Possibly malware: Profile Viewer - 5

ndandanov · May 28, 2013

Hello,

A family member has downloaded this executable file while browsing Facebook: Profile Viewer - 5.exe. Then has tried to run it, clicked the "Run" button when prompted by Windows 7, but nothing has seemed to happen. However, the executable has installed a program named "Update" which seems to be posting on Facebook it's download links. I removed the program via "Programs and Features" in the Control panel of Windows, but would like to scan for additional files left. One of the reasons is because Google Chrome now displays ads in the bottom left corner (something similar like here http://forums.malwar...pic=116729). I installed AdBlock plus which is dealing well with the problem, but it doesn't eliminate it's source.

I have avast Internet Security and Malwarebytes Anti-malware PRO installed, but only avast is running in the background. Both programs reported neither infected executable file (the one that was downloaded), nor any infected files (with the quick scans). This is why I came across this forum and in particular, http://forums.malwar...topic=9573.

Please note that uTorrent is rarely running.

I'm posting DDS.txt:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16483 BrowserJavaVersion: 10.9.2
Run by Dandanovi at 15:14:43 on 2013-05-28
Microsoft Windows 7 Ultimate 6.1.7601.1.1251.359.1033.18.4094.2005 [GMT 3:00]
.
AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ABBYY\FineReader\11.00\Licensing\CE\NetworkLicenseServer.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\Domino.exe
C:\Users\Dandanovi\Local Settings\Apps\F.lux\flux.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\VM301Snap.exe
C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\ProgramData\DatacardService\HWDeviceService64.exe
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Common Files\Metrino\Services\Metrino.Kernos.Trial.Service.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files (x86)\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe
C:\ProgramData\VIVACOM 3G USB Modem\OnlineUpdate\ouc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\CyberLink\TV Enhance\Kernel\TV\TVESched.exe
C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Users\Dandanovi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dandanovi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dandanovi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dandanovi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dandanovi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dandanovi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dandanovi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Dandanovi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dandanovi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Gaberoff Koral\Gaberoff Koral English Dictionary 2.0\Diction.exe
C:\Users\Dandanovi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dandanovi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dandanovi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Dandanovi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Users\Dandanovi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\System32\mobsync.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [F.lux] "C:\Users\Dandanovi\Local Settings\Apps\F.lux\flux.exe" /noshow
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Google Update] "C:\Users\Dandanovi\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [bigDogPath] C:\Windows\VM301Snap.exe Vimicro USB PC Camera (ZC0301PL)
mRun: [bonus.SSR.FR11] "C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe" /autorun
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: &Експортиране към Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
DPF: {81F30245-2419-4B8F-85AC-DE13CD0659D7} - hxxp://81.161.245.53/RtspVaPgDec.cab
TCP: NameServer = 46.40.72.18 46.40.72.17
TCP: Interfaces\{20DFC2E5-81B8-4E03-B83D-95FD061BB56A} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{20DFC2E5-81B8-4E03-B83D-95FD061BB56A}\46C696E6B6 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{4DA9F1C2-88BD-4858-92E6-AA7B2D0B5340} : DHCPNameServer = 46.40.72.18 46.40.72.17
TCP: Interfaces\{AFA33055-DF5E-4669-80D8-B1489BB0FAC5} : DHCPNameServer = 46.40.72.18 46.40.72.17 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWOW64\skype4com.dll
SSODL: WebCheck - <orphaned>
mASetup: OrCAD_16.5 - C:\Program Files (x86)\OrCAD\tools\ConfigUtility\CheckOrCAD165.vbs
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Domino] C:\Windows\Domino.exe
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2012-6-25 22600]
R0 aswNdis;avast! Firewall NDIS Filter Service;C:\Windows\System32\drivers\aswNdis.sys [2012-6-25 12368]
R0 aswNdis2;avast! Firewall Core Firewall Service;C:\Windows\System32\drivers\aswNdis2.sys [2012-6-25 263096]
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-18 65336]
R0 BtHidBus;Bluetooth HID Bus Service;C:\Windows\System32\drivers\BtHidBus.sys [2011-12-21 25056]
R1 aswFW;avast! TDI Firewall driver;C:\Windows\System32\drivers\aswFW.sys [2012-6-25 127136]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-6-25 1025808]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-6-25 377920]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-6-28 283200]
R2 ABBYY.Licensing.FineReader.Corporate.11.0;ABBYY FineReader 11 CE Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReader\11.00\Licensing\CE\NetworkLicenseServer.exe [2012-7-19 821840]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-6-25 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-6-25 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-3-18 45248]
R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2013-3-18 136912]
R2 BsMobileCS;BsMobileCS;C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe [2012-5-21 147563]
R2 HWDeviceService64.exe;HWDeviceService64.exe;C:\ProgramData\DatacardService\HWDeviceService64.exe [2011-3-14 346976]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-3-20 418376]
R2 MetrinoTrialService;Metrino Trial Service;C:\Program Files (x86)\Common Files\Metrino\Services\Metrino.Kernos.Trial.Service.exe [2011-1-19 20480]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2012-7-13 769432]
R2 PSI_SVC_2_x64;Protexis Licensing V2 x64;C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2010-11-30 336824]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-3-14 383264]
R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-1-1 3467768]
R2 TVECapSvc;TVEnhance Background Capture Service (TBCS);C:\Program Files (x86)\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe [2012-8-4 464224]
R2 TVESched;TVEnhance Task Scheduler (TTS));C:\Program Files (x86)\CyberLink\TV Enhance\Kernel\TV\TVESched.exe [2012-8-4 189792]
R3 3xHybr64;ASUSTek SAA713x PCI Card;C:\Windows\System32\drivers\3xHybr64.sys [2010-1-3 3113904]
R3 BTCOMBUS;Bluetooth Serial Port Bus Service;C:\Windows\System32\drivers\btcombus.sys [2011-7-27 25352]
R3 btnetBUs;Bluetooth PAN Bus Service;C:\Windows\System32\drivers\btnetBus.sys [2011-12-21 31968]
R3 huawei_enumerator;huawei_enumerator;C:\Windows\System32\drivers\ew_jubusenum.sys [2012-12-10 86016]
R3 IvtBtBUs;IVT Bluetooth Bus Service;C:\Windows\System32\drivers\IvtBtBus.sys [2010-4-6 27016]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-3-20 25928]
R3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;C:\Windows\System32\drivers\Rtnic64.sys [2009-6-10 51712]
S2 Autodesk Content Service;Autodesk Content Service;C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2012-2-9 18720]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-3-20 701512]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S2 VIVACOM 3G USB Modem. RunOuc;VIVACOM 3G USB Modem. OUC;C:\Program Files (x86)\VIVACOM 3G USB Modem\UpdateDog\ouc.exe [2012-12-10 246112]
S3 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-3-18 178624]
S3 BTCOM;Bluetooth Serial port driver;C:\Windows\System32\drivers\btcomport.sys [2011-7-27 29576]
S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2012-6-9 89192]
S3 DCamUSBVM;Lenovo Q350 USB PC Camera;C:\Windows\System32\drivers\usbVM31b.sys [2012-9-4 1495936]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\System32\drivers\ew_hwusbdev.sys [2012-12-10 117248]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-10-9 1432400]
S3 huawei_cdcacm;huawei_cdcacm;C:\Windows\System32\drivers\ew_jucdcacm.sys [2012-12-10 98816]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 Ph3xIB64;Philips 713x Inbox PCI TV Card;C:\Windows\System32\drivers\Ph3xIB64.sys [2009-6-10 1627520]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-21 20992]
S3 Remote Solver for Flow Simulation 2012;Remote Solver for Flow Simulation 2012;C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe [2012-4-9 114824]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;C:\Windows\System32\drivers\RTL8187B.sys [2009-6-10 416768]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);C:\Windows\System32\drivers\s0016bus.sys [2008-5-16 115240]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;C:\Windows\System32\drivers\s0016mdfl.sys [2008-5-16 19496]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;C:\Windows\System32\drivers\s0016mdm.sys [2008-5-16 158760]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);C:\Windows\System32\drivers\s0016mgmt.sys [2008-5-16 137256]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);C:\Windows\System32\drivers\s0016nd5.sys [2008-5-16 34344]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;C:\Windows\System32\drivers\s0016obex.sys [2008-5-16 136744]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);C:\Windows\System32\drivers\s0016unic.sys [2008-5-16 151592]
S3 Sony PC Companion;Sony PC Companion;C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-8-8 155824]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2011-4-12 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2011-4-12 34816]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2011-4-12 117248]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-6-25 1255736]
.
=============== File Associations ===============
.
FileExt: .scr: AutoCADScriptFile=C:\Windows\System32\notepad.exe "%1"
.
=============== Created Last 30 ================
.
2013-05-25 17:27:35 9460464 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{58E34779-FB35-4D31-B2C3-C332A94DF2CD}\mpengine.dll
2013-05-19 06:40:35 -------- d-----w- C:\ProgramData\Facebook Profile Viewer
2013-05-16 22:05:04 -------- d-----w- C:\Users\Dandanovi\AppData\Local\Kolor
2013-05-16 22:04:04 -------- d-----w- C:\Program Files\Kolor
2013-05-16 19:09:42 -------- d-----w- C:\Program Files (x86)\Common Files\PCSuite
2013-05-16 19:09:33 -------- d-----w- C:\Program Files (x86)\Common Files\Nokia
2013-05-16 19:09:17 26112 ----a-w- C:\Windows\System32\drivers\pccsmcfdx64.sys
2013-05-16 19:08:58 -------- d-----w- C:\Program Files (x86)\PC Connectivity Solution
2013-05-16 19:07:49 -------- d-----w- C:\Program Files (x86)\Nokia
2013-05-16 19:04:04 -------- d-----w- C:\Windows\SysWow64\ivtMobCache
2013-05-15 23:20:40 237840 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys
2013-05-15 23:20:29 120080 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys
2013-05-15 23:20:09 -------- d-----w- C:\Program Files\Oracle
2013-05-15 14:48:15 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-05-15 14:48:14 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-05-15 13:40:01 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-05-15 13:40:01 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-05-15 13:40:00 144384 ----a-w- C:\Windows\System32\cdd.dll
2013-05-15 13:39:42 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-05-15 13:39:41 70144 ----a-w- C:\Windows\System32\appinfo.dll
2013-05-15 13:39:41 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-05-15 13:39:41 111448 ----a-w- C:\Windows\System32\consent.exe
2013-05-15 13:39:29 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll
2013-05-15 13:39:29 230400 ----a-w- C:\Windows\System32\wwansvc.dll
2013-05-15 13:39:28 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-05-10 07:57:38 27208 ----a-w- C:\Windows\System32\AdobePDFUI.dll
2013-05-10 07:57:34 55872 ----a-w- C:\Windows\System32\AdobePDF.dll
.
==================== Find3M ====================
.
2013-05-14 18:27:30 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-14 18:27:30 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-05-01 23:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-04-12 08:41:28 131856 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys
2013-04-12 08:40:18 146704 ----a-w- C:\Windows\System32\drivers\VBoxNetFlt.sys
2013-04-12 08:40:16 204048 ----a-w- C:\Windows\System32\VBoxNetFltNobj.dll
2013-04-05 01:08:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-04-05 01:00:30 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-04-05 00:59:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-04-05 00:56:16 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-04-05 00:55:47 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-04-04 22:11:34 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-04-04 22:02:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-04-04 22:02:17 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-04-04 21:58:51 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-04-04 21:57:45 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-04-04 11:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe
2013-03-15 04:16:18 3477280 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-03-15 04:16:17 6398240 ----a-w- C:\Windows\System32\nvcpl.dll
2013-03-15 04:16:10 877856 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-03-15 04:16:10 63776 ----a-w- C:\Windows\System32\nvshext.dll
2013-03-15 04:16:10 237856 ----a-w- C:\Windows\System32\nvmctray.dll
2013-03-14 20:07:52 559904 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2013-03-06 23:33:21 70992 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2013-03-06 23:33:21 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2013-03-06 23:33:21 178624 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2013-03-06 23:33:21 1025808 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2013-03-06 23:33:20 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2013-03-06 23:33:20 263096 ----a-w- C:\Windows\System32\drivers\aswNdis2.sys
2013-03-06 23:33:20 22600 ----a-w- C:\Windows\System32\drivers\aswKbd.sys
2013-03-06 23:33:20 127136 ----a-w- C:\Windows\System32\drivers\aswFW.sys
2013-03-06 23:32:51 41664 ----a-w- C:\Windows\avastSS.scr
.
============= FINISH: 15:15:20,78 ===============

And Attach.txt:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 25.6.2012 г. 00:27:00
System Uptime: 28.5.2013 г. 13:52:02 (2 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | M68M-S2P
Processor: AMD Athlon™ II X3 435 Processor | Socket M2 | 2900/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 100 GiB total, 21,658 GiB free.
D: is FIXED (NTFS) - 366 GiB total, 50,482 GiB free.
E: is CDROM ()
F: is FIXED (NTFS) - 151 GiB total, 22,676 GiB free.
H: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP139: 22.5.2013 г. 12:38:25 - Windows Update
RP140: 25.5.2013 г. 20:27:07 - Windows Update
.
==== Installed Programs ======================
.
µTorrent
ABBYY FineReader 11 Corporate Edition
Adobe Acrobat X Pro - Romanian, Ukrainian, Russian, Turkish
Adobe AIR
Adobe Community Help
Adobe Flash Player 11 ActiveX
Adobe Photoshop CS5.1
Advanced Office Password Recovery (remove only)
AIDA64 Extreme Edition v2.50
AMCap
Apple Application Support
Apple Software Update
AutoCAD 2013 - English
AutoCAD 2013 - English SP1.1
AutoCAD 2013 Language Pack - English
Autodesk Content Service
Autodesk Content Service Language Pack
Autodesk Inventor Fusion 2013
Autodesk Inventor Fusion plug-in for AutoCAD 2013
Autodesk Inventor Fusion plug-in language pack for AutoCAD 2013
Autodesk Material Library 2013
Autodesk Material Library Base Resolution Image Library 2013
Autodesk Sync
avast! Internet Security
BlueJ
BlueSoleil 8.0.395.0
CADSTAR 12.0
calibre
Castle Link
CCleaner
Cisco Packet Tracer 5.3.3
Corel Graphics - Windows Shell Extension
Corel Graphics - Windows Shell Extension 32 Bit
CorelDRAW Graphics Suite X6 - Capture (x64)
CorelDRAW Graphics Suite X6 - Common (x64)
CorelDRAW Graphics Suite X6 - Connect (x64)
CorelDRAW Graphics Suite X6 - Custom Data (x64)
CorelDRAW Graphics Suite X6 - Draw (x64)
CorelDRAW Graphics Suite X6 - EN (x64)
CorelDRAW Graphics Suite X6 - Filters (x64)
CorelDRAW Graphics Suite X6 - FontNav (x64)
CorelDRAW Graphics Suite X6 - IPM
CorelDRAW Graphics Suite X6 - PHOTO-PAINT (x64)
CorelDRAW Graphics Suite X6 - Photozoom Plugin (x64)
CorelDRAW Graphics Suite X6 - Redist (x64)
CorelDRAW Graphics Suite X6 - Setup Files (x64)
CorelDRAW Graphics Suite X6 - VBA (x64)
CorelDRAW Graphics Suite X6 - VideoBrowser (x64)
CorelDRAW Graphics Suite X6 - VSTA (x64)
CorelDRAW Graphics Suite X6 - Writing Tools (x64)
CorelDRAW Graphics Suite X6 (64-Bit)
CorelDRAW Graphics Suite X6 (x64)
Crystal Reports 2008 Runtime
CyberLink PowerCinema
D.M.A.C. Guide To Trimming Fixed Wing Model Aircraft
D3DX10
DAEMON Tools Lite
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
DjVuLibre+DjView
eNSP V1.0.213
EXFO ConnectorMax 2.3
F.lux
FARO LS 1.1.406.58
Gaberoff Koral English Dictionary 2.0
Gaberoff Koral German Dictionary 2.0
Google Земя
Google Chrome
Google Update Helper
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
Java 7 Update 9
Java 7 Update 9 (64-bit)
Java Auto Updater
Java SE Development Kit 7 Update 9 (64-bit)
Junk Mail filter update
K-Lite Codec Pack 6.4.2 (64-bit)
K-Lite Mega Codec Pack 8.9.2
KeyboardTest V3.0
Kolor Autopano Giga 3.0
LTspice IV
Malwarebytes Anti-Malware, версия 1.75.0.1300
MATLAB R2012a
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2003 Web Components
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (Bulgarian) 2010
Microsoft Office Excel MUI (Bulgarian) 2010
Microsoft Office Groove MUI (Bulgarian) 2010
Microsoft Office InfoPath MUI (Bulgarian) 2010
Microsoft Office Office 32-bit Components 2010
Microsoft Office OneNote MUI (Bulgarian) 2010
Microsoft Office Outlook MUI (Bulgarian) 2010
Microsoft Office PowerPoint MUI (Bulgarian) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (Bulgarian) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proof (Russian) 2010
Microsoft Office Proofing (Bulgarian) 2010
Microsoft Office Publisher MUI (Bulgarian) 2010
Microsoft Office Shared 32-bit MUI (Bulgarian) 2010
Microsoft Office Shared MUI (Bulgarian) 2010
Microsoft Office Word MUI (Bulgarian) 2010
Microsoft Visual Basic for Applications 7.1 (x64)
Microsoft Visual Basic for Applications 7.1 (x64) English
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU
Microsoft Visual Studio 2005 Tools for Applications - ENU
Microsoft Visual Studio Tools for Applications 2.0 - ENU
Microsoft Visual Studio Tools for Applications 2.0 Runtime
Microsoft_VC80_ATL_x86_x64
Microsoft_VC80_CRT_x86
Microsoft_VC80_CRT_x86_x64
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFC_x86_x64
Microsoft_VC80_MFCLOC_x86
Microsoft_VC80_MFCLOC_x86_x64
Microsoft_VC90_ATL_x86
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFC_x86_x64
Microsoft_VC90_MFCLOC_x86
Microsoft_VC90_MFCLOC_x86_x64
Mozilla Maintenance Service
Mozilla Thunderbird 17.0.5 (x86 en-US)
MSVC90_x64
MSVC90_x86
MSVCRT
MSVCRT Redists
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyDefrag v4.3.1
Nero 12
Nero Audio Pack 1
Nero BackItUp
Nero BackItUp Help (CHM)
Nero Blu-ray Player
Nero Blu-ray Player Help (CHM)
Nero Burning ROM
Nero Burning ROM Help (CHM)
Nero ControlCenter
Nero ControlCenter Help (CHM)
Nero Core Components
Nero Disc Menus Basic
Nero Effects Basic
Nero Express
Nero Express Help (CHM)
Nero Kwik Media
Nero Kwik Media Help (CHM)
Nero Kwik Themes Basic
Nero PiP Effects Basic
Nero Recode
Nero Recode Help (CHM)
Nero RescueAgent
Nero RescueAgent Help (CHM)
Nero SharedVideoCodecs
Nero Update
Nero Video
Nero Video Help (CHM)
Nokia Connectivity Cable Driver
Nokia PC Suite
NVIDIA 3D Vision Controller Driver 314.22
NVIDIA 3D Vision Driver 314.22
NVIDIA Control Panel 314.22
NVIDIA Drivers
NVIDIA Graphics Driver 314.22
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.1031
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.12.12
NVIDIA Update Components
OptiPerformer 11.0 (x64)
Optiwave Shared Components 2.0.6.1 (x64)
Oracle VM VirtualBox 4.2.12
OrCAD 16.5 Lite
Panda USB Vaccine 1.0.1.4
PC Connectivity Solution
PDF Settings CS5
Photomatix Pro version 4.2.4
PlayReady PC Runtime amd64
Prerequisite installer
Profili 2 Professional
QuickTime
Realtek High Definition Audio Driver
Scan Tailor
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Excel 2010 (KB2597126) 64-Bit Edition
Security Update for Microsoft Filter Pack 2.0 (KB2553501) 64-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687422) 64-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 64-Bit Edition
Security Update for Microsoft OneNote 2010 (KB2760600) 64-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 64-Bit Edition
Security Update for Microsoft Visio 2010 (KB2810068) 64-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2687505) 64-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 64-Bit Edition
Skype™ 6.3
SolidWorks 2012 x64 Edition SP04
SolidWorks eDrawings 2012 x64 Edition SP04
SolidWorks Explorer 2012 SP04 x64 Edition
SolidWorks Flow Simulation 2012 SP04 x64 Edition
Sony Ericsson Update Engine
Sony PC Companion 2.10.155
STDU Converter version 2.0.42.0
TeamViewer 8
TelepointERP
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 64-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 64-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition
Vegas Pro 11.0 (64-bit)
VIVACOM 3G USB Modem
Welcome App (Start-up experience)
Windows 7 USB/DVD Download Tool
Windows Driver Package - eMPIA Technology (USB28xxBGA) Media (09/17/2009 5.2009.0917.0)
Windows Driver Package - Nokia Modem (02/25/2011 4.7)
Windows Driver Package - Nokia Modem (02/25/2011 7.01.0.9)
Windows Driver Package - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinPcap 4.1.2
WinRAR 4.20 (64-битова версия)
Wireshark 1.8.1 (64-bit)
YTD Video Downloader 3.9.6
.
==== Event Viewer Messages From Past Week ========
.
28.5.2013 г. 14:02:33, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.
28.5.2013 г. 13:57:26, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
28.5.2013 г. 13:57:26, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.
28.5.2013 г. 13:55:13, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the VIVACOM 3G USB Modem. OUC service to connect.
28.5.2013 г. 13:55:13, Error: Service Control Manager [7000] - The VIVACOM 3G USB Modem. OUC service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
28.5.2013 г. 13:53:40, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Autodesk Content Service service to connect.
28.5.2013 г. 13:53:40, Error: Service Control Manager [7000] - The Autodesk Content Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
28.5.2013 г. 02:00:40, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
28.5.2013 г. 01:19:08, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR3.
28.5.2013 г. 01:19:06, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR3.
28.5.2013 г. 01:19:00, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR3.
28.5.2013 г. 01:18:58, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR3.
28.5.2013 г. 01:18:48, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR3.
28.5.2013 г. 01:15:36, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR3.
28.5.2013 г. 01:15:23, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR3.
28.5.2013 г. 01:13:11, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR3.
28.5.2013 г. 00:58:00, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
28.5.2013 г. 00:58:00, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.
28.5.2013 г. 00:55:49, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the VIVACOM 3G USB Modem. OUC service to connect.
28.5.2013 г. 00:55:49, Error: Service Control Manager [7000] - The VIVACOM 3G USB Modem. OUC service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
28.5.2013 г. 00:53:29, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Autodesk Content Service service to connect.
28.5.2013 г. 00:53:29, Error: Service Control Manager [7000] - The Autodesk Content Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
27.5.2013 г. 19:58:50, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
27.5.2013 г. 19:58:50, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.
27.5.2013 г. 19:56:13, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the VIVACOM 3G USB Modem. OUC service to connect.
27.5.2013 г. 19:56:13, Error: Service Control Manager [7000] - The VIVACOM 3G USB Modem. OUC service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
27.5.2013 г. 19:54:34, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Autodesk Content Service service to connect.
27.5.2013 г. 19:54:34, Error: Service Control Manager [7000] - The Autodesk Content Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
27.5.2013 г. 19:51:37, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.
27.5.2013 г. 19:51:07, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service.
27.5.2013 г. 19:42:53, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.
27.5.2013 г. 19:42:53, Error: Service Control Manager [7000] - The Windows Live ID Sign-in Assistant service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
27.5.2013 г. 19:42:00, Error: Service Control Manager [7000] - The VIVACOM 3G USB Modem. OUC service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
27.5.2013 г. 19:41:56, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the VIVACOM 3G USB Modem. OUC service to connect.
27.5.2013 г. 07:04:53, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Autodesk Content Service service to connect.
27.5.2013 г. 07:04:53, Error: Service Control Manager [7000] - The Autodesk Content Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
26.5.2013 г. 20:16:47, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.
26.5.2013 г. 19:43:54, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
26.5.2013 г. 19:43:54, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.
26.5.2013 г. 19:41:37, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the VIVACOM 3G USB Modem. OUC service to connect.
26.5.2013 г. 19:41:37, Error: Service Control Manager [7000] - The VIVACOM 3G USB Modem. OUC service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
26.5.2013 г. 19:39:52, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Autodesk Content Service service to connect.
26.5.2013 г. 19:39:52, Error: Service Control Manager [7000] - The Autodesk Content Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
25.5.2013 г. 21:31:32, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.
25.5.2013 г. 20:23:56, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
25.5.2013 г. 20:23:56, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.
25.5.2013 г. 20:21:25, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the VIVACOM 3G USB Modem. OUC service to connect.
25.5.2013 г. 20:21:25, Error: Service Control Manager [7000] - The VIVACOM 3G USB Modem. OUC service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
25.5.2013 г. 20:20:03, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Metrino Trial Service service to connect.
25.5.2013 г. 20:18:47, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Autodesk Content Service service to connect.
25.5.2013 г. 20:18:47, Error: Service Control Manager [7000] - The Autodesk Content Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
23.5.2013 г. 12:42:17, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
23.5.2013 г. 12:41:47, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioEndpointBuilder service.
22.5.2013 г. 21:48:07, Error: bowser [8003] - The master browser has received a server announcement from the computer PETYA-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{4DA9F1C2-88BD-4858-92E6-AA7B2D0B5340}. The master browser is stopping or an election is being forced.
22.5.2013 г. 14:33:54, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.
22.5.2013 г. 12:36:44, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
22.5.2013 г. 12:36:44, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.
22.5.2013 г. 12:34:30, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the VIVACOM 3G USB Modem. OUC service to connect.
22.5.2013 г. 12:34:30, Error: Service Control Manager [7000] - The VIVACOM 3G USB Modem. OUC service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
22.5.2013 г. 12:32:37, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Autodesk Content Service service to connect.
22.5.2013 г. 12:32:37, Error: Service Control Manager [7000] - The Autodesk Content Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
21.5.2013 г. 23:26:37, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
21.5.2013 г. 19:19:47, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.
21.5.2013 г. 14:01:23, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
21.5.2013 г. 12:29:53, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
21.5.2013 г. 12:29:53, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.
21.5.2013 г. 12:27:23, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the VIVACOM 3G USB Modem. OUC service to connect.
21.5.2013 г. 12:27:23, Error: Service Control Manager [7000] - The VIVACOM 3G USB Modem. OUC service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
21.5.2013 г. 12:26:35, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the avast! Firewall service to connect.
21.5.2013 г. 12:26:35, Error: Service Control Manager [7000] - The avast! Firewall service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
21.5.2013 г. 07:59:11, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.
21.5.2013 г. 07:49:45, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
21.5.2013 г. 07:49:45, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.
21.5.2013 г. 07:47:24, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the VIVACOM 3G USB Modem. OUC service to connect.
21.5.2013 г. 07:47:24, Error: Service Control Manager [7000] - The VIVACOM 3G USB Modem. OUC service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
21.5.2013 г. 07:45:44, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Autodesk Content Service service to connect.
21.5.2013 г. 07:45:44, Error: Service Control Manager [7000] - The Autodesk Content Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================

I'll be very thankful if You could give me some insight whether there is an issue and if yes, I'd like to get directions on how to deal with it.

Thank you very much!

Maniac · May 28, 2013

Hello ndandanov and :welcome: ! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
Make sure you read all of the instructions and fixes thoroughly before continuing with them.
Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Do you have this sample (Profile Viewer - 5.exe) or link for download?

ndandanov · May 28, 2013

Hello, Maniac! Thank you very much for the help in advance!

I deleted the original file from the hard drive, but it should have been downloaded from here: http://d2i48.tk/. However, avast now blocks this website when trying to open it now, but it didn't do that back then.

I hope this is going to be of use. In between everything else, nice to meet you, I'm located in Sofia, Bulgaria, too.

ndandanov · May 28, 2013

A small addition: this malware posted again on my Facebook and the text contains this link: http://www.facebook.com/l.php?u=http%3A%2F%2FIVKZVKN.TK%2F%E2%97%84&h=5AQFUgPXNAQEtR4fdOtdG3fOFRJm8QP3VjCnjj5GhxI-eHA. Hope this will be of help.

Thank you!

Maniac · May 29, 2013

Nice to meet you, too!

Before proceed, could you please correct your links, because someone accidentally can download this malware.

I download the sample and send it for further analys.

http://forums.malwarebytes.org/index.php?showtopic=126972&pid=684864&st=0entry684864

When is added to the database, do the following:

Launch Malwarebytes' Anti-Malware
Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
Go to Scanner tab and select Perform Quick Scan, then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

That you should do the trick!

ndandanov · May 30, 2013

Hello,

I'm not pretty sure whether the file is already added to the database, but I did what You suggested. Here is the log:

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org
Database version: v2013.05.30.04
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16576
Dandanovi :: DANDANOVI-PC [administrator]
Protection: Disabled
30.5.2013 г. 17:04:12 ч.
mbam-log-2013-05-30 (17-04-12).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 243651
Time elapsed: 8 minute(s), 11 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

As far as editing my previous posts for deleting the malware links, I couldn't find any button or link for editing. Could you please point me how to execute such function?

Thank you very much for the help!

Maniac · May 30, 2013

I'm going to contact someone from the forum team to correct them.

Probably I send them a new sample. Let's manually clean it:

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

ndandanov · May 30, 2013

Hello,

Here are the contents of OTL.txt:

OTL logfile created on: 30.5.2013 г. 18:02:45 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dandanovi\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000402 | Country: България | Language: BGR | Date Format: d.M.yyyy 'г.'
4,00 Gb Total Physical Memory | 2,55 Gb Available Physical Memory | 63,85% Memory free
8,00 Gb Paging File | 5,72 Gb Available in Paging File | 71,59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100,00 Gb Total Space | 27,74 Gb Free Space | 27,74% Space Free | Partition Type: NTFS
Drive D: | 365,66 Gb Total Space | 55,28 Gb Free Space | 15,12% Space Free | Partition Type: NTFS
Drive F: | 151,31 Gb Total Space | 25,93 Gb Free Space | 17,14% Space Free | Partition Type: NTFS
Computer Name: DANDANOVI-PC | User Name: Dandanovi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013.05.30 17:59:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dandanovi\Desktop\OTL.exe
PRC - [2013.05.10 00:57:24 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013.03.14 23:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013.03.07 02:32:44 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013.03.07 02:32:44 | 000,045,248 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013.03.07 02:32:42 | 000,136,912 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
PRC - [2012.12.14 12:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2012.12.14 12:17:03 | 009,876,472 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
PRC - [2012.12.14 12:08:24 | 000,190,968 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
PRC - [2012.12.10 18:41:10 | 000,246,112 | ---- | M] () -- C:\ProgramData\VIVACOM 3G USB Modem\OnlineUpdate\ouc.exe
PRC - [2012.09.20 08:27:44 | 000,444,904 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
PRC - [2012.07.19 17:07:51 | 000,821,840 | ---- | M] (ABBYY) -- C:\Program Files (x86)\Common Files\ABBYY\FineReader\11.00\Licensing\CE\NetworkLicenseServer.exe
PRC - [2012.07.13 17:27:00 | 000,769,432 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2012.05.31 16:50:30 | 001,082,368 | ---- | M] (IVT Corporation) -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
PRC - [2012.05.28 18:08:28 | 000,368,726 | ---- | M] (IVT Corporation) -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe
PRC - [2012.05.21 15:33:56 | 000,147,563 | ---- | M] (IVT Corporation) -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe
PRC - [2011.01.19 12:47:28 | 000,020,480 | ---- | M] (EXFO Inc.) -- C:\Program Files (x86)\Common Files\Metrino\Services\Metrino.Kernos.Trial.Service.exe
PRC - [2009.09.29 17:56:26 | 000,464,224 | ---- | M] () -- C:\Program Files (x86)\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe
PRC - [2009.09.29 17:56:26 | 000,189,792 | ---- | M] () -- C:\Program Files (x86)\CyberLink\TV Enhance\Kernel\TV\TVESched.exe
PRC - [2009.09.23 16:45:50 | 001,287,176 | ---- | M] (Panda Security) -- C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
PRC - [2009.08.29 09:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Dandanovi\Local Settings\Apps\F.lux\flux.exe
PRC - [2007.03.27 17:24:08 | 000,049,152 | ---- | M] (Vimicro) -- C:\Windows\VM301Snap.exe
PRC - [2006.07.04 14:16:32 | 000,049,152 | ---- | M] () -- C:\Windows\Domino.exe
========== Modules (No Company Name) ==========
MOD - [2012.06.29 14:10:52 | 000,836,608 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\Version.dll
MOD - [2012.05.21 15:33:58 | 000,028,672 | ---- | M] () -- C:\Windows\SysWOW64\BsMobileCSps.dll
MOD - [2011.03.28 11:04:52 | 000,237,568 | ---- | M] () -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\Mobile\BaseLib.dll
MOD - [2010.03.31 21:59:20 | 000,122,880 | ---- | M] () -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\Mobile\s40pack.dll
MOD - [2009.08.29 09:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Dandanovi\Local Settings\Apps\F.lux\flux.exe
MOD - [2006.07.04 14:16:32 | 000,049,152 | ---- | M] () -- C:\Windows\Domino.exe
MOD - [2003.05.01 17:23:28 | 000,041,472 | ---- | M] () -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\Mobile\CsCvt.dll
========== Services (SafeList) ==========
SRV:64bit: - [2013.03.07 02:32:44 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2013.03.07 02:32:42 | 000,136,912 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV:64bit: - [2012.12.21 22:24:39 | 001,432,400 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2012.06.09 00:48:28 | 000,089,192 | ---- | M] (Dassault Systèmes SolidWorks Corp.) [On_Demand | Stopped] -- C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe -- (CoordinatorServiceHost)
SRV:64bit: - [2012.04.09 11:46:46 | 000,114,824 | ---- | M] (Mentor Graphics Corporation) [On_Demand | Stopped] -- C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe -- (Remote Solver for Flow Simulation 2012)
SRV:64bit: - [2010.11.30 13:27:58 | 000,336,824 | ---- | M] (arvato digital services llc) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2_x64)
SRV:64bit: - [2009.07.14 04:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 04:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.05.14 21:27:31 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.10 00:57:24 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.04.08 23:32:39 | 000,116,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013.03.15 08:53:06 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.03.14 23:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.02.04 17:43:22 | 000,155,824 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2012.12.14 12:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2012.12.10 18:41:10 | 000,246,112 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\VIVACOM 3G USB Modem\UpdateDog\ouc.exe -- (VIVACOM 3G USB Modem. RunOuc)
SRV - [2012.10.09 00:00:50 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2012.10.09 00:00:49 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012.07.19 17:07:51 | 000,821,840 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReader\11.00\Licensing\CE\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Corporate.11.0)
SRV - [2012.07.13 17:27:00 | 000,769,432 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2012.06.11 11:33:26 | 000,724,376 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012.05.31 16:50:30 | 001,082,368 | ---- | M] (IVT Corporation) [Auto | Running] -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe -- (BlueSoleilCS)
SRV - [2012.05.21 15:45:56 | 000,199,680 | ---- | M] (IVT Corporation) [On_Demand | Running] -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe -- (BsHelpCS)
SRV - [2012.05.21 15:33:56 | 000,147,563 | ---- | M] (IVT Corporation) [Auto | Running] -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe -- (BsMobileCS)
SRV - [2012.02.09 18:05:18 | 000,018,720 | ---- | M] (Autodesk, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service)
SRV - [2011.03.14 18:27:34 | 000,346,976 | ---- | M] () [Auto | Stopped] -- C:\ProgramData\DatacardService\HWDeviceService64.exe -- (HWDeviceService64.exe)
SRV - [2011.01.19 12:47:28 | 000,020,480 | ---- | M] (EXFO Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Metrino\Services\Metrino.Kernos.Trial.Service.exe -- (MetrinoTrialService)
SRV - [2010.06.25 20:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.09.29 17:56:26 | 000,464,224 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe -- (TVECapSvc)
SRV - [2009.09.29 17:56:26 | 000,189,792 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CyberLink\TV Enhance\Kernel\TV\TVESched.exe -- (TVESched)
SRV - [2009.06.11 00:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013.03.07 02:33:21 | 001,025,808 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013.03.07 02:33:21 | 000,377,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013.03.07 02:33:21 | 000,178,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013.03.07 02:33:21 | 000,070,992 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013.03.07 02:33:21 | 000,068,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013.03.07 02:33:21 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013.03.07 02:33:20 | 000,263,096 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis2.sys -- (aswNdis2)
DRV:64bit: - [2013.03.07 02:33:20 | 000,127,136 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswFW.sys -- (aswFW)
DRV:64bit: - [2013.03.07 02:33:20 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013.03.07 02:33:20 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2013.03.07 02:33:20 | 000,022,600 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2012.12.10 18:41:11 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV:64bit: - [2012.12.10 18:41:11 | 000,098,816 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV:64bit: - [2012.12.10 18:41:11 | 000,086,016 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:64bit: - [2012.06.28 22:51:22 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.06.11 11:33:46 | 000,026,112 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2012.03.07 01:44:51 | 000,012,368 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis.sys -- (aswNdis)
DRV:64bit: - [2012.03.01 09:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.09 17:28:20 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2012.01.09 17:28:20 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2012.01.09 17:28:20 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2012.01.09 17:28:18 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2011.12.27 10:18:48 | 000,043,616 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btcusb.sys -- (Btcsrusb)
DRV:64bit: - [2011.12.21 14:47:52 | 000,031,968 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btnetBus.sys -- (btnetBUs)
DRV:64bit: - [2011.12.21 14:47:46 | 000,022,240 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btnetdrv.sys -- (BT)
DRV:64bit: - [2011.12.21 14:47:08 | 000,025,056 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\BtHidBus.sys -- (BtHidBus)
DRV:64bit: - [2011.07.27 10:29:08 | 000,025,352 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btcombus.sys -- (BTCOMBUS)
DRV:64bit: - [2011.07.27 10:28:58 | 000,029,576 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btcomport.sys -- (BTCOM)
DRV:64bit: - [2011.03.11 09:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 09:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 06:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.11.21 06:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 06:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010.11.21 06:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010.11.21 06:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 06:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010.11.21 06:23:48 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010.11.21 06:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 06:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.08.12 12:07:50 | 000,350,952 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2010.06.25 20:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2010.04.06 18:32:48 | 000,027,016 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IvtBtBus.sys -- (IvtBtBUs)
DRV:64bit: - [2010.01.03 11:41:00 | 003,113,904 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\3xHybr64.sys -- (3xHybr64)
DRV:64bit: - [2009.09.15 04:36:48 | 001,061,888 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009.07.14 04:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 04:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 04:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 23:35:53 | 000,051,712 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rtnic64.sys -- (RTL8023x64)
DRV:64bit: - [2009.06.10 23:35:46 | 000,416,768 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8187B.sys -- (RTL8187B)
DRV:64bit: - [2009.06.10 23:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009.06.10 23:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 23:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 23:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 23:32:37 | 001,627,520 | ---- | M] (NXP Semiconductors) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Ph3xIB64.sys -- (Ph3xIB64)
DRV:64bit: - [2009.06.10 23:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.05.16 12:33:06 | 000,158,760 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mdm.sys -- (s0016mdm)
DRV:64bit: - [2008.05.16 12:33:06 | 000,151,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016unic.sys -- (s0016unic)
DRV:64bit: - [2008.05.16 12:33:06 | 000,137,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mgmt.sys -- (s0016mgmt)
DRV:64bit: - [2008.05.16 12:33:06 | 000,136,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016obex.sys -- (s0016obex)
DRV:64bit: - [2008.05.16 12:33:06 | 000,034,344 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016nd5.sys -- (s0016nd5)
DRV:64bit: - [2008.05.16 12:33:04 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV:64bit: - [2008.05.16 12:32:56 | 000,115,240 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016bus.sys -- (s0016bus)
DRV:64bit: - [2007.04.04 20:28:40 | 001,495,936 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbVM31b.sys -- (ZSMC301b)
DRV:64bit: - [2007.04.04 20:28:40 | 001,495,936 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbVM31b.sys -- (DCamUSBVM)
DRV:64bit: - [2007.04.03 13:57:40 | 000,130,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s116unic.sys -- (s116unic)
DRV:64bit: - [2007.04.03 13:57:36 | 000,144,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s116mdm.sys -- (s116mdm)
DRV:64bit: - [2007.04.03 13:57:36 | 000,019,720 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s116mdfl.sys -- (s116mdfl)
DRV:64bit: - [2007.04.03 13:57:34 | 000,108,296 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s116bus.sys -- (s116bus)
DRV - [2009.07.14 04:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2057118117-1669697715-985378483-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2057118117-1669697715-985378483-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = bg-BG
IE - HKU\S-1-5-21-2057118117-1669697715-985378483-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 10 0C E0 B0 26 57 CE 01 [binary data]
IE - HKU\S-1-5-21-2057118117-1669697715-985378483-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2057118117-1669697715-985378483-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-2057118117-1669697715-985378483-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Dandanovi\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Dandanovi\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013.05.16 17:44:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.05.30 16:31:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
[2012.07.12 23:56:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dandanovi\AppData\Roaming\Mozilla\Extensions
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Dandanovi\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Dandanovi\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Dandanovi\AppData\Local\Google\Chrome\Application\27.0.1453.94\gcswf32.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Dandanovi\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: WhoDID! = C:\Users\Dandanovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiibjampmlkfkdmgnkholklaechbdanh\13.0.5_0\
CHR - Extension: YouTube = C:\Users\Dandanovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Adblock Plus = C:\Users\Dandanovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4.1_0\
CHR - Extension: Google \u0422\u044A\u0440\u0441\u0435\u043D\u0435 = C:\Users\Dandanovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Windows Media Player Extension for HTML5 = C:\Users\Dandanovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak\1.0_0\
CHR - Extension: avast! WebRep = C:\Users\Dandanovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\8.0.1483_0\
CHR - Extension: Chromium Wheel Smooth Scroller = C:\Users\Dandanovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\khpcanbeojalbkpgpmjpdkjnkfcgfkhb\1.3.3_0\
CHR - Extension: AutoScroll = C:\Users\Dandanovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\occjjkgifpmdgodlplnacmkejpdionan\2.9_0\
CHR - Extension: Gmail = C:\Users\Dandanovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2013.05.16 21:31:54 | 000,001,168 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 BlueSoleil.exe
O1 - Hosts: 127.0.0.1 BsMobileCS.exe
O1 - Hosts: 127.0.0.1 BlueSoleilCS.exe
O1 - Hosts: 127.0.0.1 BsHelpCS.exe
O1 - Hosts: 127.0.0.1 BtTray.exe
O1 - Hosts: 127.0.0.1 BsLiveUpdate.exe
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 license.bluesoleil.com
O1 - Hosts: 127.0.0.1 license2.bluesoleil.com
O1 - Hosts: 127.0.0.1 license3.bluesoleil.com
O1 - Hosts: 127.0.0.1 www.bluesoleil.com
O1 - Hosts: 127.0.0.1 bluesoleil.com
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [Domino] C:\Windows\Domino.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [bigDogPath] C:\Windows\VM301Snap.exe (Vimicro)
O4 - HKLM..\Run: [bonus.SSR.FR11] C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe (ABBYY)
O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2057118117-1669697715-985378483-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2057118117-1669697715-985378483-1001..\Run: [F.lux] C:\Users\Dandanovi\Local Settings\Apps\F.lux\flux.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\S-1-5-21-2057118117-1669697715-985378483-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2057118117-1669697715-985378483-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2057118117-1669697715-985378483-1001\..Trusted Domains: livemeeting.com ([www150] https in Trusted sites)
O15 - HKU\S-1-5-21-2057118117-1669697715-985378483-1001\..Trusted Ranges: Range1 ([http] in Trusted sites)
O16 - DPF: {81F30245-2419-4B8F-85AC-DE13CD0659D7} http://81.161.245.53/RtspVaPgDec.cab (RtspVaPgDLinkCtrlNew Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 46.40.72.18 46.40.72.17
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{20DFC2E5-81B8-4E03-B83D-95FD061BB56A}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4DA9F1C2-88BD-4858-92E6-AA7B2D0B5340}: DhcpNameServer = 46.40.72.18 46.40.72.17
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AFA33055-DF5E-4669-80D8-B1489BB0FAC5}: DhcpNameServer = 46.40.72.18 46.40.72.17 192.168.1.1
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWOW64\skype4com.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{7d61cd84-42d9-11e2-801c-6cf04992a841}\Shell - "" = AutoRun
O33 - MountPoints2\{7d61cd84-42d9-11e2-801c-6cf04992a841}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{7d61ce55-42d9-11e2-801c-6cf04992a841}\Shell - "" = AutoRun
O33 - MountPoints2\{7d61ce55-42d9-11e2-801c-6cf04992a841}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.05.30 17:59:51 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Dandanovi\Desktop\OTL.exe
[2013.05.30 17:59:38 | 000,000,000 | ---D | C] -- C:\Users\Dandanovi\Desktop\Malware
[2013.05.30 16:30:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013.05.30 16:30:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2013.05.19 09:40:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Facebook Profile Viewer
[2013.05.17 01:05:04 | 000,000,000 | ---D | C] -- C:\Users\Dandanovi\AppData\Local\Kolor
[2013.05.17 01:04:11 | 000,000,000 | ---D | C] -- C:\Users\Dandanovi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kolor Autopano Giga 3.0
[2013.05.17 01:04:04 | 000,000,000 | ---D | C] -- C:\Program Files\Kolor
[2013.05.16 22:17:15 | 000,000,000 | ---D | C] -- C:\Users\Dandanovi\AppData\Roaming\PC Suite
[2013.05.16 22:16:05 | 000,000,000 | ---D | C] -- C:\Users\Dandanovi\AppData\Roaming\Nokia
[2013.05.16 22:15:44 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Suite
[2013.05.16 22:09:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia PC Suite
[2013.05.16 22:09:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PCSuite
[2013.05.16 22:09:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nokia
[2013.05.16 22:09:17 | 000,026,112 | ---- | C] (Nokia) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys
[2013.05.16 22:08:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Connectivity Solution
[2013.05.16 22:07:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nokia
[2013.05.16 22:04:04 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ivtMobCache
[2013.05.16 05:37:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2013.05.16 02:20:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
[2013.05.16 02:20:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2013.05.16 02:20:09 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
========== Files - Modified Within 30 Days ==========
[2013.05.30 17:59:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dandanovi\Desktop\OTL.exe
[2013.05.30 17:58:01 | 000,001,024 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2057118117-1669697715-985378483-1001UA.job
[2013.05.30 17:27:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.30 17:24:01 | 000,001,004 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.30 17:12:29 | 000,007,603 | ---- | M] () -- C:\Users\Dandanovi\AppData\Local\Resmon.ResmonCfg
[2013.05.30 16:22:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.29 22:58:00 | 000,000,972 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2057118117-1669697715-985378483-1001Core.job
[2013.05.29 20:24:00 | 000,001,000 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.29 20:03:11 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.29 20:03:11 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.29 20:03:11 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.29 18:34:09 | 000,026,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.29 18:34:09 | 000,026,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.29 18:28:49 | 000,000,266 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2013.05.29 18:27:04 | 000,001,208 | ---- | M] () -- C:\Windows\SysWow64\bscs.ini
[2013.05.29 18:24:49 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.29 06:05:03 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.05.29 06:05:03 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.05.29 06:02:36 | 000,006,497 | ---- | M] () -- C:\Windows\SysWow64\LOCALSERVICE.INI
[2013.05.19 02:36:00 | 000,001,330 | ---- | M] () -- C:\Users\Dandanovi\Desktop\davechild_linux-command-line.pdf - Shortcut.lnk
[2013.05.16 22:49:26 | 000,000,264 | ---- | M] () -- C:\Windows\SysWow64\REMOTEDEVICE.INI
[2013.05.16 22:41:44 | 000,005,128 | ---- | M] () -- C:\Windows\SysWow64\SHORTCUT.INI
[2013.05.16 22:40:04 | 000,000,104 | ---- | M] () -- C:\Windows\SysWow64\LOCALDEVICE.INI
[2013.05.16 22:18:39 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ccdcmbx64_01009.Wdf
[2013.05.16 02:20:42 | 000,001,076 | ---- | M] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
[2013.05.16 00:43:55 | 005,091,664 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
========== Files Created - No Company Name ==========
[2013.05.29 06:05:03 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.05.29 06:05:03 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.05.19 02:36:00 | 000,001,330 | ---- | C] () -- C:\Users\Dandanovi\Desktop\davechild_linux-command-line.pdf - Shortcut.lnk
[2013.05.16 22:18:39 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ccdcmbx64_01009.Wdf
[2013.05.16 22:03:55 | 000,005,128 | ---- | C] () -- C:\Windows\SysWow64\SHORTCUT.INI
[2013.05.16 22:00:13 | 000,000,264 | ---- | C] () -- C:\Windows\SysWow64\REMOTEDEVICE.INI
[2013.05.16 02:20:42 | 000,001,076 | ---- | C] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
[2013.03.13 21:28:04 | 000,003,186 | ---- | C] () -- C:\Windows\aopr.ini
[2012.12.29 14:53:19 | 000,000,196 | ---- | C] () -- C:\Users\Dandanovi\.packettracer
[2012.12.21 22:12:23 | 000,764,302 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.12.11 21:46:18 | 000,000,146 | ---- | C] () -- C:\Windows\capture.INI
[2012.11.12 08:47:01 | 000,004,583 | ---- | C] () -- C:\Users\Dandanovi\AppData\Roaming\LTspiceIV.ini
[2012.10.09 00:18:04 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2012.09.15 16:15:52 | 000,000,214 | ---- | C] () -- C:\Users\Dandanovi\AppData\Roaming\PropCalc Preferences
[2012.09.15 16:12:10 | 000,000,729 | ---- | C] () -- C:\Users\Dandanovi\AppData\Roaming\DriveCalculator Preferences
[2012.09.15 15:41:06 | 000,000,597 | ---- | C] () -- C:\Users\Dandanovi\AppData\Local\CastleLinkProps.dat
[2012.09.04 23:49:23 | 000,049,152 | ---- | C] () -- C:\Windows\Domino.exe
[2012.09.04 23:49:23 | 000,049,152 | ---- | C] () -- C:\Windows\amcap.exe
[2012.08.16 22:31:31 | 000,000,600 | ---- | C] () -- C:\Users\Dandanovi\AppData\Local\PUTTY.RND
[2012.08.12 01:22:29 | 000,007,603 | ---- | C] () -- C:\Users\Dandanovi\AppData\Local\Resmon.ResmonCfg
[2012.06.25 01:35:26 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012.06.25 01:35:26 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012.06.25 01:35:26 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012.06.25 01:35:24 | 000,079,872 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012.05.31 16:50:38 | 000,001,208 | ---- | C] () -- C:\Windows\SysWow64\bscs.ini
[2012.05.27 21:49:58 | 000,006,497 | ---- | C] () -- C:\Windows\SysWow64\LOCALSERVICE.INI
[2012.05.27 21:49:29 | 000,000,104 | ---- | C] () -- C:\Windows\SysWow64\LOCALDEVICE.INI
[2012.05.27 21:40:01 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\BSPRINT.INI
[2012.05.24 09:57:50 | 000,048,128 | ---- | C] () -- C:\Windows\SysWow64\BSWMPPlugin.dll
[2012.05.21 15:33:58 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\BsMobileCSps.dll
[2012.05.21 15:09:16 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\BsVistaCommon.dll
[2012.05.21 15:09:14 | 000,090,208 | ---- | C] () -- C:\Windows\SysWow64\BSSkypeAgent.dll
[2012.05.21 15:09:14 | 000,086,108 | ---- | C] () -- C:\Windows\SysWow64\BSVoIPComm.dll
========== ZeroAccess Check ==========
[2009.07.14 07:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 08:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 07:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 04:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 06:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 04:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2012.12.23 16:45:05 | 000,000,000 | ---D | M] -- C:\Users\Dandanovi\AppData\Roaming\Autodesk
[2012.12.10 01:33:40 | 000,000,000 | ---D | M] -- C:\Users\Dandanovi\AppData\Roaming\calibre
[2012.09.15 15:38:23 | 000,000,000 | ---D | M] -- C:\Users\Dandanovi\AppData\Roaming\Castle Creations
[2013.03.20 18:37:13 | 000,000,000 | ---D | M] -- C:\Users\Dandanovi\AppData\Roaming\DAEMON Tools Lite
[2012.10.09 00:16:11 | 000,000,000 | ---D | M] -- C:\Users\Dandanovi\AppData\Roaming\DassaultSystemes
[2012.08.12 01:08:39 | 000,000,000 | ---D | M] -- C:\Users\Dandanovi\AppData\Roaming\DevProf
[2012.12.11 21:48:29 | 000,000,000 | ---D | M] -- C:\Users\Dandanovi\AppData\Roaming\EDrawings
[2012.12.10 17:11:27 | 000,000,000 | ---D | M] -- C:\Users\Dandanovi\AppData\Roaming\Hard Disk Sentinel
[2012.10.15 23:18:28 | 000,000,000 | ---D | M] -- C:\Users\Dandanovi\AppData\Roaming\HDRsoft
[2013.05.16 22:50:10 | 000,000,000 | ---D | M] -- C:\Users\Dandanovi\AppData\Roaming\Nokia
[2013.05.16 22:20:13 | 000,000,000 | ---D | M] -- C:\Users\Dandanovi\AppData\Roaming\PC Suite
[2012.08.04 20:58:28 | 000,000,000 | ---D | M] -- C:\Users\Dandanovi\AppData\Roaming\PowerCinema
[2012.08.12 01:08:39 | 000,000,000 | ---D | M] -- C:\Users\Dandanovi\AppData\Roaming\ProfiliPro
[2012.07.29 01:33:04 | 000,000,000 | ---D | M] -- C:\Users\Dandanovi\AppData\Roaming\Publish Providers
[2012.08.04 00:08:24 | 000,000,000 | ---D | M] -- C:\Users\Dandanovi\AppData\Roaming\Sony
[2013.01.19 15:33:14 | 000,000,000 | ---D | M] -- C:\Users\Dandanovi\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2013.04.11 17:38:40 | 000,000,000 | ---D | M] -- C:\Users\Dandanovi\AppData\Roaming\TeamViewer
[2012.07.23 22:18:57 | 000,000,000 | ---D | M] -- C:\Users\Dandanovi\AppData\Roaming\Thinstall
[2012.07.12 23:56:29 | 000,000,000 | ---D | M] -- C:\Users\Dandanovi\AppData\Roaming\Thunderbird
[2013.05.30 16:49:58 | 000,000,000 | ---D | M] -- C:\Users\Dandanovi\AppData\Roaming\uTorrent
[2012.10.15 21:53:06 | 000,000,000 | ---D | M] -- C:\Users\Dandanovi\AppData\Roaming\Windows Live Writer
[2012.08.10 22:00:08 | 000,000,000 | ---D | M] -- C:\Users\Dandanovi\AppData\Roaming\Wireshark
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 90 bytes -> C:\ProgramData\Metrino:33578082-4164-4375-8C16-F25586D8C433
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:BC359956
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:A1EDB939
< End of report >

ndandanov · May 30, 2013

And here is Extras.txt:

OTL Extras logfile created on: 30.5.2013 г. 18:02:45 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dandanovi\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000402 | Country: България | Language: BGR | Date Format: d.M.yyyy 'г.'
4,00 Gb Total Physical Memory | 2,55 Gb Available Physical Memory | 63,85% Memory free
8,00 Gb Paging File | 5,72 Gb Available in Paging File | 71,59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100,00 Gb Total Space | 27,74 Gb Free Space | 27,74% Space Free | Partition Type: NTFS
Drive D: | 365,66 Gb Total Space | 55,28 Gb Free Space | 15,12% Space Free | Partition Type: NTFS
Drive F: | 151,31 Gb Total Space | 25,93 Gb Free Space | 17,14% Space Free | Partition Type: NTFS
Computer Name: DANDANOVI-PC | User Name: Dandanovi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{088F6644-6780-4EDC-8F4D-AECAAD872681}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{118BAE86-CBAC-4F67-A70D-933E18F2DF98}" = rport=137 | protocol=17 | dir=out | app=system |
"{16BBD002-CC1F-4564-8D62-8D9274D20291}" = lport=445 | protocol=6 | dir=in | app=system |
"{16E5A20B-21C4-4F63-B66D-BDF0973CB6A3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{25D44D72-B13E-42FD-B104-1491FCE6ABFB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2CBD5C74-00D6-4D79-B8E2-5D8EC43E7DE8}" = lport=50248 | protocol=6 | dir=in | name=autodesk content service |
"{3F7B57D5-AFEB-4460-92B0-2BCBB57CC3B2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4F2778DA-7EE4-41DF-BCF4-FAA6743B30AD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4F628354-73A6-44E2-8354-A9E15EE57FBB}" = lport=137 | protocol=17 | dir=in | app=system |
"{5600DCEC-AD38-4972-A398-11DC9CE22D39}" = rport=445 | protocol=6 | dir=out | app=system |
"{771CD062-2AA2-4155-863B-41591A5F9DD2}" = rport=139 | protocol=6 | dir=out | app=system |
"{831DD454-7ADD-4DDF-A4D6-347F10B6D34A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{887E36BE-9AB9-4835-9278-F84806BBC067}" = lport=10243 | protocol=6 | dir=in | app=system |
"{904CE612-2F21-42D9-A74A-0CEA58D7D8BA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{93A49C15-6564-40A7-84E0-C60B05942960}" = rport=138 | protocol=17 | dir=out | app=system |
"{B49ACC88-E58A-4A3C-BC36-2CA0751916C1}" = lport=138 | protocol=17 | dir=in | app=system |
"{BF45A4D5-5FB7-42A5-ADE3-AF9DAB56DCDB}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C0CDC930-A965-49F5-B9DA-7466C1AC98EB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{C472D9CD-8EDC-495C-812D-496C5D1230FF}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{CD447684-82E4-4027-9E5D-9C1AE79696D6}" = lport=139 | protocol=6 | dir=in | app=system |
"{CEA6F804-F785-4CF7-986E-FB7C2354CB2F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D3F41EBA-7969-4F25-9D63-21EFBC617761}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DECD4022-BCE5-4F20-BA22-2B420D768C76}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E9DC69FA-AB97-491A-A0C6-324550CD9C73}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{050AC5A7-A0B6-45BA-B14C-F1A0EE2835C3}" = dir=in | app=c:\program files (x86)\orcad\tools\jre\bin\servertool.exe |
"{06135289-8E21-415D-A774-8DB777D41141}" = dir=in | app=c:\program files (x86)\orcad\tools\pspice\magneticdesigner.exe |
"{09AFD470-112E-4E73-ACC4-5C81BA7B872B}" = dir=in | app=c:\program files (x86)\orcad\tools\qt\bin\lconvert.exe |
"{0A5CF368-B1C2-439C-8368-7F601EC0F36F}" = dir=in | app=c:\program files (x86)\orcad\tools\bin\clu.exe |
"{0B0C6A37-B9F9-4376-A36B-C1A660B594D5}" = protocol=6 | dir=in | app=c:\program files\solidworks corp\solidworks\photoview\photoview360_cl.exe |
"{0C66DAF5-DF16-400D-833F-97E165761269}" = dir=in | app=c:\program files (x86)\orcad\tools\bin\emschecker.exe |
"{0CCA4D4A-ECDC-4203-B1FE-1F04F738BB38}" = dir=in | app=c:\program files (x86)\orcad\tools\jre\bin\javacpl.exe |
"{0D5F191C-2B87-471A-A40C-C9C9657F663B}" = dir=in | app=c:\program files (x86)\orcad\tools\capture\capture.exe |
"{0FFB31A0-A046-4CDA-AF6A-29D314FB4796}" = dir=in | app=c:\program files (x86)\orcad\tools\jre\bin\policytool.exe |
"{10BF130F-8561-4D6F-9FD3-B2950B6FF1A6}" = dir=in | app=c:\program files (x86)\orcad\tools\jre\bin\pack200.exe |
"{11CA3581-BB4D-4A4E-A28F-6A931F7B585B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{125D8B5B-DA5E-46EB-BA31-CC1FCE9BADBD}" = protocol=17 | dir=in | app=c:\program files (x86)\nero\km\kwikmedia.exe |
"{12C47F14-9A00-46DA-8731-7A1A0D58471F}" = dir=in | app=c:\program files (x86)\orcad\tools\bin\van.exe |
"{14DAE1C8-F124-47DB-808A-CAE39D30E976}" = protocol=6 | dir=in | app=c:\program files (x86)\cyberlink\tv enhance\tveservice.exe |
"{15430D68-630A-4E8E-B972-478619D504A5}" = protocol=6 | dir=in | app=c:\program files (x86)\cyberlink\tv enhance\tvenhance.exe |
"{1717589A-A0B4-46E3-B0F2-675D2136DA2E}" = dir=in | app=c:\program files (x86)\orcad\tools\bin\cds_root.exe |
"{172071BA-A308-4A27-862F-27DAE90FBC4F}" = protocol=17 | dir=in | app=c:\program files (x86)\cyberlink\tv enhance\tvenhance.exe |
"{196C6356-B41B-4BA8-9A97-1A9EC8020D90}" = dir=in | app=c:\program files (x86)\orcad\tools\bin\consmgr.exe |
"{19A888C4-2514-4227-84BD-144C4674AAB6}" = dir=in | app=c:\program files (x86)\orcad\tools\dfii\bin\skill_g.exe |
"{1B582AE3-A4AD-49D1-8277-32702EABC6AF}" = dir=in | app=c:\program files (x86)\orcad\tools\qt\bin\linguist.exe |
"{1C3837CB-4560-4B66-BD92-BDD1470A5A13}" = dir=in | app=c:\program files (x86)\cyberlink\playmovie\playmovie.exe |
"{1D791192-51F2-4989-8428-3B54D1EC81B5}" = dir=in | app=c:\program files (x86)\orcad\openaccess\bin\win32\opt\verilogannotate.exe |
"{1F8045FB-B76C-4DE5-8B68-C739590D5B77}" = dir=in | app=c:\program files (x86)\orcad\tools\bin\cdsmsgserver.exe |
"{217617D6-F09C-49DE-8813-5C6F44B2353A}" = dir=in | app=c:\program files (x86)\orcad\tools\cdnshelp\bin\cdnshelpindexer.exe |
"{226EE527-DE11-4655-A58D-1EF3FE9E917F}" = dir=in | app=c:\program files (x86)\orcad\tools\jre\bin\orbd.exe |
"{22979D3E-FBEC-413B-A7BE-7D027006CA64}" = dir=in | app=c:\program files (x86)\orcad\tools\cdnshelp\bin\topicgen.exe |
"{237BF5A9-713F-49E7-9C20-33C01B69B4A0}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{253A3434-B092-4067-B9B3-657061EB0BFD}" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe |
"{258BF34F-ABCA-4F89-99D2-EB546B367BCC}" = dir=in | app=c:\program files (x86)\orcad\tools\qt\bin\uic3.exe |
"{278A11EA-CDC4-4766-84E9-D2BF6957F429}" = dir=in | app=c:\program files (x86)\orcad\tools\pspice\pspiceaa.exe |
"{27F30C79-BE0F-4D3C-8D19-0AA23838D7D7}" = dir=in | app=c:\program files (x86)\orcad\tools\pspice\mrksrvr.exe |
"{2EEF44C8-01AA-4283-99AA-861BC997E0E2}" = dir=in | app=c:\program files (x86)\orcad\openaccess\bin\win32\opt\oa2spef.exe |
"{2F51A064-07FE-46C8-8CC9-117078FCADC7}" = dir=in | app=c:\program files (x86)\orcad\tools\pspice\indicefilegeneration.exe |
"{2FC8CC83-F694-40E5-A1F6-DE31A2430024}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2FCA6726-FEB7-4685-B1B9-7DA2A7EF8C59}" = dir=in | app=c:\program files (x86)\orcad\tools\pspice\psp_cmd.exe |
"{300D2CFB-BBBD-4C4B-B6B0-8ABDB2CD5ACA}" = dir=in | app=c:\program files (x86)\orcad\tools\qt\bin\assistant.exe |
"{306D4901-4514-4C3B-9916-1492497DC939}" = dir=in | app=c:\program files (x86)\orcad\openaccess\bin\win32\opt\lef2oa.exe |
"{3085910D-F419-461E-914F-4E5E3289FA5D}" = dir=in | app=c:\program files (x86)\orcad\tools\jre\bin\keytool.exe |
"{328B6712-B184-4FA1-B8CE-BCE92F568E21}" = dir=in | app=c:\program files (x86)\orcad\tools\qt\bin\rcc.exe |
"{359E3D81-477F-47BC-97D7-1E4AB4014576}" = dir=in | app=c:\program files (x86)\orcad\tools\jre\bin\kinit.exe |
"{36498E4F-8D3B-441B-843F-501652203080}" = dir=in | app=c:\program files (x86)\orcad\tools\jre\bin\java-rmi.exe |
"{385001B1-C701-4AAB-9ABB-7B7A6C057E2C}" = dir=in | app=c:\program files (x86)\orcad\tools\jre\bin\javaws.exe |
"{3B7458FD-7954-493D-B36C-9DCB49A8561D}" = protocol=6 | dir=in | app=c:\program files (x86)\ivt corporation\bluesoleil\bluesoleilcs.exe |
"{3DA65DC1-5327-4E7F-BE22-1366964188A9}" = dir=in | app=c:\program files (x86)\orcad\tools\jre\bin\jureg.exe |
"{3E243981-7CCE-4CBE-8C5D-80FABDF4F366}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{42E00C31-07F9-4CF7-BFF0-CE1453F9839E}" = dir=in | app=c:\program files (x86)\orcad\tools\qt\bin\pixeltool.exe |
"{43129E59-ADB0-4C14-A3F3-5DEC269966F3}" = protocol=17 | dir=in | app=c:\program files (x86)\cyberlink\tv enhance\tveservice.exe |
"{434DB7E6-36B2-41C3-9923-F8B01876326C}" = dir=in | app=c:\program files (x86)\orcad\tools\bin\cdsoapathutil.exe |
"{43F41037-12D0-4D60-8B17-1138FDDCAE8A}" = dir=in | app=c:\program files (x86)\orcad\tools\jre\bin\jusched.exe |
"{475D264C-46CC-4B14-B04A-FDE2A3DBDC98}" = dir=in | app=c:\program files (x86)\orcad\tools\bin\cdswhich.exe |
"{47C1E0F5-E8A6-4482-A217-FDE95643C1F9}" = dir=in | app=c:\program files (x86)\orcad\tools\bin\cdsmps.exe |
"{4867B407-2488-4D83-8102-C7F03879AFD6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{48A34996-13D9-4FB0-8D47-80CA05F5F238}" = dir=in | app=c:\program files (x86)\orcad\tools\qt\bin\qhelpgenerator.exe |
"{4B07E1C0-B089-47A8-87E3-448951BB19B3}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{4B84E902-1E5E-4684-AD36-CC91A895D2EB}" = dir=in | app=c:\program files (x86)\orcad\tools\qt\bin\qt3to4.exe |
"{4B90A8B1-2FEB-499C-8FB0-D6F70E1F114C}" = protocol=17 | dir=in | app=c:\program files (x86)\nero\nero 12\nero backitup\backitup.exe |
"{4FB6455C-A878-47A1-B36B-08F54E9F73EC}" = dir=in | app=c:\program files (x86)\cyberlink\playmovie\pmvservice.exe |
"{511CF51C-DEC2-4A28-8611-146C21ABFD9D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{51D13168-01D3-49E7-9D3A-8C5282720B69}" = dir=in | app=c:\program files (x86)\orcad\openaccess\bin\win32\opt\oadmturboserver.exe |
"{52CBF4E0-755A-41AC-B29D-87532AA5233B}" = dir=in | app=c:\program files (x86)\orcad\tools\cdnshelp\bin\tagtest.exe |
"{53E02C31-16F8-4471-B3DA-852C9DE1CAB0}" = dir=in | app=c:\program files (x86)\orcad\tools\bin\pspiceexplorersrvr.exe |
"{54EAA933-8256-43EA-B514-C72749D2C126}" = dir=in | app=c:\program files (x86)\orcad\tools\qt\bin\lupdate.exe |
"{551774BB-7A0E-4B77-8138-DB91C49A62EA}" = protocol=6 | dir=in | app=c:\program files (x86)\cyberlink\tv enhance\tveservice.exe |
"{55F1B0A5-BEF7-46A2-A598-E1A8C0F8F29A}" = protocol=17 | dir=in | app=c:\program files (x86)\cyberlink\tv enhance\tveservice.exe |
"{5667BA4E-A557-4C72-8F5D-3E0A85411985}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{57197EC1-E355-4AE7-8507-35A282F2DA9D}" = dir=in | app=c:\program files (x86)\orcad\tools\qt\bin\qcollectiongenerator.exe |
"{58499DC6-03A6-49DA-B60C-5662F3D8391F}" = dir=in | app=c:\program files (x86)\orcad\tools\bin\msghelp.exe |
"{59F3140A-9AB0-4790-AAFB-39D426C220CE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5A3873A2-EA78-478A-A2D4-BD7C8A27AFED}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5AFBCE5F-43BB-4096-8230-83E2488B3BB8}" = protocol=6 | dir=in | app=c:\program files (x86)\cyberlink\tv enhance\tvenhance.exe |
"{5B55FCB0-E46C-4895-B69D-2E21D3AF4AC3}" = dir=in | app=c:\program files (x86)\orcad\tools\pspice\simsrvr.exe |
"{5C895330-616E-4148-A9AD-762BD10BB2FE}" = dir=in | app=c:\program files (x86)\orcad\tools\jre\bin\java.exe |
"{60C41099-AB51-4D95-96CB-E2D60F055207}" = dir=in | app=c:\program files (x86)\orcad\tools\bin\nmppath.exe |
"{61F41D7F-7B8F-4B6D-942E-3153801DFF01}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{62223B0A-0AA9-4BFB-BF0C-7BFC911D483A}" = protocol=6 | dir=in | app=c:\program files (x86)\nero\km\kwikmedia.exe |
"{634D83EE-EEB3-4A7F-918D-5EB8BAE271EA}" = dir=in | app=c:\program files (x86)\orcad\tools\bin\xcon2project.exe |
"{64251AE4-4A6D-4C4B-9624-C95C14E6E8AA}" = dir=in | app=c:\program files (x86)\orcad\tools\fet\bin\versiontool.exe |
"{69A2A232-89A0-446B-A666-267C35358513}" = dir=in | app=c:\program files (x86)\orcad\tools\bin\cdsinfo.exe |
"{6BAB6C4F-3249-4F06-8553-6A39486F2AE9}" = dir=in | app=c:\program files (x86)\orcad\tools\bin\cdsservipc.exe |
"{6CC33939-DB3A-4DB5-BF9B-1C9FC5F2B33F}" = dir=in | app=c:\program files (x86)\orcad\tools\bin\cmfeedback.exe |
"{6D050152-77A2-47E3-A1CF-991455E00EE6}" = protocol=17 | dir=in | app=c:\program files (x86)\cyberlink\tv enhance\tvenhance.exe |
"{6DB715E2-D02B-4568-ABBB-8D6EF5F3BD7B}" = dir=in | app=c:\program files (x86)\orcad\tools\bin\clsadmintool.exe |
"{6DE7FF7F-83A3-45BE-A78F-631D00C9001A}" = dir=in | app=c:\program files (x86)\orcad\tools\pspice\stmed.exe |
"{6E5C9631-C34A-4DE9-B7C1-5ABED6DB8A50}" = protocol=6 | dir=in | app=c:\program files\solidworks corp\solidworks\swscheduler\dtscoordinatorservice.exe |
"{6EB030C0-6D30-4D86-8003-EA8AA4C1251A}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla thunderbird\thunderbird.exe |
"{6FC62044-4C45-4411-A791-5CECBE44A0C2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7325F953-E488-4691-9EAC-1920F9BC12B3}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{75C940AA-F0EA-4634-84B6-1360E489B1ED}" = dir=in | app=c:\program files (x86)\orcad\tools\jre\bin\rmid.exe |
"{792AF6B8-85E2-4781-8521-93DB2CE42E01}" = dir=in | app=c:\program files (x86)\orcad\tools\tcltk\tcl\bin\wish80.exe |
"{792CE094-3638-4411-BC29-9AAA3F02755F}" = dir=in | app=c:\program files (x86)\orcad\openaccess\bin\win32\opt\oafslockd.exe |
"{7C0C7C40-68CB-4AE9-A894-4324BBD4DF01}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla thunderbird\thunderbird.exe |
"{7D03CA47-F105-4763-AE34-61306305DAE1}" = dir=in | app=c:\program files (x86)\orcad\tools\jre\bin\klist.exe |
"{8064BB62-5D96-4DDF-BF7E-AB6B963F6B42}" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe |
"{82D08B4C-8282-4B64-A147-75552D4C1D94}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{8468A55B-0A22-4456-8512-73AF85674314}" = protocol=6 | dir=in | app=c:\program files (x86)\ivt corporation\bluesoleil\bluesoleilcs.exe |
"{84A8FB07-7B94-440E-8DE9-01244295F938}" = protocol=17 | dir=in | app=c:\program files\solidworks corp\solidworks\photoview\photoview360_cl.exe |
"{84B28277-F2EF-4F24-9A2B-0C004F985852}" = dir=in | app=c:\program files (x86)\orcad\tools\qt\bin\idc.exe |
"{879FE014-A269-45F2-8877-FFBF66C50037}" = dir=in | app=c:\program files (x86)\orcad\openaccess\bin\win32\opt\spef2oa.exe |
"{8A287EFE-AE0B-48AB-A8E5-F94D8FD14B6B}" = dir=in | app=c:\program files (x86)\orcad\openaccess\bin\win32\opt\def2oa.exe |
"{8AAC10CC-6D69-4FB5-AC95-19B6E9969112}" = dir=in | app=c:\program files (x86)\orcad\tools\tcltk\8.4\bin\wish.exe |
"{8AEB0F39-590D-46FE-A667-1658CCB3E185}" = dir=in | app=c:\program files (x86)\orcad\tools\qt\bin\qmake.exe |
"{8BE77D12-85B3-4510-8304-61E58E9A808C}" = dir=in | app=c:\program files (x86)\orcad\openaccess\bin\win32\opt\strm2oa.exe |
"{8D5438F5-095D-494B-9BC2-B54DA7EDBF50}" = dir=in | app=c:\program files (x86)\orcad\tools\tcltk\tcl\bin\tclsh80.exe |
"{8DF24979-5D10-45F5-BD8D-78FF4402BC0D}" = dir=in | app=c:\program files (x86)\orcad\openaccess\bin\win32\opt\verilog2oa.exe |
"{8FEA59C4-6FA5-4487-9D9C-EE3F0F00AD56}" = dir=in | app=c:\program files (x86)\orcad\tools\jre\bin\jucheck.exe |
"{918BA796-E892-46D4-A3AB-27336E569834}" = dir=in | app=c:\program files (x86)\orcad\tools\capture\tutorial\captutor.exe |
"{922EBB08-4C8C-4FE6-B731-1D3D925957B1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{92DDE60C-9BB0-4229-BAB2-89637BBB83DF}" = dir=in | app=c:\program files (x86)\orcad\tools\jre\bin\rmiregistry.exe |
"{94EEFF3D-025B-4303-B2E7-B1678D602716}" = dir=in | app=c:\program files (x86)\orcad\tools\pspice\pspiceenc.exe |
"{97A05FD9-0FCF-46F8-BB63-FE1958C1F453}" = dir=in | app=c:\program files (x86)\orcad\tools\jre\bin\javaw.exe |
"{99850FB1-0FCC-4555-A462-5D6D20FBD9C4}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{99957E85-0B37-4D6D-B224-E32F79F6EEAF}" = dir=in | app=c:\program files (x86)\orcad\tools\capture\comp16.exe |
"{9A1DA6F3-3479-4A87-A7B2-BB8DAC05221D}" = dir=in | app=c:\program files (x86)\orcad\tools\bin\cdsremshclient.exe |
"{9ABA65A9-191A-4331-8879-07027FDB9E5D}" = dir=in | app=c:\program files (x86)\orcad\tools\capture\pstswp.exe |
"{9AF7E577-D055-4594-B371-FC4992DBAA8F}" = dir=in | app=c:\program files (x86)\orcad\tools\bin\versionviewer.exe |
"{9F97008F-E938-44EA-881B-0932984ED2A9}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{A114315A-767F-470A-808F-25160667153B}" = dir=in | app=c:\program files (x86)\orcad\tools\jre\bin\ssvagent.exe |
"{A23860B5-DBD1-484D-9456-DE7BF9FE9B39}" = protocol=6 | dir=in | app=c:\program files (x86)\nero\nero 12\nero backitup\backitup.exe |
"{A489DC9E-1DDC-4109-BDBA-BC7BA90FB66D}" = dir=in | app=c:\program files (x86)\orcad\tools\pspice\simmgr.exe |
"{A687E5CB-9739-48E0-839F-69EC33217978}" = dir=in | app=c:\program files (x86)\orcad\tools\fet\bin\mkdefcfg.exe |
"{A6919704-746F-48E3-95A6-CBD4F2CB2AFB}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{A9E35F06-B7F6-4F8C-833A-DD240F3FF281}" = dir=in | app=c:\program files (x86)\orcad\tools\capture\pcadi.exe |
"{AA90DE83-FA1A-4D07-B802-329F88F62826}" = dir=in | app=c:\program files (x86)\orcad\tools\bin\cdszip.exe |
"{ABBABE10-ECB1-4A22-AC60-CEC8297FCFC9}" = dir=in | app=c:\program files (x86)\orcad\tools\bin\cdsrunhidden.exe |
"{AFA1CCDE-903E-42EC-80B4-F6D20E0AADD4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B126F40B-4FF8-4CC1-AA56-977A71988416}" = dir=in | app=c:\program files (x86)\orcad\tools\tcltk\8.4\bin\tclsh84.exe |
"{B248A0F4-5274-428A-893D-8EB9CF9D4573}" = dir=in | app=c:\program files (x86)\orcad\tools\bin\mpsinfo.exe |
"{B3A744ED-E144-449F-817E-5CEC8D971196}" = dir=in | app=c:\program files (x86)\orcad\tools\bin\switchversion.exe |
"{B4D167E6-EAA6-4255-B122-727BE0C85B4C}" = dir=in | app=c:\program files (x86)\orcad\tools\jre\bin\tnameserv.exe |
"{B5C62EEE-DA22-47D7-9C76-BD9C6F6F9AFB}" = protocol=17 | dir=in | app=c:\program files (x86)\ivt corporation\bluesoleil\bluesoleilcs.exe |
"{B5D76A42-3295-4075-9290-A2D00D9F17D4}" = dir=in | app=c:\program files (x86)\orcad\tools\pcb\bin\sys_root.exe |
"{B5ED596C-ABEF-4482-83D8-46BF4E6360AB}" = dir=in | app=c:\program files (x86)\orcad\tools\cdnshelp\bin\cdnshelp.exe |
"{B663889D-34A9-47EA-ADEC-F91A31AAEDA7}" = protocol=6 | dir=out | app=system |
"{BD7443C9-5B15-413F-81B3-84A9F368CDA2}" = dir=in | app=c:\program files (x86)\orcad\openaccess\bin\win32\opt\oa2lef.exe |
"{BF56B477-4711-4FB2-B2DE-BF04E039BA6B}" = dir=in | app=c:\program files (x86)\orcad\tools\capture\sch2cap.exe |
"{C1F93509-8092-4168-99EC-9EDAB2DD9EB2}" = protocol=17 | dir=in | app=c:\program files\solidworks corp\solidworks\photoview\photoview360.exe |
"{C3FBC55A-7671-419D-836A-7FFD1CC841A9}" = dir=in | app=c:\program files (x86)\orcad\tools\bin\cdnshelp.exe |
"{C72A89F0-7E69-4D26-BD8E-7CD451673FCB}" = dir=in | app=c:\program files (x86)\orcad\tools\pspice\modeled.exe |
"{C773F98D-A152-47B7-B47D-0BA829F5F08C}" = dir=in | app=c:\program files (x86)\orcad\tools\dfii\bin\skill.exe |
"{C7E608BF-E724-4C56-ABE4-4DAEF63B6164}" = dir=in | app=c:\program files (x86)\orcad\tools\qt\bin\moc.exe |
"{C92CDA39-C4AC-4187-A04D-8651F570F0AF}" = dir=in | app=c:\program files (x86)\orcad\tools\qt\bin\xmlpatterns.exe |
"{CCB80690-65CA-4D33-95A3-26A02C703ECF}" = dir=in | app=c:\program files (x86)\orcad\tools\qt\bin\lrelease.exe |
"{CE218769-A66F-4FA3-A832-009C5C64C405}" = dir=in | app=c:\program files (x86)\orcad\tools\bin\clsbd.exe |
"{CF017E9F-1DCB-44A6-B194-6738FCCD8260}" = dir=in | app=c:\program files (x86)\cyberlink\powercinema\powercinema.exe |
"{CF7EAAAB-8151-44E9-A730-8925F68951DC}" = dir=in | app=c:\program files (x86)\orcad\tools\tcltk\8.4\bin\tclsh.exe |
"{D16C30D1-C1E0-4871-9E2D-C276F6309499}" = dir=in | app=c:\program files (x86)\orcad\tools\qt\bin\designer.exe |
"{D2FBF5DF-3137-48B0-9517-A74B9D35E134}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D32B1C6F-94A1-4F57-966B-82A404E78DD5}" = dir=in | app=c:\program files (x86)\orcad\tools\pspice\pspice.exe |
"{D3E02D3A-921E-45B9-9C1E-510F8515554C}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{D4B3D7A3-3DD1-4909-81B9-EDA8481B396A}" = dir=in | app=c:\program files (x86)\orcad\tools\bin\emsmkerror.exe |
"{D7D18BC8-9749-43D2-88C2-CA5732F0F128}" = dir=in | app=c:\program files (x86)\orcad\tools\bin\nmp.exe |
"{D90355E3-E44F-48FD-ABF1-1C7932A98A30}" = protocol=17 | dir=in | app=c:\program files\solidworks corp\solidworks\swscheduler\dtscoordinatorservice.exe |
"{DA54A960-FE0F-4F7B-B1C4-A77C9A8BE52D}" = dir=in | app=c:\program files (x86)\orcad\tools\bin\cdsunzip.exe |
"{DD42F498-0386-44B6-B3EA-64D1AF859BB5}" = dir=in | app=c:\program files (x86)\orcad\tools\qt\bin\dumpcpp.exe |
"{DD9E3682-D3A5-4E4F-93AF-5BFCC4CA4B3B}" = dir=in | app=c:\program files (x86)\orcad\tools\qt\bin\qhelpconverter.exe |
"{DEA30F1D-21F3-4296-B83A-7B9F8488165A}" = dir=out | app=%programfiles%\adobe\adobe photoshop cs5.1 (64 bit)\photoshop.exe |
"{DF6E6FDE-F6DE-4865-A23A-82FD83C11D35}" = protocol=17 | dir=in | app=c:\program files (x86)\ivt corporation\bluesoleil\bluesoleilcs.exe |
"{E137C8E2-00F7-4B9C-8BC9-FFD5FD4EAF57}" = dir=in | app=c:\program files (x86)\orcad\tools\cdnshelp\bin\_cdnshelp.exe |
"{E1AFD3A2-6414-41F1-9B71-E74938E1BED3}" = dir=in | app=c:\program files (x86)\orcad\openaccess\bin\win32\opt\oa2strm.exe |
"{E4202A72-1E44-4D64-94EC-8B7D0FA32B62}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E7AF9A58-5C17-4CC1-83E2-BD379EA7A319}" = dir=in | app=c:\program files (x86)\orcad\tools\bin\sipdiffviewer.exe |
"{E7EDBE25-58C4-44DA-8602-C7DD1D9F79B8}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{EA3B65E4-EE01-4FD4-A225-75C853B95EA0}" = dir=in | app=c:\program files (x86)\orcad\tools\qt\bin\qtdemo.exe |
"{EBC7E016-5010-4F19-B481-CC0B8BC0D7B1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EF3AF915-4583-4865-A3EB-710E95CD2A58}" = dir=in | app=c:\program files (x86)\orcad\tools\tcltk\8.4\bin\wish84.exe |
"{F0D9C7B3-BA39-421C-8210-760434C23A43}" = protocol=6 | dir=in | app=c:\program files\solidworks corp\solidworks\photoview\photoview360.exe |
"{F11DD756-A57D-497F-A45E-07AC99A5C8C9}" = dir=in | app=c:\program files (x86)\orcad\tools\jre\bin\ktab.exe |
"{F31109F7-0F66-4E69-B8CA-66E5E36E09F4}" = dir=in | app=c:\program files (x86)\orcad\tools\bin\dregprint.exe |
"{F37C068A-60C7-4AC6-A222-35F03C96B552}" = dir=in | app=c:\program files (x86)\orcad\tools\bin\cdsnameserver.exe |
"{F38A1BDC-603C-4FF8-86A7-137C68D3626D}" = dir=in | app=c:\program files (x86)\orcad\openaccess\bin\win32\opt\oa2def.exe |
"{F62FDCC0-98C5-4D8F-9F65-ECE00F2870D1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F6AE55F1-62F8-48BF-9529-95E953729B10}" = dir=in | app=c:\program files (x86)\orcad\tools\bin\cdsremote.exe |
"{F6CF5C4D-B1AA-4061-9C95-D0A467E8A3B0}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{F741E3A0-713A-40DF-9E20-4570A9F7DB3D}" = dir=in | app=c:\program files (x86)\orcad\tools\bin\regsvr32.exe |
"{F7549104-74BC-484C-99CF-881398826CB5}" = dir=in | app=c:\program files (x86)\orcad\openaccess\bin\win32\opt\oa2verilog.exe |
"{F75773B0-5C03-4364-B2C3-5EB86D83B698}" = dir=in | app=c:\program files (x86)\orcad\tools\jre\bin\unpack200.exe |
"{F82C9E17-BA2C-4C89-A3A1-DE7234BBB96D}" = dir=in | app=c:\program files (x86)\orcad\openaccess\bin\win32\opt\oagetversion.exe |
"{FA53A06E-C226-4BC1-AE6C-6CD2D572940E}" = dir=in | app=c:\program files (x86)\orcad\tools\qt\bin\assistant_adp.exe |
"{FAAB8D00-F602-4681-AB71-03EC5E7C5D8E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{FACAA5B3-719F-4196-B267-45BB1B23CCF4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{FCB0E5CC-34A0-4B24-A1ED-31CE6F3062D9}" = dir=in | app=c:\program files (x86)\orcad\tools\qt\bin\uic.exe |
"{FF8D8F2E-9A0B-46EC-A010-C44853E49C99}" = dir=in | app=c:\program files (x86)\orcad\tools\cdnshelp\bin\indexer.exe |
"{FF9CB8C3-2CD5-410F-81C4-4C0EB145ACC6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"TCP Query User{23EF3298-34E9-4C09-AC5E-527C67B37915}D:\downloads\work\software\hercules_3-2-5.exe" = protocol=6 | dir=in | app=d:\downloads\work\software\hercules_3-2-5.exe |
"TCP Query User{53ABA3F8-01DB-4787-9114-FF629CB6A5FA}C:\program files (x86)\huawei\ensp\simserver\devices\lsw\s5700\ensp_switch.exe" = protocol=6 | dir=in | app=c:\program files (x86)\huawei\ensp\simserver\devices\lsw\s5700\ensp_switch.exe |
"TCP Query User{76F68F1D-69F1-48AC-AAFF-3AC9B0B79A16}C:\program files (x86)\huawei\ensp\consoleserver\ensp_server.exe" = protocol=6 | dir=in | app=c:\program files (x86)\huawei\ensp\consoleserver\ensp_server.exe |
"TCP Query User{7FDF57F3-0E5B-4AE3-A6F3-5EC5300ED72E}C:\temp\iperf.exe" = protocol=6 | dir=in | app=c:\temp\iperf.exe |
"TCP Query User{80C06B4A-43E9-45C4-892C-0C567C5C0377}C:\program files (x86)\huawei\ensp\tools\ip_capture.exe" = protocol=6 | dir=in | app=c:\program files (x86)\huawei\ensp\tools\ip_capture.exe |
"TCP Query User{BB697209-F4C1-4A59-883A-F58B94B15E51}C:\program files (x86)\huawei\ensp\ensp_client.exe" = protocol=6 | dir=in | app=c:\program files (x86)\huawei\ensp\ensp_client.exe |
"TCP Query User{E039700E-89BF-4016-B36D-A53ACC9142EF}C:\program files (x86)\cisco packet tracer 5.3.3\bin\packettracer5.exe" = protocol=6 | dir=in | app=c:\program files (x86)\cisco packet tracer 5.3.3\bin\packettracer5.exe |
"TCP Query User{E4BAE536-A89F-413C-B679-5F16E87F8DA8}C:\program files (x86)\huawei\ensp\simserver\ensp_simserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\huawei\ensp\simserver\ensp_simserver.exe |
"TCP Query User{EC16F9A9-B2E0-472F-8E81-711EB6296E48}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |
"UDP Query User{178B7212-A6ED-48D7-9416-C5B7DA643A5B}D:\downloads\work\software\hercules_3-2-5.exe" = protocol=17 | dir=in | app=d:\downloads\work\software\hercules_3-2-5.exe |
"UDP Query User{19B91553-662B-45F6-82AB-0FE22123EF17}C:\temp\iperf.exe" = protocol=17 | dir=in | app=c:\temp\iperf.exe |
"UDP Query User{1CA1CFF0-CE36-4AF8-B59C-4A8725585A36}C:\program files (x86)\huawei\ensp\simserver\ensp_simserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\huawei\ensp\simserver\ensp_simserver.exe |
"UDP Query User{20336A78-B0D5-4C1C-83E7-05D44779FB68}C:\program files (x86)\huawei\ensp\tools\ip_capture.exe" = protocol=17 | dir=in | app=c:\program files (x86)\huawei\ensp\tools\ip_capture.exe |
"UDP Query User{40076003-D99C-4F4D-9AA6-B9F94F19AFE0}C:\program files (x86)\cisco packet tracer 5.3.3\bin\packettracer5.exe" = protocol=17 | dir=in | app=c:\program files (x86)\cisco packet tracer 5.3.3\bin\packettracer5.exe |
"UDP Query User{43BE4C3B-9CA2-46F2-9110-36E920AD8550}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |
"UDP Query User{6607AF10-23CA-4F85-BA01-D971B4CFDF83}C:\program files (x86)\huawei\ensp\simserver\devices\lsw\s5700\ensp_switch.exe" = protocol=17 | dir=in | app=c:\program files (x86)\huawei\ensp\simserver\devices\lsw\s5700\ensp_switch.exe |
"UDP Query User{8688D788-0E6D-4DF8-A423-2284889E010F}C:\program files (x86)\huawei\ensp\ensp_client.exe" = protocol=17 | dir=in | app=c:\program files (x86)\huawei\ensp\ensp_client.exe |
"UDP Query User{976C9726-D836-4203-B20C-E04C4ADFACF0}C:\program files (x86)\huawei\ensp\consoleserver\ensp_server.exe" = protocol=17 | dir=in | app=c:\program files (x86)\huawei\ensp\consoleserver\ensp_server.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{BDBFAC49-8877-472F-876B-75ADB7DBC955}" = CorelDRAW Graphics Suite X6 (64-Bit)
"_{EBDC2D0D-1E26-4EF2-BB48-C7E18F7800C6}" = Corel Graphics - Windows Shell Extension
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C1DE303-E41B-44BA-8ABA-B7F09D857001}" = Oracle VM VirtualBox 4.2.12
"{10762393-1B90-4AC2-AF1A-4C0C04AE303F}" = CorelDRAW Graphics Suite X6 - VBA (x64)
"{1967EF95-E00B-4669-8B1C-A589BE8BF24F}" = CorelDRAW Graphics Suite X6 - Capture (x64)
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E3A578C-0A7D-4820-990F-B7545C0B2303}" = CorelDRAW Graphics Suite X6 - VSTA (x64)
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{2486F47D-848C-4C46-ADD5-060984AAEE34}" = SolidWorks eDrawings 2012 x64 Edition SP04
"{26A24AE4-039D-4CA4-87B4-2F86417009FF}" = Java 7 Update 9 (64-bit)
"{27AE72A4-B217-4CDC-B82B-3311E9D7460E}" = CorelDRAW Graphics Suite X6 - Draw (x64)
"{2C72B5E4-AA34-4F1A-8C7E-468530F9F6A3}" = CorelDRAW Graphics Suite X6 - Photozoom Plugin (x64)
"{35869A6C-BA31-4F23-B52D-BC1B1E41EC1B}" = CorelDRAW Graphics Suite X6 - Common (x64)
"{3933C06C-8239-432B-87FC-F2BDC5B49A10}" = CorelDRAW Graphics Suite X6 - FontNav (x64)
"{43EBA222-8DF7-11E1-862B-F04DA23A5C58}" = Vegas Pro 11.0 (64-bit)
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{49F6DFDE-8DF7-11E1-9E5F-F04DA23A5C58}" = MSVCRT Redists
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4C66F076-D3AB-49C8-85D4-BAA6D82FCAE2}" = SolidWorks 2012 x64 Edition SP04
"{542DDF04-9F91-4F36-B2F4-2638B788A4C8}" = Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU
"{5655FAEA-76A3-4565-BEE2-55D796185D32}" = BlueSoleil 8.0.395.0
"{5783F2D7-B001-0000-0102-0060B0CE6BBA}" = AutoCAD 2013 - English
"{5783F2D7-B001-0409-1102-0060B0CE6BBA}" = AutoCAD 2013 Language Pack - English
"{5783F2D7-B001-0409-2102-0060B0CE6BBA}" = AutoCAD 2013 - English
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6099F026-0A98-4D40-9B3D-ED2123A8CBD0}" = CorelDRAW Graphics Suite X6 - Redist (x64)
"{64A3A4F4-B792-11D6-A78A-00B0D0170090}" = Java SE Development Kit 7 Update 9 (64-bit)
"{65DDB7D8-5E04-45DF-B60E-89557ED37ED2}" = SolidWorks Explorer 2012 SP04 x64 Edition
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7386B5FA-8715-481D-821F-7785110506DF}" = CorelDRAW Graphics Suite X6 - Custom Data (x64)
"{79899C6B-E315-4A3F-8904-02DEAB8D660D}" = Corel Graphics - Windows Shell Extension 32 Bit
"{7B79AE44-9B76-4815-84E5-ACAC3F0F0278}" = CorelDRAW Graphics Suite X6 - VideoBrowser (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{82C1E6E4-6718-4EFD-9DCC-E276D690EF46}" = Autodesk Inventor Fusion plug-in for AutoCAD 2013
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120064-0070-0000-0000-4000000FF1CE}" = Microsoft Visual Basic for Applications 7.1 (x64)
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0402-1000-0000000FF1CE}" = Microsoft Office Access MUI (Bulgarian) 2010
"{90140000-0015-0402-1000-0000000FF1CE}_Office14.PROPLUS_{9427343A-1F58-4144-A232-FDE5C66041D8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0402-1000-0000000FF1CE}" = Microsoft Office Excel MUI (Bulgarian) 2010
"{90140000-0016-0402-1000-0000000FF1CE}_Office14.PROPLUS_{9427343A-1F58-4144-A232-FDE5C66041D8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0402-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Bulgarian) 2010
"{90140000-0018-0402-1000-0000000FF1CE}_Office14.PROPLUS_{9427343A-1F58-4144-A232-FDE5C66041D8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0402-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (Bulgarian) 2010
"{90140000-0019-0402-1000-0000000FF1CE}_Office14.PROPLUS_{9427343A-1F58-4144-A232-FDE5C66041D8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0402-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (Bulgarian) 2010
"{90140000-001A-0402-1000-0000000FF1CE}_Office14.PROPLUS_{9427343A-1F58-4144-A232-FDE5C66041D8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0402-1000-0000000FF1CE}" = Microsoft Office Word MUI (Bulgarian) 2010
"{90140000-001B-0402-1000-0000000FF1CE}_Office14.PROPLUS_{9427343A-1F58-4144-A232-FDE5C66041D8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0402-1000-0000000FF1CE}" = Microsoft Office Proof (Bulgarian) 2010
"{90140000-001F-0402-1000-0000000FF1CE}_Office14.PROPLUS_{23918A57-2F6C-4540-A9E6-C30BB47D5717}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUS_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0419-1000-0000000FF1CE}" = Microsoft Office Proof (Russian) 2010
"{90140000-001F-0419-1000-0000000FF1CE}_Office14.PROPLUS_{0441704C-1789-4294-8DA5-7C85D54EDB3E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0402-1000-0000000FF1CE}" = Microsoft Office Proofing (Bulgarian) 2010
"{90140000-002C-0402-1000-0000000FF1CE}_Office14.PROPLUS_{4C201492-B928-4677-9EE4-DE7A904D45FF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0402-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (Bulgarian) 2010
"{90140000-0043-0402-1000-0000000FF1CE}_Office14.PROPLUS_{B962B285-6F42-4DF0-8B34-4D1DBFFE7B24}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0402-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Bulgarian) 2010
"{90140000-0044-0402-1000-0000000FF1CE}_Office14.PROPLUS_{9427343A-1F58-4144-A232-FDE5C66041D8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0402-1000-0000000FF1CE}" = Microsoft Office Shared MUI (Bulgarian) 2010
"{90140000-006E-0402-1000-0000000FF1CE}_Office14.PROPLUS_{6D03505D-3156-4ED5-AE30-847B53C73476}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0402-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (Bulgarian) 2010
"{90140000-00A1-0402-1000-0000000FF1CE}_Office14.PROPLUS_{9427343A-1F58-4144-A232-FDE5C66041D8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0402-1000-0000000FF1CE}" = Microsoft Office Groove MUI (Bulgarian) 2010
"{90140000-00BA-0402-1000-0000000FF1CE}_Office14.PROPLUS_{9427343A-1F58-4144-A232-FDE5C66041D8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{90F60409-7000-11D3-8CFE-0150048383C9}" = Microsoft Visual Basic for Applications 7.1 (x64) English
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AAAB95-AEBE-437A-B7CA-37C7BE13FFE9}" = CorelDRAW Graphics Suite X6 - Connect (x64)
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6DF7031-2843-44FD-9CAB-DECAB4257456}" = CorelDRAW Graphics Suite X6 - IPM
"{BB65D262-3EBC-4F10-89D9-67A320E94EAA}" = CorelDRAW Graphics Suite X6 - EN (x64)
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{BDBFAC49-8877-472F-876B-75ADB7DBC955}" = CorelDRAW Graphics Suite X6 - Setup Files (x64)
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CCE7423E-1D84-4CD3-9E32-220EC9358D97}" = CorelDRAW Graphics Suite X6 (x64)
"{D7C2687D-924E-4485-B367-C7D95CBF8DDD}" = CorelDRAW Graphics Suite X6 - PHOTO-PAINT (x64)
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DDE82E3D-20C4-48E1-AE1D-B1F10E42CA44}" = CorelDRAW Graphics Suite X6 - Writing Tools (x64)
"{E699230D-4B5E-411E-9F45-FF50789B18DD}" = CorelDRAW Graphics Suite X6 - Filters (x64)
"{EB9400D5-6289-4F9F-9B79-B3528101C0C7}" = SolidWorks Flow Simulation 2012 SP04 x64 Edition
"{EBDC2D0D-1E26-4EF2-BB48-C7E18F7800C6}" = Corel Graphics - Windows Shell Extension
"{EE5F74BC-5CD5-4EF2-86BA-81E6CF46A18F}" = Autodesk Sync
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FE2F4875-095C-427C-9A97-4F8DE05ACF22}" = Autodesk Inventor Fusion plug-in language pack for AutoCAD 2013
"{FFF5619F-2013-0064-A85E-9994F70A9E5D}" = Autodesk Inventor Fusion 2013
"62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F" = Windows Driver Package - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0)
"72A50F48CC5601190B9C4E74D81161693133E7F7" = Windows Driver Package - Nokia Modem (02/25/2011 7.01.0.9)
"AC967F932E5CED753E796B096F6960AF02F11028" = Windows Driver Package - eMPIA Technology (USB28xxBGA) Media (09/17/2009 5.2009.0917.0)
"AutoCAD 2013 - English" = AutoCAD 2013 - English
"AutoCAD 2013 - English SP1.1" = AutoCAD 2013 - English SP1.1
"Autodesk Inventor Fusion 2013" = Autodesk Inventor Fusion 2013
"Autodesk Inventor Fusion plug-in for AutoCAD 2013" = Autodesk Inventor Fusion plug-in for AutoCAD 2013
"AutopanoGiga3.0" = Kolor Autopano Giga 3.0
"CCleaner" = CCleaner
"E0AC723A3DE3A04256288CADBBB011B112AED454" = Windows Driver Package - Nokia Modem (02/25/2011 4.7)
"KLiteCodecPack64_is1" = K-Lite Codec Pack 6.4.2 (64-bit)
"Matlab R2012a" = MATLAB R2012a
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU" = Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU
"MyDefrag v4.3.1_is1" = MyDefrag v4.3.1
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OptiPerformer_is1" = OptiPerformer 11.0 (x64)
"Optiwave Shared Components (x64)_is1" = Optiwave Shared Components 2.0.6.1 (x64)
"PhotomatixPro42x64_is1" = Photomatix Pro version 4.2.4
"WinRAR archiver" = WinRAR 4.20 (64-битова версия)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{052A1E34-A54B-458C-A4E3-24C3E054754A}" = Nero Kwik Media
"{0708FF30-78C0-47B0-81F0-C84604DC769C}" = Nero Express Help (CHM)
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09AB0B35-9138-4765-900C-28FC4011058E}" = OrCAD 16.5 Lite
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B311221-05A5-4766-8D03-7A6446794156}" = Nero RescueAgent Help (CHM)
"{117EBEEB-5DB0-43C8-9FD6-DD583DB152DD}" = Autodesk Material Library 2013
"{1943C3BD-4462-4612-92C3-D36DD917C447}" = Nero Recode
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 3.9.6
"{1B6F5E51-575E-4693-BCA2-7543570D076D}" = Nero Kwik Themes Basic
"{1F16820E-D0E7-4636-939E-45CBFEFB06E1}" = Nero Kwik Media Help (CHM)
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2432E589-6256-4513-B0BF-EFA8E325D5F0}" = Nero SharedVideoCodecs
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = CyberLink PowerCinema
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{2890E324-6F3B-4975-8B95-E7D6D80E0226}" = Nero Burning ROM Help (CHM)
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{29F67D84-3A70-456E-806A-52301B02070B}" = Nero Effects Basic
"{2CC16A33-04AA-429D-9458-36CCF01815DC}_is1" = eNSP V1.0.213
"{3AAB08A3-F129-4BD5-B409-AE674F93759D}" = Prerequisite installer
"{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Земя
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{50E5043A-8D95-4807-8A31-026340DCEF01}" = EXFO ConnectorMax 2.3
"{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1" = Panda USB Vaccine 1.0.1.4
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5963F4B4-D138-47CD-ADEF-470E87E185BD}" = Nero Burning ROM
"{5B79E730-D897-4B8F-A1AD-7BB2D1F22B96}" = Nero Blu-ray Player Help (CHM)
"{606E12B9-641F-4644-A22A-FF38AE980AFD}" = Autodesk Material Library Base Resolution Image Library 2013
"{62F029AB-85F2-0000-866A-9FC0DD99DDBC}" = Autodesk Content Service
"{62F029AB-85F2-0001-866A-9FC0DD99DDBC}" = Autodesk Content Service Language Pack
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{644F4910-E812-49AD-93EC-86828CB81A0D}" = PC Connectivity Solution
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7D66971C-652B-4065-A6B1-B3EE313C254B}" = BlueJ
"{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail
"{828175FA-7307-4DBF-95AD-9CEE086B6F45}" = Welcome App (Start-up experience)
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83BF34DE-ABC6-4B6F-9F80-12F66025A709}" = CADSTAR 12.0
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83FCCFCD-46E3-43FB-A397-78BFD5A8980A}" = Nero Video
"{848A7C68-0ADC-4193-8A89-2CEA78E56A0C}" = Nero Express
"{866C4563-ED53-43F3-A29D-8BEE2BD1BA3C}" = Nokia PC Suite
"{86847081-B387-4F49-AED1-C9B0A090D66C}" = Nero Recode Help (CHM)
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
"{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
"{95E152CF-0EB5-4BFA-B6EE-8FC7F9601BA5}" = Nero 12
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help
"{A2FE691E-3F8E-4E30-AA7D-FF17AC77EA87}" = Nero Blu-ray Player
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{ABC88553-8770-4B97-B43E-5A90647A5B63}" = Nero ControlCenter
"{AC76BA86-1048-8780-7760-000000000005}" = Adobe Acrobat X Pro - Romanian, Ukrainian, Russian, Turkish
"{ACE49D50-19CD-44A6-B192-46F985283B26}" = Nero PiP Effects Basic
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials
"{B128179D-A5E1-43AC-9422-12A109ECD2A0}" = Nero Video Help (CHM)
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B953732D-B623-4E84-B369-CFFF7B1AE06F}" = Nero RescueAgent
"{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components
"{C484CC8D-03CF-4022-89C4-DB4F02E8A15B}" = Crystal Reports 2008 Runtime
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C80BDD3C-CE98-4FD2-A5D6-B1AA37287749}" = Castle Link
"{C994C746-C6D0-4EBA-B09E-DF7B18381B69}" = Nero ControlCenter Help (CHM)
"{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D481EA96-2313-4A7C-98EE-710D1AF884AC}" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA2D3078-A58C-45E8-8EE0-18B8BE6B34F7}" = Nero BackItUp
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E17BCB76-9924-4BD5-B6D6-50D3407B4E74}" = Nero Disc Menus Basic
"{EF0D1292-8FC1-41BE-9740-DBC134F66415}" = Nero BackItUp Help (CHM)
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.155
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0F4163F-6A2D-48BA-BC36-23C33B0ECDB5}" = calibre
"{F11000CE-0010-0000-0000-074957833700}" = ABBYY FineReader 11 Corporate Edition
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Advanced Office Password Recovery" = Advanced Office Password Recovery (remove only)
"AIDA64 Extreme Edition_is1" = AIDA64 Extreme Edition v2.50
"AMCap" = AMCap
"Autodesk Content Service" = Autodesk Content Service
"avast" = avast! Internet Security
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Cisco Packet Tracer 5.3.3_is1" = Cisco Packet Tracer 5.3.3
"D.M.A.C. Guide To Trimming Fixed Wing Model Aircraft" = D.M.A.C. Guide To Trimming Fixed Wing Model Aircraft
"DAEMON Tools Lite" = DAEMON Tools Lite
"DjVuLibre+DjView" = DjVuLibre+DjView
"Gaberoff Koral English Dictionary 2.0" = Gaberoff Koral English Dictionary 2.0
"Gaberoff Koral German Dictionary 2.0" = Gaberoff Koral German Dictionary 2.0
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = CyberLink PowerCinema
"KeyboardTest_is1" = KeyboardTest V3.0
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 8.9.2
"LTspice IV" = LTspice IV
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware, версия 1.75.0.1300
"Microsoft Visual Studio 2005 Tools for Applications - ENU" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"Mozilla Thunderbird 17.0.5 (x86 en-US)" = Mozilla Thunderbird 17.0.5 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nokia PC Suite" = Nokia PC Suite
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Profili 2 Professional" = Profili 2 Professional
"Scan Tailor" = Scan Tailor
"SolidWorks Installation Manager 20120-40400-1100-100" = SolidWorks 2012 x64 Edition SP04
"STDU Converter_is1" = STDU Converter version 2.0.42.0
"TeamViewer 8" = TeamViewer 8
"Update Engine" = Sony Ericsson Update Engine
"uTorrent" = µTorrent
"VIVACOM 3G USB Modem" = VIVACOM 3G USB Modem
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"Wireshark" = Wireshark 1.8.1 (64-bit)
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2057118117-1669697715-985378483-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"29bd13940c568036" = TelepointERP
"Flux" = F.lux
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 24.4.2013 г. 09:44:43 | Computer Name = Dandanovi-PC | Source = WinMgmt | ID = 10
Description =
Error - 24.4.2013 г. 18:48:04 | Computer Name = Dandanovi-PC | Source = Application Hang | ID = 1002
Description = The program Acrobat.exe version 10.1.5.33 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 18c4 Start
Time: 01ce413d88d36950 Termination Time: 7 Application Path: C:\Program Files (x86)\Adobe\Acrobat
10.0\Acrobat\Acrobat.exe Report Id: f54fcf61-ad30-11e2-bc87-6cf04992a841
Error - 26.4.2013 г. 13:32:58 | Computer Name = Dandanovi-PC | Source = WinMgmt | ID = 10
Description =
Error - 27.4.2013 г. 06:52:55 | Computer Name = Dandanovi-PC | Source = .NET Runtime | ID = 1026
Description =
Error - 27.4.2013 г. 06:53:12 | Computer Name = Dandanovi-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Connect.Service.ContentService.exe, version:
3.0.84.0, time stamp: 0x4f344200 Faulting module name: KERNELBASE.dll, version:
6.1.7601.18015, time stamp: 0x50b83c8a Exception code: 0xe0434352 Fault offset: 0x0000c41f
Faulting
process id: 0x5fc Faulting application start time: 0x01ce43355a6485a0 Faulting application
path: C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
Faulting
module path: C:\Windows\syswow64\KERNELBASE.dll Report Id: a71f6f40-af28-11e2-addb-6cf04992a841
Error - 27.4.2013 г. 06:55:05 | Computer Name = Dandanovi-PC | Source = WinMgmt | ID = 10
Description =
Error - 27.4.2013 г. 08:42:14 | Computer Name = Dandanovi-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Photoshop.exe, version: 12.1.0.0, time
stamp: 0x4d90d339 Faulting module name: CoolType.dll, version: 5.7.83.12130, time
stamp: 0x4d077df9 Exception code: 0xc0000005 Fault offset: 0x0000000000143b52 Faulting
process id: 0xb40 Faulting application start time: 0x01ce434072ad48d0 Faulting application
path: C:\Program Files\Adobe\Adobe Photoshop CS5.1 (64 Bit)\Photoshop.exe Faulting
module path: C:\Program Files\Adobe\Adobe Photoshop CS5.1 (64 Bit)\CoolType.dll
Report
Id: e2dc0bb0-af37-11e2-addb-6cf04992a841
Error - 29.4.2013 г. 01:23:01 | Computer Name = Dandanovi-PC | Source = .NET Runtime | ID = 1026
Description =
Error - 29.4.2013 г. 01:23:19 | Computer Name = Dandanovi-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Connect.Service.ContentService.exe, version:
3.0.84.0, time stamp: 0x4f344200 Faulting module name: KERNELBASE.dll, version:
6.1.7601.18015, time stamp: 0x50b83c8a Exception code: 0xe0434352 Fault offset: 0x0000c41f
Faulting
process id: 0x290 Faulting application start time: 0x01ce449998e09840 Faulting application
path: C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
Faulting
module path: C:\Windows\syswow64\KERNELBASE.dll Report Id: e6608760-b08c-11e2-a14e-6cf04992a841
Error - 29.4.2013 г. 01:24:19 | Computer Name = Dandanovi-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 28.12.2012 г. 12:51:56 | Computer Name = Dandanovi-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Autodesk
Content Service service to connect.
Error - 28.12.2012 г. 12:51:56 | Computer Name = Dandanovi-PC | Source = Service Control Manager | ID = 7000
Description = The Autodesk Content Service service failed to start due to the following
error: %%1053
Error - 28.12.2012 г. 12:52:21 | Computer Name = Dandanovi-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the VIVACOM
3G USB Modem. OUC service to connect.
Error - 28.12.2012 г. 12:52:21 | Computer Name = Dandanovi-PC | Source = Service Control Manager | ID = 7000
Description = The VIVACOM 3G USB Modem. OUC service failed to start due to the following
error: %%1053
Error - 28.12.2012 г. 12:54:25 | Computer Name = Dandanovi-PC | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
with the currently configured password due to the following error: %%1330 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).
Error - 28.12.2012 г. 12:54:25 | Computer Name = Dandanovi-PC | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
following error: %%1069
Error - 29.12.2012 г. 07:21:35 | Computer Name = Dandanovi-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Autodesk
Content Service service to connect.
Error - 29.12.2012 г. 07:21:35 | Computer Name = Dandanovi-PC | Source = Service Control Manager | ID = 7000
Description = The Autodesk Content Service service failed to start due to the following
error: %%1053
Error - 29.12.2012 г. 07:21:58 | Computer Name = Dandanovi-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the VIVACOM
3G USB Modem. OUC service to connect.
Error - 29.12.2012 г. 07:21:58 | Computer Name = Dandanovi-PC | Source = Service Control Manager | ID = 7000
Description = The VIVACOM 3G USB Modem. OUC service failed to start due to the following
error: %%1053
< End of report >

Thank you very much for the help!

Maniac · May 31, 2013

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL
[2013.05.19 09:40:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Facebook Profile Viewer
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Please post the OTL fix log in your next reply.

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

ndandanov · May 31, 2013

Hello,

Here is the log:

========== OTL ==========
C:\ProgramData\Facebook Profile Viewer folder moved successfully.
OTL by OldTimer - Version 3.2.69.0 log created on 05312013_134151

Thank you a lot for the support!

Maniac · May 31, 2013

You're welcome!

How is the situation now?

ndandanov · May 31, 2013

Hello,

I turned AdBlock Plus off and so far the popping ads seem to be gone. I'll continue to monitor this and will post back if there is a problem.

I could delete the moved files by OTL, couldn't I?

Thank you very much!

Best regards,

Nickolay

Maniac · May 31, 2013

Monitor your system by tomorrow and contact me again. If all goes well I will give you the latest instructions how to get rid of the tools we used.

ndandanov · June 3, 2013

Hello again,

Sorry to post back with such a delay. So far the traces of the Profile Viewer seem to be gone. However I think I also have the RECYCLER malware, but there was a thread on a Bulgarian forum which described removing it with Flash_Desinfector. I guess I might try that later.

Thank you again for the huge support!

Monitor your system by tomorrow and contact me again. If all goes well I will give you the latest instructions how to get rid of the tools we used.

Maniac · June 3, 2013

Glad I could help!

Please run OTL and click on CleanUp button.

Some malware prevention tips:

users.telenet.be/bluepatchy/miekiemoes/prevention.html

Safe surfing!

ndandanov · June 3, 2013

Thank you again!

I clicked the CleanUp button, then rebooted as prompted. After Windows booted there were no other messages. Now there's no folder C:\_OTL\, so I guess the files are removed.

Have a nice day,

Nickolay

Glad I could help!
Please run OTL and click on CleanUp button.
Some malware prevention tips:
users.telenet.be/bluepatchy/miekiemoes/prevention.html
Safe surfing!

Maniac · June 3, 2013

You're welcome, Nickolay!

Maurice Naggar · June 4, 2013

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Possibly malware: Profile Viewer - 5

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information