Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Olmarik.TDL4


  • This topic is locked This topic is locked
18 replies to this topic

#1 geozadetek

geozadetek

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:16 AM

Posted 13 September 2012 - 11:51 PM

hi!
I have big problem. My Nod32 find:
13.9.2012 20:15:2 Startup scanner Win32/Olmarik.TDL4 trojan unable to clean

In the same time my icons from desktop go away... When i go to My computer it shows correct disc occupancy, but when i try open some directories, i get message, that the directory is empty. I turn my computer a few days back. And my icons are on the desktop again. :) BUT...
My external disk still have the same problem. I can format disc ( C and D partition )- 'd rather not. On external disk i have a lot of stuff I don´t want lose those them. When i click on directory with music and choose Open in Winamp, i can listen the music, but whan i try to open dir, I get message that the dir is empty. And the trojan is still there. So i really need some help.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_26
Run by Anze at 5:44:05 on 2012-09-14
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.386.1033.18.4094.2620 [GMT 2:00]
.
AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Program Files (x86)\Expat Shield\bin\openvpnas.exe
C:\Program Files (x86)\Expat Shield\HssWPR\hsssrv.exe
C:\Program Files (x86)\Expat Shield\bin\hsswd.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
d:\Programi\DRoster\Firebird\bin\fbguard.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Users\Anze\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Stardock\ObjectDockPlus2\ObjectDock.exe
C:\Users\Anze\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe
C:\Program Files (x86)\Stardock\ObjectDockPlus2\Dock64.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
d:\Programi\DRoster\Firebird\bin\fbserver.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Expat Shield\bin\openvpntray.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.najdi.si/
uInternet Settings,ProxyOverride = *.local;<local>
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO: Expat Shield Class: {3706ee7c-3cad-445d-8a43-03ebc3b75908} - C:\Program Files (x86)\Expat Shield\HssIE\ExpatIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe
uRun: [Akamai NetSession Interface] "C:\Users\Anze\AppData\Local\Akamai\netsession_win.exe"
uRun: [Facebook Update] "C:\Users\Anze\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [uQPiuYoYUryntvk.exe] C:\ProgramData\uQPiuYoYUryntvk.exe
uRun: [RdfRIukzofmFSy] C:\ProgramData\RdfRIukzofmFSy.exe
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [ACPW05EN] "C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe" /pid ACPW05EN
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
StartupFolder: C:\Users\Anze\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\STARDO~1.LNK - C:\Program Files (x86)\Stardock\ObjectDockPlus2\ObjectDock.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{2C482A74-669A-493B-8338-7E7D38628CC4} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{3E9EFD91-EDFF-4B9A-8A80-FAEA9BD2048F} : DhcpNameServer = 10.199.40.1
TCP: Interfaces\{604143E0-1F84-4456-A559-EBB923DE610C} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{B8D7FC96-AC26-4555-947A-577AB83965A8} : DhcpNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: Octh Class: {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
BHO-X64: btorbit.com - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO-X64: Expat Shield Class: {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - C:\Program Files (x86)\Expat Shield\HssIE\ExpatIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
TB-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
TB-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB-X64: Grab Pro: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun-x64: [ACPW05EN] "C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe" /pid ACPW05EN
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
IE-X64: {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Anze\AppData\Roaming\Mozilla\Firefox\Profiles\cbjm9rkl.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.si
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor.dll
FF - component: C:\Program Files (x86)\Orbitdownloader\addons\OneClickYouTubeDownloader\components\GrabXpcom.dll
FF - component: C:\Users\Anze\AppData\Roaming\Mozilla\Firefox\Profiles\cbjm9rkl.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\Anze\AppData\Roaming\Mozilla\Firefox\Profiles\cbjm9rkl.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - component: C:\Users\Anze\AppData\Roaming\Mozilla\Firefox\Profiles\cbjm9rkl.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Users\Anze\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Anze\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Users\Anze\AppData\Roaming\Mozilla\Firefox\Profiles\cbjm9rkl.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\plugins\np-mswmp.dll
FF - plugin: C:\Users\Anze\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Anze\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
============= SERVICES / DRIVERS ===============
.
R1 appdrv01;Application Driver (01);C:\Windows\system32\Drivers\appdrv01.sys --> C:\Windows\system32\Drivers\appdrv01.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-14 20992]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-8-6 361984]
R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2009-9-29 735960]
R2 epfwwfpr;epfwwfpr;C:\Windows\system32\DRIVERS\epfwwfpr.sys --> C:\Windows\system32\DRIVERS\epfwwfpr.sys [?]
R2 ExpatShieldService;Expat Shield Service;C:\Program Files (x86)\Expat Shield\bin\openvpnas.exe [2011-1-8 271408]
R2 ExpatSrv;Expat Shield Routing Service;C:\Program Files (x86)\Expat Shield\HssWPR\hsssrv.exe [2011-1-5 352304]
R2 ExpatWd;Expat Shield Monitoring Service;C:\Program Files (x86)\Expat Shield\bin\hsswd.exe -product Expat --> C:\Program Files (x86)\Expat Shield\bin\hsswd.exe -product Expat [?]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;d:\Programi\DRoster\Firebird\bin\fbguard.exe -s --> d:\Programi\DRoster\Firebird\bin\fbguard.exe -s [?]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-13 399432]
R2 TeamViewer5;TeamViewer 5;C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2011-9-28 2002728]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2012-5-29 2143072]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;d:\Programi\DRoster\Firebird\bin\fbserver.exe -s --> d:\Programi\DRoster\Firebird\bin\fbserver.exe -s [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2012-5-8 11856]
S2 appdrvrem01;Application Driver Auto Removal Service (01);C:\Windows\System32\appdrvrem01.exe svc --> C:\Windows\System32\appdrvrem01.exe svc [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Storitev Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-3 136176]
S2 hasplms;HASP License Manager;C:\Windows\system32\hasplms.exe -run --> C:\Windows\system32\hasplms.exe -run [?]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-13 676936]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-18 250056]
S3 athur;Wireless Network Adapter Service;C:\Windows\system32\DRIVERS\athurx.sys --> C:\Windows\system32\DRIVERS\athurx.sys [?]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;D:\Igre\Dragon Age\bin_ship\daupdatersvc.service.exe [2010-9-22 25832]
S3 DrvAgent64;DrvAgent64;C:\Windows\SysWOW64\drivers\DrvAgent64.SYS [2011-2-19 21712]
S3 ExpatTrayService;Expat Shield Tray Service;C:\Program Files (x86)\Expat Shield\bin\ExpatTrayService.exe [2011-1-8 54516]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-10-5 1030600]
S3 gupdatem;Storitev Posodobitve za Google (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-3 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-26 114144]
S3 netr7364;ASUS USB Wireless LAN Card Driver for Vista;C:\Windows\system32\DRIVERS\netr7364.sys --> C:\Windows\system32\DRIVERS\netr7364.sys [?]
S3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2010-4-7 19544]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 vmcam325av;CANYON USB PC Camera;C:\Windows\system32\Drivers\Vm323av64.sys --> C:\Windows\system32\Drivers\Vm323av64.sys [?]
S3 vvftav323;vvftav323;C:\Windows\system32\drivers\vvftav323.sys --> C:\Windows\system32\drivers\vvftav323.sys [?]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
.
=============== File Associations ===============
.
.scr=AutoCADScriptFile
.
=============== Created Last 30 ================
.
2012-09-14 02:49:48 9310152 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FC39AEE1-C905-417D-BE3B-F71FD81DEF2E}\mpengine.dll
2012-09-14 00:07:57 -------- d-sh--w- C:\$RECYCLE.BIN
2012-09-13 23:59:47 98816 ----a-w- C:\Windows\sed.exe
2012-09-13 23:59:47 518144 ----a-w- C:\Windows\SWREG.exe
2012-09-13 23:59:47 256000 ----a-w- C:\Windows\PEV.exe
2012-09-13 23:59:47 208896 ----a-w- C:\Windows\MBR.exe
2012-09-13 23:58:31 -------- d-s---w- C:\ComboFix
2012-09-13 23:33:18 -------- d-----w- C:\Program Files (x86)\ESET
2012-09-13 18:34:09 -------- d-----w- C:\Users\Anze\AppData\Roaming\Malwarebytes
2012-09-13 18:33:58 -------- d-----w- C:\ProgramData\Malwarebytes
2012-09-13 18:33:58 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-09-06 09:02:05 -------- d-----w- C:\Program Files (x86)\D'Accord_Music_Software
2012-08-30 12:09:07 -------- d-----w- C:\Program Files (x86)\AMD APP
2012-08-30 10:12:44 8 ----a-w- C:\ProgramData\VYAAUFMZPWQQ.SYS
2012-08-19 23:02:12 -------- d-----w- C:\dsp_sps
2012-08-19 22:56:11 -------- d-----w- C:\Users\Anze\AppData\Local\SpacialAudio
2012-08-19 22:55:37 -------- d-----w- C:\Program Files (x86)\SAMCast
.
==================== Find3M ====================
.
2012-08-15 13:29:32 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-15 13:29:32 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-27 20:47:40 187392 ----a-w- C:\Windows\System32\clinfo.exe
2012-07-27 20:47:24 75776 ----a-w- C:\Windows\System32\OpenVideo64.dll
2012-07-27 20:47:16 65024 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2012-07-27 20:47:10 63488 ----a-w- C:\Windows\System32\OVDecode64.dll
2012-07-27 20:47:06 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2012-07-27 20:46:56 16464896 ----a-w- C:\Windows\System32\amdocl64.dll
2012-07-27 20:46:06 13013504 ----a-w- C:\Windows\SysWow64\amdocl.dll
.
============= FINISH: 5:53:19,84 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 geozadetek

geozadetek
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:16 AM

Posted 14 September 2012 - 08:58 AM

i have found solution for external drive. Trojan has changed the file attributes - to hiden or system file.

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:16 AM

Posted 14 September 2012 - 04:47 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 geozadetek

geozadetek
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:16 AM

Posted 15 September 2012 - 03:26 PM

Hi Gringo!

Here are my logs:
Security Check
Results of screen317's Security Check version 0.99.50
Windows 7 x64 (UAC is enabled)
Out of date service pack!!
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
ESET NOD32 Antivirus 4.0
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware različica 1.65.0.1400
TuneUp Utilities 2012
TuneUp Utilities Language Pack (en-US)
Java™ 6 Update 26
Java version out of Date!
Adobe Flash Player 11.3.300.271 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (15.0)
Mozilla Thunderbird (15.0.1)
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome Plugins...
````````Process Check: objlist.exe by Laurent````````
ESET NOD32 Antivirus egui.exe
ESET NOD32 Antivirus ekrn.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````



-AdwCleaner-
# AdwCleaner v2.001 - Logfile created 09/15/2012 at 22:09:19
# Updated 09/09/2012 by Xplode
# Operating system : Windows 7 Ultimate (64 bits)
# User : Anze - ANZE-PC
# Boot Mode : Normal
# Running from : C:\Users\Anze\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Conduit
Deleted on reboot : C:\Program Files (x86)\ConduitEngine
Deleted on reboot : C:\Program Files (x86)\DAEMON Tools Toolbar
Deleted on reboot : C:\Program Files (x86)\Mozilla Firefox\Extensions\afurladvisor@anchorfree.com
Deleted on reboot : C:\Program Files (x86)\uTorrentBar
Deleted on reboot : C:\ProgramData\boost_interprocess
Deleted on reboot : C:\ProgramData\Trymedia
Deleted on reboot : C:\Users\Anze\AppData\Local\Babylon
Deleted on reboot : C:\Users\Anze\AppData\LocalLow\Conduit
Deleted on reboot : C:\Users\Anze\AppData\LocalLow\ConduitEngine
Deleted on reboot : C:\Users\Anze\AppData\LocalLow\myBabylon_English
Deleted on reboot : C:\Users\Anze\AppData\LocalLow\PriceGong
Deleted on reboot : C:\Users\Anze\AppData\LocalLow\uTorrentBar
Deleted on reboot : C:\Users\Anze\AppData\Roaming\Mozilla\Firefox\Profiles\cbjm9rkl.default\Conduit
Deleted on reboot : C:\Users\Anze\AppData\Roaming\Mozilla\Firefox\Profiles\cbjm9rkl.default\ConduitCommon
Deleted on reboot : C:\Users\Anze\AppData\Roaming\Mozilla\Firefox\Profiles\cbjm9rkl.default\ConduitEngine
Deleted on reboot : C:\Users\Anze\AppData\Roaming\Mozilla\Firefox\Profiles\cbjm9rkl.default\CT2786678
Deleted on reboot : C:\Users\Anze\AppData\Roaming\Mozilla\Firefox\Profiles\cbjm9rkl.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
Deleted on reboot : C:\Users\Anze\AppData\Roaming\Mozilla\Firefox\Profiles\cbjm9rkl.default\extensions\DTToolbar@toolbarnet.com
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\Users\Anze\AppData\Roaming\Mozilla\Firefox\Profiles\cbjm9rkl.default\searchplugins\daemon-search.xml

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine
Key Deleted : HKCU\Software\AppDataLow\Software\myBabylon_English
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentBar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Babylon
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{78E9E24E-DE16-457D-B9BF-44CCEA6F5FC5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B16632F1-24E0-4D99-A68D-70BFB6447C48}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BabylonIEPI.DLL
Key Deleted : HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho
Key Deleted : HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho.1
Key Deleted : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin
Key Deleted : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin.1
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj
Key Deleted : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1460988
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78E9E24E-DE16-457D-B9BF-44CCEA6F5FC5}
Key Deleted : HKLM\Software\myBabylon_English
Key Deleted : HKLM\Software\Orbit\OpenCandy
Key Deleted : HKLM\Software\uTorrentBar
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{78E9E24E-DE16-457D-B9BF-44CCEA6F5FC5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{948105AA-7725-4560-A92A-812188392DC5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EC0D8DBF-33E4-4164-9C76-D972F612D7E7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7600.16385

Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v15.0 (sl)

Profile name : default
File : C:\Users\Anze\AppData\Roaming\Mozilla\Firefox\Profiles\cbjm9rkl.default\prefs.js

C:\Users\Anze\AppData\Roaming\Mozilla\Firefox\Profiles\cbjm9rkl.default\user.js ... Deleted !

Deleted : user_pref("CT2786678..clientLogIsEnabled", false);
Deleted : user_pref("CT2786678..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2786678..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2786678.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT2786678.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2786678.BrowserCompStateIsOpen_129579220236217502", true);
Deleted : user_pref("CT2786678.CTID", "CT2786678");
Deleted : user_pref("CT2786678.CurrentServerDate", "15-9-2012");
Deleted : user_pref("CT2786678.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2786678.DialogsGetterLastCheckTime", "Fri Sep 14 2012 01:17:29 GMT+0200");
Deleted : user_pref("CT2786678.DownloadReferralCookieData", "");
Deleted : user_pref("CT2786678.EMailNotifierLabelLength", 6);
Deleted : user_pref("CT2786678.EMailNotifierPollDate", "Wed Mar 09 2011 12:30:55 GMT+0100");
Deleted : user_pref("CT2786678.FeedLastCount5690698542593514850", 550);
Deleted : user_pref("CT2786678.FeedPollDate129301619375443753", "Wed Mar 09 2011 12:17:15 GMT+0100");
Deleted : user_pref("CT2786678.FeedPollDate129301619375443759", "Wed Mar 09 2011 12:17:15 GMT+0100");
Deleted : user_pref("CT2786678.FeedPollDate129301619375444699", "Wed Mar 09 2011 12:17:14 GMT+0100");
Deleted : user_pref("CT2786678.FeedPollDate129301619375444705", "Wed Mar 09 2011 12:17:14 GMT+0100");
Deleted : user_pref("CT2786678.FeedPollDate129301619375444711", "Wed Mar 09 2011 12:17:14 GMT+0100");
Deleted : user_pref("CT2786678.FeedPollDate129301619375444717", "Wed Mar 09 2011 12:17:14 GMT+0100");
Deleted : user_pref("CT2786678.FeedPollDate129301619375444723", "Wed Mar 09 2011 12:17:14 GMT+0100");
Deleted : user_pref("CT2786678.FeedPollDate129301619375444729", "Wed Mar 09 2011 12:17:14 GMT+0100");
Deleted : user_pref("CT2786678.FeedPollDate129301619375444735", "Wed Mar 09 2011 12:17:15 GMT+0100");
Deleted : user_pref("CT2786678.FeedPollDate129301619375444741", "Wed Mar 09 2011 12:17:15 GMT+0100");
Deleted : user_pref("CT2786678.FeedPollDate129301619375444747", "Wed Mar 09 2011 12:17:15 GMT+0100");
Deleted : user_pref("CT2786678.FeedTTL129301619375444699", 10);
Deleted : user_pref("CT2786678.FeedTTL129301619375444723", 15);
Deleted : user_pref("CT2786678.FeedTTL129301619375444735", 5);
Deleted : user_pref("CT2786678.FeedTTL129301619375444747", 5);
Deleted : user_pref("CT2786678.FirstServerDate", "20-12-2010");
Deleted : user_pref("CT2786678.FirstTime", true);
Deleted : user_pref("CT2786678.FirstTimeFF3", true);
Deleted : user_pref("CT2786678.FixPageNotFoundErrors", false);
Deleted : user_pref("CT2786678.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2786678.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2786678.HasUserGlobalKeys", true);
Deleted : user_pref("CT2786678.Initialize", true);
Deleted : user_pref("CT2786678.InitializeCommonPrefs", true);
Deleted : user_pref("CT2786678.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2786678.InstallationType", "UnknownIntegration");
Deleted : user_pref("CT2786678.InstalledDate", "Mon Dec 20 2010 19:04:47 GMT+0100");
Deleted : user_pref("CT2786678.InvalidateCache", false);
Deleted : user_pref("CT2786678.IsGrouping", false);
Deleted : user_pref("CT2786678.IsMulticommunity", false);
Deleted : user_pref("CT2786678.IsOpenThankYouPage", true);
Deleted : user_pref("CT2786678.IsOpenUninstallPage", false);
Deleted : user_pref("CT2786678.LanguagePackLastCheckTime", "Sat Sep 15 2012 21:42:46 GMT+0200");
Deleted : user_pref("CT2786678.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2786678.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2786678.LastLogin_3.12.2.3", "Mon May 28 2012 03:45:34 GMT+0200");
Deleted : user_pref("CT2786678.LastLogin_3.13.0.6", "Wed Jul 18 2012 16:00:24 GMT+0200");
Deleted : user_pref("CT2786678.LastLogin_3.14.1.0", "Fri Aug 24 2012 04:03:02 GMT+0200");
Deleted : user_pref("CT2786678.LastLogin_3.15.1.0", "Sat Sep 15 2012 21:42:46 GMT+0200");
Deleted : user_pref("CT2786678.LastLogin_3.2.5.2", "Wed Mar 09 2011 10:10:45 GMT+0100");
Deleted : user_pref("CT2786678.LatestVersion", "3.14.1.0");
Deleted : user_pref("CT2786678.Locale", "en");
Deleted : user_pref("CT2786678.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2786678.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2786678.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2786678.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2786678.RadioIsPodcast", false);
Deleted : user_pref("CT2786678.RadioLastCheckTime", "Tue Mar 08 2011 20:54:03 GMT+0100");
Deleted : user_pref("CT2786678.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT2786678.RadioLastUpdateServer", "0");
Deleted : user_pref("CT2786678.RadioMediaID", "hxxp://www.radiosalomon.si/salomon.m3u");
Deleted : user_pref("CT2786678.RadioMediaType", "Media Player");
Deleted : user_pref("CT2786678.RadioMenuSelectedID", "EBRadioMenu_CT2786678_RECENThxxp://www.radiosalomon.si/s[...]
Deleted : user_pref("CT2786678.RadioStationName", "Radio%20Salomon");
Deleted : user_pref("CT2786678.RadioStationURL", "hxxp://www.radiosalomon.si/salomon.m3u");
Deleted : user_pref("CT2786678.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2786678.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT278[...]
Deleted : user_pref("CT2786678.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2786678.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2786678.SearchInNewTabLastCheckTime", "Sat Sep 15 2012 21:42:45 GMT+0200");
Deleted : user_pref("CT2786678.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2786678.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2786678.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT2786678.ServiceMapLastCheckTime", "Sat Sep 15 2012 21:42:45 GMT+0200");
Deleted : user_pref("CT2786678.SettingsLastCheckTime", "Sat Sep 15 2012 21:42:45 GMT+0200");
Deleted : user_pref("CT2786678.SettingsLastUpdate", "1347288122");
Deleted : user_pref("CT2786678.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2786678.ThirdPartyComponentsLastCheck", "Fri Feb 25 2011 19:31:31 GMT+0100");
Deleted : user_pref("CT2786678.ThirdPartyComponentsLastUpdate", "1246790578");
Deleted : user_pref("CT2786678.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT2786678.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2786678");
Deleted : user_pref("CT2786678.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2786678.UserID", "UN76390503560232780");
Deleted : user_pref("CT2786678.ValidationData_Toolbar", 2);
Deleted : user_pref("CT2786678.WeatherNetwork", "");
Deleted : user_pref("CT2786678.WeatherPollDate", "Wed Mar 09 2011 12:30:56 GMT+0100");
Deleted : user_pref("CT2786678.WeatherUnit", "C");
Deleted : user_pref("CT2786678.alertChannelId", "1178763");
Deleted : user_pref("CT2786678.backendstorage.cbcountry_001", "5349");
Deleted : user_pref("CT2786678.backendstorage.cbfirsttime", "5468752041756720313620323031322031313A35393A30312[...]
Deleted : user_pref("CT2786678.components.1000082", true);
Deleted : user_pref("CT2786678.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2786678.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2786678.initDone", true);
Deleted : user_pref("CT2786678.myStuffEnabled", true);
Deleted : user_pref("CT2786678.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2786678.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2786678.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2786678.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2786678.revertSettingsEnabled", true);
Deleted : user_pref("CT2786678.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2786678.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2786678.testingCtid", "");
Deleted : user_pref("CT2786678.toolbarAppMetaDataLastCheckTime", "Sat Sep 15 2012 21:42:46 GMT+0200");
Deleted : user_pref("CT2786678.toolbarContextMenuLastCheckTime", "Mon Dec 20 2010 19:04:49 GMT+0100");
Deleted : user_pref("CT2786678.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2786678/CT2786678[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1178763/1174448/SI", "\"0\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/SI", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/914671/910466/SI", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2786678", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2786678",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63433363123173[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=1/11/20[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=11/8/20[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/17/20[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/22/20[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2786678/CT2786678[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"029[...]
Deleted : user_pref("CommunityToolbar.EngineHiddenByUser", true);
Deleted : user_pref("CommunityToolbar.EngineOwner", "CT2786678");
Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}");
Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "utorrentbar");
Deleted : user_pref("CommunityToolbar.IsEngineShown", false);
Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2786678");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "utorrentbar");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "ConduitEngine,CT2786678");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "ConduitEngine,CT2786678");
Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Tue Mar 22 2011 20:26:21 GMT+01[...]
Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sun Jul 03 2011 11:04:40 GMT+0200");
Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sun Jul 03 2011 11:00:59 GMT+0200");
Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.alert.userId", "658a6e66-aa6b-496d-b4f3-97d596d344b8");
Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Tue Mar 08 2011 20:54:03 GMT+0100");
Deleted : user_pref("CommunityToolbar.globalUserId", "a1120c6d-7107-4748-86e0-4fcece1a04f6");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.permanenceEngine", false);
Deleted : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Thu Apr 07 2011 11:47:45 GMT+0200");
Deleted : user_pref("ConduitEngine.BrowserCompStateIsOpen_5145448138756314716", true);
Deleted : user_pref("ConduitEngine.CTID", "ConduitEngine");
Deleted : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Fri Mar 25 2011 20:26:17 GMT+0100");
Deleted : user_pref("ConduitEngine.FirstServerDate", "01/14/2011 13");
Deleted : user_pref("ConduitEngine.FirstTime", true);
Deleted : user_pref("ConduitEngine.FirstTimeFF3", true);
Deleted : user_pref("ConduitEngine.FixPageNotFoundErrors", false);
Deleted : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Deleted : user_pref("ConduitEngine.Initialize", true);
Deleted : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Deleted : user_pref("ConduitEngine.InstallationType", "UnknownIntegration");
Deleted : user_pref("ConduitEngine.InstalledDate", "Mon Dec 20 2010 19:04:47 GMT+0100");
Deleted : user_pref("ConduitEngine.IsMulticommunity", false);
Deleted : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Deleted : user_pref("ConduitEngine.IsOpenUninstallPage", false);
Deleted : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Tue Mar 22 2011 20:26:15 GMT+0100");
Deleted : user_pref("ConduitEngine.LastLogin_3.2.5.2", "Wed Mar 09 2011 10:10:46 GMT+0100");
Deleted : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Tue Mar 22 2011 20:26:15 GMT+0100");
Deleted : user_pref("ConduitEngine.PublisherContainerWidth", 191);
Deleted : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Deleted : user_pref("ConduitEngine.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=C[...]
Deleted : user_pref("ConduitEngine.SettingsLastCheckTime", "Tue Mar 22 2011 20:26:14 GMT+0100");
Deleted : user_pref("ConduitEngine.UserID", "UN69905553011335328");
Deleted : user_pref("ConduitEngine.counterAppsAdded", 5);
Deleted : user_pref("ConduitEngine.counterAppsRemoved", 1);
Deleted : user_pref("ConduitEngine.engineLocale", "sl");
Deleted : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Tue Mar 22 2011 20:26:14 GMT+0100");
Deleted : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Fri Mar 25 2011 20:26:16 GMT+0100");
Deleted : user_pref("ConduitEngine.initDone", true);
Deleted : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Deleted : user_pref("ConduitEngine.usagesFlag", 2);
Deleted : user_pref("browser.babylon.HPOnNewTab", "1");
Deleted : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.babylon.com/web/{searchTerms}?babsrc=browserse[...]
Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");

-\\ Google Chrome v21.0.1180.89

File : C:\Users\Anze\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v11.61.1250.0

File : C:\Users\Anze\AppData\Roaming\Opera\Opera\operaprefs.ini

Deleted : application/x-winampx-1.0.0.1=6,,C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll,Winamp A[...]
Deleted : application/x-winampx-1.0.0.1=,0

*************************

AdwCleaner[R1].txt - [26045 octets] - [15/09/2012 22:08:43]
AdwCleaner[S1].txt - [25915 octets] - [15/09/2012 22:09:19]

########## EOF - C:\AdwCleaner[S1].txt - [25976 octets] ##########



--RogueKiller--
RogueKiller V8.0.3 [09/13/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : Anze [Admin rights]
Mode : Remove -- Date : 09/15/2012 22:19:08

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 19 ¤¤¤
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> DELETED
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowUser (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowControlPanel (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowHelp (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRun (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> REPLACED (1)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 static3.cdn.ubi.com
127.0.0.1 ubisoft-orbit.s3.amazonaws.com
127.0.0.1 onlineconfigservice.ubi.com
127.0.0.1 orbitservice.ubi.com
127.0.0.1 ubisoft-orbit-savegames.s3.amazonaws.com
127.0.0.1 activate.adobe.com


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD6401AALS-00L3B2 ATA Device +++++
--- User ---
[MBR] 1a1ef7c51bc21ee064296253cab3de4a
[BSP] 82c70a551d1b956365c3991ea80f2203 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 60290 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 123475593 | Size: 550173 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 4979cb685ea2e40bd127f7c9454dd1ef
[BSP] 82c70a551d1b956365c3991ea80f2203 : Windows 7 MBR Code [possible maxSST in 2!]
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 60290 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 123475593 | Size: 550173 Mo
2 - [ACTIVE] NTFS (0x17) [HIDDEN!] Offset (sectors): 1250232320 | Size: 10 Mo

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

Tnx for helping!

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:16 AM

Posted 15 September 2012 - 04:16 PM

Greetings

I need you to make a bootable usb and to make a screenshot for me - follow the instructions below to do this

How to create a bootable Puppy USB Drive

  • Download and save a copy of the latest Puppy ISO file
  • Download and save a copy of Unetbootin for Windows.
  • Insert an empty formatted USB drive into a USB port on the computer that's being used to create the bootable USB.
  • Launch Unetbootin ....
  • Ensure that Disk Image is selected.
  • Using the browse button ... browse to and select the Puppy ISO file.
  • Ensure that Type: is set to USB Drive and that the Drive: letter corresponds to the USB drive.
  • Click OK
Unetbootin will now copy the Puppy files to the USB and make it a bootable device.

Next

You need to change the boot order of the computer to boot from a USB drive ....

  • Read HERE for instructions how to do this.

Now boot into Puppylinux

when you get to the desktop Click on each of the drive items found in the bottom left corner to mount them (when mounted they will have a red cross next to them)

Next - Launch GParted which is found at Menu > System > GParted partition manager,
Click to select All Drives then click Okay
I need you to take a screenshot of the window that opens up - to do this follow these instructions

To take a screenshot in Puppy ....

With the GParted window open ...

  • Click menu > Graphic > mtPaint-snapshot screen capture
  • A small window will open ....

    • Click Capture Now
    • Click OK
  • The mtPaint program will open ....
    • Click File > Save
    • Double click on ../
    • Double click on mnt/
    • Double click on sdb1/
    • Set File Format to JPEG
    • Enter screenshot1 into the text box
    • Click OK

This will save a file screenshot1.jpeg into the USB drive, paste or attach this to your next post

Next

  • Click menu > shutdown > power off computer
  • If prompted to save the session click on No

Puppy will now close down.

remove the usb and save it - we will use it again - boot back into windows and send me the screen capture

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:16 AM

Posted 18 September 2012 - 12:16 AM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 geozadetek

geozadetek
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:16 AM

Posted 18 September 2012 - 05:15 PM

hi!
here it is the screenshot from Puppy.
I hope, that is ok...

lp

Attached Files



#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:16 AM

Posted 18 September 2012 - 07:20 PM

greetings


I want you to boot back into GParted and right click on the partition (SDA1) and select manage flags then select boot

exit out of GParted and save on your way out - boot back into windows and report back here


NOTE** if you have trouble booting into windows the repeat the process for partition 2 (SDA2)
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 geozadetek

geozadetek
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:16 AM

Posted 19 September 2012 - 01:11 AM

Hi!

Do you need some logs, screenshots?

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:16 AM

Posted 19 September 2012 - 01:24 AM

as long as you are booting fine then for now we are good



I want you to boot back into gparted and right click on the hidden partition and select delete (sda3)


and then report back here


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 geozadetek

geozadetek
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:16 AM

Posted 19 September 2012 - 06:52 AM

hi!
all booting goes fine :)

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:16 AM

Posted 19 September 2012 - 07:15 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 geozadetek

geozadetek
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:16 AM

Posted 19 September 2012 - 07:52 AM

Hi!

I don´t have any problems when i run combofix. And the computer behaves OK.

here is the log:

ComboFix 12-09-18.07 - Anze 19.09.2012 14:31:51.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.386.1033.18.4094.2772 [GMT 2:00]
Running from: c:\users\Anze\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\RdfRIukzofmFSy
c:\users\Anze\AppData\Roaming\Access File\Worker
c:\users\Anze\AppData\Roaming\Access File\Worker\curllib.dll
c:\users\Anze\AppData\Roaming\Access File\Worker\gpl-2.0.txt
c:\users\Anze\AppData\Roaming\Access File\Worker\hstart.exe
c:\users\Anze\AppData\Roaming\Access File\Worker\kernels\poclbm\__init__.py
c:\users\Anze\AppData\Roaming\Access File\Worker\kernels\poclbm\BFIPatcher.py
c:\users\Anze\AppData\Roaming\Access File\Worker\kernels\poclbm\kernel.cl
c:\users\Anze\AppData\Roaming\Access File\Worker\libeay32.dll
c:\users\Anze\AppData\Roaming\Access File\Worker\libsasl.dll
c:\users\Anze\AppData\Roaming\Access File\Worker\license.txt
c:\users\Anze\AppData\Roaming\Access File\Worker\mscoree.dll
c:\users\Anze\AppData\Roaming\Access File\Worker\openldap.dll
c:\users\Anze\AppData\Roaming\Access File\Worker\phoenix.exe
c:\users\Anze\AppData\Roaming\Access File\Worker\ssleay32.dll
c:\users\Anze\AppData\Roaming\Access File\Worker\XXMKLINK.EXE
c:\users\Public\Documents\MSI87CB.tmp
c:\windows\PFRO.log
c:\windows\SysWow64\html
c:\windows\SysWow64\images
c:\windows\SysWow64\Temp
c:\windows\SysWow64\Temp\KSKD87SFDS
c:\windows\SysWow64\tmp29DD.tmp
c:\windows\SysWow64\tmp2CAB.tmp
c:\windows\SysWow64\tmpD05C.tmp
c:\windows\SysWow64\tmpD07C.tmp
c:\windows\SysWow64\tmpD3AB.tmp
c:\windows\SysWow64\tmpD3CB.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-08-19 to 2012-09-19 )))))))))))))))))))))))))))))))
.
.
2012-09-19 12:38 . 2012-09-19 12:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-14 02:49 . 2012-08-27 23:49 9310152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FC39AEE1-C905-417D-BE3B-F71FD81DEF2E}\mpengine.dll
2012-09-13 23:33 . 2012-09-13 23:33 -------- d-----w- c:\program files (x86)\ESET
2012-09-13 18:34 . 2012-09-13 18:34 -------- d-----w- c:\users\Anze\AppData\Roaming\Malwarebytes
2012-09-13 18:33 . 2012-09-13 18:33 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-13 18:33 . 2012-09-13 18:33 -------- d-----w- c:\programdata\Malwarebytes
2012-09-06 09:02 . 2012-09-06 09:02 -------- d-----w- c:\program files (x86)\D'Accord_Music_Software
2012-08-30 12:09 . 2012-08-30 12:09 -------- d-----w- c:\programdata\ATI
2012-08-30 12:09 . 2012-08-30 12:09 -------- d-----w- c:\program files (x86)\AMD APP
2012-08-30 10:12 . 2012-09-04 07:18 8 ----a-w- c:\programdata\VYAAUFMZPWQQ.SYS
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-18 05:59 . 2009-07-13 23:28 6656 ----a-w- c:\windows\system32\lpcio.dll
2012-08-19 23:34 . 2012-08-19 23:34 62269 ----a-w- C:\report.zip
2012-08-15 13:29 . 2012-05-18 20:37 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-15 13:29 . 2011-11-17 07:29 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-27 20:47 . 2012-07-27 20:47 187392 ----a-w- c:\windows\system32\clinfo.exe
2012-07-27 20:47 . 2012-07-27 20:47 75776 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-07-27 20:47 . 2012-07-27 20:47 65024 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-07-27 20:47 . 2012-07-27 20:47 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-07-27 20:47 . 2012-07-27 20:47 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-07-27 20:46 . 2012-07-27 20:46 16464896 ----a-w- c:\windows\system32\amdocl64.dll
2012-07-27 20:46 . 2012-07-27 20:46 13013504 ----a-w- c:\windows\SysWow64\amdocl.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}]
2010-09-22 19:19 230448 ----a-w- c:\program files (x86)\Expat Shield\HssIE\ExpatIE.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2009-09-28 2101848]
"Akamai NetSession Interface"="c:\users\Anze\AppData\Local\Akamai\netsession_win.exe" [2012-08-10 4440896]
"Facebook Update"="c:\users\Anze\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2010-10-20 74752]
"ACPW05EN"="c:\program files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe" [2011-09-19 822384]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]
.
c:\users\Anze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files (x86)\Stardock\ObjectDockPlus2\ObjectDock.exe [2011-6-15 4142448]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ExpatWd;Expat Shield Monitoring Service;c:\program files (x86)\Expat Shield\bin\hsswd.exe [2010-10-15 326704]
R2 gupdate;Storitev Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-18 136176]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056]
R3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [2010-01-05 1847296]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;d:\igre\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [2011-02-19 21712]
R3 ExpatTrayService;Expat Shield Tray Service;c:\program files (x86)\Expat Shield\bin\ExpatTrayService.EXE [2011-01-07 54516]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-10-05 1030600]
R3 gupdatem;Storitev Posodobitve za Google (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-18 136176]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-07 114144]
R3 netr7364;ASUS USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr7364.sys [2009-06-10 707072]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2009-09-28 19544]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-04-19 50688]
R3 vmcam325av;CANYON USB PC Camera;c:\windows\system32\Drivers\Vm323av64.sys [2007-03-27 163840]
R3 vvftav323;vvftav323;c:\windows\system32\drivers\vvftav323.sys [2007-03-27 301824]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-02-17 871408]
S1 archlp;archlp;SysWOW64\drivers\archlp.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-09-29 136584]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-03-09 235520]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-08-06 361984]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2010-12-27 21992]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2009-09-29 735960]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-09-29 123200]
S2 ExpatShieldService;Expat Shield Service;c:\program files (x86)\Expat Shield\bin\openvpnas.exe [2011-01-07 271408]
S2 ExpatSrv;Expat Shield Routing Service;c:\program files (x86)\Expat Shield\HssWPR\hsssrv.exe [2011-01-05 352304]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;d:\programi\DRoster\Firebird\bin\fbguard.exe [2009-10-05 65536]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]
S2 TeamViewer5;TeamViewer 5;c:\program files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-10-06 2002728]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2012-05-29 2143072]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-03-09 10857984]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-03-09 328704]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;d:\programi\DRoster\Firebird\bin\fbserver.exe [2009-10-05 1532000]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2012-05-08 11856]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-18 13:29]
.
2012-09-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3622318069-2847649242-3785862918-1001Core.job
- c:\users\Anze\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-08 16:14]
.
2012-09-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3622318069-2847649242-3785862918-1001UA.job
- c:\users\Anze\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-08 16:14]
.
2012-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-03 14:50]
.
2012-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-03 14:50]
.
2012-09-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3622318069-2847649242-3785862918-1001Core.job
- c:\users\Anze\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-18 14:50]
.
2012-09-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3622318069-2847649242-3785862918-1001UA.job
- c:\users\Anze\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-18 14:50]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}]
2010-09-22 19:19 284208 ----a-w- c:\program files (x86)\Expat Shield\HssIE\ExpatIE_64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-09-16 2715704]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984D045-52CF-49cd-DB77-08F378FEA4DB}"= "c:\program files (x86)\Stardock\ObjectDockPlus2\ODMenu64.dll" [2010-03-24 633200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.najdi.si/
uInternet Settings,ProxyOverride = *.local;<local>
IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Anze\AppData\Roaming\Mozilla\Firefox\Profiles\cbjm9rkl.default\
FF - prefs.js: browser.startup.homepage - www.google.si
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Active WebCam - d:\programi\Active WebCam\PY_UNINSTAL.EXE SOFTWARE\PySoft\Act_WebCam
AddRemove-DAEMON Tools Toolbar - c:\program files (x86)\DAEMON Tools Toolbar\uninst.exe
AddRemove-Defcon_is1 - d:\igre\Defcon\unins000.exe
AddRemove-FlatOut Ultimate Carnage - d:\igre\FlatOut Ultimate Carnage\Uninstall.exe
AddRemove-Shockwave - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE
AddRemove-COBISS3 fppo - c:\windows\system32\javaws.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_5891ae0.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\G*e*n*i*e*"!\FM Genie Scout 10]
"ShortlistDir"=""
"LangDB"=""
"Language"="English"
"LoadLangDB"=dword:00000000
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"GraphStep"=dword:00000000
"SkinName"="Steklo Black"
"LastUpdateCheck"=dword:00009d52
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:00000074
"UniqueID"="5A-F4C5-2133"
"Currency"=dword:00000056
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.032"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.abr"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.amr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.amr"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.ani"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.apd"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3622318069-2847649242-3785862918-1001)
"Progid"="ACDSee Pro 5.arw"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.bay"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3622318069-2847649242-3785862918-1001)
"Progid"="ACDSee Pro 5.bmp"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.bw"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bwf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.bwf"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cel\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.cel"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3622318069-2847649242-3785862918-1001)
"Progid"="ACDSee Pro 5.cr2"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3622318069-2847649242-3785862918-1001)
"Progid"="ACDSee Pro 5.crw"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3622318069-2847649242-3785862918-1001)
"Progid"="ACDSee Pro 5.cs1"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.cur"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.dcr"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.dcx"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3622318069-2847649242-3785862918-1001)
"Progid"="ACDSee Pro 5.dib"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.djv"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.djvu"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3622318069-2847649242-3785862918-1001)
"Progid"="ACDSee Pro 5.dng"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3622318069-2847649242-3785862918-1001)
"Progid"="ACDSee Pro 5.emf"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.eps"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3622318069-2847649242-3785862918-1001)
"Progid"="ACDSee Pro 5.erf"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3622318069-2847649242-3785862918-1001)
"Progid"="ACDSee Pro 5.fff"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.flc"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fli\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.fli"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.fpx"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3622318069-2847649242-3785862918-1001)
"Progid"="ACDSee Pro 5.gif"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.hdr"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.icl"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.icn"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3622318069-2847649242-3785862918-1001)
"Progid"="ACDSee Pro 5.iff"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.ilbm"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.int"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.inta"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.iw4"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.j2c"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3622318069-2847649242-3785862918-1001)
"Progid"="ACDSee Pro 5.j2k"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.jbr"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.jfif"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.jif"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3622318069-2847649242-3785862918-1001)
"Progid"="ACDSee Pro 5.jp2"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3622318069-2847649242-3785862918-1001)
"Progid"="ACDSee Pro 5.jpc"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3622318069-2847649242-3785862918-1001)
"Progid"="ACDSee Pro 5.jpe"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3622318069-2847649242-3785862918-1001)
"Progid"="ACDSee Pro 5.jpeg"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3622318069-2847649242-3785862918-1001)
"Progid"="ACDSee Pro 5.jpg"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.jpk"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.jpx"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3622318069-2847649242-3785862918-1001)
"Progid"="ACDSee Pro 5.kdc"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.lbm"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m15\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.m15"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1a\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.m1a"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2a\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.m2a"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m75\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.m75"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3622318069-2847649242-3785862918-1001)
"Progid"="ACDSee Pro 5.mef"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.mos"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.mpv"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3622318069-2847649242-3785862918-1001)
"Progid"="ACDSee Pro 5.mrw"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3622318069-2847649242-3785862918-1001)
"Progid"="ACDSee Pro 5.nef"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3622318069-2847649242-3785862918-1001)
"Progid"="ACDSee Pro 5.nrw"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3622318069-2847649242-3785862918-1001)
"Progid"="ACDSee Pro 5.orf"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3622318069-2847649242-3785862918-1001)
"Progid"="ACDSee Pro 5.pbm"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.pbr"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3622318069-2847649242-3785862918-1001)
"Progid"="ACDSee Pro 5.pcd"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.pct"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3622318069-2847649242-3785862918-1001)
"Progid"="ACDSee Pro 5.pcx"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3622318069-2847649242-3785862918-1001)
"Progid"="ACDSee Pro 5.pef"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3622318069-2847649242-3785862918-1001)
"Progid"="ACDSee Pro 5.pgm"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.pic"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pics\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.pics"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.pict"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.pix"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3622318069-2847649242-3785862918-1001)
"Progid"="ACDSee Pro 5.png"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3622318069-2847649242-3785862918-1001)
"Progid"="ACDSee Pro 5.ppm"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3622318069-2847649242-3785862918-1001)
"Progid"="ACDSee Pro 5.psd"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3622318069-2847649242-3785862918-1001)
"Progid"="ACDSee Pro 5.psp"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.pspbrush"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3622318069-2847649242-3785862918-1001)
"Progid"="ACDSee Pro 5.pspimage"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qcp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.qcp"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qtpf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.qtpf"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3622318069-2847649242-3785862918-1001)
"Progid"="ACDSee Pro 5.raf"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.ras"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3622318069-2847649242-3785862918-1001)
"Progid"="ACDSee Pro 5.raw"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.rgb"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.rgba"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3622318069-2847649242-3785862918-1001)
"Progid"="ACDSee Pro 5.rle"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.rsb"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3622318069-2847649242-3785862918-1001)
"Progid"="ACDSee Pro 5.rw2"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3622318069-2847649242-3785862918-1001)
"Progid"="ACDSee Pro 5.rwl"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sdv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.sdv"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sfil\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.sfil"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.sgi"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.smf"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.smi"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smil\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.smil"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.sml"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3622318069-2847649242-3785862918-1001)
"Progid"="ACDSee Pro 5.sr2"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3622318069-2847649242-3785862918-1001)
"Progid"="ACDSee Pro 5.srf"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srw\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3622318069-2847649242-3785862918-1001)
"Progid"="ACDSee Pro 5.srw"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.swa\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.swa"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3622318069-2847649242-3785862918-1001)
"Progid"="ACDSee Pro 5.tga"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3622318069-2847649242-3785862918-1001)
"Progid"="ACDSee Pro 5.thm"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3622318069-2847649242-3785862918-1001)
"Progid"="ACDSee Pro 5.tif"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3622318069-2847649242-3785862918-1001)
"Progid"="ACDSee Pro 5.tiff"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.ttc"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.ttf"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ulw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.ulw"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v25po\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.v25po"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v25pp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.v25pp"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v25ppf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.v25ppf"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v50po\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.v50po"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v50pp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.v50pp"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v50ppf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.v50ppf"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vfw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.vfw"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3622318069-2847649242-3785862918-1001)
"Progid"="ACDSee Pro 5.wbm"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3622318069-2847649242-3785862918-1001)
"Progid"="ACDSee Pro 5.wbmp"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3622318069-2847649242-3785862918-1001)
"Progid"="ACDSee Pro 5.wmf"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.xbm"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.xif"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.xmp"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.xpm"
.
[HKEY_USERS\S-1-5-21-3622318069-2847649242-3785862918-1001_Classes\{057C7771-F320-4C2A-A2EA-747945FA82F2}*]
@Allowed: (Read) (RestrictedCode)
@=hex:e4,88,4c,21,3c,34,cd,01
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-09-19 14:40:16
ComboFix-quarantined-files.txt 2012-09-19 12:40
.
Pre-Run: 4.951.830.528 bytes free
Post-Run: 4.975.861.760 bytes free
.
- - End Of File - - 80263C9F1546F7A304898D217BEA1C77

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:16 AM

Posted 19 September 2012 - 12:46 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 geozadetek

geozadetek
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:16 AM

Posted 19 September 2012 - 03:37 PM

hi!
log from tdsskiller:

19:53:37.0527 2636 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
19:53:38.0286 2636 ============================================================
19:53:38.0286 2636 Current date / time: 2012/09/19 19:53:38.0286
19:53:38.0286 2636 SystemInfo:
19:53:38.0286 2636
19:53:38.0286 2636 OS Version: 6.1.7600 ServicePack: 0.0
19:53:38.0286 2636 Product type: Workstation
19:53:38.0286 2636 ComputerName: ANZE-PC
19:53:38.0287 2636 UserName: Anze
19:53:38.0287 2636 Windows directory: C:\Windows
19:53:38.0287 2636 System windows directory: C:\Windows
19:53:38.0287 2636 Running under WOW64
19:53:38.0287 2636 Processor architecture: Intel x64
19:53:38.0287 2636 Number of processors: 2
19:53:38.0287 2636 Page size: 0x1000
19:53:38.0287 2636 Boot type: Normal boot
19:53:38.0287 2636 ============================================================
19:53:39.0400 2636 Drive \Device\Harddisk0\DR0 - Size: 0x950AF4DE00 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:53:39.0403 2636 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:53:39.0830 2636 ============================================================
19:53:39.0830 2636 \Device\Harddisk0\DR0:
19:53:39.0830 2636 MBR partitions:
19:53:39.0830 2636 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x75C1647
19:53:39.0830 2636 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x75C1689, BlocksNum 0x4328EBE6
19:53:39.0830 2636 \Device\Harddisk1\DR1:
19:53:39.0831 2636 MBR partitions:
19:53:39.0831 2636 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542D682
19:53:39.0831 2636 ============================================================
19:53:39.0842 2636 C: <-> \Device\Harddisk0\DR0\Partition1
19:53:39.0875 2636 D: <-> \Device\Harddisk0\DR0\Partition2
19:53:39.0929 2636 H: <-> \Device\Harddisk1\DR1\Partition1
19:53:39.0929 2636 ============================================================
19:53:39.0929 2636 Initialize success
19:53:39.0929 2636 ============================================================
19:54:10.0815 3508 ============================================================
19:54:10.0815 3508 Scan started
19:54:10.0815 3508 Mode: Manual;
19:54:10.0815 3508 ============================================================
19:54:11.0715 3508 ================ Scan system memory ========================
19:54:11.0715 3508 System memory - ok
19:54:11.0716 3508 ================ Scan services =============================
19:54:11.0840 3508 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
19:54:11.0866 3508 1394ohci - ok
19:54:11.0886 3508 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
19:54:11.0891 3508 ACPI - ok
19:54:11.0899 3508 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
19:54:11.0911 3508 AcpiPmi - ok
19:54:12.0010 3508 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:54:12.0013 3508 AdobeFlashPlayerUpdateSvc - ok
19:54:12.0029 3508 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
19:54:12.0063 3508 adp94xx - ok
19:54:12.0071 3508 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
19:54:12.0097 3508 adpahci - ok
19:54:12.0104 3508 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
19:54:12.0108 3508 adpu320 - ok
19:54:12.0130 3508 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:54:12.0131 3508 AeLookupSvc - ok
19:54:12.0153 3508 [ B9384E03479D2506BC924C16A3DB87BC ] AFD C:\Windows\system32\drivers\afd.sys
19:54:12.0158 3508 AFD - ok
19:54:12.0171 3508 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
19:54:12.0189 3508 agp440 - ok
19:54:12.0349 3508 [ 0923671CF87CD511E46D4668B53F5E76 ] Akamai c:\program files (x86)\common files\akamai/netsession_win_5891ae0.dll
19:54:12.0350 3508 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_5891ae0.dll. md5: 0923671CF87CD511E46D4668B53F5E76
19:54:12.0374 3508 Akamai ( HiddenFile.Multi.Generic ) - warning
19:54:12.0374 3508 Akamai - detected HiddenFile.Multi.Generic (1)
19:54:12.0451 3508 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
19:54:12.0471 3508 ALG - ok
19:54:12.0485 3508 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
19:54:12.0500 3508 aliide - ok
19:54:12.0517 3508 [ 2AED9A422EA1574C7D7EF9359A417718 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
19:54:12.0521 3508 AMD External Events Utility - ok
19:54:12.0555 3508 AMD FUEL Service - ok
19:54:12.0562 3508 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
19:54:12.0575 3508 amdide - ok
19:54:12.0599 3508 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
19:54:12.0612 3508 amdiox64 - ok
19:54:12.0625 3508 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
19:54:12.0637 3508 AmdK8 - ok
19:54:12.0799 3508 [ BFA5E854959D5546D8834CA61F4AD075 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
19:54:12.0997 3508 amdkmdag - ok
19:54:13.0023 3508 [ 92D664FFFCD9E742FB25254F7F458D88 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
19:54:13.0049 3508 amdkmdap - ok
19:54:13.0060 3508 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
19:54:13.0075 3508 AmdPPM - ok
19:54:13.0092 3508 [ 7A4B413614C055935567CF88A9734D38 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
19:54:13.0105 3508 amdsata - ok
19:54:13.0112 3508 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
19:54:13.0136 3508 amdsbs - ok
19:54:13.0144 3508 [ B4AD0CACBAB298671DD6F6EF7E20679D ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
19:54:13.0145 3508 amdxata - ok
19:54:13.0165 3508 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
19:54:13.0188 3508 AppID - ok
19:54:13.0206 3508 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:54:13.0208 3508 AppIDSvc - ok
19:54:13.0218 3508 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
19:54:13.0219 3508 Appinfo - ok
19:54:13.0255 3508 [ 2E3E53A6AEF23E24F402C7855B9B1542 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:54:13.0259 3508 Apple Mobile Device - ok
19:54:13.0275 3508 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
19:54:13.0277 3508 AppMgmt - ok
19:54:13.0288 3508 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
19:54:13.0301 3508 arc - ok
19:54:13.0366 3508 [ 2E18F6A486330BC2C9C0172878799099 ] archlp C:\Windows\syswow64\drivers\archlp.sys
19:54:13.0380 3508 archlp - ok
19:54:13.0395 3508 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
19:54:13.0399 3508 arcsas - ok
19:54:13.0469 3508 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:54:13.0474 3508 aspnet_state - ok
19:54:13.0494 3508 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:54:13.0533 3508 AsyncMac - ok
19:54:13.0545 3508 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
19:54:13.0547 3508 atapi - ok
19:54:13.0597 3508 [ 36322190763845975E0D001E90687BF2 ] athur C:\Windows\system32\DRIVERS\athurx.sys
19:54:13.0630 3508 athur - ok
19:54:13.0672 3508 [ B0790FF0E25B7A2674296052F2162C1A ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
19:54:13.0681 3508 AtiHDAudioService - ok
19:54:13.0705 3508 [ 77C149E6D702737B2E372DEE166FAEF8 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
19:54:13.0709 3508 AtiHdmiService - ok
19:54:13.0865 3508 [ BFA5E854959D5546D8834CA61F4AD075 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
19:54:13.0917 3508 atikmdag - ok
19:54:13.0944 3508 [ B07E6681D303A612680223C729B021E2 ] ATITool C:\Windows\system32\DRIVERS\ATITool64.sys
19:54:13.0956 3508 ATITool - ok
19:54:13.0987 3508 [ FC0E8778C000291CAF60EB88C011E931 ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys
19:54:14.0003 3508 atksgt - ok
19:54:14.0035 3508 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:54:14.0042 3508 AudioEndpointBuilder - ok
19:54:14.0052 3508 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
19:54:14.0055 3508 AudioSrv - ok
19:54:14.0076 3508 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:54:14.0078 3508 AxInstSV - ok
19:54:14.0112 3508 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
19:54:14.0119 3508 b06bdrv - ok
19:54:14.0136 3508 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
19:54:14.0151 3508 b57nd60a - ok
19:54:14.0170 3508 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
19:54:14.0172 3508 BDESVC - ok
19:54:14.0192 3508 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
19:54:14.0194 3508 Beep - ok
19:54:14.0223 3508 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
19:54:14.0231 3508 BFE - ok
19:54:14.0264 3508 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\system32\qmgr.dll
19:54:14.0275 3508 BITS - ok
19:54:14.0289 3508 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:54:14.0301 3508 blbdrive - ok
19:54:14.0346 3508 [ 5AB58C337AC65837FE404462AD6265AB ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
19:54:14.0350 3508 Bonjour Service - ok
19:54:14.0364 3508 [ 91CE0D3DC57DD377E690A2D324022B08 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:54:14.0366 3508 bowser - ok
19:54:14.0375 3508 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:54:14.0377 3508 BrFiltLo - ok
19:54:14.0382 3508 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:54:14.0385 3508 BrFiltUp - ok
19:54:14.0419 3508 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
19:54:14.0431 3508 BridgeMP - ok
19:54:14.0442 3508 [ 94FBC06F294D58D02361918418F996E3 ] Browser C:\Windows\System32\browser.dll
19:54:14.0444 3508 Browser - ok
19:54:14.0452 3508 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:54:14.0467 3508 Brserid - ok
19:54:14.0479 3508 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:54:14.0492 3508 BrSerWdm - ok
19:54:14.0506 3508 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:54:14.0519 3508 BrUsbMdm - ok
19:54:14.0527 3508 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:54:14.0529 3508 BrUsbSer - ok
19:54:14.0561 3508 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
19:54:14.0573 3508 BthEnum - ok
19:54:14.0584 3508 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
19:54:14.0597 3508 BTHMODEM - ok
19:54:14.0614 3508 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
19:54:14.0617 3508 BthPan - ok
19:54:14.0635 3508 [ A51FA9D0E85D5ADABEF72E67F386309C ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
19:54:14.0660 3508 BTHPORT - ok
19:54:14.0674 3508 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
19:54:14.0676 3508 bthserv - ok
19:54:14.0704 3508 [ F740B9A16B2C06700F2130E19986BF3B ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
19:54:14.0717 3508 BTHUSB - ok
19:54:14.0737 3508 catchme - ok
19:54:14.0753 3508 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:54:14.0755 3508 cdfs - ok
19:54:14.0780 3508 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:54:14.0795 3508 cdrom - ok
19:54:14.0820 3508 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
19:54:14.0822 3508 CertPropSvc - ok
19:54:14.0836 3508 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
19:54:14.0838 3508 circlass - ok
19:54:14.0855 3508 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
19:54:14.0859 3508 CLFS - ok
19:54:14.0906 3508 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:54:14.0916 3508 clr_optimization_v2.0.50727_32 - ok
19:54:14.0948 3508 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:54:14.0955 3508 clr_optimization_v2.0.50727_64 - ok
19:54:14.0999 3508 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:54:15.0009 3508 clr_optimization_v4.0.30319_32 - ok
19:54:15.0025 3508 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:54:15.0029 3508 clr_optimization_v4.0.30319_64 - ok
19:54:15.0051 3508 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:54:15.0070 3508 CmBatt - ok
19:54:15.0079 3508 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
19:54:15.0097 3508 cmdide - ok
19:54:15.0112 3508 [ F95FD4CB7DA00BA2A63CE9F6B5C053E1 ] CNG C:\Windows\system32\Drivers\cng.sys
19:54:15.0118 3508 CNG - ok
19:54:15.0131 3508 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:54:15.0146 3508 Compbatt - ok
19:54:15.0161 3508 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
19:54:15.0163 3508 CompositeBus - ok
19:54:15.0169 3508 COMSysApp - ok
19:54:15.0199 3508 [ 76355D5EAFDFA3E9B7580B9153DE1F30 ] cpuz135 C:\Windows\system32\drivers\cpuz135_x64.sys
19:54:15.0202 3508 cpuz135 - ok
19:54:15.0213 3508 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
19:54:15.0216 3508 crcdisk - ok
19:54:15.0246 3508 [ 8C57411B66282C01533CB776F98AD384 ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:54:15.0250 3508 CryptSvc - ok
19:54:15.0265 3508 [ 4A6173C2279B498CD8F57CAE504564CB ] CSC C:\Windows\system32\drivers\csc.sys
19:54:15.0273 3508 CSC - ok
19:54:15.0294 3508 [ 873FBF927C06E5CEE04DEC617502F8FD ] CscService C:\Windows\System32\cscsvc.dll
19:54:15.0298 3508 CscService - ok
19:54:15.0398 3508 [ 80861969541971176E005D2C09DAE851 ] DAUpdaterSvc d:\Igre\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
19:54:15.0401 3508 DAUpdaterSvc - ok
19:54:15.0437 3508 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:54:15.0444 3508 DcomLaunch - ok
19:54:15.0465 3508 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
19:54:15.0471 3508 defragsvc - ok
19:54:15.0484 3508 [ 3F1DC527070ACB87E40AFE46EF6DA749 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:54:15.0485 3508 DfsC - ok
19:54:15.0501 3508 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
19:54:15.0505 3508 Dhcp - ok
19:54:15.0517 3508 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
19:54:15.0518 3508 discache - ok
19:54:15.0538 3508 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
19:54:15.0540 3508 Disk - ok
19:54:15.0568 3508 [ 676108C4E3AA6F6B34633748BD0BEBD9 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:54:15.0571 3508 Dnscache - ok
19:54:15.0577 3508 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
19:54:15.0583 3508 dot3svc - ok
19:54:15.0593 3508 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
19:54:15.0596 3508 DPS - ok
19:54:15.0616 3508 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:54:15.0628 3508 drmkaud - ok
19:54:15.0707 3508 [ 1ED08A6264C5C92099D6D1DAE5E8F530 ] DrvAgent64 C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS
19:54:15.0709 3508 DrvAgent64 - ok
19:54:15.0740 3508 [ EBCE0B0924835F635F620D19F0529DCE ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:54:15.0769 3508 DXGKrnl - ok
19:54:15.0800 3508 [ EDC6E9C057C9D7F83EEA22B4CEF5DCAD ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
19:54:15.0841 3508 E1G60 - ok
19:54:15.0856 3508 [ 082DAB566F704D258D35BA89F21239CA ] eamon C:\Windows\system32\DRIVERS\eamon.sys
19:54:15.0877 3508 eamon - ok
19:54:15.0887 3508 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
19:54:15.0891 3508 EapHost - ok
19:54:15.0964 3508 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
19:54:16.0062 3508 ebdrv - ok
19:54:16.0076 3508 [ 0793F40B9B8A1BDD266296409DBD91EA ] EFS C:\Windows\System32\lsass.exe
19:54:16.0078 3508 EFS - ok
19:54:16.0093 3508 [ 4FF6F92F170550E226B4595766C4D6A6 ] ehdrv C:\Windows\system32\DRIVERS\ehdrv.sys
19:54:16.0107 3508 ehdrv - ok
19:54:16.0150 3508 [ 3D69FAE60EDE442E004611A4EE4DB44C ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:54:16.0159 3508 ehRecvr - ok
19:54:16.0177 3508 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
19:54:16.0180 3508 ehSched - ok
19:54:16.0233 3508 [ 98B82B6AFA03F8F0DD058C3DFCEA472A ] EhttpSrv C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
19:54:16.0235 3508 EhttpSrv - ok
19:54:16.0267 3508 [ 9737FC97B5C941F083C4E46CBCCE2D4A ] ekrn C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
19:54:16.0276 3508 ekrn - ok
19:54:16.0304 3508 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
19:54:16.0312 3508 elxstor - ok
19:54:16.0326 3508 [ 71C8CBDE6B18F90F19E9C7CB884F87C8 ] epfwwfpr C:\Windows\system32\DRIVERS\epfwwfpr.sys
19:54:16.0340 3508 epfwwfpr - ok
19:54:16.0355 3508 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
19:54:16.0367 3508 ErrDev - ok
19:54:16.0401 3508 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
19:54:16.0406 3508 EventSystem - ok
19:54:16.0417 3508 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
19:54:16.0451 3508 exfat - ok
19:54:16.0498 3508 [ F6045BF7928588CFE0D361E8DF6FEEE9 ] ExpatShieldService C:\Program Files (x86)\Expat Shield\bin\openvpnas.exe
19:54:16.0507 3508 ExpatShieldService - ok
19:54:16.0543 3508 [ 882B18A2E79B3A99C0637F3AC9B28D03 ] ExpatSrv C:\Program Files (x86)\Expat Shield\HssWPR\hsssrv.exe
19:54:16.0556 3508 ExpatSrv - ok
19:54:16.0570 3508 [ A308DBEB83158754FAC54564E99BB247 ] ExpatTrayService C:\Program Files (x86)\Expat Shield\bin\ExpatTrayService.EXE
19:54:16.0572 3508 ExpatTrayService - ok
19:54:16.0581 3508 ExpatWd - ok
19:54:16.0598 3508 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:54:16.0640 3508 fastfat - ok
19:54:16.0667 3508 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
19:54:16.0677 3508 Fax - ok
19:54:16.0687 3508 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:54:16.0718 3508 fdc - ok
19:54:16.0733 3508 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
19:54:16.0735 3508 fdPHost - ok
19:54:16.0748 3508 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
19:54:16.0750 3508 FDResPub - ok
19:54:16.0762 3508 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:54:16.0775 3508 FileInfo - ok
19:54:16.0785 3508 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:54:16.0801 3508 Filetrace - ok
19:54:16.0903 3508 FirebirdGuardianDefaultInstance - ok
19:54:16.0906 3508 FirebirdServerDefaultInstance - ok
19:54:16.0968 3508 [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
19:54:16.0978 3508 FLEXnet Licensing Service - ok
19:54:17.0026 3508 [ 259DC094E2D3F08654C8FB73D8ECC0F5 ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
19:54:17.0038 3508 FLEXnet Licensing Service 64 - ok
19:54:17.0049 3508 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:54:17.0051 3508 flpydisk - ok
19:54:17.0066 3508 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:54:17.0084 3508 FltMgr - ok
19:54:17.0108 3508 [ 8AC4CB4EA61E41009FAE9AE7B2B5DA3A ] FontCache C:\Windows\system32\FntCache.dll
19:54:17.0121 3508 FontCache - ok
19:54:17.0146 3508 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:54:17.0149 3508 FontCache3.0.0.0 - ok
19:54:17.0158 3508 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:54:17.0171 3508 FsDepends - ok
19:54:17.0181 3508 [ E95EF8547DE20CF0603557C0CF7A9462 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:54:17.0193 3508 Fs_Rec - ok
19:54:17.0210 3508 [ B8B2A6E1558F8F5DE5CE431C5B2C7B09 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:54:17.0212 3508 fvevol - ok
19:54:17.0229 3508 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
19:54:17.0262 3508 gagp30kx - ok
19:54:17.0282 3508 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:54:17.0284 3508 GEARAspiWDM - ok
19:54:17.0309 3508 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
19:54:17.0319 3508 gpsvc - ok
19:54:17.0385 3508 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:54:17.0388 3508 gupdate - ok
19:54:17.0419 3508 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:54:17.0422 3508 gupdatem - ok
19:54:17.0442 3508 hasplms - ok
19:54:17.0476 3508 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:54:17.0489 3508 hcw85cir - ok
19:54:17.0522 3508 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:54:17.0528 3508 HdAudAddService - ok
19:54:17.0550 3508 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
19:54:17.0553 3508 HDAudBus - ok
19:54:17.0565 3508 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
19:54:17.0599 3508 HidBatt - ok
19:54:17.0617 3508 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
19:54:17.0630 3508 HidBth - ok
19:54:17.0643 3508 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
19:54:17.0665 3508 HidIr - ok
19:54:17.0677 3508 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
19:54:17.0678 3508 hidserv - ok
19:54:17.0701 3508 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:54:17.0714 3508 HidUsb - ok
19:54:17.0725 3508 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:54:17.0728 3508 hkmsvc - ok
19:54:17.0740 3508 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:54:17.0745 3508 HomeGroupListener - ok
19:54:17.0767 3508 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:54:17.0770 3508 HomeGroupProvider - ok
19:54:17.0785 3508 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
19:54:17.0798 3508 HpSAMD - ok
19:54:17.0819 3508 [ 80B0C0D39178E80905E30FA92C0F6D43 ] HssDrv C:\Windows\system32\DRIVERS\HssDrv.sys
19:54:17.0860 3508 HssDrv - ok
19:54:17.0889 3508 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:54:17.0897 3508 HTTP - ok
19:54:17.0910 3508 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:54:17.0910 3508 hwpolicy - ok
19:54:17.0934 3508 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
19:54:17.0972 3508 i8042prt - ok
19:54:18.0000 3508 [ D83EFB6FD45DF9D55E9A1AFC63640D50 ] iaStorV C:\Windows\system32\DRIVERS\iaStorV.sys
19:54:18.0051 3508 iaStorV - ok
19:54:18.0093 3508 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
19:54:18.0096 3508 IDriverT - ok
19:54:18.0134 3508 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:54:18.0147 3508 idsvc - ok
19:54:18.0164 3508 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
19:54:18.0167 3508 iirsp - ok
19:54:18.0197 3508 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
19:54:18.0209 3508 IKEEXT - ok
19:54:18.0229 3508 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
19:54:18.0232 3508 intelide - ok
19:54:18.0244 3508 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:54:18.0264 3508 intelppm - ok
19:54:18.0278 3508 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:54:18.0281 3508 IPBusEnum - ok
19:54:18.0287 3508 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:54:18.0290 3508 IpFilterDriver - ok
19:54:18.0309 3508 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:54:18.0316 3508 iphlpsvc - ok
19:54:18.0328 3508 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
19:54:18.0332 3508 IPMIDRV - ok
19:54:18.0337 3508 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:54:18.0353 3508 IPNAT - ok
19:54:18.0384 3508 [ 24595EC9236D7E421661A2D4FFBD901A ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
19:54:18.0392 3508 iPod Service - ok
19:54:18.0404 3508 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:54:18.0406 3508 IRENUM - ok
19:54:18.0420 3508 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
19:54:18.0433 3508 isapnp - ok
19:54:18.0444 3508 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
19:54:18.0460 3508 iScsiPrt - ok
19:54:18.0476 3508 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:54:18.0479 3508 kbdclass - ok
19:54:18.0499 3508 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
19:54:18.0501 3508 kbdhid - ok
19:54:18.0510 3508 [ 0793F40B9B8A1BDD266296409DBD91EA ] KeyIso C:\Windows\system32\lsass.exe
19:54:18.0511 3508 KeyIso - ok
19:54:18.0521 3508 [ E8B6FCC9C83535C67F835D407620BD27 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:54:18.0524 3508 KSecDD - ok
19:54:18.0543 3508 [ A8C63880EF6F4D3FEC7B616B9C060215 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:54:18.0546 3508 KSecPkg - ok
19:54:18.0553 3508 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
19:54:18.0565 3508 ksthunk - ok
19:54:18.0595 3508 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
19:54:18.0601 3508 KtmRm - ok
19:54:18.0625 3508 [ C926920B8978DE6ACFE9E15C709E9B57 ] LanmanServer C:\Windows\System32\srvsvc.dll
19:54:18.0629 3508 LanmanServer - ok
19:54:18.0644 3508 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:54:18.0649 3508 LanmanWorkstation - ok
19:54:18.0698 3508 [ 156AB2E56DC3CA0B582E3362E07CDED7 ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys
19:54:18.0768 3508 lirsgt - ok
19:54:18.0791 3508 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:54:18.0810 3508 lltdio - ok
19:54:18.0837 3508 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:54:18.0844 3508 lltdsvc - ok
19:54:18.0861 3508 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:54:18.0864 3508 lmhosts - ok
19:54:18.0888 3508 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
19:54:18.0907 3508 LSI_FC - ok
19:54:18.0921 3508 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
19:54:18.0936 3508 LSI_SAS - ok
19:54:18.0953 3508 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:54:18.0966 3508 LSI_SAS2 - ok
19:54:18.0981 3508 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:54:18.0995 3508 LSI_SCSI - ok
19:54:19.0011 3508 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
19:54:19.0012 3508 luafv - ok
19:54:19.0020 3508 MBAMProtector - ok
19:54:19.0067 3508 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
19:54:19.0074 3508 MBAMScheduler - ok
19:54:19.0090 3508 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
19:54:19.0100 3508 MBAMService - ok
19:54:19.0114 3508 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:54:19.0117 3508 Mcx2Svc - ok
19:54:19.0130 3508 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
19:54:19.0153 3508 megasas - ok
19:54:19.0171 3508 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
19:54:19.0189 3508 MegaSR - ok
19:54:19.0201 3508 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
19:54:19.0202 3508 MMCSS - ok
19:54:19.0214 3508 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
19:54:19.0216 3508 Modem - ok
19:54:19.0231 3508 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:54:19.0243 3508 monitor - ok
19:54:19.0258 3508 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:54:19.0260 3508 mouclass - ok
19:54:19.0281 3508 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:54:19.0283 3508 mouhid - ok
19:54:19.0288 3508 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:54:19.0289 3508 mountmgr - ok
19:54:19.0336 3508 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:54:19.0341 3508 MozillaMaintenance - ok
19:54:19.0358 3508 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
19:54:19.0362 3508 mpio - ok
19:54:19.0373 3508 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:54:19.0386 3508 mpsdrv - ok
19:54:19.0419 3508 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:54:19.0428 3508 MpsSvc - ok
19:54:19.0444 3508 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:54:19.0448 3508 MRxDAV - ok
19:54:19.0460 3508 [ 767A4C3BCF9410C286CED15A2DB17108 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:54:19.0462 3508 mrxsmb - ok
19:54:19.0481 3508 [ 920EE0FF995FCFDEB08C41605A959E1C ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:54:19.0485 3508 mrxsmb10 - ok
19:54:19.0491 3508 [ 740D7EA9D72C981510A5292CF6ADC941 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:54:19.0493 3508 mrxsmb20 - ok
19:54:19.0507 3508 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
19:54:19.0520 3508 msahci - ok
19:54:19.0526 3508 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
19:54:19.0540 3508 msdsm - ok
19:54:19.0561 3508 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
19:54:19.0566 3508 MSDTC - ok
19:54:19.0584 3508 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:54:19.0586 3508 Msfs - ok
19:54:19.0600 3508 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:54:19.0602 3508 mshidkmdf - ok
19:54:19.0616 3508 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
19:54:19.0617 3508 msisadrv - ok
19:54:19.0637 3508 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:54:19.0642 3508 MSiSCSI - ok
19:54:19.0646 3508 msiserver - ok
19:54:19.0661 3508 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:54:19.0663 3508 MSKSSRV - ok
19:54:19.0675 3508 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:54:19.0677 3508 MSPCLOCK - ok
19:54:19.0687 3508 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:54:19.0699 3508 MSPQM - ok
19:54:19.0717 3508 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:54:19.0723 3508 MsRPC - ok
19:54:19.0737 3508 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
19:54:19.0739 3508 mssmbios - ok
19:54:19.0744 3508 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:54:19.0745 3508 MSTEE - ok
19:54:19.0760 3508 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
19:54:19.0762 3508 MTConfig - ok
19:54:19.0787 3508 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
19:54:19.0788 3508 Mup - ok
19:54:19.0813 3508 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
19:54:19.0820 3508 napagent - ok
19:54:19.0847 3508 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:54:19.0889 3508 NativeWifiP - ok
19:54:19.0923 3508 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
19:54:19.0932 3508 NDIS - ok
19:54:19.0947 3508 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:54:19.0959 3508 NdisCap - ok
19:54:19.0971 3508 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:54:19.0973 3508 NdisTapi - ok
19:54:19.0986 3508 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:54:19.0988 3508 Ndisuio - ok
19:54:19.0997 3508 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:54:20.0011 3508 NdisWan - ok
19:54:20.0022 3508 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:54:20.0035 3508 NDProxy - ok
19:54:20.0049 3508 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:54:20.0050 3508 NetBIOS - ok
19:54:20.0063 3508 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:54:20.0065 3508 NetBT - ok
19:54:20.0076 3508 [ 0793F40B9B8A1BDD266296409DBD91EA ] Netlogon C:\Windows\system32\lsass.exe
19:54:20.0078 3508 Netlogon - ok
19:54:20.0109 3508 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
19:54:20.0115 3508 Netman - ok
19:54:20.0159 3508 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:54:20.0167 3508 NetMsmqActivator - ok
19:54:20.0178 3508 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:54:20.0182 3508 NetPipeActivator - ok
19:54:20.0208 3508 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
19:54:20.0223 3508 netprofm - ok
19:54:20.0261 3508 [ 81B8D0C1CE44A7FDBD596B693783950C ] netr7364 C:\Windows\system32\DRIVERS\netr7364.sys
19:54:20.0273 3508 netr7364 - ok
19:54:20.0280 3508 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:54:20.0282 3508 NetTcpActivator - ok
19:54:20.0288 3508 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:54:20.0290 3508 NetTcpPortSharing - ok
19:54:20.0303 3508 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
19:54:20.0340 3508 nfrd960 - ok
19:54:20.0351 3508 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:54:20.0356 3508 NlaSvc - ok
19:54:20.0361 3508 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:54:20.0362 3508 Npfs - ok
19:54:20.0377 3508 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
19:54:20.0379 3508 nsi - ok
19:54:20.0384 3508 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:54:20.0385 3508 nsiproxy - ok
19:54:20.0420 3508 [ 356698A13C4630D5B31C37378D469196 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:54:20.0437 3508 Ntfs - ok
19:54:20.0447 3508 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
19:54:20.0459 3508 Null - ok
19:54:20.0471 3508 [ 3E38712941E9BB4DDBEE00AFFE3FED3D ] nvraid C:\Windows\system32\DRIVERS\nvraid.sys
19:54:20.0475 3508 nvraid - ok
19:54:20.0487 3508 [ 477DC4D6DEB99BE37084C9AC6D013DA1 ] nvstor C:\Windows\system32\DRIVERS\nvstor.sys
19:54:20.0502 3508 nvstor - ok
19:54:20.0508 3508 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
19:54:20.0522 3508 nv_agp - ok
19:54:20.0583 3508 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:54:20.0591 3508 odserv - ok
19:54:20.0597 3508 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
19:54:20.0610 3508 ohci1394 - ok
19:54:20.0619 3508 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:54:20.0624 3508 ose - ok
19:54:20.0650 3508 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:54:20.0655 3508 p2pimsvc - ok
19:54:20.0672 3508 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
19:54:20.0679 3508 p2psvc - ok
19:54:20.0700 3508 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
19:54:20.0713 3508 Parport - ok
19:54:20.0718 3508 [ 7DAA117143316C4A1537E074A5A9EAF0 ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:54:20.0731 3508 partmgr - ok
19:54:20.0771 3508 [ 55223EEFABFDB84A926515FEBAB50D9A ] pbfilter C:\Program Files\PeerBlock\pbfilter.sys
19:54:20.0783 3508 pbfilter - ok
19:54:20.0798 3508 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:54:20.0802 3508 PcaSvc - ok
19:54:20.0813 3508 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
19:54:20.0826 3508 pci - ok
19:54:20.0839 3508 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
19:54:20.0840 3508 pciide - ok
19:54:20.0858 3508 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
19:54:20.0874 3508 pcmcia - ok
19:54:20.0879 3508 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
19:54:20.0880 3508 pcw - ok
19:54:20.0902 3508 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:54:20.0922 3508 PEAUTH - ok
19:54:20.0949 3508 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
19:54:20.0964 3508 PeerDistSvc - ok
19:54:21.0024 3508 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
19:54:21.0034 3508 PerfHost - ok
19:54:21.0111 3508 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
19:54:21.0154 3508 pla - ok
19:54:21.0180 3508 [ 23157D583244400E1D7FBAEE2E4B31B7 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:54:21.0188 3508 PlugPlay - ok
19:54:21.0200 3508 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:54:21.0205 3508 PNRPAutoReg - ok
19:54:21.0217 3508 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:54:21.0220 3508 PNRPsvc - ok
19:54:21.0239 3508 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:54:21.0247 3508 PolicyAgent - ok
19:54:21.0266 3508 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
19:54:21.0270 3508 Power - ok
19:54:21.0298 3508 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:54:21.0311 3508 PptpMiniport - ok
19:54:21.0325 3508 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
19:54:21.0338 3508 Processor - ok
19:54:21.0357 3508 [ F381975E1F4346DE875CB07339CE8D3A ] ProfSvc C:\Windows\system32\profsvc.dll
19:54:21.0361 3508 ProfSvc - ok
19:54:21.0376 3508 [ 0793F40B9B8A1BDD266296409DBD91EA ] ProtectedStorage C:\Windows\system32\lsass.exe
19:54:21.0378 3508 ProtectedStorage - ok
19:54:21.0389 3508 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:54:21.0390 3508 Psched - ok
19:54:21.0424 3508 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
19:54:21.0444 3508 ql2300 - ok
19:54:21.0459 3508 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
19:54:21.0462 3508 ql40xx - ok
19:54:21.0477 3508 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
19:54:21.0483 3508 QWAVE - ok
19:54:21.0492 3508 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:54:21.0504 3508 QWAVEdrv - ok
19:54:21.0531 3508 [ A55E7D0D873B2C97585B3B5926AC6ADE ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
19:54:21.0535 3508 RapiMgr - ok
19:54:21.0544 3508 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:54:21.0557 3508 RasAcd - ok
19:54:21.0569 3508 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:54:21.0571 3508 RasAgileVpn - ok
19:54:21.0581 3508 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
19:54:21.0584 3508 RasAuto - ok
19:54:21.0590 3508 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:54:21.0604 3508 Rasl2tp - ok
19:54:21.0624 3508 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
19:54:21.0630 3508 RasMan - ok
19:54:21.0636 3508 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:54:21.0638 3508 RasPppoe - ok
19:54:21.0644 3508 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:54:21.0657 3508 RasSstp - ok
19:54:21.0675 3508 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:54:21.0683 3508 rdbss - ok
19:54:21.0690 3508 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
19:54:21.0713 3508 rdpbus - ok
19:54:21.0724 3508 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:54:21.0725 3508 RDPCDD - ok
19:54:21.0738 3508 [ 9706B84DBABFC4B4CA46C5A82B14DFA3 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
19:54:21.0772 3508 RDPDR - ok
19:54:21.0786 3508 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:54:21.0787 3508 RDPENCDD - ok
19:54:21.0800 3508 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:54:21.0800 3508 RDPREFMP - ok
19:54:21.0817 3508 [ 8A3E6BEA1C53EA6177FE2B6EBA2C80D7 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:54:21.0831 3508 RDPWD - ok
19:54:21.0846 3508 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:54:21.0849 3508 rdyboost - ok
19:54:21.0874 3508 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:54:21.0877 3508 RemoteAccess - ok
19:54:21.0891 3508 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:54:21.0896 3508 RemoteRegistry - ok
19:54:21.0919 3508 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
19:54:21.0933 3508 RFCOMM - ok
19:54:21.0952 3508 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:54:21.0955 3508 RpcEptMapper - ok
19:54:21.0971 3508 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
19:54:21.0973 3508 RpcLocator - ok
19:54:21.0987 3508 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
19:54:21.0991 3508 RpcSs - ok
19:54:22.0004 3508 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:54:22.0017 3508 rspndr - ok
19:54:22.0043 3508 [ BAEFEE35D27A5440D35092CE10267BEC ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
19:54:22.0076 3508 RTL8167 - ok
19:54:22.0084 3508 [ 88AF6E02AB19DF7FD07ECDF9C91E9AF6 ] s3cap C:\Windows\system32\DRIVERS\vms3cap.sys
19:54:22.0085 3508 s3cap - ok
19:54:22.0093 3508 [ 0793F40B9B8A1BDD266296409DBD91EA ] SamSs C:\Windows\system32\lsass.exe
19:54:22.0094 3508 SamSs - ok
19:54:22.0100 3508 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
19:54:22.0114 3508 sbp2port - ok
19:54:22.0129 3508 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:54:22.0134 3508 SCardSvr - ok
19:54:22.0150 3508 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:54:22.0163 3508 scfilter - ok
19:54:22.0197 3508 [ EC56B171F85C7E855E7B0588AC503EEA ] Schedule C:\Windows\system32\schedsvc.dll
19:54:22.0209 3508 Schedule - ok
19:54:22.0228 3508 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
19:54:22.0229 3508 SCPolicySvc - ok
19:54:22.0235 3508 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:54:22.0240 3508 SDRSVC - ok
19:54:22.0254 3508 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:54:22.0267 3508 secdrv - ok
19:54:22.0279 3508 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
19:54:22.0282 3508 seclogon - ok
19:54:22.0287 3508 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
19:54:22.0290 3508 SENS - ok
19:54:22.0301 3508 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:54:22.0304 3508 SensrSvc - ok
19:54:22.0317 3508 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:54:22.0330 3508 Serenum - ok
19:54:22.0340 3508 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:54:22.0381 3508 Serial - ok
19:54:22.0397 3508 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
19:54:22.0409 3508 sermouse - ok
19:54:22.0448 3508 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
19:54:22.0451 3508 SessionEnv - ok
19:54:22.0458 3508 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
19:54:22.0470 3508 sffdisk - ok
19:54:22.0484 3508 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
19:54:22.0496 3508 sffp_mmc - ok
19:54:22.0500 3508 [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
19:54:22.0502 3508 sffp_sd - ok
19:54:22.0520 3508 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
19:54:22.0532 3508 sfloppy - ok
19:54:22.0553 3508 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:54:22.0560 3508 SharedAccess - ok
19:54:22.0577 3508 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:54:22.0584 3508 ShellHWDetection - ok
19:54:22.0599 3508 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:54:22.0622 3508 SiSRaid2 - ok
19:54:22.0635 3508 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
19:54:22.0648 3508 SiSRaid4 - ok
19:54:22.0667 3508 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:54:22.0670 3508 Smb - ok
19:54:22.0695 3508 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:54:22.0699 3508 SNMPTRAP - ok
19:54:22.0731 3508 [ 5F9785E7535F8F602CB294A54962C9E7 ] speedfan C:\Windows\syswow64\speedfan.sys
19:54:22.0765 3508 speedfan - ok
19:54:22.0779 3508 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
19:54:22.0782 3508 spldr - ok
19:54:22.0812 3508 [ 89E8550C5862999FCF482EA562B0E98E ] Spooler C:\Windows\System32\spoolsv.exe
19:54:22.0828 3508 Spooler - ok
19:54:22.0893 3508 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
19:54:22.0973 3508 sppsvc - ok
19:54:22.0984 3508 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:54:22.0989 3508 sppuinotify - ok
19:54:23.0019 3508 [ 88E5162E58C8919CC873F5D8946197CF ] sptd C:\Windows\System32\Drivers\sptd.sys
19:54:23.0031 3508 sptd - ok
19:54:23.0046 3508 [ 43067A65522EAEC33D31A12D6FA8E3F4 ] srv C:\Windows\system32\DRIVERS\srv.sys
19:54:23.0051 3508 srv - ok
19:54:23.0060 3508 [ 03715CF9C30B563DA35FC5F2B8F7B8E0 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:54:23.0065 3508 srv2 - ok
19:54:23.0072 3508 [ FBD09635227A8026C0F7790F604343C6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:54:23.0074 3508 srvnet - ok
19:54:23.0095 3508 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:54:23.0099 3508 SSDPSRV - ok
19:54:23.0106 3508 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:54:23.0110 3508 SstpSvc - ok
19:54:23.0118 3508 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
19:54:23.0120 3508 stexstor - ok
19:54:23.0152 3508 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
19:54:23.0161 3508 stisvc - ok
19:54:23.0166 3508 [ FFD7A6F15B14234B5B0E5D49E7961895 ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
19:54:23.0168 3508 storflt - ok
19:54:23.0187 3508 [ 8FCCBEFC5C440B3C23454656E551B09A ] storvsc C:\Windows\system32\DRIVERS\storvsc.sys
19:54:23.0200 3508 storvsc - ok
19:54:23.0210 3508 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
19:54:23.0222 3508 swenum - ok
19:54:23.0299 3508 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
19:54:23.0312 3508 SwitchBoard - ok
19:54:23.0345 3508 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
19:54:23.0364 3508 swprv - ok
19:54:23.0425 3508 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
19:54:23.0461 3508 SysMain - ok
19:54:23.0475 3508 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:54:23.0480 3508 TabletInputService - ok
19:54:23.0515 3508 [ F33FDC72298DF4BF9813A55D21F4EB31 ] taphss C:\Windows\system32\DRIVERS\taphss.sys
19:54:23.0519 3508 taphss - ok
19:54:23.0538 3508 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
19:54:23.0545 3508 TapiSrv - ok
19:54:23.0552 3508 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
19:54:23.0557 3508 TBS - ok
19:54:23.0595 3508 [ 90A2D722CF64D911879D6C4A4F802A4D ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:54:23.0628 3508 Tcpip - ok
19:54:23.0660 3508 [ 90A2D722CF64D911879D6C4A4F802A4D ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:54:23.0669 3508 TCPIP6 - ok
19:54:23.0683 3508 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:54:23.0686 3508 tcpipreg - ok
19:54:23.0693 3508 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:54:23.0705 3508 TDPIPE - ok
19:54:23.0720 3508 [ E4245BDA3190A582D55ED09E137401A9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:54:23.0729 3508 TDTCP - ok
19:54:23.0747 3508 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:54:23.0788 3508 tdx - ok
19:54:23.0852 3508 [ 960C1194DC43744C4851995F7DAF0552 ] TeamViewer5 C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
19:54:23.0889 3508 TeamViewer5 - ok
19:54:23.0895 3508 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
19:54:23.0898 3508 TermDD - ok
19:54:23.0919 3508 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
19:54:23.0928 3508 TermService - ok
19:54:23.0940 3508 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
19:54:23.0943 3508 Themes - ok
19:54:23.0959 3508 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
19:54:23.0960 3508 THREADORDER - ok
19:54:23.0984 3508 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
19:54:23.0988 3508 TrkWks - ok
19:54:24.0025 3508 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:54:24.0032 3508 TrustedInstaller - ok
19:54:24.0053 3508 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:54:24.0058 3508 tssecsrv - ok
19:54:24.0142 3508 [ 8DD1F81749A966EA5A96CB2D89C9670C ] TuneUp.UtilitiesSvc C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
19:54:24.0181 3508 TuneUp.UtilitiesSvc - ok
19:54:24.0205 3508 [ DCC94C51D27C7EC0DADECA8F64C94FCF ] TuneUpUtilitiesDrv C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys
19:54:24.0207 3508 TuneUpUtilitiesDrv - ok
19:54:24.0238 3508 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:54:24.0256 3508 tunnel - ok
19:54:24.0268 3508 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
19:54:24.0282 3508 uagp35 - ok
19:54:24.0302 3508 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:54:24.0306 3508 udfs - ok
19:54:24.0320 3508 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:54:24.0324 3508 UI0Detect - ok
19:54:24.0338 3508 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
19:54:24.0352 3508 uliagpkx - ok
19:54:24.0363 3508 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
19:54:24.0376 3508 umbus - ok
19:54:24.0391 3508 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
19:54:24.0403 3508 UmPass - ok
19:54:24.0418 3508 [ AF0AC98EE5077EB844413EB54287FDE3 ] UmRdpService C:\Windows\System32\umrdp.dll
19:54:24.0422 3508 UmRdpService - ok
19:54:24.0439 3508 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
19:54:24.0446 3508 upnphost - ok
19:54:24.0462 3508 [ CD03479F2DA26500B203ED075C146A7A ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
19:54:24.0485 3508 USBAAPL64 - ok
19:54:24.0500 3508 [ B26AFB54A534D634523C4FB66765B026 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:54:24.0514 3508 usbccgp - ok
19:54:24.0532 3508 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
19:54:24.0535 3508 usbcir - ok
19:54:24.0546 3508 [ 2EA4AFF7BE7EB4632E3AA8595B0803B5 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
19:54:24.0548 3508 usbehci - ok
19:54:24.0564 3508 [ 4C9042B8DF86C1E8E6240C218B99B39B ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:54:24.0580 3508 usbhub - ok
19:54:24.0590 3508 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
19:54:24.0603 3508 usbohci - ok
19:54:24.0626 3508 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:54:24.0638 3508 usbprint - ok
19:54:24.0650 3508 [ 080D3820DA6C046BE82FC8B45A893E83 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:54:24.0664 3508 USBSTOR - ok
19:54:24.0672 3508 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
19:54:24.0675 3508 usbuhci - ok
19:54:24.0704 3508 [ 70D05EE263568A742D14E1876DF80532 ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
19:54:24.0717 3508 usb_rndisx - ok
19:54:24.0729 3508 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
19:54:24.0731 3508 UxSms - ok
19:54:24.0755 3508 [ 1CA2321789A7188A36F376905DAF9C0A ] UxTuneUp C:\Windows\System32\uxtuneup.dll
19:54:24.0758 3508 UxTuneUp - ok
19:54:24.0768 3508 [ 0793F40B9B8A1BDD266296409DBD91EA ] VaultSvc C:\Windows\system32\lsass.exe
19:54:24.0770 3508 VaultSvc - ok
19:54:24.0791 3508 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
19:54:24.0814 3508 vdrvroot - ok
19:54:24.0875 3508 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
19:54:24.0956 3508 vds - ok
19:54:25.0027 3508 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:54:25.0032 3508 vga - ok
19:54:25.0054 3508 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
19:54:25.0092 3508 VgaSave - ok
19:54:25.0118 3508 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
19:54:25.0143 3508 vhdmp - ok
19:54:25.0154 3508 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
19:54:25.0171 3508 viaide - ok
19:54:25.0194 3508 [ 1501699D7EDA984ABC4155A7DA5738D1 ] vmbus C:\Windows\system32\DRIVERS\vmbus.sys
19:54:25.0252 3508 vmbus - ok
19:54:25.0262 3508 [ AE10C35761889E65A6F7176937C5592C ] VMBusHID C:\Windows\system32\DRIVERS\VMBusHID.sys
19:54:25.0274 3508 VMBusHID - ok
19:54:25.0313 3508 [ 889DA89203B62949C228E5EC50CC3940 ] vmcam325av C:\Windows\system32\Drivers\Vm323av64.sys
19:54:25.0318 3508 vmcam325av - ok
19:54:25.0323 3508 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
19:54:25.0347 3508 volmgr - ok
19:54:25.0355 3508 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:54:25.0358 3508 volmgrx - ok
19:54:25.0374 3508 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
19:54:25.0411 3508 volsnap - ok
19:54:25.0422 3508 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
19:54:25.0437 3508 vsmraid - ok
19:54:25.0469 3508 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
19:54:25.0489 3508 VSS - ok
19:54:25.0508 3508 [ F3C1754C74167C1CAE6F7B5E946C117E ] vvftav323 C:\Windows\system32\drivers\vvftav323.sys
19:54:25.0513 3508 vvftav323 - ok
19:54:25.0527 3508 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
19:54:25.0540 3508 vwifibus - ok
19:54:25.0556 3508 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
19:54:25.0558 3508 vwififlt - ok
19:54:25.0586 3508 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
19:54:25.0598 3508 vwifimp - ok
19:54:25.0613 3508 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
19:54:25.0620 3508 W32Time - ok
19:54:25.0633 3508 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
19:54:25.0635 3508 WacomPen - ok
19:54:25.0651 3508 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:54:25.0665 3508 WANARP - ok
19:54:25.0670 3508 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:54:25.0672 3508 Wanarpv6 - ok
19:54:25.0702 3508 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
19:54:25.0725 3508 wbengine - ok
19:54:25.0741 3508 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:54:25.0747 3508 WbioSrvc - ok
19:54:25.0772 3508 [ 8BDA6DB43AA54E8BB5E0794541DDC209 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
19:54:25.0778 3508 WcesComm - ok
19:54:25.0799 3508 [ 8321C2CA3B62B61B293CDA3451984468 ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:54:25.0806 3508 wcncsvc - ok
19:54:25.0822 3508 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:54:25.0825 3508 WcsPlugInService - ok
19:54:25.0842 3508 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
19:54:25.0844 3508 Wd - ok
19:54:25.0864 3508 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:54:25.0871 3508 Wdf01000 - ok
19:54:25.0886 3508 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:54:25.0889 3508 WdiServiceHost - ok
19:54:25.0893 3508 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:54:25.0896 3508 WdiSystemHost - ok
19:54:25.0911 3508 [ 8A438CBB8C032A0C798B0C642FFBE572 ] WebClient C:\Windows\System32\webclnt.dll
19:54:25.0917 3508 WebClient - ok
19:54:25.0932 3508 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:54:25.0938 3508 Wecsvc - ok
19:54:25.0951 3508 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:54:25.0954 3508 wercplsupport - ok
19:54:25.0979 3508 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
19:54:25.0981 3508 WerSvc - ok
19:54:25.0995 3508 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:54:26.0007 3508 WfpLwf - ok
19:54:26.0021 3508 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:54:26.0034 3508 WIMMount - ok
19:54:26.0056 3508 WinDefend - ok
19:54:26.0064 3508 WinHttpAutoProxySvc - ok
19:54:26.0117 3508 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:54:26.0121 3508 Winmgmt - ok
19:54:26.0183 3508 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
19:54:26.0247 3508 WinRM - ok
19:54:26.0298 3508 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
19:54:26.0321 3508 WinUsb - ok
19:54:26.0347 3508 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
19:54:26.0359 3508 Wlansvc - ok
19:54:26.0477 3508 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:54:26.0506 3508 wlidsvc - ok
19:54:26.0524 3508 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
19:54:26.0536 3508 WmiAcpi - ok
19:54:26.0555 3508 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:54:26.0559 3508 wmiApSrv - ok
19:54:26.0587 3508 WMPNetworkSvc - ok
19:54:26.0599 3508 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:54:26.0602 3508 WPCSvc - ok
19:54:26.0614 3508 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:54:26.0618 3508 WPDBusEnum - ok
19:54:26.0626 3508 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:54:26.0627 3508 ws2ifsl - ok
19:54:26.0642 3508 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
19:54:26.0646 3508 wscsvc - ok
19:54:26.0651 3508 WSearch - ok
19:54:26.0723 3508 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
19:54:26.0786 3508 wuauserv - ok
19:54:26.0799 3508 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:54:26.0814 3508 WudfPf - ok
19:54:26.0844 3508 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:54:26.0861 3508 WUDFRd - ok
19:54:26.0875 3508 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:54:26.0879 3508 wudfsvc - ok
19:54:26.0895 3508 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
19:54:26.0901 3508 WwanSvc - ok
19:54:26.0950 3508 ================ Scan global ===============================
19:54:26.0970 3508 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:54:26.0987 3508 [ 457B44AB6D502E55F64A867D4F35C76C ] C:\Windows\system32\winsrv.dll
19:54:26.0997 3508 [ 457B44AB6D502E55F64A867D4F35C76C ] C:\Windows\system32\winsrv.dll
19:54:27.0016 3508 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:54:27.0039 3508 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:54:27.0044 3508 [Global] - ok
19:54:27.0044 3508 ================ Scan MBR ==================================
19:54:27.0052 3508 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:54:27.0182 3508 \Device\Harddisk0\DR0 - ok
19:54:27.0187 3508 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
19:54:27.0194 3508 \Device\Harddisk1\DR1 - ok
19:54:27.0194 3508 ================ Scan VBR ==================================
19:54:27.0197 3508 [ 265541FB56E4A243BEA4E45033B09A9E ] \Device\Harddisk0\DR0\Partition1
19:54:27.0198 3508 \Device\Harddisk0\DR0\Partition1 - ok
19:54:27.0211 3508 [ 7D3D734BC36D8D0C8C5C026436D87D1A ] \Device\Harddisk0\DR0\Partition2
19:54:27.0213 3508 \Device\Harddisk0\DR0\Partition2 - ok
19:54:27.0217 3508 [ 794EE56BA8572BCC16DC5E14C9CCA2C6 ] \Device\Harddisk1\DR1\Partition1
19:54:27.0618 3508 \Device\Harddisk1\DR1\Partition1 - ok
19:54:27.0618 3508 ============================================================
19:54:27.0619 3508 Scan finished
19:54:27.0619 3508 ============================================================
19:54:27.0636 1280 Detected object count: 1
19:54:27.0636 1280 Actual detected object count: 1
19:56:36.0265 1280 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
19:56:36.0265 1280 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip

And from aswMBR:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-19 20:02:10
-----------------------------
20:02:10.064 OS Version: Windows x64 6.1.7600
20:02:10.064 Number of processors: 2 586 0x6B02
20:02:10.065 ComputerName: ANZE-PC UserName: Anze
20:02:10.484 Initialize success
20:04:47.509 AVAST engine defs: 12091900
20:05:52.162 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-6
20:05:52.168 Disk 0 Vendor: WDC_WD6401AALS-00L3B2 01.03B01 Size: 610479MB BusType: 3
20:05:52.178 Disk 0 MBR read successfully
20:05:52.185 Disk 0 MBR scan
20:05:52.196 Disk 0 Windows 7 default MBR code
20:05:52.200 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 60290 MB offset 63
20:05:52.220 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 550173 MB offset 123475593
20:05:52.249 Disk 0 scanning C:\Windows\system32\drivers
20:06:04.308 Service scanning
20:06:26.619 Modules scanning
20:06:26.628 Disk 0 trace - called modules:
20:06:26.637 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
20:06:26.643 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004918440]
20:06:26.650 3 CLASSPNP.SYS[fffff8800189343f] -> nt!IofCallDriver -> [0xfffffa80044a4520]
20:06:26.657 5 ACPI.sys[fffff88000f07781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T1L0-6[0xfffffa8004488060]
20:06:27.428 AVAST engine scan C:\Windows
20:06:38.649 AVAST engine scan C:\Windows\system32
20:10:22.383 AVAST engine scan C:\Windows\system32\drivers
20:10:40.115 AVAST engine scan C:\Users\Anze
20:21:41.699 AVAST engine scan C:\ProgramData
21:38:17.207 Disk 0 MBR has been saved successfully to "C:\Users\Anze\Desktop\MBR.dat"
21:38:17.217 The log file has been saved successfully to "C:\Users\Anze\Desktop\aswMBR.txt"




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users