Corporation) -- C:\IDrive\IDriveE Service.exe
PRC - [2010/10/18 17:20:50 | 002,754,448 | ---- | M] (OrdinarySoft) -- C:\Program Files (x86)\Start Menu 7\StartMenu7.exe
PRC - [2010/10/14 17:27:38 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/08/20 13:08:28 | 003,467,096 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Security 360\is360.exe
PRC - [2010/08/14 09:16:47 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/06/21 08:14:59 | 002,480,048 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2010/06/11 17:14:24 | 001,280,344 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Security 360\is360tray.exe
PRC - [2010/06/11 17:14:22 | 000,312,152 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Security 360\is360srv.exe
PRC - [2010/04/21 02:26:04 | 003,238,912 | ---- | M] (Power Labs) -- C:\Program Files (x86)\DoubleSafety\DoubleSafety.exe
PRC - [2010/04/02 18:48:40 | 000,754,288 | ---- | M] (Orb Networks) -- C:\Program Files (x86)\Orb Networks\Orb\bin\OrbLauncher.exe
PRC - [2010/04/02 18:48:18 | 000,198,144 | ---- | M] (Orb Networks, Inc.) -- C:\Program Files (x86)\Orb Networks\Orb\bin\Orb.exe
PRC - [2010/03/29 13:54:52 | 002,343,120 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 3\AWC.exe
PRC - [2010/02/02 11:35:30 | 000,065,856 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\NLSSRV32.EXE
PRC - [2009/11/10 08:28:06 | 001,131,808 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2009/09/30 23:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 23:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009/05/12 01:05:52 | 000,247,808 | ---- | M] (Winstep Software Technologies) -- C:\Program Files (x86)\Winstep\WsxService.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/07/18 18:52:16 | 000,104,936 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2008/05/03 11:31:46 | 000,071,096 | ---- | M] () -- C:\Program Files (x86)\Digiarty\WinX DVD Author 5.5\NMSAccessU.exe
PRC - [2008/03/20 19:23:22 | 000,083,240 | ---- | M] (Cyberlink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2007/10/26 09:55:34 | 000,681,256 | ---- | M] (CyberLink Corporation.) -- C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\IBurn.exe

========== Modules (SafeList) ==========

MOD - [2011/02/26 09:00:53 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Kamal\Desktop\OTL.exe
MOD - [2009/07/13 20:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/11/11 14:36:38 | 000,282,616 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2010/11/11 14:36:38 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/04/19 17:55:18 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Running] -- C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe -- (RtVOsdService)
SRV:64bit: - [2010/03/17 09:02:44 | 000,301,024 | ---- | M] () [Auto | Running] -- C:\Program Files\Macrium\Reflect\ReflectService.exe -- (ReflectService)
SRV:64bit: - [2010/01/07 15:24:16 | 000,470,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:64bit: - [2010/01/07 15:24:06 | 007,700,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV:64bit: - [2009/11/17 21:14:00 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/12/21 18:42:50 | 000,148,936 | ---- | M] (Pro Softnet Corporation) [Auto | Running] -- C:\IDrive\IDriveE Service.exe -- (IDriveE Service)
SRV - [2010/10/14 17:27:38 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/06/25 12:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010/06/21 08:14:59 | 002,480,048 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2010/06/11 17:14:22 | 000,312,152 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\IObit Security 360\is360srv.exe -- (IS360service)
SRV - [2010/05/06 14:05:54 | 000,150,096 | ---- | M] (Paragon Software Group) [On_Demand | Stopped] -- C:\Program Files (x86)\Paragon Software\System Backup 9.5\program\dbhservice.exe -- (Paragon System Backup Service)
SRV - [2010/03/27 15:09:22 | 001,054,568 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/02 11:35:30 | 000,065,856 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2010/01/07 18:44:02 | 001,143,032 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\COMODO\COMODO BackUp\SynchronizationService.exe -- (SynchronizationService.exe)
SRV - [2009/11/10 08:28:06 | 001,131,808 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2009/09/30 23:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009/09/30 23:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/05 19:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/05/12 01:05:52 | 000,247,808 | ---- | M] (Winstep Software Technologies) [Auto | Running] -- C:\Program Files (x86)\Winstep\WsxService.exe -- (Winstep Xtreme Service)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/05/03 11:31:46 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Digiarty\WinX DVD Author 5.5\NMSAccessU.exe -- (NMSAccessU)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/11/15 07:15:06 | 000,243,216 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\scrcamhrdrv_x64.sys -- (PCWinSoft)
DRV:64bit: - [2010/10/24 21:25:38 | 000,072,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2010/10/19 09:49:56 | 000,318,000 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/10/19 09:48:35 | 000,347,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/09/28 15:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/09/22 23:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/09/03 12:26:24 | 000,050,768 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\uimx64.sys -- (UimBus)
DRV:64bit: - [2010/09/03 12:26:22 | 000,566,864 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Uim_IMx64.sys -- (Uim_IM)
DRV:64bit: - [2010/09/03 12:26:22 | 000,037,456 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hotcore3.sys -- (hotcore3)
DRV:64bit: - [2010/07/15 07:44:20 | 000,016,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv)
DRV:64bit: - [2010/07/15 07:44:20 | 000,009,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv)
DRV:64bit: - [2010/06/25 12:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2010/06/21 08:15:01 | 000,252,512 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2010/06/21 08:14:56 | 001,477,728 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm258.sys -- (tdrpman258) Acronis Try&Decide and Restore Points filter (build 258)
DRV:64bit: - [2010/06/21 08:14:52 | 000,943,712 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2010/06/21 08:14:42 | 000,271,456 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2010/06/17 07:42:01 | 000,828,912 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/03/16 20:59:03 | 008,038,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/03/02 15:45:24 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/01/14 02:02:54 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010/01/14 02:02:54 | 000,127,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV:64bit: - [2010/01/14 02:02:54 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2009/12/01 14:49:52 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
DRV:64bit: - [2009/11/04 02:58:42 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (HID)
DRV:64bit: - [2009/10/30 09:56:34 | 000,244,736 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2009/10/13 14:16:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/09/22 20:39:00 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/09/17 15:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009/09/11 09:40:06 | 000,157,696 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2009/09/11 09:40:06 | 000,116,224 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:64bit: - [2009/09/11 09:40:06 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:64bit: - [2009/09/04 10:12:50 | 000,036,256 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2009/07/24 07:55:10 | 000,011,264 | ---- | M] (Primax Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NMgamingms.sys -- (NMgamingmsFltr)
DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/13 18:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/09 01:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2009/04/29 11:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2007/10/26 09:39:06 | 000,024,560 | ---- | M] (Cyberlink Co.,Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\CLBStor.sys -- (CLBStor)
DRV:64bit: - [2007/03/07 12:13:20 | 000,017,920 | ---- | M] (June Fabrics Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pnetmdm64.sys -- (pnetmdm)
DRV - [2010/07/15 07:44:20 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv)
DRV - [2010/07/15 07:44:20 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2010/06/22 08:55:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/04/01 08:12:01 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/04/01 08:12:01 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/01/29 10:40:16 | 000,115,600 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys -- (ISODrive)
DRV - [2010/01/07 18:42:20 | 000,074,328 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\bdisk.sys -- (bdisk)
DRV - [2010/01/07 18:41:34 | 000,140,760 | ---- | M] (COMODO Security Solutions Inc.) [File_System | Boot | Running] -- C:\Windows\sysWOW64\DRIVERS\CBUFS.sys -- (CBUfs)
DRV - [2009/09/22 20:39:00 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2007/02/22 11:28:46 | 000,021,200 | ---- | M] (Licensed for Sysinfo Lab) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASTRA32\astra64.sys -- (ASTRA64)
DRV - [2005/01/07 16:34:54 | 000,486,766 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\CLBUDF.tbl -- (CLBUDF)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\tbFre2.dll (Conduit Ltd.)

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1010354556-1421586041-659686246-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1010354556-1421586041-659686246-1000\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\tbFre2.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1010354556-1421586041-659686246-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1010354556-1421586041-659686246-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-1010354556-1421586041-659686246-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ "
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {1392b8d2-5c05-419f-a8f6-b9f15a596612}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.3.0.20100901020224

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/10 13:06:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/08/14 09:17:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files (x86)\MyWebSearch\bar\1.bin
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/01/08 12:22:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/02/09 17:14:12 | 000,000,000 | ---D | M]

[2010/04/02 07:30:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kamal\AppData\Roaming\Mozilla\Extensions
[2011/02/20 09:31:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kamal\AppData\Roaming\Mozilla\Firefox\Profiles\5oc8nszz.default\extensions
[2010/09/17 08:15:42 | 000,000,000 | ---D | M] (Freecorder Toolbar) -- C:\Users\Kamal\AppData\Roaming\Mozilla\Firefox\Profiles\5oc8nszz.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
[2010/09/19 08:23:34 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Kamal\AppData\Roaming\Mozilla\Firefox\Profiles\5oc8nszz.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/02/20 09:31:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/05/09 10:18:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/14 09:17:37 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2010/04/12 16:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\tbFre2.dll (Conduit Ltd.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found
O2 - BHO: (Ript) - {91D9091B-2046-42f7-903E-1215A29E21EA} - C:\Program Files (x86)\Ript\mscoree.dll (Microsoft Corporation)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\tbFre2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files (x86)\Freecorder\tbFre2.dll (Conduit Ltd.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files (x86)\Freecorder\tbFre2.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1010354556-1421586041-659686246-1000\..\Toolbar\WebBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files (x86)\Freecorder\tbFre2.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtkOSD] C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [ESDRWSTT] C:\Program Files (x86)\wGXe SOFTWARE\wGXe Data Recovery Professional\esdrwstt.exe ()
O4 - HKLM..\Run: [InstantBurn] C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\IBurn.exe (CyberLink Corporation.)
O4 - HKLM..\Run: [IObit Security 360] C:\Program Files (x86)\IObit\IObit Security 360\IS360tray.exe (IObit)
O4 - HKLM..\Run: [P2Go_Menu] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-1010354556-1421586041-659686246-1000..\Run: [DoubleSafety] C:\Program Files (x86)\DoubleSafety\DoubleSafety.exe (Power Labs)
O4 - HKU\S-1-5-21-1010354556-1421586041-659686246-1000..\Run: [StartMenu7] C:\Program Files (x86)\Start Menu 7\StartMenu7.exe (OrdinarySoft)
O4 - HKU\S-1-5-21-1010354556-1421586041-659686246-1000..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1010354556-1421586041-659686246-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1010354556-1421586041-659686246-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1010354556-1421586041-659686246-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Download with mediAvatar YouTube Video Converter - C:\Program Files (x86)\mediAvatar\YouTube Video Converter\upod_link.HTM ()
O8:64bit: - Extra context menu item: Locate Spot on Map by GPS - C:\Program Files (x86)\Opanda\IExif 2.3\IExifMap.htm ()
O8:64bit: - Extra context menu item: View Exif/GPS/IPTC with IExif - C:\Program Files (x86)\Opanda\IExif 2.3\IExifCom.htm ()
O8 - Extra context menu item: Download with mediAvatar YouTube Video Converter - C:\Program Files (x86)\mediAvatar\YouTube Video Converter\upod_link.HTM ()
O8 - Extra context menu item: Locate Spot on Map by GPS - C:\Program Files (x86)\Opanda\IExif 2.3\IExifMap.htm ()
O8 - Extra context menu item: View Exif/GPS/IPTC with IExif - C:\Program Files (x86)\Opanda\IExif 2.3\IExifCom.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} http://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab (GameTap Player)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.77.134 68.87.72.134
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

kiddk · 2011/02/26

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\Windows\SysWow64\divx.dll (DivXNetworks, Inc.)
Drivers32: VIDC.MP42 - C:\Windows\SysWow64\mpg4c32.dll (Microsoft Corporation)
Drivers32: VIDC.MPG4 - C:\Windows\SysWow64\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.tscc - C:\Windows\SysWow64\tsccvid.dll (TechSmith Corporation)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011/02/26 08:59:55 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Kamal\Desktop\OTL.exe
[2011/02/26 08:53:21 | 000,000,000 | ---D | C] -- C:\Users\Kamal\AppData\Roaming\HPAppData
[2011/02/25 15:54:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2011/02/25 15:54:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/02/25 15:54:48 | 000,374,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2011/02/25 14:43:15 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/02/25 14:28:28 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/02/25 14:28:28 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/02/25 14:28:28 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/02/25 14:28:23 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/02/25 14:28:10 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/02/25 14:27:54 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/02/23 18:41:24 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/02/22 11:35:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ThunderSoft
[2011/02/22 11:35:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ThunderSoft
[2011/02/21 11:09:14 | 001,372,248 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Kamal\Desktop\TDSSKiller.exe
[2011/02/20 09:44:08 | 000,000,000 | ---D | C] -- C:\Users\Kamal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell Inc
[2011/02/20 09:43:49 | 000,000,000 | ---D | C] -- C:\Users\Kamal\AppData\Local\Deployment
[2011/02/19 16:52:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZW Photo Printer
[2011/02/19 16:52:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ZW Photo Printer
[2011/02/18 17:06:50 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2011/02/18 17:06:40 | 000,000,000 | ---D | C] -- C:\Users\Kamal\Documents\Telltale Games
[2011/02/18 17:05:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Telltale Games
[2011/02/18 09:11:21 | 000,000,000 | ---D | C] -- C:\Users\Kamal\Documents\Quran Transliteration
[2011/02/18 08:40:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Aiseesoft Total Media Converter
[2011/02/16 16:57:13 | 000,000,000 | ---D | C] -- C:\Users\Kamal\AppData\Roaming\SuperEasy
[2011/02/16 16:56:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SuperEasy Software
[2011/02/16 16:56:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SuperEasy Software
[2011/02/15 11:04:17 | 000,000,000 | ---D | C] -- C:\ProgramData\{23D58E70-3B83-4B83-A227-68770F84F5EC}
[2011/02/14 16:39:33 | 000,000,000 | ---D | C] -- C:\Users\Kamal\AppData\Roaming\FastStone
[2011/02/14 16:39:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Capture
[2011/02/14 16:39:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FastStone Capture
[2011/02/14 16:34:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wisdom-soft ScreenHunter 5 Free
[2011/02/14 09:16:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Licenses
[2011/02/14 09:15:50 | 000,000,000 | ---D | C] -- C:\ProgramData\CDRWIN 8
[2011/02/14 08:59:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDRWIN 8
[2011/02/14 08:59:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CDRWIN 8
[2011/02/13 11:31:34 | 000,000,000 | ---D | C] -- C:\Users\Kamal\AppData\Local\Amazon
[2011/02/13 11:31:27 | 000,000,000 | ---D | C] -- C:\Users\Kamal\Documents\My Kindle Content
[2011/02/13 11:31:27 | 000,000,000 | ---D | C] -- C:\Users\Kamal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
[2011/02/13 11:29:54 | 000,000,000 | ---D | C] -- C:\Users\Kamal\Desktop\video converter
[2011/02/11 09:14:32 | 000,364,544 | ---- | C] (Axis) -- C:\Windows\SysWow64\prScrCamFXControls.ocx
[2011/02/11 09:14:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScreenCamera
[2011/02/09 11:29:31 | 000,000,000 | ---D | C] -- C:\Users\Kamal\Documents\Muslim Chaplain
[2011/02/08 16:33:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ReadWrite Arabic
[2011/02/08 16:33:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ReadWrite Arabic
[2011/02/08 16:32:29 | 000,000,000 | ---D | C] -- C:\Users\Kamal\Documents\Declan Software
[2011/02/08 16:31:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Declan's Arabic FlashCards
[2011/02/08 16:31:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Declan's Arabic FlashCards
[2011/02/07 08:52:11 | 000,000,000 | ---D | C] -- C:\Users\Kamal\AppData\Roaming\Sound Editor Deluxe
[2011/02/07 08:51:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sound Editor Deluxe
[2011/02/07 08:51:24 | 000,417,792 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\SysWow64\NCTTextToAudio2.dll
[2011/02/07 08:51:23 | 002,084,864 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\SysWow64\NCTAudioDesign2.dll
[2011/02/07 08:51:23 | 000,880,640 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\SysWow64\NCTAudioEditor2.dll
[2011/02/07 08:51:23 | 000,602,112 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\SysWow64\NCTAudioTransform2.dll
[2011/02/07 08:51:23 | 000,479,232 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\SysWow64\NCTAudioVisualization2.dll
[2011/02/07 08:51:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sound Editor Deluxe
[2011/02/05 10:01:16 | 000,000,000 | ---D | C] -- C:\Users\Kamal\AppData\Roaming\Binary Fortress Software
[2011/02/05 10:01:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes Sync
[2011/02/05 10:01:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes Sync
[2011/02/04 09:04:56 | 000,000,000 | ---D | C] -- C:\Users\Kamal\Desktop\Quaran
[2011/02/03 08:52:38 | 000,000,000 | ---D | C] -- C:\Users\Kamal\Documents\My Recordings
[2011/02/03 08:52:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Recorder
[2011/02/03 08:51:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audio Recorder
[2011/02/01 08:59:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iSpring Presenter
[2011/02/01 08:59:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\iSpring Solutions
[2011/02/01 08:59:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iSpring
[2011/01/31 15:05:47 | 000,243,216 | ---- | C] (Windows (R) Server 2003 DDK provider) -- C:\Windows\SysNative\drivers\scrcamhrdrv_x64.sys
[2011/01/31 14:05:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel AppUp(SM) center
[2011/01/30 09:02:08 | 000,000,000 | ---D | C] -- C:\Users\Kamal\Documents\SnowFox Total Video Converter

========== Files - Modified Within 30 Days ==========

[2011/02/26 09:00:53 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Kamal\Desktop\OTL.exe
[2011/02/26 08:56:16 | 000,733,756 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/02/26 08:56:16 | 000,629,182 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/02/26 08:56:16 | 000,108,366 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/02/26 08:53:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/02/26 08:53:11 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/25 19:20:22 | 001,257,772 | ---- | M] () -- C:\Users\Kamal\Desktop\tdsskiller.zip
[2011/02/25 18:15:23 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/02/25 18:15:23 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/25 18:08:07 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/25 18:08:06 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job
[2011/02/25 18:07:43 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/25 15:55:10 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/02/25 15:54:55 | 000,747,602 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/02/25 14:27:50 | 004,274,659 | R--- | M] () -- C:\Users\Kamal\Desktop\ComboFix.exe
[2011/02/25 09:01:04 | 000,001,205 | ---- | M] () -- C:\Users\Kamal\Desktop\ExifCleaner.lnk
[2011/02/24 15:38:19 | 634,142,970 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/02/24 14:07:10 | 000,624,128 | ---- | M] () -- C:\Users\Kamal\Desktop\dds.scr
[2011/02/24 14:05:44 | 000,080,384 | ---- | M] () -- C:\Users\Kamal\Desktop\MBRCheck.exe
[2011/02/24 13:37:30 | 000,296,448 | ---- | M] () -- C:\Users\Kamal\Desktop\9sjzvlc6.exe
[2011/02/23 18:42:37 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForKamal.job
[2011/02/23 10:46:37 | 000,002,120 | ---- | M] () -- C:\Windows\citation.ini
[2011/02/23 09:00:08 | 000,001,854 | ---- | M] () -- C:\Users\Kamal\AppData\Roaming\GhostObjGAFix.xml
[2011/02/22 11:35:28 | 000,001,286 | ---- | M] () -- C:\Users\Kamal\Desktop\ThunderSoft Flash to Video Converter.lnk
[2011/02/21 11:09:14 | 001,372,248 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Kamal\Desktop\TDSSKiller.exe
[2011/02/18 08:40:36 | 000,002,442 | ---- | M] () -- C:\Users\Kamal\Application Data\Microsoft\Internet Explorer\Quick Launch\Aiseesoft Total Media Converter.lnk
[2011/02/18 08:40:36 | 000,002,418 | ---- | M] () -- C:\Users\Public\Desktop\Aiseesoft Total Media Converter.lnk
[2011/02/16 16:56:48 | 000,001,217 | ---- | M] () -- C:\Users\Kamal\Application Data\Microsoft\Internet Explorer\Quick Launch\SuperEasy Codec Checker.lnk
[2011/02/16 16:56:48 | 000,001,193 | ---- | M] () -- C:\Users\Public\Desktop\SuperEasy Codec Checker.lnk
[2011/02/15 11:52:05 | 002,460,269 | ---- | M] () -- C:\Users\Kamal\Documents\dell inspiron 1721.pdf
[2011/02/15 11:05:53 | 000,002,179 | ---- | M] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2011/02/15 09:03:34 | 000,001,948 | ---- | M] () -- C:\Users\Kamal\Desktop\AllMedia Grabber v5.1.lnk
[2011/02/14 16:39:31 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\FastStone Capture.lnk
[2011/02/14 16:37:01 | 000,009,723 | ---- | M] () -- C:\Users\Kamal\Desktop\ScreenHunter_01 Feb. 14 16.37.gif
[2011/02/14 08:59:57 | 000,000,954 | ---- | M] () -- C:\Users\Kamal\Application Data\Microsoft\Internet Explorer\Quick Launch\CDRWIN 8.lnk
[2011/02/14 08:59:57 | 000,000,930 | ---- | M] () -- C:\Users\Public\Desktop\CDRWIN 8.lnk
[2011/02/13 11:31:27 | 000,002,078 | ---- | M] () -- C:\Users\Kamal\Desktop\Kindle For PC.lnk
[2011/02/11 11:22:15 | 000,450,728 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/02/11 09:14:37 | 000,000,951 | ---- | M] () -- C:\Users\Public\Desktop\ScreenCamera.lnk
[2011/02/09 17:14:13 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/02/09 08:53:50 | 000,002,121 | ---- | M] () -- C:\Users\Kamal\Application Data\Microsoft\Internet Explorer\Quick Launch\mediAvatar DVD Converter.lnk
[2011/02/09 08:53:50 | 000,002,097 | ---- | M] () -- C:\Users\Public\Desktop\mediAvatar DVD Converter.lnk
[2011/02/08 17:05:49 | 000,002,290 | ---- | M] () -- C:\Users\Kamal\Desktop\MX-700 Editor.lnk
[2011/02/08 16:33:53 | 000,001,068 | ---- | M] () -- C:\Users\Kamal\Desktop\ReadWrite Arabic.lnk
[2011/02/08 16:32:29 | 000,000,016 | ---- | M] () -- C:\Windows\afct.dfc
[2011/02/08 16:31:24 | 000,001,109 | ---- | M] () -- C:\Users\Kamal\Desktop\Declan's Arabic FlashCards.lnk
[2011/02/07 08:51:32 | 000,001,850 | ---- | M] () -- C:\Users\Kamal\Desktop\Sound Editor Deluxe.lnk
[2011/02/05 08:50:14 | 000,053,248 | ---- | M] (PCWinSoft Systems Informatica Ltda) -- C:\Windows\SysWow64\BSwitch.ax
[2011/02/03 15:34:36 | 000,364,544 | ---- | M] (Axis) -- C:\Windows\SysWow64\prScrCamFXControls.ocx
[2011/02/03 08:52:06 | 000,001,003 | ---- | M] () -- C:\Users\Public\Desktop\Audio Recorder.lnk
[2011/02/03 08:52:00 | 000,000,064 | ---- | M] () -- C:\Users\Public\Desktop\Purchase Audio Recorder.url
[2011/02/01 08:59:45 | 000,000,256 | -H-- | M] () -- C:\Users\Kamal\AppData\Roaming\c1972b1a7030edbaa8a0231998d2d434906484f2
[2011/02/01 08:59:45 | 000,000,256 | -H-- | M] () -- C:\ProgramData\c1972b1a7030edbaa8a0231998d2d434906484f2
[2011/02/01 08:59:31 | 000,001,027 | ---- | M] () -- C:\Users\Public\Desktop\iSpring Presenter.lnk
[2011/02/01 08:57:06 | 000,026,112 | ---- | M] () -- C:\Users\Kamal\Documents\february%202011%20newsletter
[2011/01/31 14:05:28 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Intel AppUp(SM) center.lnk
[2011/01/30 09:01:57 | 000,001,166 | ---- | M] () -- C:\Users\Kamal\Desktop\SnowFox Total Video Converter.lnk

========== Files Created - No Company Name ==========

[2011/02/25 19:20:00 | 001,257,772 | ---- | C] () -- C:\Users\Kamal\Desktop\tdsskiller.zip
[2011/02/25 15:55:10 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/02/25 15:54:51 | 000,001,897 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/02/25 14:28:28 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/02/25 14:28:28 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/02/25 14:28:28 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/02/25 14:28:28 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/02/25 14:28:28 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/02/25 14:26:19 | 004,274,659 | R--- | C] () -- C:\Users\Kamal\Desktop\ComboFix.exe
[2011/02/25 09:01:04 | 000,001,205 | ---- | C] () -- C:\Users\Kamal\Desktop\ExifCleaner.lnk
[2011/02/24 14:07:01 | 000,624,128 | ---- | C] () -- C:\Users\Kamal\Desktop\dds.scr
[2011/02/24 13:37:43 | 000,080,384 | ---- | C] () -- C:\Users\Kamal\Desktop\MBRCheck.exe
[2011/02/24 13:36:10 | 000,296,448 | ---- | C] () -- C:\Users\Kamal\Desktop\9sjzvlc6.exe
[2011/02/23 09:00:08 | 000,001,854 | ---- | C] () -- C:\Users\Kamal\AppData\Roaming\GhostObjGAFix.xml
[2011/02/22 11:35:28 | 000,001,286 | ---- | C] () -- C:\Users\Kamal\Desktop\ThunderSoft Flash to Video Converter.lnk
[2011/02/18 08:40:36 | 000,002,442 | ---- | C] () -- C:\Users\Kamal\Application Data\Microsoft\Internet Explorer\Quick Launch\Aiseesoft Total Media Converter.lnk
[2011/02/18 08:40:36 | 000,002,418 | ---- | C] () -- C:\Users\Public\Desktop\Aiseesoft Total Media Converter.lnk
[2011/02/16 16:56:48 | 000,001,217 | ---- | C] () -- C:\Users\Kamal\Application Data\Microsoft\Internet Explorer\Quick Launch\SuperEasy Codec Checker.lnk
[2011/02/16 16:56:48 | 000,001,193 | ---- | C] () -- C:\Users\Public\Desktop\SuperEasy Codec Checker.lnk
[2011/02/15 11:52:05 | 002,460,269 | ---- | C] () -- C:\Users\Kamal\Documents\dell inspiron 1721.pdf
[2011/02/15 11:05:53 | 000,002,179 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2011/02/15 09:03:34 | 000,001,948 | ---- | C] () -- C:\Users\Kamal\Desktop\AllMedia Grabber v5.1.lnk
[2011/02/14 16:39:31 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\FastStone Capture.lnk
[2011/02/14 16:37:01 | 000,009,723 | ---- | C] () -- C:\Users\Kamal\Desktop\ScreenHunter_01 Feb. 14 16.37.gif
[2011/02/14 08:59:57 | 000,000,954 | ---- | C] () -- C:\Users\Kamal\Application Data\Microsoft\Internet Explorer\Quick Launch\CDRWIN 8.lnk
[2011/02/14 08:59:57 | 000,000,930 | ---- | C] () -- C:\Users\Public\Desktop\CDRWIN 8.lnk
[2011/02/13 11:31:27 | 000,002,078 | ---- | C] () -- C:\Users\Kamal\Desktop\Kindle For PC.lnk
[2011/02/11 09:14:37 | 000,000,951 | ---- | C] () -- C:\Users\Public\Desktop\ScreenCamera.lnk
[2011/02/09 14:10:25 | 000,012,408 | ---- | C] () -- C:\Windows\SysWow64\Lnk.tlb
[2011/02/09 08:53:50 | 000,002,121 | ---- | C] () -- C:\Users\Kamal\Application Data\Microsoft\Internet Explorer\Quick Launch\mediAvatar DVD Converter.lnk
[2011/02/09 08:53:50 | 000,002,097 | ---- | C] () -- C:\Users\Public\Desktop\mediAvatar DVD Converter.lnk
[2011/02/08 17:05:49 | 000,002,290 | ---- | C] () -- C:\Users\Kamal\Desktop\MX-700 Editor.lnk
[2011/02/08 16:33:53 | 000,001,068 | ---- | C] () -- C:\Users\Kamal\Desktop\ReadWrite Arabic.lnk
[2011/02/08 16:32:29 | 000,000,016 | ---- | C] () -- C:\Windows\afct.dfc
[2011/02/08 16:31:24 | 000,001,109 | ---- | C] () -- C:\Users\Kamal\Desktop\Declan's Arabic FlashCards.lnk
[2011/02/07 08:51:32 | 000,001,850 | ---- | C] () -- C:\Users\Kamal\Desktop\Sound Editor Deluxe.lnk
[2011/02/03 08:52:06 | 000,001,003 | ---- | C] () -- C:\Users\Public\Desktop\Audio Recorder.lnk
[2011/02/03 08:52:00 | 000,000,064 | ---- | C] () -- C:\Users\Public\Desktop\Purchase Audio Recorder.url
[2011/02/01 08:59:45 | 000,000,256 | -H-- | C] () -- C:\Users\Kamal\AppData\Roaming\c1972b1a7030edbaa8a0231998d2d434906484f2
[2011/02/01 08:59:45 | 000,000,256 | -H-- | C] () -- C:\ProgramData\c1972b1a7030edbaa8a0231998d2d434906484f2
[2011/02/01 08:59:31 | 000,001,027 | ---- | C] () -- C:\Users\Public\Desktop\iSpring Presenter.lnk
[2011/01/31 17:44:23 | 000,026,112 | ---- | C] () -- C:\Users\Kamal\Documents\february%202011%20newsletter
[2011/01/31 14:05:28 | 000,002,183 | ---- | C] () -- C:\Users\Public\Desktop\Intel AppUp(SM) center.lnk
[2011/01/30 09:01:57 | 000,001,166 | ---- | C] () -- C:\Users\Kamal\Desktop\SnowFox Total Video Converter.lnk
[2011/01/21 12:30:06 | 000,311,296 | ---- | C] () -- C:\Windows\SysWow64\EMRegSys.dll
[2011/01/01 16:26:03 | 000,026,032 | ---- | C] () -- C:\Windows\SysWow64\IDriveEXceedCryReg.exe
[2011/01/01 16:25:59 | 000,055,808 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll
[2010/10/28 09:23:19 | 000,000,017 | ---- | C] () -- C:\Users\Kamal\AppData\Local\resmon.resmoncfg
[2010/10/03 16:59:04 | 000,000,000 | ---- | C] () -- C:\Users\Kamal\AppData\Roaming\wklnhst.dat
[2010/09/24 14:56:12 | 000,002,120 | ---- | C] () -- C:\Windows\citation.ini
[2010/09/22 07:46:27 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\ZLIB.DLL
[2010/09/16 12:37:39 | 000,003,115 | ---- | C] () -- C:\Users\Kamal\AppData\Roaming\SAS7_000.DAT
[2010/09/13 08:26:28 | 000,000,012 | ---- | C] () -- C:\Windows\Recorder.dat
[2010/09/09 15:10:07 | 000,747,602 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/09/02 08:32:17 | 001,774,720 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe
[2010/09/02 08:32:17 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe
[2010/09/02 08:32:17 | 000,014,848 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
[2010/09/02 08:32:17 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
[2010/09/02 08:32:17 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
[2010/08/14 16:58:29 | 000,000,871 | ---- | C] () -- C:\Windows\CDPlayer.ini
[2010/08/13 08:18:17 | 000,580,096 | ---- | C] () -- C:\Windows\SysWow64\lame.exe
[2010/08/13 08:18:17 | 000,131,176 | ---- | C] () -- C:\Windows\SysWow64\mp3gain.exe
[2010/08/13 08:18:17 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\akrip32.dll
[2010/08/13 08:18:16 | 000,307,200 | ---- | C] () -- C:\Windows\SysWow64\Mp3Ctrl.dll
[2010/08/11 08:40:47 | 000,075,776 | ---- | C] () -- C:\Windows\cadkasdeinst01e.exe
[2010/08/08 13:20:49 | 000,000,005 | ---- | C] () -- C:\Windows\SysWow64\SySATa.dat
[2010/08/08 13:20:44 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2010/07/29 08:57:00 | 000,110,602 | ---- | C] () -- C:\Windows\SysWow64\xcdsfx32.bin
[2010/07/24 08:04:06 | 000,153,600 | ---- | C] () -- C:\Windows\SysWow64\AI_ContextMenu.dll
[2010/07/06 06:51:30 | 000,000,007 | ---- | C] () -- C:\Windows\grabber4.dat
[2010/06/25 12:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2010/06/09 14:00:37 | 000,742,220 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/06/09 14:00:37 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/05/31 08:20:02 | 000,000,117 | ---- | C] () -- C:\Windows\iToolSoft PPT To Video.ini
[2010/05/31 08:20:02 | 000,000,058 | ---- | C] () -- C:\Windows\pro iToolSoft PPT To Video.ini
[2010/05/31 08:19:21 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\iToolSoft PPT To Video.dat
[2010/05/27 08:14:50 | 000,000,200 | ---- | C] () -- C:\Users\Kamal\AppData\Roaming\default.rss
[2010/05/22 20:39:32 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/05/15 07:16:41 | 000,000,140 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/04/30 07:34:47 | 000,120,320 | ---- | C] () -- C:\Windows\W2P_PreConvert.dll
[2010/04/17 16:41:25 | 000,000,110 | ---- | C] () -- C:\Windows\{7E7D778E-121D-4BBD-BA29-FAA81B9FBD8C}_WiseFW.ini
[2010/04/02 15:37:08 | 000,202,408 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/04/02 07:30:40 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/03/16 20:59:12 | 000,051,068 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2010/03/11 13:46:34 | 000,000,039 | ---- | C] () -- C:\Windows\Irremote.ini
[2010/03/10 21:01:50 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2010/03/10 21:01:50 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2010/03/10 21:01:50 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2010/03/10 21:01:50 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2010/03/10 21:01:50 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2010/03/10 21:01:50 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2010/03/10 21:01:50 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2010/03/10 21:01:50 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2010/03/10 21:01:50 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2010/03/10 21:01:50 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2010/03/10 21:01:50 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2010/03/10 21:01:50 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2010/03/10 21:01:50 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2010/03/10 21:01:50 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2010/03/10 21:01:50 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2010/03/10 21:01:50 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2010/03/10 20:24:10 | 000,000,044 | ---- | C] () -- C:\Windows\R300.ini
[2010/03/10 13:06:04 | 000,023,114 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/02/05 03:44:00 | 000,000,268 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2010/02/05 03:44:00 | 000,000,209 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
[2010/01/07 18:42:20 | 000,074,328 | ---- | C] () -- C:\Windows\SysWow64\drivers\bdisk.sys
[2009/11/21 19:29:26 | 000,870,544 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2009/11/21 19:29:26 | 000,127,896 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2009/11/21 18:34:52 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2009/11/21 18:34:52 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2009/09/29 18:25:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:59:36 | 001,498,564 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/05/27 12:10:56 | 000,508,200 | ---- | C] () -- C:\Windows\SysWow64\ICCProfiles.dll
[2007/10/01 16:13:12 | 001,511,424 | ---- | C] () -- C:\Windows\SysWow64\HDX4MediaReveal.dll
[2007/03/20 08:58:08 | 000,999,424 | ---- | C] () -- C:\Windows\SysWow64\FathMail.dll

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2010/04/23 17:24:41 | 000,375,054 | ---- | M] () -- C:\1.bmp
[2009/07/13 20:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2011/02/25 14:50:41 | 000,027,426 | ---- | M] () -- C:\ComboFix.txt
[2010/05/03 12:18:06 | 000,345,983 | ---- | M] () -- C:\Gallery.apk
[2011/02/25 18:07:43 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/28 08:02:52 | 000,000,186 | ---- | M] () -- C:\hpqlb.log
[2010/07/08 07:57:55 | 000,000,902 | ---- | M] () -- C:\net_save.dna
[2010/10/17 12:04:01 | 000,099,092 | ---- | M] () -- C:\P1005.log
[2010/10/17 11:26:42 | 001,838,845 | ---- | M] () -- C:\P10051.log
[2011/02/25 18:07:46 | 4083,007,488 | -HS- | M] () -- C:\pagefile.sys
[2011/01/17 10:49:26 | 018,420,224 | ---- | M] () -- C:\Pixo.msi
[2010/04/06 10:50:54 | 135,981,056 | ---- | M] () -- C:\PM95_Pers_ea_x64.msi
[2010/10/19 09:48:26 | 000,002,531 | ---- | M] () -- C:\RHDSetup.log
[2010/09/17 08:16:14 | 000,011,032 | ---- | M] () -- C:\Setup Log.txt
[2010/07/06 22:35:03 | 000,000,184 | ---- | M] () -- C:\setup.log
[2010/07/06 22:37:48 | 000,000,082 | ---- | M] () -- C:\SYNTPAD.LOG
[2011/02/25 19:22:16 | 000,073,222 | ---- | M] () -- C:\TDSSKiller.2.4.18.0_25.02.2011_19.20.56_log.txt
[2011/02/25 19:23:54 | 000,073,224 | ---- | M] () -- C:\TDSSKiller.2.4.18.0_25.02.2011_19.23.23_log.txt
[2010/07/02 18:54:15 | 000,001,036 | ---- | M] () -- C:\UsbRecovery.log

< %systemroot%\Fonts\*.com >
[2009/07/14 00:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 00:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 00:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 00:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 15:49:50 | 000,000,065 | -H-- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2001/05/07 17:14:22 | 000,303,104 | ---- | M] () -- C:\Windows\Film Factory.scr
[2010/09/22 23:32:56 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/13 23:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/03/11 07:59:37 | 000,000,221 | -HS- | M] () -- C:\Users\Kamal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/02/24 13:37:30 | 000,296,448 | ---- | M] () -- C:\Users\Kamal\Desktop\9sjzvlc6.exe
[2011/02/25 14:27:50 | 004,274,659 | R--- | M] () -- C:\Users\Kamal\Desktop\ComboFix.exe
[2011/02/24 14:05:44 | 000,080,384 | ---- | M] () -- C:\Users\Kamal\Desktop\MBRCheck.exe
[2011/02/26 09:00:53 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Kamal\Desktop\OTL.exe
[2011/02/21 11:09:14 | 001,372,248 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Kamal\Desktop\TDSSKiller.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 16:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/08/04 08:14:52 | 000,000,402 | -HS- | M] () -- C:\Users\Kamal\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2011/02/01 08:59:45 | 000,000,256 | -H-- | M] () -- C:\ProgramData\c1972b1a7030edbaa8a0231998d2d434906484f2
[2011/02/25 18:09:29 | 000,000,190 | ---- | M] () -- C:\ProgramData\HPWALog.txt
[2010/03/10 13:06:32 | 000,000,363 | ---- | M] () -- C:\ProgramData\hpzinstall.log
[2010/02/05 03:57:34 | 000,000,032 | ---- | M] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2010/01/15 22:53:12 | 000,000,109 | ---- | M] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2010/02/05 03:57:05 | 000,000,032 | ---- | M] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2010/01/15 22:50:14 | 000,000,105 | ---- | M] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2010/02/05 03:56:33 | 000,000,032 | ---- | M] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2010/02/05 03:57:22 | 000,000,032 | ---- | M] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2010/01/15 22:49:29 | 000,000,107 | ---- | M] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2010/01/15 22:52:38 | 000,000,110 | ---- | M] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2010/02/05 03:57:40 | 000,000,105 | ---- | M] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 256 bytes -> C:\ProgramData:iSpring Presenter 5
@Alternate Data Stream - 205 bytes -> C:\ProgramData\Temp:F35A93AD
@Alternate Data Stream - 183 bytes -> C:\ProgramData\Temp:820563D3
@Alternate Data Stream - 176 bytes -> C:\ProgramData\Temp:B1CD2545
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:3997CB5F
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:7FDCA119

< End of report >

kiddk · 2011/02/26

OTL Extras logfile created on: 2/26/2011 9:01:52 AM - Run 1
OTL by OldTimer - Version 3.2.22.0 Folder = C:\Users\Kamal\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.99 Gb Total Space | 220.09 Gb Free Space | 48.59% Space Free | Partition Type: NTFS
Drive D: | 12.48 Gb Total Space | 2.08 Gb Free Space | 16.66% Space Free | Partition Type: NTFS
Drive E: | 99.02 Mb Total Space | 95.37 Mb Free Space | 96.31% Space Free | Partition Type: FAT32
Drive P: | 199.00 Mb Total Space | 156.86 Mb Free Space | 78.83% Space Free | Partition Type: NTFS

Computer Name: KAMAL-PC | User Name: Kamal | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll ",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll ",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\PROGRA~2\MEDIAM~1\MEDIAM~2.EXE" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\PROGRA~2\MEDIAM~1\MEDIAM~2.EXE" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\PROGRA~2\MEDIAM~1\MEDIAM~2.EXE" /ADD "%1" (Ventis Media Inc.)
Directory [takeownership] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1 ",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\PROGRA~2\MEDIAM~1\MEDIAM~2.EXE" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\PROGRA~2\MEDIAM~1\MEDIAM~2.EXE" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\PROGRA~2\MEDIAM~1\MEDIAM~2.EXE" /ADD "%1" (Ventis Media Inc.)
Directory [takeownership] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}" = Zune Language Pack (FR)
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C682623-8F66-46A8-B9B3-93FE1E66A001}" = iTunes
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1E3CA1C4-1E90-401B-8CC0-911DF018D8D8}" = AllWebMenus PRO 5.3.840
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java(TM) 6 Update 17 (64-bit)
"{2D7ED2A0-9553-412B-939F-D6E0AEB2ABE1}" = ISO Recorder
"{370BCBBA-67D7-4535-ADCD-58CD1C8DEC99}" = Zune Language Pack (DE)
"{40EC6323-497B-44DA-8A88-74578622D9B3}" = Zune Language Pack (IT)
"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{47E5588F-C3A0-11DE-9857-005056C00008}" = Paragon Partition Manager™ 2010 Free Edition
"{4A5A427F-BA39-4BF0-9A47-7777FBE60C9F}" = Visual C++ Runtime for Dragon NaturallySpeaking 64bit (x64)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{830508B3-8D57-4B46-A5E6-2CF7C60827C3}" = Macrium Reflect - Free Edition
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{888FFC82-688D-46AB-A776-B417885432B6}" = Zune
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
"{99D1FFD1-1EFE-4FA0-B225-5815E039BB25}" = O&O DiskStat Professional
"{9B7B20F4-6504-47FB-A061-308840E175D8}" = Nitro PDF Professional
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BF50CF00-7CE6-11DE-A06C-005056C00008}" = Paragon Virtualization Manager™ 9.5
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBCF0030-9149-11DE-B8B6-005056C00008}" = Paragon Drive Copy™ 10 Personal SE
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E77543EE-6FB5-4FF6-AB70-635392C8C756}" = Microsoft Security Client
"{EE4ACABF-531E-419A-9225-B8E0FA4955AF}" = Zune Language Pack (ES)
"{F3D7AC17-1FF4-41A8-BB18-3FC39C65AEB9}" = RtVOsd
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.17
"doPDF 6 printer_is1" = doPDF 6.3 printer
"EPSON Printer and Utilities" = EPSON Printer Software
"FlashBoot_is1" = FlashBoot 2.0u
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Recuva" = Recuva
"SAMSUNG Android USB Modem" = SAMSUNG Android USB Modem Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Speccy" = Speccy
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.00 beta 4 (64-bit)
"ZonerPhotoStudio13_EN_is1" = Zoner Photo Studio 13
"Zune" = Zune

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{027B7883-3778-4E8C-B3FA-0A28A3209D32}" = Pixo
"{07E49BC1-24FF-4D7A-AC74-727BE95801AF}" = LightScribe System Software
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08DB3902-2CE0-474D-BCE3-0177766CE9F1}" = HP Support Assistant
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C127331-DAFB-4797-BAAE-1F3D042030CC}" = PhotoFilter 1.0
"{10479E5C-2EC2-4A70-A816-4B0FF3D90FCD}_is1" = 3D Ebook Cover 1.0
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19C64880-BBCA-11D4-9EEE-0004ACDDDB3B}" = CyberLink InstantBurn
"{19FDEED8-3016-4862-A430-AB2B41D5C322}" = iSpring Presenter 5
"{1DCE6389-E294-11D5-80D0-00104BF87660}" = MX-700 Editor
"{1E1DFF42-2EE8-4852-A7AB-C5174321D68F}" = Paragon System Backup 9.5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2133CB3F-F891-4081-8681-FEE2B2419FF4}" = Orb Runtime libraries
"{23170F69-40C1-2701-0465-000001000000}" = 7-Zip 4.65
"{23D4A873-14FF-474E-0001-6529DDC11226}" = CDRWIN 8
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 20
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28AAE1A9-FC44-47AB-93F8-B4695A1BE908}" = SnagIt Screen Capture Plugin for Windows Live Writer
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{29205904-A7A8-4545-0001-697935602C90}" = SimplyGoodPictures
"{2AEDC172-479F-47AE-8A48-A0524D4AED5B}_is1" = Inpaint 3.0
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{30283233-3BE6-473D-A47C-ED964A2F78B4}_is1" = Inpaint 2.4
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3577E42B-3347-4EB8-BFDA-D36E8ED3C519}" = Windows 7 USB/DVD Download Tool
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3A9FE5C3-799E-4E41-AF4E-943F9BC4C4BD}_is1" = All My Books 1.9 FULL for GOTD
"{3D122AF9-1E02-4035-8003-334D378C1B62}_is1" = PDF OCR 4.0
"{3E50F28A-86D8-4DA5-8850-C55684574F86}" = Ript
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{43523FEF-9D8E-4572-BB11-0E914D366E0A}" = LightScribe Template Labeler
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{46552BC3-52B6-404c-9B42-CE536AB719FD}_is1" = Ashampoo Home Designer1.0.0
"{47D7C9B8-BD44-4D2E-9040-E946477B2F9A}" = Microsoft Live Search Toolbar
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4D5927FF-F3A0-4E03-9DE9-8265499164CF}" = HP User Guides
"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA player 5.0
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{54B4FDFB-9345-4EC9-AA2B-B1476A8B20EF}_is1" = iCare Format Recovery Software1.2
"{54E6E975-E089-4575-BD33-64DC10022D46}" = Magic Collage
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A937F04-F71A-47A3-A98A-F576BA9A39DF}_is1" = Easy Photo Sorter version 2.6
"{5F83C9D9-9EC3-4857-B8C9-75DE4187EDF9}" = wGXe Data Recovery Professional
"{61F25370-7465-4404-BE28-4629BF808699}" = LightScribe Applications
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{64C85B95-E971-4705-B3ED-D4A0153C0D5B}" = SAMSUNG USB Driver for Mobile Phones V5.2.0.0
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{67ED38A3-4882-448B-B44D-3428AB00D7D5}" = Acronis*True*Image*Home
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6873814C-1E89-4ADC-A0D6-CEEE306A6416}_is1" = Audio Recorder 1.5
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6D308A90-6C14-4A02-9B04-CB0EF17894A9}_is1" = Picture Collage Maker Pro 2.2.8
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7452472E-FC85-4AEB-8B67-24C63ECCF5C8}" = LeapFrog Leapster2 Plugin
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{7E7D778E-121D-4BBD-BA29-FAA81B9FBD8C}" = LeapFrog Connect
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86B3F2D6-AC2B-0014-8AE1-F2F77F781B0C}" = EndNote X4
"{86C0E2A3-1EDA-4F01-A43D-80DA8642813C}_is1" = GameTap Web Player
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{88D68A69-D247-466B-90DD-575F6BE16230}_is1" = CardRecovery 5.30
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{97E988A2-0834-4284-B12B-991835E7CB70}" = SamsungSimpleDL
"{986A654F-F1E4-11DD-9FCA-005056C00008}" = Paragon Partition Manager™ 11 SE Personal
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BF42FDC-FFD3-4F30-B0D5-DA8A6E5316F7}_is1" = Total Screen Recorder Gold 1.5
"{9C8C8E51-4A2A-476D-9B0C-C7EF3440F8F0}" = COMODO BackUp
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C0724A-649C-4953-BF1E-F783036969E9}" = FormatFactory
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A89768CF-CD21-44FD-A723-16D5A8557415}" = NEF Codec
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2010.03.11
"{ABD2F9F4-A0EA-4563-B410-95F4EAB9C04E}" = xVideoServiceThief
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.2 MUI
"{ADD5DB49-72CF-11D8-9D75-000129760D75}" = CyberLink PowerBackup
"{AEDCF58F-C95F-4E44-B764-48F0BDCD4786}" = Dr Paper 4
"{AF766933-2E99-4D86-916E-FEA0A482B89E}_is1" = Photo Magician Converter 1.0.0.5
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B9FDEDF1-DD77-42BD-B2BD-ABCB30655C73}_is1" = Virtual Audio Streaming 1.0
"{C3208FCF-EAF5-43EE-972B-812DEA54FC72}_is1" = 1AVCenter version 2.2.7.21
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C3C23D52-4FE6-484D-9A8C-B0A6E2803655}}_is1" = Aneesoft Flash Gallery Classic GOTD Edition
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CD79CE4F-A5E5-11DF-AD00-005056C00008}" = Paragon Backup & Recovery™ 10 Home Special Edition
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D16A31F9-276D-4968-A753-FFEAC56995D0}" = Epson Print CD
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D47A18EF-38BC-4951-A344-9800D3BF4D53}_is1" = ScreenCamera version 2.2.3.11
"{D7AC932D-297F-46C8-9834-FA23854CC150}_is1" = MKV Converter Studio V2.0.1
"{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}" = Adobe Shockwave Player
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE626616-D7C4-4F00-7E0B-EAF26FA65749}" = muvee Reveal
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}" = Windows Media Center Add-in for Flash
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E7712E53-7A7F-46EB-AA13-70D5987D30F2}" = Dragon NaturallySpeaking 10
"{E9ED0801-253D-4FE9-AB20-F63DEFE72547}" = SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F1191B7E-84BF-4325-9FFD-80BD8996ED4B}" = MorphVOX Junior
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F9A43C0C-F274-4EC0-B02E-202C15C09C00}" = HP Wireless Assistant
"{FAAEB46F-6BEE-409B-8983-264C21B9C415}" = Pixo
"{FC274982-5AAD-4C20-848D-4424A5043009}_is1" = WinUtilities 9.66 Pro
"{FC279721-37A6-4777-AFD8-7A56681EBA14}" = eXPert PDF 6
"{FC9FED7B-11C5-4BAA-AAF0-395AD111EE92}_is1" = Scanitto Pro
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"3D Text_is1" = 3D Text 1.00
"8089B79E-5E25-4872-8AC9-058E5F5599EC_is1" = iTunes Sync 1.5.1
"Absolute Audio Converter_is1" = Absolute Audio Converter 4.1
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"Aimersoft Video Converter Std_is1" = Aimersoft Video Converter Std(Build 4.0.2.0)
"Aiseesoft Blu-ray Ripper_is1" = Aiseesoft Blu-ray Ripper
"Aiseesoft MP4 Converter Suite_is1" = Aiseesoft MP4 Converter Suite
"Aiseesoft Streaming Video Recorder_is1" = Aiseesoft Streaming Video Recorder
"Aiseesoft Total Media Converter_is1" = Aiseesoft Total Media Converter 5.2.30
"Aiseesoft Total Video Converter_is1" = Aiseesoft Total Video Converter
"AllMedia Grabber5.0" = AllMedia Grabber
"AllMedia Grabber5.1" = AllMedia Grabber
"AllMySongs Database1.3" = AllMySongs Database
"Almeza MultiSet Professional_is1" = Almeza MultiSet Professional 7.8.1
"Amazon Kindle For PC" = Amazon Kindle For PC
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10
"Artensoft Photo Mosaic Wizard_is1" = Artensoft Photo Mosaic Wizard
"Ashampoo Burning Studio 2010 Advanced_is1" = Ashampoo Burning Studio 2010 Advanced
"Ashampoo Photo Commander 7_is1" = Ashampoo Photo Commander 7.40
"ASTRA32_is1" = ASTRA32 - Advanced System Information Tool 2.08
"Astroburn Pro" = Astroburn Pro
"Atmosphere Lite Plus_is1" = Atmosphere Lite Plus v6.0
"AudibleDownloadManager" = Audible Download Manager
"AudibleManager" = AudibleManager
"Audio Speed Changer Pro" = Audio Speed Changer Pro 1.2
"AV MP3 Player-Morpher" = AV MP3 Player-Morpher
"BitComet" = BitComet 1.21
"Boxoft Screen OCR_is1" = Boxoft Screen OCR 1.2.1
"BurnAware Free_is1" = BurnAware Free 3.0.1
"BurnPro_is1" = BurnPro Version 5.1.1
"BurnWorld.Com BurnOn CD&DVD_is1" = BurnOn CD&DVD, Version 3.1.3 ( Build 2009-2-22, Win32, )
"Caisdata Software - Foxonic Professional_is1" = Foxonic Professional 4.0 (build 0077)
"Canon RAW Codec" = Canon RAW Codec
"CCleaner" = CCleaner
"Cleanse Uninstaller Pro 6.5" = Cleanse Uninstaller Pro 6.5
"Codec Checker" = Codec Checker
"CoverCreator_is1" = CoverCreator 4.2
"Daniusoft DVD Creator_is1" = Daniusoft DVD Creator(Build 1.5.1.25)
"Declan's Arabic FlashCards_is1" = Declan's Arabic FlashCards v1.6
"Digital Physiognomy" = Digital Physiognomy (remove only)
"DoubleSafety" = DoubleSafety
"Driver Magician_is1" = Driver Magician 3.5
"DVD Flick_is1" = DVD Flick 1.3.0.7
"DVDFab 8_is1" = DVDFab 8.0.7.2 (26/01/2011)
"DzSoftWebPhotoResizer_is1" = Quick Image Resizer 2.7.1
"EarthSoft Audio Jukebox_is1" = EarthSoft Audio Jukebox 1.0.0
"EASEUS Partition Master Professional Edition_is1" = EASEUS Partition Master 6.1.1 Professional
"easyQuizzy_is1" = easyQuizzy 1.8
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Episode 1" = Back to the Future The Game - Episode 1
"ExifCleaner" = ExifCleaner 1.5
"FastStone Capture" = FastStone Capture 5.3
"FastStone Image Viewer" = FastStone Image Viewer 4.1
"FastStone Photo Resizer" = FastStone Photo Resizer 2.8
"Film Factory" = Film Factory
"Flash Video Capture_is1" = Flash Video Capture 4.2.0 build 4557
"Focus CD Cover Maker_is1" = Focus CD Cover Maker 1.9
"FormatFactory" = FormatFactory 2.30
"Freecorder Toolbar" = Freecorder Toolbar
"Freecorder4.02" = Freecorder 4.02 Application
"Handbrake" = Handbrake 0.9.4
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"iCare Data Recovery_is1" = iCare Data Recovery 4.1
"IDrive_is1" = IDrive version 3.3.4 December 29, 2010
"ImageConverter Plus_is1" = ImageConverter Plus 8.0
"InfraRecorder" = InfraRecorder
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{97E988A2-0834-4284-B12B-991835E7CB70}" = SamsungSimpleDL
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"InstallShield_{E9ED0801-253D-4FE9-AB20-F63DEFE72547}" = SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
"Intel AppUp(SM) center 13747" = Intel AppUp(SM) center
"IObit Security 360_is1" = IObit Security 360
"iPhoneVideoConverterFactoryPro" = iPhone Video Converter Factory Pro
"ISOBuddy" = ISOBuddy
"iToolSoft PPT To Video_is1" = iToolSoft PPT To Video V3.1.1.2
"JPG2PDF_is1" = JPG2PDF 2.2
"Leapster2Plugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster2 Plugin)
"MagicScore_is1" = Music Making
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MAXA Security Tools_is1" = MAXA Security Tools 2.2
"MediaMonkey_is1" = MediaMonkey 3.2
"mediAvatar DVD Converter" = mediAvatar DVD Converter
"mediAvatar HD Video Converter" = mediAvatar HD Video Converter
"mediAvatar YouTube Video Converter" = mediAvatar YouTube Video Converter
"Mendeley Desktop" = Mendeley Desktop 0.9.7.1
"merge_is1" = Merge Version 2.1
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Mp3tag" = Mp3tag v2.46a
"MusicBrainz Picard" = MusicBrainz Picard
"Nature Illusion Studio" = Nature Illusion Studio
"Ncesoft Flip Book Maker_is1" = Ncesoft Flip Book Maker 2.3.1
"Opanda IExif_is1" = Opanda IExif 2.3
"Opanda PowerExif Professional Trial_is1" = Opanda PowerExif 1.2 Professional Trial
"Orb" = Orb
"PCHand Media Converter Pro_is1" = PCHand Media Converter Pro 1.2.0.0
"PCHand Screen Capture_is1" = PCHand Screen Capture 1.8.0.2
"PCHand Screen Recorder_is1" = PCHand Screen Recorder 1.8.5.4
"PDFZilla_is1" = PDFZilla V1.2.9
"PicPick" = PicPick
"ReadWrite Arabic_is1" = ReadWrite Arabic version 1.3
"RealPlayer 12.0" = RealPlayer
"ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper
"Simpo Word to PDF (GOTD Version)_is1" = Simpo Word to PDF 2.0.0.5
"SnowFox DVD Ripper_is1" = SnowFox DVD Ripper 1.7.0.3
"SnowFox Total Video Converter_is1" = SnowFox Total Video Converter 2.8.1.1
"Sound Editor Deluxe_is1" = Sound Editor Deluxe v6.0.1
"Start Menu 7_is1" = Start Menu 7 3.84
"TagScanner_is1" = TagScanner 5.1 build 594
"ThunderSoft Flash to Video Converter_is1" = ThunderSoft Flash to Video Converter (1.1.5.1)
"Ultima Steganography_is1" = Ultima Steganography 1.1
"UltraISO_is1" = UltraISO Premium V9.36
"UPCShell" = LeapFrog Connect
"UseNeXT_is1" = UseNeXT
"Web Page Maker_is1" = Web Page Maker V3.21
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"WinRAR archiver" = WinRAR archiver
"Winstep Xtreme_is1" = Nexus Ultimate 10.7
"WinX Cell Phone Video Converter GOTD Edition_is1" = WinX Cell Phone Video Converter 4.0
"WinX DVD Author_is1" = WinX DVD Author 5.5.1
"WinX HD Video Converter Deluxe GOTD Edition_is1" = WinX HD Video Converter Deluxe 3.7
"Wondershare DemoCreator (Build 3.0.6)_is1" = Wondershare DemoCreator (Build 3.0.6)
"Wondershare DVD Ripper Platinum_is1" = Wondershare DVD Ripper Platinum(Build 4.4.2.0)
"Wondershare DVD Slideshow Builder Standard_is1" = Wondershare DVD Slideshow Builder Standard(Build 6.0.4.25)
"Wondershare Flash Gallery Factory Standard_is1" = Wondershare Flash Gallery Factory Standard 4.8.0.1
"Wondershare Photo Collage Studio GOTD Edition_is1" = Wondershare Photo Collage Studio 4.2.13.3
"Wondershare PPT2Video Pro_is1" = Wondershare PPT2Video Pro 6.1.8
"Xilisoft DVD Ripper Ultimate 5" = Xilisoft DVD Ripper Ultimate
"Xilisoft HD Video Converter" = Xilisoft HD Video Converter 6
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Mail Advisor" = Yahoo! Mail Advisor
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager
"Your monster voice 1" = Your monster voice 1
"Youtube Music Downloader_is1" = Youtube Music Downloader V3.2
"Zortam Mp3 Media Studio_is1" = Zortam Mp3 Media Studio 11.10
"ZW Photo Printer_is1" = ZW Photo Printer 2.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1010354556-1421586041-659686246-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CopyTrans Suite" = CopyTrans Suite Remove Only
"Dropbox" = Dropbox
"ExeIcon3DBox" = ExeIcon.com 3D Box Maker (remove only)
"f031ef6ac137efc5" = Dell Driver Download Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/24/2011 9:19:47 PM | Computer Name = Kamal-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5311288

Error - 2/24/2011 9:19:48 PM | Computer Name = Kamal-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2/24/2011 9:19:48 PM | Computer Name = Kamal-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5312302

Error - 2/24/2011 9:19:48 PM | Computer Name = Kamal-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5312302

Error - 2/24/2011 9:19:49 PM | Computer Name = Kamal-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2/24/2011 9:19:49 PM | Computer Name = Kamal-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5313316

Error - 2/24/2011 9:19:49 PM | Computer Name = Kamal-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5313316

Error - 2/24/2011 9:41:48 PM | Computer Name = Kamal-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2/25/2011 9:47:42 AM | Computer Name = Kamal-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1123

Error - 2/25/2011 9:47:42 AM | Computer Name = Kamal-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1123

[ Hewlett-Packard Events ]
Error - 5/18/2010 7:27:42 PM | Computer Name = Kamal-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 7/6/2010 11:11:23 PM | Computer Name = Kamal-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 7/6/2010 11:11:23 PM | Computer Name = Kamal-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 7/17/2010 8:36:53 AM | Computer Name = Kamal-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a()

Error - 9/8/2010 8:38:18 AM | Computer Name = Kamal-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a()

Error - 10/5/2010 10:09:28 AM | Computer Name = Kamal-PC | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\101005100924.xml
File not created by asset agent

Error - 11/9/2010 4:50:08 PM | Computer Name = Kamal-PC | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\111009034936.xml
File not created by asset agent

Error - 1/25/2011 11:30:43 AM | Computer Name = Kamal-PC | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\011125103029.xml
File not created by asset agent

Error - 2/23/2011 9:57:20 AM | Computer Name = Kamal-PC | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\021123085648.xml
File not created by asset agent

Error - 2/23/2011 9:57:52 AM | Computer Name = Kamal-PC | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\021123085720.xml
File not created by asset agent

[ Media Center Events ]
Error - 3/11/2010 7:56:47 PM | Computer Name = Kamal-PC | Source = MCUpdate | ID = 0
Description = 6:56:47 PM - Error connecting to the internet. 6:56:47 PM - Unable
to contact server..

[ System Events ]
Error - 9/9/2010 8:09:04 PM | Computer Name = Kamal-PC | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description = Encrypted volume check: Volume information on \\?\Volume{eac23ace-2cb0-11df-aa72-806e6f6e6963}
cannot be read.

Error - 9/9/2010 8:09:06 PM | Computer Name = Kamal-PC | Source = Service Control Manager | ID = 7023
Description = The NMSAccessU service terminated with the following error: %%231

Error - 9/9/2010 8:09:08 PM | Computer Name = Kamal-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASDIFSV SASKUTIL

Error - 9/9/2010 8:09:33 PM | Computer Name = Kamal-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.

Error - 9/9/2010 8:09:33 PM | Computer Name = Kamal-PC | Source = Service Control Manager | ID = 7000
Description = The SASKUTIL service failed to start due to the following error: %%1275

Error - 9/9/2010 8:09:33 PM | Computer Name = Kamal-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.

Error - 9/9/2010 8:09:33 PM | Computer Name = Kamal-PC | Source = Service Control Manager | ID = 7000
Description = The SASDIFSV service failed to start due to the following error: %%1275

Error - 9/9/2010 8:09:38 PM | Computer Name = Kamal-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR2.

Error - 9/9/2010 8:10:38 PM | Computer Name = Kamal-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.

Error - 9/9/2010 8:10:38 PM | Computer Name = Kamal-PC | Source = Service Control Manager | ID = 7000
Description = The SASKUTIL service failed to start due to the following error: %%1275

< End of report >

broni · 2011/02/26

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.

Accept any prompts.

================================================================

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
@Alternate Data Stream - 256 bytes -> C:\ProgramData:iSpring Presenter 5
@Alternate Data Stream - 205 bytes -> C:\ProgramData\Temp:F35A93AD
@Alternate Data Stream - 183 bytes -> C:\ProgramData\Temp:820563D3
@Alternate Data Stream - 176 bytes -> C:\ProgramData\Temp:B1CD2545
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:3997CB5F
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:7FDCA119


:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
===============================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

IMPORTANT! UN-check Remove found threats

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, push List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.

kiddk · 2011/02/26

All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
ADS C:\ProgramData:iSpring Presenter 5 deleted successfully.
ADS C:\ProgramData\Temp:F35A93AD deleted successfully.
ADS C:\ProgramData\Temp:820563D3 deleted successfully.
ADS C:\ProgramData\Temp:B1CD2545 deleted successfully.
ADS C:\ProgramData\Temp:3997CB5F deleted successfully.
ADS C:\ProgramData\Temp:7FDCA119 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Kamal
->Temp folder emptied: 5543393 bytes
->Temporary Internet Files folder emptied: 10526621 bytes
->Java cache emptied: 14454 bytes
->FireFox cache emptied: 43979739 bytes
->Flash cache emptied: 2448 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 90611 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 57.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default

User: Default User

User: Kamal
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.22.0 log created on 02262011_192514

Files\Folders moved on Reboot...
C:\Users\Kamal\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Kamal\AppData\Local\Temp\~DF3197C800B081CEE6.TMP not found!
File\Folder C:\Users\Kamal\AppData\Local\Temp\~DF5B90D723C1608ECB.TMP not found!
File\Folder C:\Users\Kamal\AppData\Local\Temp\~DF6E798CC7157A2DFD.TMP not found!
File\Folder C:\Users\Kamal\AppData\Local\Temp\~DFF36FE301DBD18DE5.TMP not found!
C:\Users\Kamal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UY9Z2W2Q\97945-active-windows-7-checking-updates-but-doesnt-update-info-included[1].html moved successfully.
C:\Users\Kamal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UY9Z2W2Q\clk[1].htm moved successfully.
C:\Users\Kamal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UY9Z2W2Q\iframe3[1].htm moved successfully.
C:\Users\Kamal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UY9Z2W2Q\iframe3[2].htm moved successfully.
C:\Users\Kamal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UY9Z2W2Q\iframe3[3].htm moved successfully.
C:\Users\Kamal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UY9Z2W2Q\st[1] moved successfully.
C:\Users\Kamal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UY9Z2W2Q\st[2] moved successfully.
C:\Users\Kamal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UY9Z2W2Q\st[3] moved successfully.
File move failed. C:\Users\Kamal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JS4XS95B\3D1298766162666327%252FK%253Dz5UyV7_3FlA5_UlcD.cE7Q%252FA%253D6261169%252FR%253D0%252F%252A%2524%2Chttp%253A%252F%252Fus.mc1107.mail.yahoo.com%252Fmc%252Fmd[1].htm scheduled to be moved on reboot.
C:\Users\Kamal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JS4XS95B\fmr[1].htm moved successfully.
C:\Users\Kamal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JS4XS95B\md[1].htm moved successfully.
C:\Users\Kamal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JS4XS95B\track_click[1].htm moved successfully.
C:\Users\Kamal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CJ4UXD9M\data_sync[1].htm moved successfully.
C:\Users\Kamal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CJ4UXD9M\iframescript[1].htm moved successfully.
C:\Users\Kamal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CJ4UXD9M\st[1] moved successfully.
C:\Users\Kamal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CJ4UXD9M\st[2] moved successfully.
C:\Users\Kamal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9MGEEICE\iframe3[1].htm moved successfully.
C:\Users\Kamal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9MGEEICE\iframe3[2].htm moved successfully.
C:\Users\Kamal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9MGEEICE\welcome[1].htm moved successfully.
C:\Users\Kamal\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...

kiddk · 2011/02/26

Results of screen317's Security Check version 0.99.7
Windows 7 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
ExifCleaner 1.5
Java(TM) 6 Update 24
Out of date Java installed!
Adobe Flash Player 10.2.152.26
Adobe Reader 9.4.2 MUI
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.13)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
Microsoft Security Client Antimalware NisSrv.exe
Kamal Desktop SecurityCheck.exe
Kamal AppData Local Temp\RarSFX0\SecurityCheck\Objlist.exe
``````````End of Log````````````

broni · 2011/02/26

Update Adobe Reader

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.

...and Eset...

kiddk · 2011/02/27

ESET SCAN

C:\Program Files (x86)\Windows Live\Messenger\msimg32.dll Win32/Toolbar.MyWebSearch application
C:\Users\Kamal\Downloads\Setup_FreeFlvConverter.exe multiple threats
C:\Users\Kamal\Downloads\Setup_FreeFlvConverterN.exe Win32/Adware.Toolbar.Dealio application
C:\Users\Kamal\Downloads\Downloads_\GRTDeletedRecovery.zip probably a variant of Win32/TrojanDownloader.Adload.MLVUAFM trojan
C:\Users\Kamal\Downloads\NERO 9 FREE\Nero-9.4.12.3_free.exe Win32/Toolbar.AskSBar application
C:\Users\Kamal\Downloads\Plato Video Converter\PlatoVideoConvert.exe multiple threats
C:\Users\Kamal\Downloads\voice changer\mp3morpher.rar Win32/Adware.Toolbar.Dealio application

broni · 2011/02/27

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL

:Services

:Reg

:Files
C:\Program Files (x86)\Windows Live\Messenger\msimg32.dll 
C:\Users\Kamal\Downloads\Setup_FreeFlvConverter.exe 
C:\Users\Kamal\Downloads\Setup_FreeFlvConverterN.exe 
C:\Users\Kamal\Downloads\Downloads_\GRTDeletedRecovery.zip 
C:\Users\Kamal\Downloads\NERO 9 FREE\Nero-9.4.12.3_free.exe 
C:\Users\Kamal\Downloads\Plato Video Converter\PlatoVideoConvert.exe 
C:\Users\Kamal\Downloads\voice changer\mp3morpher.rar

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
===============================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:
Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]
Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.

Close all other programs apart from OTL as this step will require a reboot

On the OTL main screen, press the CLEANUP button

Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how your computer is doing.

kiddk · 2011/02/27

All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Program Files (x86)\Windows Live\Messenger\msimg32.dll moved successfully.
C:\Users\Kamal\Downloads\Setup_FreeFlvConverter.exe moved successfully.
C:\Users\Kamal\Downloads\Setup_FreeFlvConverterN.exe moved successfully.
C:\Users\Kamal\Downloads\Downloads_\GRTDeletedRecovery.zip moved successfully.
C:\Users\Kamal\Downloads\NERO 9 FREE\Nero-9.4.12.3_free.exe moved successfully.
C:\Users\Kamal\Downloads\Plato Video Converter\PlatoVideoConvert.exe moved successfully.
C:\Users\Kamal\Downloads\voice changer\mp3morpher.rar moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Kamal
->Temp folder emptied: 4897064 bytes
->Temporary Internet Files folder emptied: 50825299 bytes
->Java cache emptied: 12044 bytes
->FireFox cache emptied: 20121834 bytes
->Flash cache emptied: 3602 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 76643 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 72.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default

User: Default User

User: Kamal
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.22.0 log created on 02272011_164541

Files\Folders moved on Reboot...
C:\Users\Kamal\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Kamal\AppData\Local\Temp\~DF776B9478BF35A1B3.TMP not found!
File\Folder C:\Users\Kamal\AppData\Local\Temp\~DF9FEF1ED8019C3E1F.TMP not found!
File\Folder C:\Users\Kamal\AppData\Local\Temp\~DFA65EA6037F0AA935.TMP not found!
File\Folder C:\Users\Kamal\AppData\Local\Temp\~DFCB33F4FFC30402A3.TMP not found!
File\Folder C:\Users\Kamal\AppData\Local\Temp\~DFD0C06ACDEDB77A59.TMP not found!
File\Folder C:\Users\Kamal\AppData\Local\Temp\~DFEB03B2FE701D0872.TMP not found!
File\Folder C:\Users\Kamal\AppData\Local\Temp\~DFF3BA234EBD8F0083.TMP not found!
File\Folder C:\Users\Kamal\AppData\Local\Temp\~DFFF05721C82C49811.TMP not found!
C:\Users\Kamal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W4XH58OZ\97945-active-windows-7-checking-updates-but-doesnt-update-info-included-2[1].html moved successfully.
C:\Users\Kamal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OF3Q7122\iframescript[1].htm moved successfully.
C:\Users\Kamal\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...

Log in or Sign up

Solved Windows 7 Checking for updates but doesnt update info included

kiddk Inactive Thread Starter

kiddk Inactive Thread Starter

broni Moderator Malware Analyst

kiddk Inactive Thread Starter

broni Moderator Malware Analyst

kiddk Inactive Thread Starter

kiddk Inactive Thread Starter

broni Moderator Malware Analyst

kiddk Inactive Thread Starter

broni Moderator Malware Analyst

kiddk Inactive Thread Starter

kiddk Inactive Thread Starter

kiddk Inactive Thread Starter

broni Moderator Malware Analyst

kiddk Inactive Thread Starter

kiddk Inactive Thread Starter

broni Moderator Malware Analyst

kiddk Inactive Thread Starter

broni Moderator Malware Analyst

kiddk Inactive Thread Starter

Share This Page

Log in or Sign up

Solved Windows 7 Checking for updates but doesnt update info included

kiddk Inactive Thread Starter

kiddk Inactive Thread Starter

broni Moderator Malware Analyst

kiddk Inactive Thread Starter

broni Moderator Malware Analyst

kiddk Inactive Thread Starter

kiddk Inactive Thread Starter

broni Moderator Malware Analyst

kiddk Inactive Thread Starter

broni Moderator Malware Analyst

kiddk Inactive Thread Starter

kiddk Inactive Thread Starter

kiddk Inactive Thread Starter

broni Moderator Malware Analyst

kiddk Inactive Thread Starter

kiddk Inactive Thread Starter

broni Moderator Malware Analyst

kiddk Inactive Thread Starter

broni Moderator Malware Analyst

kiddk Inactive Thread Starter

Share This Page

Useful Searches