Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Extremely stubborn Malware...


  • This topic is locked This topic is locked
23 replies to this topic

#1 korovjov

korovjov

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:50 PM

Posted 11 October 2014 - 05:09 AM

Hello, I have the same problem as another person (fespin5) who started a thread (Malware C:
 
\ProgramData\Microsoft\Secure\Icons\temp), but there is no more activity in that thread, and I 
 
cannot treply in that thread.
 
The root problem seems to be connected with the path "C:\ProgramData\Microsoft\Secure\Icons\temp
 
\"
 
Exe files keep getting detected with names like:
 
tmpAEA1.exe
tmpA660.exe
tmp1716.exe
tmp845E.exe
 
Also, a fake adobe flash player updater popup appeared asking for an adobe flashplayer update.
 
On system reboot, tha problem seems to be solved, Malwarebytes, AVG, Avast show that the system 
 
is clean, but then, the problem reoccurs. Recently, I cannot run my PC properly in safe mode 
 
(desktop icons do not show anymore). I've been trying a lot of things (Avast boot time scan, and 
 
several suggested programs) and I'm really desperate..
 
Any help would be highly appreciated. 

I ran the Farbar scan, with following results:
 
FRST.txt:
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-10-2014 01
Ran by korovjov (administrator) on KOROVJOV-PC on 11-10-2014 11:42:47
Running from C:\Users\korovjov\Downloads
Loaded Profile: korovjov (Available profiles: korovjov)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: magyar (Magyarország)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-
 
tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(AVAST Software) D:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
() C:\Program Files (x86)\D-Link\DWA-123\ALPBCSVC.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
(Adobe Systems Inc.) D:\Program Files\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(AVAST Software) D:\Program Files\AVAST Software\Avast\avastui.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology
 
\IAStorDataMgrSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Malwarebytes Corporation) D:\Program Files\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware
 
\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or 
 
removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9642528 2009-12-08] 
 
(Realtek Semiconductor)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-
 
11-05] (Microsoft Corporation)
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard
 
\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_TRAY] => C:\Program Files (x86)\AVG\AVG2012\avgtray.exe [2598520 2012-11-
 
19] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [StartCCC] => D:\Program Files\ATI Technologies\ATI.ACE\Core-Static
 
\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => D:\Program Files\Adobe\Acrobat 11.0\Acrobat
 
\Acrotray.exe [3499920 2014-09-12] (Adobe Systems Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => D:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 
 
2014-10-05] (AVAST Software)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1772277445-4011010567-3041638281-1000\...\Run: [Olrdics] => regsvr32.exe C:\Users
 
\korovjov\AppData\Local\Olrdics\webapp-uninstaller.dll <===== ATTENTION
HKU\S-1-5-21-1772277445-4011010567-3041638281-1000\...\MountPoints2: {4bdde1c0-6a93-11e0-9a2d-
 
6cf0497de6ed} - F:\Setup.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-
 
03-20] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [Report] => \AdwCleaner\AdwCleaner[S0].txt
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Program 
 
Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [1SecureIconsProvider] -> {FC9D8189-520A-4417-AED7-9EAC810C6FBA} => 
 
C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll ()
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:
 
\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:
 
\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:
 
\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:
 
\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
BootExecute: autocheck autochk * C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restartsdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored 
 
to default.)
 
URLSearchHook: HKCU - (No Name) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - No File
URLSearchHook: HKCU - (No Name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No File
BHO: AVG Do Not Track -> {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -> C:\Program Files (x86)\AVG
 
\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files
 
\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> D:\Program Files\AVAST 
 
Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program 
 
Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program 
 
Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems 
 
Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files
 
\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:
 
\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe 
 
Systems Incorporated)
BHO-x32: AVG Do Not Track -> {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -> C:\Program Files 
 
(x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files 
 
(x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program 
 
Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> D:\Program Files
 
\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID bejelentkezési segítség -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:
 
\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft 
 
Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:
 
\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files 
 
(x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program 
 
Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program 
 
Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:
 
\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe 
 
Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - 
 
C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} 
 
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG
 
\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG
 
\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files 
 
(x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\MP3 
 
Skype Recorder\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 84.2.46.1 84.2.44.1
Tcpip\..\Interfaces\{479859E5-A3B4-47C4-9FF9-74642A9BBC4D}: [NameServer] 
 
8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{6C2C7714-871C-4A61-B44C-A05E8FF0A7B5}: [NameServer] 
 
8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8
 
.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{9C23154A-ABD7-41AB-AAEF-A6E714616AD0}: [NameServer] 
 
8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8
 
.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{A6D15746-4853-429B-811F-88F20005E462}: [NameServer] 
 
8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8
 
.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{E4C2E3F5-CECC-409A-AB8C-AC3E9C3AC6ED}: [NameServer] 
 
8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
 
FireFox:
========
FF ProfilePath: C:\Users\korovjov\AppData\Roaming\Mozilla\Firefox\Profiles\p5m7w0sb.default
FF DefaultSearchEngine: AVG Secure Search
FF SelectedSearchEngine: AVG Secure Search
 
&mid=07e53b2b54194e2992aac86854fa5551-
 
61eadd4d372409aca854c37bfd877771a0cf5a49&lang=hu&ds=AVG&coid=avgtbavg&pr=fr&d=2014-09-09 
 
11:53:30&v=3.2.0.15&pid=wtu&sg=&sap=hp
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight
 
\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL 
 
(Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM
 
\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash
 
\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> D:\Program Files\iTunes\Mozilla Plugins
 
\npitunes.dll ()
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll 
 
(GARMIN Corp.)
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_37 -> C:\Windows\SysWOW64\npdeployJava1.dll (Sun 
 
Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll 
 
(Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight
 
\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:
 
\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:
 
\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live
 
\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live
 
\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update
 
\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update
 
\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> D:\Program Files\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll 
 
(Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll 
 
(Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp
 
\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\korovjov\AppData
 
\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF SearchPlugin: C:\Users\korovjov\AppData\Roaming\Mozilla\Firefox\Profiles\p5m7w0sb.default
 
\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-hu.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\sztaki-en-hu.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\vatera.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-
 
search.xml
FF Extension: AVG Web TuneUp - C:\Users\korovjov\AppData\Roaming\Mozilla\Firefox\Profiles
 
\p5m7w0sb.default\Extensions\avg@toolbar [2014-09-09]
FF Extension: German Dictionary - C:\Users\korovjov\AppData\Roaming\Mozilla\Firefox\Profiles
 
\p5m7w0sb.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2014-06-11]
FF Extension: British English Dictionary - C:\Users\korovjov\AppData\Roaming\Mozilla\Firefox
 
\Profiles\p5m7w0sb.default\Extensions\en-GB@dictionaries.addons.mozilla.org [2012-01-26]
FF Extension: Conduit Engine  - C:\Users\korovjov\AppData\Roaming\Mozilla\Firefox\Profiles
 
\p5m7w0sb.default\Extensions\engine@conduit.com [2011-05-02]
FF Extension: FoxLingo - C:\Users\korovjov\AppData\Roaming\Mozilla\Firefox\Profiles
 
\p5m7w0sb.default\Extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66} [2012-11-11]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\korovjov\AppData\Roaming
 
\Mozilla\Firefox\Profiles\p5m7w0sb.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi 
 
[2012-11-20]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-
 
0000-0037-ABCDEFFEDCBA} [2014-10-07]
FF HKLM-x32\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files 
 
(x86)\AVG\AVG2012\Firefox4
FF Extension: AVG Safe Search - C:\Program Files (x86)\AVG\AVG2012\Firefox4 [2012-02-18]
FF HKLM-x32\...\Firefox\Extensions: [{F53C93F1-07D5-430c-86D4-C9531B27DFAF}] - C:\Program Files 
 
(x86)\AVG\AVG2012\Firefox\DoNotTrack
FF Extension: AVG Do Not Track - C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack [2012-05-
 
31]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - D:\Program Files
 
\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - D:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser
 
\WCFirefoxExtn [2014-06-28]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - D:\Program Files\AVAST Software\Avast
 
\WebRep\FF
FF Extension: avast! Online Security - D:\Program Files\AVAST Software\Avast\WebRep\FF [2014-10-
 
05]
 
Chrome: 
=======
CHR HomePage: Default -> 93D53730E36B5CEF5836D1519F9AE4F1D796D43CA02A499695B49A3216C6DC92
CHR Profile: C:\Users\korovjov\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Dokumentumok) - C:\Users\korovjov\AppData\Local\Google\Chrome\User Data
 
\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-03]
CHR Extension: (Google Drive) - C:\Users\korovjov\AppData\Local\Google\Chrome\User Data\Default
 
\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-03]
CHR Extension: (YouTube) - C:\Users\korovjov\AppData\Local\Google\Chrome\User Data\Default
 
\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-03]
CHR Extension: (OpenSubtitles Utilities) - C:\Users\korovjov\AppData\Local\Google\Chrome\User 
 
Data\Default\Extensions\bokkhpcjhfanbnpfgkjdcjfdfohdlbpf [2014-08-12]
CHR Extension: (Google-keresés) - C:\Users\korovjov\AppData\Local\Google\Chrome\User Data
 
\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-03]
CHR Extension: (BitTorrentBar) - C:\Users\korovjov\AppData\Local\Google\Chrome\User Data\Default
 
\Extensions\mhfdcmehmjcclgopdodkjdicohagipid [2013-08-03]
CHR Extension: (Google Pénztárca) - C:\Users\korovjov\AppData\Local\Google\Chrome\User Data
 
\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-01]
CHR Extension: (Gmail) - C:\Users\korovjov\AppData\Local\Google\Chrome\User Data\Default
 
\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-03]
CHR HKCU\...\Chrome\Extension: [mhfdcmehmjcclgopdodkjdicohagipid] - C:\Users\korovjov\AppData
 
\Local\CRE\mhfdcmehmjcclgopdodkjdicohagipid.crx [2012-06-07]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - D:\Program Files\Adobe
 
\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-09-12]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - D:\Program Files\AVAST 
 
Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-10-05]
CHR HKLM-x32\...\Chrome\Extension: [mhfdcmehmjcclgopdodkjdicohagipid] - C:\Users\korovjov
 
\AppData\Local\CRE\mhfdcmehmjcclgopdodkjdicohagipid.crx [2012-06-07]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file 
 
will not be moved unless listed separately.)
 
R2 avast! Antivirus; D:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-10-05] (AVAST 
 
Software)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [5175856 2013-10-16] (AVG 
 
Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [193288 2012-02-14] (AVG Technologies 
 
CZ, s.r.o.)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [402192 2013-12-20] 
 
(BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2013-
 
12-20] (BlueStack Systems, Inc.)
R2 DWA-123_PBC_WPS; C:\Program Files (x86)\D-Link\DWA-123\ALPBCSVC.exe [61440 2010-08-16] () 
 
[File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe 
 
[73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus
 
\11.3.6321.0\AdAwareService.exe [706864 2014-08-27] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 
 
2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 
 
2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04
 
-25] (Safer-Networking Ltd.)
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1025408 
 
2014-01-09] (Enigma Software Group USA, LLC.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 
 
2010-02-19] (Adobe Systems Incorporated) [File not signed]
S2 AdobeARMservice; "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [X]
S2 JMB36X; C:\Windows\SysWOW64\XSrvSetup.exe [X]
S2 vToolbarUpdater3.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater
 
\3.2.0\ToolbarUpdater.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file 
 
will not be moved unless listed separately.)
 
R1 anodlwf; C:\Windows\System32\DRIVERS\anodlwfx.sys [15872 2013-10-30] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-10-05] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-10-05] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-10-05] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-10-05] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-10-05] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-10-05] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-10-05] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-10-05] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2013-10-05] ()
R3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [127328 2012-12-10] (AVG 
 
Technologies CZ, s.r.o. )
R3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG 
 
Technologies CZ, s.r.o. )
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [28480 2012-04-19] (AVG Technologies CZ, 
 
s.r.o. )
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [307040 2012-11-08] (AVG Technologies CZ, 
 
s.r.o.)
R1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, 
 
s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, 
 
s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [384800 2013-04-11] (AVG Technologies CZ, 
 
s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-09-09] (AVG Technologies)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [114448 2013-12-20] 
 
(BlueStack Systems)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-04-17] (DT Soft Ltd)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] ()
S3 libusb0; C:\Windows\SysWOW64\drivers\libusb0.sys [28672 2007-03-20] (http://libusb-
 
win32.sourceforge.net) [File not signed]
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2013-10-05] ()
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-11] (Malwarebytes 
 
Corporation)
R3 netr28ux; C:\Windows\System32\DRIVERS\Dnetr28ux.sys [1534304 2010-11-09] (Ralink Technology 
 
Corp.)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [389240 2014-07-10] (BitDefender S.R.L.)
S2 zntport; C:\Windows\SysWOW64\zntport.sys [6080 2001-01-22] (Zeal SoftStudio) [File not signed]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file 
 
could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-11 11:42 - 2014-10-11 11:43 - 00024947 _____ () C:\Users\korovjov\Downloads\FRST.txt
2014-10-11 11:42 - 2014-10-11 11:42 - 00000000 ____D () C:\FRST
2014-10-11 11:41 - 2014-10-11 11:41 - 02109952 _____ (Farbar) C:\Users\korovjov\Downloads
 
\FRST64.exe
2014-10-07 09:19 - 2014-10-07 09:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-05 19:02 - 2014-10-05 19:02 - 00001174 _____ () C:\Users\korovjov\Desktop\nothreats.txt
2014-10-05 16:14 - 2014-10-05 16:14 - 00000000 ____D () C:\Users\korovjov\AppData\Roaming\AVAST 
 
Software
2014-10-05 16:10 - 2014-10-05 16:10 - 00001026 _____ () C:\Users\Public\Desktop\avast! Free 
 
Antivirus.lnk
2014-10-05 16:10 - 2014-10-05 16:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start 
 
Menu\Programs\Avast
2014-10-05 16:09 - 2014-10-11 10:21 - 00004182 _____ () C:\Windows\System32\Tasks\avast! 
 
Emergency Update
2014-10-05 16:08 - 2014-10-05 16:09 - 00427360 _____ (AVAST Software) C:\Windows
 
\system32\Drivers\aswsp.sys
2014-10-05 16:08 - 2014-10-05 16:08 - 01041168 _____ (AVAST Software) C:\Windows
 
\system32\Drivers\aswSnx.sys
2014-10-05 16:08 - 2014-10-05 16:08 - 00307344 _____ (AVAST Software) C:\Windows
 
\system32\aswBoot.exe
2014-10-05 16:08 - 2014-10-05 16:08 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-10-05 16:08 - 2014-10-05 16:08 - 00093568 _____ (AVAST Software) C:\Windows
 
\system32\Drivers\aswRdr2.sys
2014-10-05 16:08 - 2014-10-05 16:08 - 00092008 _____ (AVAST Software) C:\Windows
 
\system32\Drivers\aswStm.sys
2014-10-05 16:08 - 2014-10-05 16:08 - 00079184 _____ (AVAST Software) C:\Windows
 
\system32\Drivers\aswMonFlt.sys
2014-10-05 16:08 - 2014-10-05 16:08 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-10-05 16:08 - 2014-10-05 16:08 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-10-05 16:08 - 2014-10-05 16:08 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-10-05 16:05 - 2014-10-05 16:06 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-10-05 16:04 - 2014-10-05 16:04 - 04862664 _____ (AVAST Software) C:\Users\korovjov
 
\Downloads\avast_free_antivirus_setup_online.exe
2014-10-05 15:59 - 2014-10-05 15:59 - 00854436 _____ () C:\Users\korovjov\Downloads
 
\SecurityCheck.exe
2014-10-05 14:43 - 2014-10-05 14:43 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-10-05 13:28 - 2014-10-05 13:28 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\korovjov
 
\Desktop\tdsskiller.exe
2014-10-05 00:57 - 2014-10-05 00:57 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\korovjov
 
\Downloads\rkill.exe
2014-10-05 00:57 - 2014-10-05 00:57 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\korovjov
 
\Downloads\rkill (1).exe
2014-10-04 10:53 - 2014-10-04 10:54 - 00000000 ____D () C:\Users\korovjov\AppData\Roaming
 
\Toyzamni
2014-10-02 10:23 - 2014-10-02 10:23 - 00053248 _____ () C:\Users\korovjov\Downloads
 
\Iskolapszihológusok volt eszközei.xls
2014-10-02 09:37 - 2014-10-02 09:37 - 00000359 _____ () C:\Users\korovjov\Desktop\Számítógép 
 
parancsikonja.lnk
2014-10-01 21:51 - 2013-04-01 23:12 - 00178176 _____ (Xerox Corporation) C:\Windows
 
\system32\xrhkbzil.dll
2014-10-01 21:36 - 2014-10-01 21:36 - 00038400 _____ () C:\Users\korovjov\Downloads
 
\Jelenléti_ív_Horváth_Julia_2014szeptember (1).xls
2014-10-01 21:28 - 2014-10-01 21:28 - 00038400 _____ () C:\Users\korovjov\Downloads
 
\Jelenléti_ív_Horváth_Julia_2014szeptember.xls
2014-10-01 14:28 - 2014-10-01 21:24 - 00000000 ____D () C:\Users\korovjov\AppData\Roaming
 
\Zaexdeel
2014-09-30 22:29 - 2014-09-25 04:08 - 00371712 _____ (Microsoft Corporation) C:\Windows
 
\system32\qdvd.dll
2014-09-30 22:29 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows
 
\SysWOW64\qdvd.dll
2014-09-29 21:00 - 2014-09-29 21:00 - 00038400 _____ () C:\Users\korovjov\Desktop
 
\munkaido.xls
2014-09-29 15:23 - 2014-09-29 21:21 - 00000000 ____D () C:\ProgramData\SecTaskMan
2014-09-29 14:04 - 2014-09-29 14:04 - 00000000 ____D () C:\Users\korovjov\AppData\Roaming\Faritou
2014-09-25 11:53 - 2014-09-25 11:53 - 00000000 ____D () C:\Windows\ERUNT
2014-09-24 20:31 - 2014-09-25 09:38 - 00000000 ____D () C:\Users\korovjov\AppData\Roaming\Cilyyv
2014-09-23 23:44 - 2014-09-23 23:44 - 00274592 _____ () C:\Windows\Minidump\092314-38563-01.dmp
2014-09-23 22:40 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\Windows
 
\system32\tzres.dll
2014-09-23 22:40 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows
 
\SysWOW64\tzres.dll
2014-09-21 18:27 - 2014-09-21 18:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start 
 
Menu\Programs\Security Task Manager
2014-09-21 18:26 - 2014-09-21 18:26 - 02365840 _____ () C:\Users\korovjov\Downloads
 
\SecurityTaskManager_Setup.exe
2014-09-21 18:01 - 2014-10-07 21:19 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware 
 
(portable)
2014-09-21 18:00 - 2014-10-09 22:06 - 00000000 ____D () C:\Users\korovjov\Desktop\mbar
2014-09-21 18:00 - 2014-09-21 18:00 - 14349744 _____ (Malwarebytes Corp.) C:\Users\korovjov
 
\Downloads\mbar-1.07.0.1012 (1).exe
2014-09-21 17:58 - 2014-09-21 17:58 - 14349744 _____ (Malwarebytes Corp.) C:\Users\korovjov
 
\Downloads\mbar-1.07.0.1012.exe
2014-09-20 16:49 - 2014-09-20 16:49 - 00106716 _____ () C:\Users\korovjov\Downloads
 
\Attachments_2014920.zip
2014-09-20 15:23 - 2014-09-20 15:23 - 00000000 ____D () C:\Windows\pss
2014-09-20 12:25 - 2014-09-21 18:21 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-09-20 12:25 - 2014-09-20 12:28 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & 
 
Destroy 2
2014-09-20 12:25 - 2014-09-20 12:25 - 00001395 _____ () C:\ProgramData\Microsoft\Windows\Start 
 
Menu\Programs\Spybot-S&D Start Center.lnk
2014-09-20 12:25 - 2014-09-20 12:25 - 00000656 _____ () C:\Windows\Tasks\Check for updates 
 
(Spybot - Search & Destroy).job
2014-09-20 12:25 - 2014-09-20 12:25 - 00000628 _____ () C:\Windows\Tasks\Refresh immunization 
 
(Spybot - Search & Destroy).job
2014-09-20 12:25 - 2014-09-20 12:25 - 00000458 _____ () C:\Windows\Tasks\Scan the system (Spybot 
 
- Search & Destroy).job
2014-09-20 12:25 - 2014-09-20 12:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start 
 
Menu\Programs\Spybot - Search & Destroy 2
2014-09-20 12:25 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows
 
\system32\sdnclean64.exe
2014-09-20 12:23 - 2014-09-20 12:23 - 00000000 ____D () C:\Users\korovjov\AppData\Roaming
 
\LavasoftStatistics
2014-09-20 12:23 - 2014-09-20 12:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start 
 
Menu\Programs\Lavasoft
2014-09-20 12:22 - 2014-09-20 12:22 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\korovjov
 
\Downloads\spybot-2.4.exe
2014-09-20 12:22 - 2014-09-20 12:22 - 00000000 ____D () C:\Program Files\Lavasoft
2014-09-20 12:20 - 2014-09-20 12:20 - 02806920 _____ () C:\Users\korovjov\Downloads
 
\Adaware_Installer.exe
2014-09-20 12:20 - 2014-09-20 12:20 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-09-20 12:20 - 2014-09-20 12:20 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-09-20 12:08 - 2014-09-20 12:17 - 00000000 ____D () C:\Users\korovjov\AppData\Roaming\Wise 
 
Registry Cleaner
2014-09-20 12:08 - 2014-09-20 12:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start 
 
Menu\Programs\Wise Registry Cleaner
2014-09-20 12:06 - 2014-09-20 12:06 - 02254336 _____ (WiseCleaner.com ) C:\Users\korovjov
 
\Downloads\WRCFree.exe
2014-09-20 10:51 - 2014-09-20 10:51 - 00000000 ____D () C:\Users\korovjov\AppData\Roaming
 
\Microsoft\Windows\Start Menu\Programs\SpyHunter
2014-09-20 10:51 - 2014-09-20 10:51 - 00000000 ____D () C:\sh4ldr
2014-09-20 10:51 - 2014-09-20 10:51 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-09-20 10:51 - 2012-06-22 11:01 - 00022704 _____ () C:\Windows\system32\Drivers
 
\EsgScanner.sys
2014-09-20 10:50 - 2014-09-20 10:50 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users
 
\korovjov\Downloads\SpyHunter-Installer (1).exe
2014-09-20 10:47 - 2014-09-20 10:47 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users
 
\korovjov\Downloads\SpyHunter-Installer.exe
2014-09-20 10:46 - 2014-09-20 10:47 - 06808688 _____ (ParetoLogic, Inc.) C:\Users\korovjov
 
\Downloads\RegCureProSetup.exe
2014-09-20 10:46 - 2014-09-20 10:46 - 00001205 _____ () C:\Users\korovjov\Downloads\FixNCR.reg
2014-09-20 09:41 - 2014-09-20 09:41 - 00270352 _____ () C:\Windows\Minidump\092014-21808-01.dmp
2014-09-20 09:31 - 2014-09-20 09:31 - 01805736 _____ (Symantec Corporation) C:\Users\korovjov
 
\Downloads\FixZeroAccess (1).exe
2014-09-20 09:25 - 2014-09-20 09:25 - 01805736 _____ (Symantec Corporation) C:\Users\korovjov
 
\Downloads\FixZeroAccess.exe
2014-09-20 09:25 - 2014-09-20 09:25 - 00027256 _____ (Symantec Corporation) C:\Windows
 
\system32\Drivers\FixZeroAccess.sys
2014-09-20 08:24 - 2014-09-20 08:40 - 00000000 ____D () C:\Users\korovjov\AppData\Roaming
 
\Ishaewga
2014-09-20 08:24 - 2014-09-20 08:24 - 00003840 _____ () C:\Windows\System32\Tasks\Security Center 
 
Update - 1760769643
2014-09-19 19:15 - 2014-09-19 21:34 - 00008867 _____ () C:\Windows\system32\avgrep.txt
2014-09-18 07:49 - 2014-10-04 11:00 - 00000761 _____ () C:\Windows\system32\Drivers\etc\hosts.txt
2014-09-17 13:14 - 2014-10-11 10:33 - 00000000 ____D () C:\Users\korovjov\Desktop\Virus
2014-09-15 11:39 - 2014-09-17 13:50 - 00000617 _____ () C:\Users\korovjov\Desktop\Új szöveges 
 
dokumentum.txt
2014-09-13 20:46 - 2014-09-13 20:46 - 00000000 ____D () C:\Users\korovjov\AppData\Roaming
 
\Microsoft\Windows\Start Menu\Programs\IrfanView
2014-09-13 20:45 - 2014-09-13 20:45 - 01898640 _____ (Irfan Skiljan) C:\Users\korovjov\Downloads
 
\iview438_setup.exe
2014-09-13 11:22 - 2014-09-13 11:22 - 01290240 _____ () C:\Users\korovjov\Downloads
 
\Kovács_T_Szakdolgozat_1..ppt
2014-09-13 11:22 - 2014-09-13 11:22 - 01042432 _____ () C:\Users\korovjov\Downloads
 
\Kovács_T_Szakdolgozat_2..ppt
2014-09-13 03:02 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows
 
\system32\msmpeg2vdec.dll
2014-09-13 03:02 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows
 
\SysWOW64\msmpeg2vdec.dll
2014-09-11 12:25 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows
 
\system32\iedkcs32.dll
2014-09-11 12:25 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows
 
\SysWOW64\iedkcs32.dll
2014-09-11 12:25 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows
 
\system32\mshtml.dll
2014-09-11 12:25 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows
 
\system32\mshtml.tlb
2014-09-11 12:25 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows
 
\system32\ieetwcollectorres.dll
2014-09-11 12:25 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows
 
\SysWOW64\mshtml.dll
2014-09-11 12:25 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows
 
\system32\iertutil.dll
2014-09-11 12:25 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows
 
\system32\jscript9.dll
2014-09-11 12:25 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows
 
\system32\vbscript.dll
2014-09-11 12:25 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows
 
\system32\iesetup.dll
2014-09-11 12:25 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows
 
\system32\MshtmlDac.dll
2014-09-11 12:25 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows
 
\system32\ieetwproxystub.dll
2014-09-11 12:25 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows
 
\SysWOW64\jscript9.dll
2014-09-11 12:25 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows
 
\system32\jsproxy.dll
2014-09-11 12:25 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows
 
\system32\iernonce.dll
2014-09-11 12:25 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows
 
\system32\ieui.dll
2014-09-11 12:25 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows
 
\system32\jscript9diag.dll
2014-09-11 12:25 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows
 
\system32\ieUnatt.exe
2014-09-11 12:25 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows
 
\system32\ieetwcollector.exe
2014-09-11 12:25 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows
 
\SysWOW64\mshtml.tlb
2014-09-11 12:25 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows
 
\system32\MsSpellCheckingFacility.exe
2014-09-11 12:25 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows
 
\system32\dxtmsft.dll
2014-09-11 12:25 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows
 
\SysWOW64\vbscript.dll
2014-09-11 12:25 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows
 
\system32\JavaScriptCollectionAgent.dll
2014-09-11 12:25 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows
 
\SysWOW64\iesetup.dll
2014-09-11 12:25 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows
 
\SysWOW64\MshtmlDac.dll
2014-09-11 12:25 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows
 
\SysWOW64\ieetwproxystub.dll
2014-09-11 12:25 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows
 
\SysWOW64\iertutil.dll
2014-09-11 12:25 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows
 
\system32\msrating.dll
2014-09-11 12:25 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows
 
\system32\mshtmled.dll
2014-09-11 12:25 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows
 
\SysWOW64\jsproxy.dll
2014-09-11 12:25 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows
 
\SysWOW64\iernonce.dll
2014-09-11 12:25 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows
 
\system32\dxtrans.dll
2014-09-11 12:25 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows
 
\SysWOW64\ieui.dll
2014-09-11 12:25 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows
 
\SysWOW64\ieUnatt.exe
2014-09-11 12:25 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows
 
\SysWOW64\jscript9diag.dll
2014-09-11 12:25 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows
 
\SysWOW64\dxtmsft.dll
2014-09-11 12:25 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows
 
\system32\msfeeds.dll
2014-09-11 12:25 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows
 
\system32\ie4uinit.exe
2014-09-11 12:25 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows
 
\system32\inetcpl.cpl
2014-09-11 12:25 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows
 
\system32\mshtmlmedia.dll
2014-09-11 12:25 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows
 
\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-11 12:25 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows
 
\SysWOW64\msrating.dll
2014-09-11 12:25 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows
 
\SysWOW64\dxtrans.dll
2014-09-11 12:25 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows
 
\SysWOW64\mshtmled.dll
2014-09-11 12:25 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows
 
\system32\ieframe.dll
2014-09-11 12:25 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows
 
\SysWOW64\ieframe.dll
2014-09-11 12:25 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows
 
\system32\wininet.dll
2014-09-11 12:25 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows
 
\SysWOW64\msfeeds.dll
2014-09-11 12:25 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows
 
\SysWOW64\inetcpl.cpl
2014-09-11 12:25 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows
 
\SysWOW64\mshtmlmedia.dll
2014-09-11 12:25 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows
 
\system32\urlmon.dll
2014-09-11 12:25 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows
 
\SysWOW64\wininet.dll
2014-09-11 12:25 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows
 
\SysWOW64\urlmon.dll
2014-09-11 12:25 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows
 
\system32\ieapfltr.dll
2014-09-11 12:25 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows
 
\SysWOW64\ieapfltr.dll
2014-09-11 08:01 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows
 
\system32\TSWorkspace.dll
2014-09-11 08:01 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows
 
\SysWOW64\TSWorkspace.dll
2014-09-11 08:01 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows
 
\system32\lsasrv.dll
2014-09-11 08:01 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows
 
\system32\kerberos.dll
2014-09-11 08:01 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows
 
\SysWOW64\kerberos.dll
2014-09-11 08:01 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows
 
\SysWOW64\secur32.dll
2014-09-11 08:01 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows
 
\SysWOW64\sspicli.dll
2014-09-11 08:01 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows
 
\system32\d3d10warp.dll
2014-09-11 08:01 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows
 
\SysWOW64\d3d10warp.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-11 11:41 - 2013-08-03 00:15 - 00001032 _____ () C:\Windows\Tasks
 
\GoogleUpdateTaskMachineUA.job
2014-10-11 11:41 - 2009-07-14 06:45 - 00014592 ____H () C:\Windows\system32\7B296FB0-376B-497e-
 
B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-11 11:41 - 2009-07-14 06:45 - 00014592 ____H () C:\Windows\system32\7B296FB0-376B-497e-
 
B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-11 11:09 - 2014-08-04 23:35 - 00122584 _____ (Malwarebytes Corporation) C:\Windows
 
\system32\Drivers\MBAMSwissArmy.sys
2014-10-11 11:07 - 2013-07-28 14:04 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player 
 
Updater.job
2014-10-11 10:52 - 2012-02-18 04:48 - 00000000 ____D () C:\ProgramData\AVG2012
2014-10-11 10:38 - 2012-01-01 02:35 - 00001090 _____ () C:\Windows\Tasks
 
\FacebookUpdateTaskUserS-1-5-21-1772277445-4011010567-3041638281-1000UA.job
2014-10-11 10:33 - 2014-09-09 11:43 - 00000000 ____D () C:\Users\korovjov\AppData\Local\YtjcPack
2014-10-11 10:29 - 2014-09-09 11:43 - 00000000 ____D () C:\Users\korovjov\AppData\Local\Olrdics
2014-10-11 10:29 - 2011-04-19 13:00 - 02069716 _____ () C:\Windows\WindowsUpdate.log
2014-10-11 10:23 - 2011-04-27 09:40 - 00000000 ____D () C:\Windows\system32\Drivers\AVG
2014-10-11 10:19 - 2013-08-03 00:15 - 00001028 _____ () C:\Windows\Tasks
 
\GoogleUpdateTaskMachineCore.job
2014-10-11 10:19 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-11 10:19 - 2009-07-14 06:51 - 00178310 _____ () C:\Windows\setupact.log
2014-10-10 07:32 - 2012-02-12 23:30 - 00000000 ____D () C:\Users\korovjov\AppData\Roaming\vlc
2014-10-08 23:01 - 2012-01-01 02:35 - 00001068 _____ () C:\Windows\Tasks
 
\FacebookUpdateTaskUserS-1-5-21-1772277445-4011010567-3041638281-1000Core.job
2014-10-08 01:21 - 2011-04-20 18:40 - 00529216 _____ () C:\Windows\PFRO.log
2014-10-07 20:31 - 2014-08-04 23:34 - 00092888 _____ (Malwarebytes Corporation) C:\Windows
 
\system32\Drivers\mbamchameleon.sys
2014-10-07 20:26 - 2012-05-06 00:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla 
 
Maintenance Service
2014-10-07 20:26 - 2009-07-14 05:20 - 00000000 __RSD () C:\Windows\Media
2014-10-07 09:30 - 2012-02-12 23:30 - 00000000 ____D () C:\Users\korovjov\AppData\Roaming\dvdcss
2014-10-05 13:29 - 2009-07-14 14:46 - 04323810 _____ () C:\Windows\system32\perfh00E.dat
2014-10-05 13:29 - 2009-07-14 14:46 - 01409288 _____ () C:\Windows\system32\perfc00E.dat
2014-10-05 13:29 - 2009-07-14 07:13 - 00006658 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-01 12:38 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-09-29 16:22 - 2011-04-26 12:40 - 00001676 _____ () C:\ProgramData\Microsoft\Windows\Start 
 
Menu\Programs\William Hill Poker.lnk
2014-09-28 03:10 - 2013-07-28 14:04 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash 
 
Player Updater
2014-09-28 03:09 - 2013-03-21 11:37 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows
 
\SysWOW64\FlashPlayerApp.exe
2014-09-28 03:09 - 2011-11-30 23:46 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows
 
\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-28 03:07 - 2014-09-10 20:35 - 03675824 _____ (Adobe Systems Incorporated) C:\Windows
 
\SysWOW64\FlashPlayerInstaller.exe
2014-09-25 10:48 - 2014-07-29 15:47 - 00000000 ____D () C:\Users\korovjov\Desktop\APPZ
2014-09-25 10:48 - 2012-04-22 00:07 - 00000000 ___RD () C:\Users\korovjov\Dropbox
2014-09-25 10:43 - 2012-04-21 15:21 - 00000000 ____D () C:\Users\korovjov\AppData\Roaming\Dropbox
2014-09-25 09:46 - 2013-08-03 00:16 - 00002173 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-24 03:22 - 2012-04-21 15:22 - 00000000 ____D () C:\Users\korovjov\AppData\Roaming
 
\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-09-23 23:44 - 2011-05-03 11:25 - 00000000 ____D () C:\Windows\Minidump
2014-09-23 23:43 - 2009-07-14 07:37 - 00000000 ____D () C:\Windows\DigitalLocker
2014-09-22 14:54 - 2009-07-14 15:13 - 00000000 ____D () C:\Windows\ShellNew
2014-09-22 13:59 - 2011-04-19 15:52 - 00000000 ____D () C:\Windows\RaidTool
2014-09-21 16:18 - 2009-07-14 07:08 - 00032590 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-21 11:11 - 2011-10-01 08:39 - 00000132 _____ () C:\Users\korovjov\AppData\Roaming\Adobe 
 
PNG Format CS5 Prefs
2014-09-21 04:23 - 2011-04-30 18:52 - 00000000 ____D () C:\Users\korovjov\AppData\Local
 
\CountAnything
2014-09-20 16:56 - 2011-04-19 20:42 - 00000000 ____D () C:\Users\korovjov\AppData\Local\Adobe
2014-09-19 22:08 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Cursors
2014-09-18 22:03 - 2011-09-24 13:20 - 00000000 ____D () C:\Users\korovjov\Documents\Outlook Files
2014-09-18 20:09 - 2011-04-20 19:46 - 00000000 ____D () C:\Users\korovjov\AppData\Roaming
 
\BitTorrent
2014-09-17 21:38 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat
2014-09-17 08:09 - 2014-06-28 17:28 - 00002453 _____ () C:\ProgramData\Microsoft\Windows\Start 
 
Menu\Programs\Adobe Acrobat XI Pro.lnk
2014-09-17 08:09 - 2014-06-28 17:28 - 00001883 _____ () C:\ProgramData\Microsoft\Windows\Start 
 
Menu\Programs\Adobe FormsCentral.lnk
2014-09-17 08:09 - 2014-06-28 17:28 - 00001760 _____ () C:\ProgramData\Microsoft\Windows\Start 
 
Menu\Programs\Adobe Acrobat Distiller XI.lnk
2014-09-16 20:23 - 2013-01-14 11:19 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start 
 
Menu\Programs\Adobe Reader XI.lnk
2014-09-14 09:54 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Branding
2014-09-13 21:05 - 2012-03-05 22:54 - 00000132 _____ () C:\Users\korovjov\AppData\Roaming\Adobe 
 
GIF Format CS5 Prefs
2014-09-13 14:19 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\Performance
2014-09-11 12:25 - 2011-04-21 09:24 - 00000000 ____D () C:\ProgramData\Microsoft Help
 
Some content of TEMP:
====================
C:\Users\korovjov\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-
 
3e3e7ecf0d81}.tmp63k6n9.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-06 03:08
 
==================== End Of Log ============================
 
 
ADDITION:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-10-2014 01
Ran by korovjov at 2014-10-11 11:43:52
Running from C:\Users\korovjov\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: AVG Anti-Virus Free Edition 2012 (Enabled - Up to date) {5A2746B1-DEE9-F85A-FBCD-
 
ADB11639C5F0}
AS: AVG Anti-Virus Free Edition 2012 (Enabled - Up to date) {E146A755-F8D3-F7D4-C17D-
 
96C36DBE8F4D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The 
 
adware programs should be uninstalled manually.)
 
Ad-Aware Antivirus (HKLM\...\{E39A80AE-0CC0-43EE-AB6B-BE11DC4F969F}_AdAwareUpdater) (Version: 
 
11.3.6321.0 - Lavasoft)
AdAwareInstaller (Version: 11.3.6321.0 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.3.6321.0 - Lavasoft) Hidden
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.09 - 
 
Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 14.0.0.110 - Adobe Systems Incorporated) Hidden
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 
 
3.0.0.400 - Adobe Systems Incorporated)
Adobe Community Help (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) 
 
(Version: 1.2.8 - Adobe Systems Incorporated)
Adobe Download Assistant (x32 Version: 1.2.8 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - 
 
Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - 
 
Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) 
 
(Version: 1.8 - Adobe Systems Incorporated)
Adobe Media Player (x32 Version: 1.8 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS5 (HKLM-x32\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe 
 
Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 
 
- Adobe Systems Incorporated)
Alien Swarm (HKLM-x32\...\Steam App 630) (Version:  - Valve)
AMD Accelerated Video Transcoding (Version: 13.20.100.31206 - Advanced Micro Devices, Inc.) 
 
Hidden
AMD APP SDK Runtime (Version: 10.0.1084.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.1206.1603.28764 - Cégnév) Hidden
AMD Catalyst Install Manager (HKLM\...\{308051DA-0048-7A07-FE8B-9B6EC119A9E8}) (Version: 
 
8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - ATI Technologies Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.81206.1620 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.14 - Advanced Micro Devices, Inc.) Hidden
AntimalwareEngine (Version: 3.0.0.56 - Lavasoft) Hidden
Apple Application Support (HKLM-x32\...\{853A4763-6643-4604-8D64-28BDD8925F4C}) (Version: 1.5.1 - 
 
Apple Inc.)
Apple Mobile Device Support (HKLM\...\{8F473675-D702-45F9-8EBC-342B40C17BF5}) (Version: 3.4.0.25 
 
- Apple Inc.)
Apple Software Update (HKLM-x32\...\{C41300B9-185D-475E-BFEC-39EF732F19B1}) (Version: 2.1.2.120 - 
 
Apple Inc.)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
AVG 2012 (HKLM\...\AVG) (Version: 2012.1.2247 - AVG Technologies)
AVG 2012 (Version: 12.0.4031 - AVG Technologies) Hidden
AVG 2012 (Version: 12.1.2247 - AVG Technologies) Hidden
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 3.2.0.15 - AVG Technologies)
BlueStacks Notification Center (HKLM-x32\...\{44181DF6-2751-48C7-B918-72F14508F127}) (Version: 
 
0.8.4.3036 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{0E543634-7E25-4B8F-8D5B-97880E5E5088}) (Version: 2.0.5.0 - Apple Inc.)
Botanicula (HKLM-x32\...\Botanicula_is1) (Version:  - GOG.com)
Broken Sword 2.5 (HKLM-x32\...\Broken Sword 2.5_is1) (Version:  - mindFactory)
Broken Sword 5 (HKLM-x32\...\Steam App 262940) (Version:  - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.1206.1603.28764 - Advanced 
 
Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, 
 
Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.1206.1603.28764 - Advanced Micro 
 
Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) 
 
Hidden
CCC Help Chinese Traditional (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) 
 
Hidden
CCC Help Czech (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CountAnything (HKLM-x32\...\CountAnything_is1) (Version: 2.1 - Ginstrom IT Solutions (GITS))
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.4.0314 - DT Soft Ltd)
Dear Esther (HKLM-x32\...\Dear Esther_is1) (Version:  - )
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (HKLM\...\{90140000-0011-
 
0000-1000-0000000FF1CE}_Office14.PROPLUS_{42CBCE27-DE9B-4094-B9EB-D4C4C135FFA8}) (Version:  - 
 
Microsoft)
DivX Pro 6.8.0 VFW (HKLM-x32\...\divx650vfw_is1) (Version: 6.8.0.14 - )
D-Link DWA-123 (HKLM-x32\...\{987A57F4-1190-4E40-ACDC-6FE2648EAF15}) (Version: 1.00.0000 - D-Link 
 
Corporation)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
DVD Architect Studio 5.0 (HKLM-x32\...\{42C509F1-C451-11E1-AEC9-F04DA23A5C58}) (Version: 5.0.161 
 
- Sony)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 
 
3.1.521 - Skype Limited)
FormatFactory 3.3.5.0 (HKLM-x32\...\FormatFactory) (Version: 3.3.5.0 - Format Factory)
Free PDF To Word Converter 1.6 (HKLM-x32\...\Free PDF To Word Converter_is1) (Version: 1.6 - )
Free PDF to Word Doc Converter v1.1 (HKLM-x32\...\Free PDF to Word Doc Converter_is1) (Version: 
 
1.1 - www.hellopdf.com)
Free Studio version 2013 (HKLM-x32\...\Free Studio_is1) (Version: 6.1.0.320 - DVDVideoSoft Ltd.)
Garmin Communicator Plugin (HKLM-x32\...\{B1EE1CC5-6CED-4801-BFFF-8454F21A245A}) (Version: 2.9.3 
 
- Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{510D2239-6C2E-457B-9590-485EC552D94D}) (Version: 2.3.0.0 - 
 
Garmin Ltd or its subsidiaries)
GenoPro 2.5.3.9 (HKLM-x32\...\GenoPro) (Version:  - GenoPro Inc.)
Gigabyte Raid Cinfigurer (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 
 
1.00.0001 - GIGABYTE Technologies, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 
 
1.2.0.1006 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 
 
9.5.0.1037 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
iTunes (HKLM\...\{18155797-EF2E-4699-9A16-FE787C4C10DB}) (Version: 10.2.2.14 - Apple Inc.)
Java Auto Updater (x32 Version: 2.0.7.2 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 37 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216037FF}) (Version: 6.0.370 - 
 
Oracle)
Kentucky Route Zero (HKLM-x32\...\Steam App 231200) (Version:  - Cardboard Computer)
Kentucky Route Zero Act I (HKLM-x32\...\Kentucky Act I) (Version: 3.5.6.44817 - Cardboard 
 
Computer)
Kentucky Route Zero Act III (HKLM-x32\...\{9A99DB29-F374-4D7C-99B6-D77877031667}_is1) (Version: 
 
4.3.1 - Cardboard Computer)
K-Lite Codec Pack 7.1.0 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.1.0 - )
Malwarebytes Anti-Malware 2.0.2.1012 verzió (HKLM-x32\...\Malwarebytes Anti-Malware_is1) 
 
(Version: 2.0.2.1012 - Malwarebytes Corporation)
Messenger kísérő (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 
 
4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HUN) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET-keretrendszer 4.5.1 (magyar) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 
 
1038) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) 
 
Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft 
 
Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) 
 
Hidden
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) 
 
Hidden
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) 
 
Hidden
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) 
 
Hidden
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) 
 
Hidden
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) 
 
Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) 
 
Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - 
 
Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) 
 
Hidden
Microsoft Office Shared 32-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft 
 
Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) 
 
Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft 
 
Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - 
 
Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-
 
AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Text-to-Speech Engine 4.0 (English) (HKLM-x32\...\MSTTS) (Version:  - )
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-
 
3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) 
 
(Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) 
 
(Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...
 
\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14
 
-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-
 
BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06
 
-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9
 
-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-
 
6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-
 
8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-
 
a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-
 
bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft 
 
Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft 
 
Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - 
 
Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft 
 
Corporation) Hidden
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) 
 
(Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 32.0.3 (x86 hu) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 hu)) (Version: 32.0.3 - 
 
Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MP3 Skype Recorder (HKLM-x32\...\{CB606F47-7D0E-40DF-95BB-0E5413A1295F}) (Version: 3.1.3 - 
 
Alexander Nikiforov)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT Redists (x32 Version: 1.0 - Sony Creative Software Inc.) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 
 
- Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 
 
4.30.2117.0 - Microsoft Corporation)
Nihilumbra (HKLM-x32\...\Nihilumbra_is1) (Version:  - )
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA 
 
Corporation)
Oblivion (HKLM-x32\...\{35CB6715-41F8-4F99-8881-6FC75BF054B0}) (Version: 1.00.0000 - Bethesda 
 
Softworks)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
QuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
R for Windows 2.15.2 (HKLM\...\R for Windows 2.15.2_is1) (Version: 2.15.2 - R Core Team)
Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM-x32\...\{8833FFB6-5B0C-4764
 
-81AA-06DFEED9A476}) (Version: 1.00.0009 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) 
 
(Version: 6.0.1.5998 - Realtek Semiconductor Corp.)
Rocket French v2.0 (HKLM-x32\...\Rocket French_is1) (Version:  - Libros Media Ltd)
Security Task Manager 1.8g (HKLM-x32\...\Security Task Manager) (Version: 1.8g - Neuber Software)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-
 
0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - 
 
Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) 
 
Hidden
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.9.9216 - 
 
Skype Technologies S.A.)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype 
 
Technologies S.A.)
SopCast 3.4.0 (HKLM-x32\...\SopCast) (Version: 3.4.0 - www.sopcast.com)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
SPSS Statistics 17.0 (HKLM-x32\...\{46B65150-F8AA-42F2-94FB-2729A8AE5F7E}) (Version: 17.0.0 - 
 
SPSS Inc.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 
 
2.4.40 - Safer-Networking Ltd.)
SpyHunter (HKLM\...\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}) (Version: 4.17.6.4336 - Enigma 
 
Software Group USA, LLC)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Stop Motion Pro v4 (HKLM-x32\...\Stop Motion Pro v4_is1) (Version:  - Stop Motion Pro)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.81.101301 - SugarSync, Inc.)
The Elder Scrolls Online Beta (HKLM-x32\...\The Elder Scrolls Online Beta_is1) (Version: 0.3.4 - 
 
)
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-
 
0000000FF1CE}_Office14.PROPLUS_{FEF4C57D-0975-4D3C-ACC7-DCD038C3788F}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2889836) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-
 
0000000FF1CE}_Office14.PROPLUS_{AC36E3B7-5095-43B9-9A74-928420F88714}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 64-Bit Edition (HKLM\...\{90140000-0011-0000-
 
1000-0000000FF1CE}_Office14.PROPLUS_{84B191B5-5319-463A-A305-8C4D53B1D20A}) (Version:  - 
 
Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000
 
-0000000FF1CE}_Office14.PROPLUS_{DB0B0CDF-77EC-47B0-94E2-4738573A1E58}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000
 
-0000000FF1CE}_Office14.PROPLUS_{1AA82E2E-7DB7-4C70-910C-BBB657A6B3A5}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}
 
_Office14.PROPLUS_{428CB7A0-1068-4CE1-8835-39C7ECD297ED}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-
 
0000000FF1CE}_Office14.PROPLUS_{79C725A1-3964-421C-A528-78C1C083C7C7}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-
 
0000000FF1CE}_Office14.PROPLUS_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-
 
0000000FF1CE}_Office14.PROPLUS_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-
 
0000000FF1CE}_Office14.PROPLUS_{EBD18DE5-BC84-4B57-9A30-097044871F9A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-
 
0000000FF1CE}_Office14.PROPLUS_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-
 
0000000FF1CE}_Office14.PROPLUS_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 64-Bit Edition (HKLM\...\{90140000-001F-0409-1000-
 
0000000FF1CE}_Office14.PROPLUS_{B114A387-8A14-4C43-AE51-82F17EB81D49}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-
 
0000000FF1CE}_Office14.PROPLUS_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-
 
0000000FF1CE}_Office14.PROPLUS_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-
 
0000000FF1CE}_Office14.PROPLUS_{B6AD7E27-012A-4B63-82BA-AF62893E5435}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-
 
0000000FF1CE}_Office14.PROPLUS_{07DC9C6C-E916-4F42-8677-716930ED0393}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-
 
0000000FF1CE}_Office14.PROPLUS_{6E760BBA-B83F-4C2D-918F-5F91EF6C9861}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-
 
0000000FF1CE}_Office14.PROPLUS_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0044-0409-1000-
 
0000000FF1CE}_Office14.PROPLUS_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-
 
0000000FF1CE}_Office14.PROPLUS_{D1F3B526-7EB2-4701-92DB-0784988D78DE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-
 
0000000FF1CE}_Office14.PROPLUS_{52BEF8AE-9324-40A1-9A92-E5A8FB63A475}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-
 
0000000FF1CE}_Office14.PROPLUS_{56551B9F-2FE1-4705-ACF0-8FA920535E18}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-
 
0000000FF1CE}_Office14.PROPLUS_{56551B9F-2FE1-4705-ACF0-8FA920535E18}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-040C-1000-
 
0000000FF1CE}_Office14.PROPLUS_{4B9B2BAF-EE1F-4B60-A4D9-17B7BEEB13A1}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-0C0A-1000-
 
0000000FF1CE}_Office14.PROPLUS_{860EE8B1-0B9F-4A8A-91FE-649CD3C6754C}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-
 
0000000FF1CE}_Office14.PROPLUS_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-
 
0000000FF1CE}_Office14.PROPLUS_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-
 
0000000FF1CE}_Office14.PROPLUS_{DDDC32A5-9528-4771-B91A-97A8E1D7957B}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-001A-0409-1000-
 
0000000FF1CE}_Office14.PROPLUS_{DBAC8ED2-9287-499E-AD66-590C7413C7DE}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-0011-0000-
 
1000-0000000FF1CE}_Office14.PROPLUS_{A20A650C-F820-4CE4-AEA5-EC140192FAFB}) (Version:  - 
 
Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-0018-0409-
 
1000-0000000FF1CE}_Office14.PROPLUS_{393B360E-62F8-463D-B914-1ECDC1359A46}) (Version:  - 
 
Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-
 
0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version:  
 
- Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-
 
0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version:  
 
- Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-
 
0000000FF1CE}_Office14.PROPLUS_{F6F342A1-530B-4D48-A468-1E3F70928984}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 64-Bit Edition (HKLM\...\{90140000-0011-0000-
 
1000-0000000FF1CE}_Office14.PROPLUS_{C950A55F-82E3-4CC8-8FA2-E8A2A0F651F3}) (Version:  - 
 
Microsoft)
Update for Microsoft Word 2010 (KB2880529) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-
 
0000000FF1CE}_Office14.PROPLUS_{89FDC8D9-FB84-4EFE-950D-AF4EECC3B64C}) (Version:  - Microsoft)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) 
 
(Version: 10.0.0.2 - AVG Technologies)
VLC media player 1.0.5 (HKLM-x32\...\VLC media player) (Version: 1.0.5 - VideoLAN Team)
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version:  - NCH Software)
William Hill Poker (HKLM-x32\...\William Hill Poker) (Version:  - )
Winamp (HKLM-x32\...\Winamp) (Version: 5.621  - Nullsoft, Inc)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) (HKLM\...
 
\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft 
 
Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotótár (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) 
 
Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) 
 
Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 
 
2.6.4037.0 - Microsoft Corporation)
WinRAR 4.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
Wise Registry Cleaner 7.54 (HKLM-x32\...\Wise Registry Cleaner_is1) (Version:  - WiseCleaner.com, 
 
Inc.)
Xvid 1.1.2 final uninstall (HKLM-x32\...\Xvid_is1) (Version: 1.1 - Xvid team (Koepi))
Youtube Downloader HD v. 2.9.2 (HKLM-x32\...\Youtube Downloader HD_is1) (Version:  - 
 
YoutubeDownloaderHD.com)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will 
 
not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1772277445-4011010567-3041638281-1000_Classes\CLSID\{005A3A96-BAC4-
 
4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\korovjov\AppData\Roaming\Dropbox\bin
 
\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1772277445-4011010567-3041638281-1000_Classes\CLSID\{FB314ED9-A251-
 
47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\korovjov\AppData\Roaming\Dropbox\bin
 
\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1772277445-4011010567-3041638281-1000_Classes\CLSID\{FB314EDA-A251-
 
47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\korovjov\AppData\Roaming\Dropbox\bin
 
\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1772277445-4011010567-3041638281-1000_Classes\CLSID\{FB314EDB-A251-
 
47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\korovjov\AppData\Roaming\Dropbox\bin
 
\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1772277445-4011010567-3041638281-1000_Classes\CLSID\{FB314EDC-A251-
 
47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\korovjov\AppData\Roaming\Dropbox\bin
 
\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1772277445-4011010567-3041638281-1000_Classes\CLSID\{FB314EDD-A251-
 
47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\korovjov\AppData\Roaming\Dropbox\bin
 
\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1772277445-4011010567-3041638281-1000_Classes\CLSID\{FB314EDE-A251-
 
47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\korovjov\AppData\Roaming\Dropbox\bin
 
\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1772277445-4011010567-3041638281-1000_Classes\CLSID\{FB314EDF-A251-
 
47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\korovjov\AppData\Roaming\Dropbox\bin
 
\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1772277445-4011010567-3041638281-1000_Classes\CLSID\{FB314EE0-A251-
 
47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\korovjov\AppData\Roaming\Dropbox\bin
 
\DropboxExt64.24.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2011-04-20 20:49 - 2014-10-04 11:00 - 00001397 _RASH C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
158.58.173.195 www.google-analytics.com.
158.58.173.195 google-analytics.com.
158.58.173.195 connect.facebook.net.
212.47.195.163 www.google-analytics.com.
212.47.195.163 google-analytics.com.
212.47.195.163 connect.facebook.net.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file 
 
could be listed separately to be moved.)
 
Task: {0A005059-9970-4BFC-946E-8AD72EB2BFBD} - System32\Tasks\{56A85283-B476-4CA7-BDAE-
 
2B90910F3CCE} => Firefox.exe http://www.skype.com/go/downloading?
 
source=lightinstaller&amp;ver=5.3.0.111&amp;LastError=2
Task: {19DD06E0-E779-4D80-B07A-B47D58E7A709} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-
 
1772277445-4011010567-3041638281-1000Core => C:\Users\korovjov\AppData\Local\Facebook\Update
 
\FacebookUpdate.exe
Task: {2C6E8114-D282-4093-8AF7-329A18F73AB5} - System32\Tasks\{D79D32E0-17AF-4691-8D22-
 
E514FAE7C6A4} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-05-08] (Skype Technologies 
 
S.A.)
Task: {422A8789-F3B1-44F4-8D96-342845DE451E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:
 
\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-03] (Google Inc.)
Task: {5B619890-EB2C-4144-95B1-2730A3DBBDBE} - System32\Tasks\Security Center Update - 1760769643 
 
=> C:\Users\korovjov\AppData\Roaming\Ishaewga\riell.exe <==== ATTENTION
Task: {80C5DC83-9113-4266-A78F-BFC47920E1FB} - System32\Tasks\ROC_REG_JAN_DELETE => C:
 
\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-17] ()
Task: {A06A8162-4222-4610-AE66-8C328ECA0121} - System32\Tasks\Adobe Flash Player Updater => C:
 
\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-28] (Adobe Systems 
 
Incorporated)
Task: {B1B7F990-6C71-42F3-96E1-35585C1E9701} - System32\Tasks\avast! Emergency Update => D:
 
\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-10-05] (AVAST Software)
Task: {B9370A37-DBDD-493E-84B3-8715D9880E2D} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-
 
1772277445-4011010567-3041638281-1000UA => C:\Users\korovjov\AppData\Local\Facebook\Update
 
\FacebookUpdate.exe
Task: {E1C146DF-C799-4EA7-B7E5-7797C1D44E45} - System32\Tasks\GoogleUpdateTaskMachineCore => C:
 
\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-03] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash
 
\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files 
 
(x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1772277445-4011010567-3041638281-
 
1000Core.job => C:\Users\korovjov\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1772277445-4011010567-3041638281-1000UA.job 
 
=> C:\Users\korovjov\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update
 
\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update
 
\GoogleUpdate.exe
Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files 
 
(x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe
Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files 
 
(x86)\Spybot - Search & Destroy 2\SDScan.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-09-09 11:43 - 2014-09-09 11:43 - 03140096 _____ () C:\ProgramData\Microsoft\Secure\Icons
 
\SecureIconsProvider.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft 
 
Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office
 
\Office14\1033\GrooveIntlResource.dll
2014-09-09 11:43 - 2014-09-09 11:43 - 02498560 _____ () C:\ProgramData\Microsoft\Secure\Icons
 
\IconsCacheHelper.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 02745168 _____ () C:\Program Files\Lavasoft\Ad-Aware 
 
Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareShellExtension.dll
2014-08-27 12:53 - 2014-08-27 12:53 - 03396400 _____ () C:\Program Files\Lavasoft\Ad-Aware 
 
Antivirus\Ad-Aware Antivirus\11.3.6321.0\RCF.dll
2014-08-27 12:53 - 2014-08-27 12:53 - 00123744 _____ () C:\Program Files\Lavasoft\Ad-Aware 
 
Antivirus\Ad-Aware Antivirus\11.3.6321.0\boost_filesystem-vc100-mt-1_55.dll
2014-08-27 12:53 - 2014-08-27 12:53 - 00024408 _____ () C:\Program Files\Lavasoft\Ad-Aware 
 
Antivirus\Ad-Aware Antivirus\11.3.6321.0\boost_system-vc100-mt-1_55.dll
2011-04-27 09:40 - 2011-03-02 12:40 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2013-10-30 23:31 - 2010-08-16 00:51 - 00061440 _____ () C:\Program Files (x86)\D-Link\DWA-
 
123\ALPBCSVC.exe
2014-08-27 12:32 - 2014-08-27 12:32 - 00706864 _____ () C:\Program Files\Lavasoft\Ad-Aware 
 
Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareService.exe
2014-08-27 12:53 - 2014-08-27 12:53 - 00103768 _____ () C:\Program Files\Lavasoft\Ad-Aware 
 
Antivirus\Ad-Aware Antivirus\11.3.6321.0\boost_thread-vc100-mt-1_55.dll
2014-08-27 12:53 - 2014-08-27 12:53 - 00033624 _____ () C:\Program Files\Lavasoft\Ad-Aware 
 
Antivirus\Ad-Aware Antivirus\11.3.6321.0\boost_chrono-vc100-mt-1_55.dll
2014-08-27 12:53 - 2014-08-27 12:53 - 00055648 _____ () C:\Program Files\Lavasoft\Ad-Aware 
 
Antivirus\Ad-Aware Antivirus\11.3.6321.0\boost_date_time-vc100-mt-1_55.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 11947856 _____ () C:\Program Files\Lavasoft\Ad-Aware 
 
Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareServiceKernel.dll
2014-08-27 12:53 - 2014-08-27 12:53 - 00788824 _____ () C:\Program Files\Lavasoft\Ad-Aware 
 
Antivirus\Ad-Aware Antivirus\11.3.6321.0\boost_regex-vc100-mt-1_55.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 00734536 _____ () C:\Program Files\Lavasoft\Ad-Aware 
 
Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareActivation.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 02167640 _____ () C:\Program Files\Lavasoft\Ad-Aware 
 
Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareApplicationUpdater.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 00813896 _____ () C:\Program Files\Lavasoft\Ad-Aware 
 
Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareGamingMode.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 00098624 _____ () C:\Program Files\Lavasoft\Ad-Aware 
 
Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareReset.dll
2014-08-27 12:53 - 2014-08-27 12:53 - 00120128 _____ () C:\Program Files\Lavasoft\Ad-Aware 
 
Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareTime.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 00943960 _____ () C:\Program Files\Lavasoft\Ad-Aware 
 
Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareDefinitionsUpdater.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 00869224 _____ () C:\Program Files\Lavasoft\Ad-Aware 
 
Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareDefinitionsUpdaterScheduler.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 01105224 _____ () C:\Program Files\Lavasoft\Ad-Aware 
 
Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareIgnoreList.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 00247624 _____ () C:\Program Files\Lavasoft\Ad-Aware 
 
Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareQuarantine.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 00988504 _____ () C:\Program Files\Lavasoft\Ad-Aware 
 
Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareAntiMalwareEngine.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 00212824 _____ () C:\Program Files\Lavasoft\Ad-Aware 
 
Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareAntiRootkitEngine.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 01172816 _____ () C:\Program Files\Lavasoft\Ad-Aware 
 
Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareScannerHistory.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 01277248 _____ () C:\Program Files\Lavasoft\Ad-Aware 
 
Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareScanner.dll
2014-08-27 12:53 - 2014-08-27 12:53 - 00035160 _____ () C:\Program Files\Lavasoft\Ad-Aware 
 
Antivirus\Ad-Aware Antivirus\11.3.6321.0\boost_timer-vc100-mt-1_55.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 00975192 _____ () C:\Program Files\Lavasoft\Ad-Aware 
 
Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareScannerScheduler.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 01109336 _____ () C:\Program Files\Lavasoft\Ad-Aware 
 
Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareRealTimeProtection.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 00229200 _____ () C:\Program Files\Lavasoft\Ad-Aware 
 
Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareIncompatibles.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 00891720 _____ () C:\Program Files\Lavasoft\Ad-Aware 
 
Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareAntiSpam.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 00843088 _____ () C:\Program Files\Lavasoft\Ad-Aware 
 
Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareAntiPhishing.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 03090768 _____ () C:\Program Files\Lavasoft\Ad-Aware 
 
Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareParentalControl.dll
2014-08-27 12:53 - 2014-08-27 12:53 - 02624848 _____ () C:\Program Files\Lavasoft\Ad-Aware 
 
Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareWebProtection.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 01067344 _____ () C:\Program Files\Lavasoft\Ad-Aware 
 
Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareEmailProtection.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 01290584 _____ () C:\Program Files\Lavasoft\Ad-Aware 
 
Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareNetworkProtection.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 01004352 _____ () C:\Program Files\Lavasoft\Ad-Aware 
 
Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwarePromo.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 00343880 _____ () C:\Program Files\Lavasoft\Ad-Aware 
 
Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareFeedback.dll
2014-08-27 12:53 - 2014-08-27 12:53 - 02787160 _____ () C:\Program Files\Lavasoft\Ad-Aware 
 
Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareThreatWorkAlliance.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 01238848 _____ () C:\Program Files\Lavasoft\Ad-Aware 
 
Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwarePinCode.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 01004864 _____ () C:\Program Files\Lavasoft\Ad-Aware 
 
Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareNotice.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 00928072 _____ () C:\Program Files\Lavasoft\Ad-Aware 
 
Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareAvcEngine.dll
2014-08-27 12:53 - 2014-08-27 12:53 - 00154944 _____ () C:\Program Files\Lavasoft\Ad-Aware 
 
Antivirus\Ad-Aware Antivirus\11.3.6321.0\SecurityCenter.dll
2014-10-05 16:08 - 2014-10-05 16:08 - 00301152 _____ () D:\Program Files\AVAST Software\Avast
 
\aswProperty.dll
2014-10-09 20:48 - 2014-10-09 20:48 - 02859008 _____ () D:\Program Files\AVAST Software\Avast
 
\defs\14100901\algo.dll
2014-10-11 10:23 - 2014-10-11 10:23 - 02873856 _____ () D:\Program Files\AVAST Software\Avast
 
\defs\14101100\algo.dll
2013-10-30 23:33 - 2013-10-30 23:33 - 00073728 _____ () C:\Program Files (x86)\D-Link\DWA-
 
123\ANPDApi.dll
2012-09-23 20:44 - 2012-09-23 20:44 - 00010240 _____ () D:\Program Files\Adobe\Acrobat 
 
11.0\Acrobat\locale\hu_hu\acrotray.hun
2014-10-05 16:08 - 2014-10-05 16:08 - 19329904 _____ () D:\Program Files\AVAST Software\Avast
 
\libcef.dll
2014-09-20 12:25 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & 
 
Destroy 2\snlThirdParty150.bpl
2014-09-20 12:25 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & 
 
Destroy 2\DEC150.bpl
2014-09-20 12:25 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & 
 
Destroy 2\snlFileFormats150.bpl
2011-04-19 15:52 - 2009-10-02 13:18 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® 
 
Rapid Storage Technology\IsdiInterop.dll
2014-09-20 12:25 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & 
 
Destroy 2\sqlite3.dll
2014-09-20 12:25 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & 
 
Destroy 2\av\BDSmartDB.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files
 
\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:45 - 2010-10-20 16:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office
 
\Office14\1033\GrooveIntlResource.dll
2014-09-25 09:46 - 2014-09-23 06:06 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome
 
\Application\37.0.2062.124\libglesv2.dll
2014-09-25 09:46 - 2014-09-23 06:06 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome
 
\Application\37.0.2062.124\libegl.dll
2014-09-25 09:46 - 2014-09-23 06:07 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome
 
\Application\37.0.2062.124\pdf.dll
2014-09-25 09:46 - 2014-09-23 06:07 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome
 
\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll
2014-09-25 09:46 - 2014-09-23 06:06 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome
 
\Application\37.0.2062.124\ffmpegsumo.dll
2014-09-25 09:46 - 2014-09-23 06:07 - 14891848 _____ () C:\Program Files (x86)\Google\Chrome
 
\Application\37.0.2062.124\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:689AB7E9
AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The 
 
"AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\79809006.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\84502521.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\79809006.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\84502521.sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will 
 
be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^Users^korovjov^AppData^Roaming^Microsoft^Windows^Start 
 
Menu^Programs^Startup^at.lnk => C:\Windows\pss\at.lnk.Startup
MSCONFIG\startupfolder: C:^Users^korovjov^AppData^Roaming^Microsoft^Windows^Start 
 
Menu^Programs^Startup^label.lnk => C:\Windows\pss\label.lnk.Startup
MSCONFIG\startupfolder: C:^Users^korovjov^AppData^Roaming^Microsoft^Windows^Start 
 
Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2010 
 
Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupfolder: C:^Users^korovjov^AppData^Roaming^Microsoft^Windows^Start 
 
Menu^Programs^Startup^poqexec.lnk => C:\Windows\pss\poqexec.lnk.Startup
MSCONFIG\startupfolder: C:^Users^korovjov^AppData^Roaming^Microsoft^Windows^Start 
 
Menu^Programs^Startup^rasdial.lnk => C:\Windows\pss\rasdial.lnk.Startup
MSCONFIG\startupfolder: C:^Users^korovjov^AppData^Roaming^Microsoft^Windows^Start 
 
Menu^Programs^Startup^regini.lnk => C:\Windows\pss\regini.lnk.Startup
MSCONFIG\startupreg: AdAwareTray => "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware 
 
Antivirus\11.3.6321.0\AdAwareTray.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM
 
\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE
 
\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe
 
\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: DAEMON Tools Lite => "D:\Program Files\DAEMON Tools Lite\DTLite.exe" -
 
autorun
MSCONFIG\startupreg: Facebook Update => "C:\Users\korovjov\AppData\Local\Facebook\Update
 
\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: GoldWord => D:\Program Files\GoldWord\gw.exe s
MSCONFIG\startupreg: iTunesHelper => "D:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update
 
\jusched.exe"
 
========================= Accounts: ==========================
 
ASPNET (S-1-5-21-1772277445-4011010567-3041638281-1002 - Limited - Enabled)
korovjov (S-1-5-21-1772277445-4011010567-3041638281-1000 - Administrator - Enabled) => C:\Users
 
\korovjov
Rendszergazda (S-1-5-21-1772277445-4011010567-3041638281-500 - Administrator - Disabled)
Vendég (S-1-5-21-1772277445-4011010567-3041638281-501 - Limited - Disabled)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/11/2014 10:20:24 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: A szolgáltatás nem indítható el. System.ApplicationException: Cannot start service.  
 
Service did not stop gracefully the last time it was run.
   a következő helyen: BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   a következő helyen: System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (10/10/2014 07:01:05 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: A szolgáltatás nem indítható el. System.ApplicationException: Cannot start service.  
 
Service did not stop gracefully the last time it was run.
   a következő helyen: BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   a következő helyen: System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (10/10/2014 04:48:03 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: A szolgáltatás nem indítható el. System.ApplicationException: Cannot start service.  
 
Service did not stop gracefully the last time it was run.
   a következő helyen: BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   a következő helyen: System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (10/09/2014 08:45:28 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: A szolgáltatás nem indítható el. System.ApplicationException: Cannot start service.  
 
Service did not stop gracefully the last time it was run.
   a következő helyen: BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   a következő helyen: System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (10/09/2014 09:20:03 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: A szolgáltatás nem indítható el. System.ApplicationException: Cannot start service.  
 
Service did not stop gracefully the last time it was run.
   a következő helyen: BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   a következő helyen: System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (10/09/2014 05:35:57 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: A szolgáltatás nem indítható el. System.ApplicationException: Cannot start service.  
 
Service did not stop gracefully the last time it was run.
   a következő helyen: BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   a következő helyen: System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (10/08/2014 01:53:44 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Aktiválási környezet létrehozása sikertelen a következőhöz: "assemblyIdentity1". 
 
Hiba a(z) "assemblyIdentity2" jegyzék- vagy házirendfájl assemblyIdentity3. sorában.
A(z) "x64" érték (attribútum: "processorArchitecture", elem: "assemblyIdentity") érvénytelen.
 
Error: (10/08/2014 01:22:31 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: A szolgáltatás nem indítható el. System.ApplicationException: Cannot start service.  
 
Service did not stop gracefully the last time it was run.
   a következő helyen: BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   a következő helyen: System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (10/07/2014 10:04:01 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: A(z) mbam.exe program (verzió: 1.0.0.532) kommunikációja a Windows rendszerrel 
 
megszakadt, ezért a program leállt. A hibával kapcsolatos további információkért ellenőrizze a 
 
probléma előzményeit a Műveletközpont vezérlőpulton.
 
Folyamatazonosító: 1148
 
Kezdés: 01cfe25c98fe36a0
 
Befejezés: 2
 
Alkalmazás elérési útja: D:\Program Files\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware
 
\mbam.exe
 
Jelentés azonosítója: 129314a6-4e5d-11e4-a03f-6cf0497de6ed
 
Error: (10/07/2014 08:28:00 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: A szolgáltatás nem indítható el. System.ApplicationException: Cannot start service.  
 
Service did not stop gracefully the last time it was run.
   a következő helyen: BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   a következő helyen: System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
 
System errors:
=============
Error: (10/11/2014 10:20:24 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: A szolgáltatás (BlueStacks Android Service) leállt a következő hibával: 
%%1064
 
Error: (10/11/2014 10:20:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: A szolgáltatás (NTPort Library Driver) a következő hiba következtében leállt: 
%%2
 
Error: (10/11/2014 10:20:12 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: A szolgáltatás (vToolbarUpdater3.2.0) a következő hiba következtében leállt: 
%%2
 
Error: (10/11/2014 10:19:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: A szolgáltatás (Spybot-S&D 2 Scanner Service) a következő hiba következtében leállt: 
%%1053
 
Error: (10/11/2014 10:19:50 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Letelt egy időkorlát (30000 ms) a(z) Spybot-S&D 2 Scanner Service szolgáltatás 
 
kapcsolódására való várakozás közben.
 
Error: (10/11/2014 10:19:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: A szolgáltatás (JMB36X) a következő hiba következtében leállt: 
%%2
 
Error: (10/10/2014 07:01:05 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: A szolgáltatás (BlueStacks Android Service) leállt a következő hibával: 
%%1064
 
Error: (10/10/2014 07:01:01 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: A szolgáltatás (NTPort Library Driver) a következő hiba következtében leállt: 
%%2
 
Error: (10/10/2014 07:00:59 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: A szolgáltatás (vToolbarUpdater3.2.0) a következő hiba következtében leállt: 
%%2
 
Error: (10/10/2014 07:00:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: A szolgáltatás (Spybot-S&D 2 Scanner Service) a következő hiba következtében leállt: 
%%1053
 
 
Microsoft Office Sessions:
=========================
Error: (10/11/2014 10:20:24 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: A szolgáltatás nem indítható el. System.ApplicationException: Cannot start service.  
 
Service did not stop gracefully the last time it was run.
   a következő helyen: BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   a következő helyen: System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (10/10/2014 07:01:05 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: A szolgáltatás nem indítható el. System.ApplicationException: Cannot start service.  
 
Service did not stop gracefully the last time it was run.
   a következő helyen: BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   a következő helyen: System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (10/10/2014 04:48:03 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: A szolgáltatás nem indítható el. System.ApplicationException: Cannot start service.  
 
Service did not stop gracefully the last time it was run.
   a következő helyen: BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   a következő helyen: System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (10/09/2014 08:45:28 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: A szolgáltatás nem indítható el. System.ApplicationException: Cannot start service.  
 
Service did not stop gracefully the last time it was run.
   a következő helyen: BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   a következő helyen: System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (10/09/2014 09:20:03 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: A szolgáltatás nem indítható el. System.ApplicationException: Cannot start service.  
 
Service did not stop gracefully the last time it was run.
   a következő helyen: BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   a következő helyen: System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (10/09/2014 05:35:57 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: A szolgáltatás nem indítható el. System.ApplicationException: Cannot start service.  
 
Service did not stop gracefully the last time it was run.
   a következő helyen: BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   a következő helyen: System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (10/08/2014 01:53:44 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityprocessorArchitecturex64c:\program files\R\r-2.15.2\Tcl
 
\bin64\tk85.dllc:\program files\R\r-2.15.2\Tcl\bin64\tk85.dll9
 
Error: (10/08/2014 01:22:31 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: A szolgáltatás nem indítható el. System.ApplicationException: Cannot start service.  
 
Service did not stop gracefully the last time it was run.
   a következő helyen: BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   a következő helyen: System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (10/07/2014 10:04:01 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: mbam.exe1.0.0.532114801cfe25c98fe36a02D:\Program Files\Malwarebytes' Anti-Malware
 
\Malwarebytes Anti-Malware\mbam.exe129314a6-4e5d-11e4-a03f-6cf0497de6ed
 
Error: (10/07/2014 08:28:00 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: A szolgáltatás nem indítható el. System.ApplicationException: Cannot start service.  
 
Service did not stop gracefully the last time it was run.
   a következő helyen: BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   a következő helyen: System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-10-05 11:06:24.100
  Description: Windows is unable to verify the image integrity of the file \Device
 
\HarddiskVolume2\Windows\System32\drivers\atksgt.sys because file hash could not be found on the 
 
system. A recent hardware or software change might have installed a file that is signed 
 
incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-10-05 11:06:23.999
  Description: Windows is unable to verify the image integrity of the file \Device
 
\HarddiskVolume2\Windows\System32\drivers\atksgt.sys because file hash could not be found on the 
 
system. A recent hardware or software change might have installed a file that is signed 
 
incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-10-05 11:06:23.887
  Description: Windows is unable to verify the image integrity of the file \Device
 
\HarddiskVolume2\Windows\System32\drivers\lirsgt.sys because file hash could not be found on the 
 
system. A recent hardware or software change might have installed a file that is signed 
 
incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-10-05 11:06:23.787
  Description: Windows is unable to verify the image integrity of the file \Device
 
\HarddiskVolume2\Windows\System32\drivers\lirsgt.sys because file hash could not be found on the 
 
system. A recent hardware or software change might have installed a file that is signed 
 
incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-10-05 11:06:06.219
  Description: Windows is unable to verify the image integrity of the file \Device
 
\HarddiskVolume2\Windows\System32\drivers\atksgt.sys because file hash could not be found on the 
 
system. A recent hardware or software change might have installed a file that is signed 
 
incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-10-05 11:06:06.119
  Description: Windows is unable to verify the image integrity of the file \Device
 
\HarddiskVolume2\Windows\System32\drivers\atksgt.sys because file hash could not be found on the 
 
system. A recent hardware or software change might have installed a file that is signed 
 
incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-10-05 11:06:06.004
  Description: Windows is unable to verify the image integrity of the file \Device
 
\HarddiskVolume2\Windows\System32\drivers\lirsgt.sys because file hash could not be found on the 
 
system. A recent hardware or software change might have installed a file that is signed 
 
incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-10-05 11:06:05.904
  Description: Windows is unable to verify the image integrity of the file \Device
 
\HarddiskVolume2\Windows\System32\drivers\lirsgt.sys because file hash could not be found on the 
 
system. A recent hardware or software change might have installed a file that is signed 
 
incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-10-05 11:05:39.800
  Description: Windows is unable to verify the image integrity of the file \Device
 
\HarddiskVolume2\Windows\System32\drivers\atksgt.sys because file hash could not be found on the 
 
system. A recent hardware or software change might have installed a file that is signed 
 
incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-10-05 11:05:39.699
  Description: Windows is unable to verify the image integrity of the file \Device
 
\HarddiskVolume2\Windows\System32\drivers\atksgt.sys because file hash could not be found on the 
 
system. A recent hardware or software change might have installed a file that is signed 
 
incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7 CPU 860 @ 2.80GHz
Percentage of memory in use: 77%
Total physical RAM: 4091.49 MB
Available physical RAM: 921.99 MB
Total Pagefile: 8181.16 MB
Available Pagefile: 3567.68 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:100 GB) (Free:4.4 GB) NTFS
Drive d: () (Fixed) (Total:1297.17 GB) (Free:551.67 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: E54A091F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=1297.2 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

Edited by korovjov, 11 October 2014 - 05:41 AM.


BC AdBot (Login to Remove)

 


#2 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:05:50 PM

Posted 11 October 2014 - 12:11 PM

Hi korovjov and Welcome to BleepingComputer !

I am currently looking though your logs and will advice you on what to do in my next reply.

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#3 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:05:50 PM

Posted 11 October 2014 - 03:51 PM

Hello korovjov

I'm Seedy21 and I will be helping you with your issues.

Please note the following information about the malware forum:
 

  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by me
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • Please reply within 48 hours, if you are going to be away for longer please let us know or the topic will be closed for been inactive
  • If you are using Cracked or Illegal software your thread will be closed

Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close.


Step 1
Multiple Antivirus Programs

You are running more than 1 Antivirus program!
avast! Antivirus
AVG Anti-Virus Free Edition 2012
Running - more than one - antivirus program is not recommended because:

  • They can conflict with each other.
  • Report the other antivirus software as malicious.
  • Antivirus programs use an enormous amount of computer's resources... actively scanning your computer.

Can cause your computer to become unstable...run slowly and even, in rare cases, crash.[/list] I strongly suggest you uninstall one of them. Which one, is your decision.

Step 2

  • Click on Start -> Control Panel -> Add/Remove Programs
  • Uninstall the following Programs:-
    Ad-Aware Antivirus
    Bonjour
    Spybot - Search and Destroy
    SpyHunter
  • Close the Add/Remove Programs and Control Panel

Restart your computer


Step 3

Please download Defogger and save it to your Desktop.

 

  • Double click Defogger.exe to run the program.
    Note Windows Vista /7 should right click and Run As Administrator
  • Click on Disable and then Yes. The Scan may take a while to complete
  • When this has completed you will get a new window open with the Finished box, click Continue and Close Defogger Down


    Step 4

    Open notepad. Please copy the contents of the code box below.
    To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
    Save it on the Desktop as fixlist.txt

    CloseProcesses:
    HKLM\...\Run: [] => [X]
    HKLM-x32\...\Run: [] => [X]
    HKU\S-1-5-21-1772277445-4011010567-3041638281-1000\...\Run: [Olrdics] => regsvr32.exe C:\Users\korovjov\AppData\Local\Olrdics\webapp-uninstaller.dll <===== ATTENTION
    URLSearchHook: HKCU - (No Name) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - No File
    URLSearchHook: HKCU - (No Name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No File
    FF Extension: Conduit Engine  - C:\Users\korovjov\AppData\Roaming\Mozilla\Firefox\Profiles\p5m7w0sb.default\Extensions\engine@conduit.com [2011-05-02]
    CHR Extension: (BitTorrentBar) - C:\Users\korovjov\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhfdcmehmjcclgopdodkjdicohagipid [2013-08-03]
    CHR HKCU\...\Chrome\Extension: [mhfdcmehmjcclgopdodkjdicohagipid] - C:\Users\korovjov\AppData\Local\CRE\mhfdcmehmjcclgopdodkjdicohagipid.crx [2012-06-07]
    CHR HKLM-x32\...\Chrome\Extension: [mhfdcmehmjcclgopdodkjdicohagipid] - C:\Users\korovjov\AppData\Local\CRE\mhfdcmehmjcclgopdodkjdicohagipid.crx [2012-06-07]
    Task: {5B619890-EB2C-4144-95B1-2730A3DBBDBE} - System32\Tasks\Security Center Update - 1760769643 => C:\Users\korovjov\AppData\Roaming\Ishaewga\riell.exe <==== ATTENTION
    Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
    Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
    Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
    Task: {80C5DC83-9113-4266-A78F-BFC47920E1FB} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-17] ()
    Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe
    AlternateDataStreams: C:\ProgramData\TEMP:689AB7E9
    AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9
    C:\Users\korovjov\AppData\Local\Olrdics\
    C:\ProgramData\Spybot - Search & Destroy
    C:\Program Files (x86)\Spybot - Search & Destroy 2
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
    C:\Windows\system32\sdnclean64.exe
    C:\Users\korovjov\Downloads\spybot-2.4.exe
    C:\Users\korovjov\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
    C:\sh4ldr
    C:\Program Files\Enigma Software Group
    C:\Windows\system32\Drivers\EsgScanner.sys
    C:\Users\korovjov\Downloads\SpyHunter-Installer (1).exe
    C:\Users\korovjov\Downloads\SpyHunter-Installer.exe
    C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
    C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
    C:\Users\korovjov\AppData\Roaming\Wise Registry Cleaner
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner
    C:\Users\korovjov\Downloads\WRCFree.exe
    C:\Users\korovjov\AppData\Local\YtjcPack
    C:\Users\korovjov\AppData\Local\Olrdics
    C:\Users\korovjov\AppData\Roaming\BitTorrent
    C:\Users\korovjov\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp63k6n9.dll
    C:\Users\korovjov\AppData\Roaming\Ishaewga\
    C:\ProgramData\Microsoft\Secure\Icons\temp\
    Hosts:
    EmptyTemp:
    
    Please move FRST64 to your DESKTOP !

    NOTICE: This script was written specifically for this user, for use on that particular machine.
    Running this on another machine may cause damage to your operating system
  • Run FRST64 and press the Fix button just once and wait.
    The tool will make a log on the desktop (Fixlog.txt) please post it to your reply.

     

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#4 korovjov

korovjov
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:50 PM

Posted 12 October 2014 - 01:14 AM

Hello, seedy21,

 

Thank you so much for the fast reply! I've completed the above steps (uninstalling AVG first). See the fixlog below.

 

A few other infos:

-I used Security task manager to disable a few suspicious processes.

-Some processes could not be disabled, and for example "dllhost" (COM surrogate) kept appearing-disappearing at random times. Now it's not there

-Now I haven't received any notifications about viruses since yesterday, but I've had optimistic days before, and then the problems reoccur, and several different viruses, malware/trojan agents start to show up again under different names (Hijack trojan, IDP trojan, etc.)

 

Ok, just thought to let you know.. So, I'm awaiting the next instructions :)

 

---

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-10-2014 01
Ran by korovjov at 2014-10-12 07:53:54 Run:1
Running from C:\Users\korovjov\Desktop
Loaded Profile: korovjov (Available profiles: korovjov)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CloseProcesses:
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1772277445-4011010567-3041638281-1000\...\Run: [Olrdics] => regsvr32.exe C:\Users\korovjov\AppData\Local\Olrdics\webapp-uninstaller.dll <===== ATTENTION
URLSearchHook: HKCU - (No Name) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - No File
URLSearchHook: HKCU - (No Name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No File
FF Extension: Conduit Engine  - C:\Users\korovjov\AppData\Roaming\Mozilla\Firefox\Profiles\p5m7w0sb.default\Extensions\engine@conduit.com [2011-05-02]
CHR Extension: (BitTorrentBar) - C:\Users\korovjov\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhfdcmehmjcclgopdodkjdicohagipid [2013-08-03]
CHR HKCU\...\Chrome\Extension: [mhfdcmehmjcclgopdodkjdicohagipid] - C:\Users\korovjov\AppData\Local\CRE\mhfdcmehmjcclgopdodkjdicohagipid.crx [2012-06-07]
CHR HKLM-x32\...\Chrome\Extension: [mhfdcmehmjcclgopdodkjdicohagipid] - C:\Users\korovjov\AppData\Local\CRE\mhfdcmehmjcclgopdodkjdicohagipid.crx [2012-06-07]
Task: {5B619890-EB2C-4144-95B1-2730A3DBBDBE} - System32\Tasks\Security Center Update - 1760769643 => C:\Users\korovjov\AppData\Roaming\Ishaewga\riell.exe <==== ATTENTION
Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {80C5DC83-9113-4266-A78F-BFC47920E1FB} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-17] ()
Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe
AlternateDataStreams: C:\ProgramData\TEMP:689AB7E9
AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9
C:\Users\korovjov\AppData\Local\Olrdics\
C:\ProgramData\Spybot - Search & Destroy
C:\Program Files (x86)\Spybot - Search & Destroy 2
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
C:\Windows\system32\sdnclean64.exe
C:\Users\korovjov\Downloads\spybot-2.4.exe
C:\Users\korovjov\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
C:\sh4ldr
C:\Program Files\Enigma Software Group
C:\Windows\system32\Drivers\EsgScanner.sys
C:\Users\korovjov\Downloads\SpyHunter-Installer (1).exe
C:\Users\korovjov\Downloads\SpyHunter-Installer.exe
C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
C:\Users\korovjov\AppData\Roaming\Wise Registry Cleaner
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner
C:\Users\korovjov\Downloads\WRCFree.exe
C:\Users\korovjov\AppData\Local\YtjcPack
C:\Users\korovjov\AppData\Local\Olrdics
C:\Users\korovjov\AppData\Roaming\BitTorrent
C:\Users\korovjov\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp63k6n9.dll
C:\Users\korovjov\AppData\Roaming\Ishaewga\
C:\ProgramData\Microsoft\Secure\Icons\temp\
Hosts:
EmptyTemp:
*****************
 
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\S-1-5-21-1772277445-4011010567-3041638281-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Olrdics => value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{51a86bb3-6602-4c85-92a5-130ee4864f13} => value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} => value deleted successfully.
C:\Users\korovjov\AppData\Roaming\Mozilla\Firefox\Profiles\p5m7w0sb.default\Extensions\engine@conduit.com => Moved successfully.
C:\Users\korovjov\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhfdcmehmjcclgopdodkjdicohagipid => Moved successfully.
"HKCU\SOFTWARE\Google\Chrome\Extensions\mhfdcmehmjcclgopdodkjdicohagipid" => Key deleted successfully.
C:\Users\korovjov\AppData\Local\CRE\mhfdcmehmjcclgopdodkjdicohagipid.crx => Moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mhfdcmehmjcclgopdodkjdicohagipid" => Key deleted successfully.
"C:\Users\korovjov\AppData\Local\CRE\mhfdcmehmjcclgopdodkjdicohagipid.crx" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5B619890-EB2C-4144-95B1-2730A3DBBDBE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5B619890-EB2C-4144-95B1-2730A3DBBDBE}" => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 1760769643 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 1760769643" => Key deleted successfully.
C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => Moved successfully.
C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => Moved successfully.
C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{80C5DC83-9113-4266-A78F-BFC47920E1FB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{80C5DC83-9113-4266-A78F-BFC47920E1FB}" => Key deleted successfully.
C:\Windows\System32\Tasks\ROC_REG_JAN_DELETE => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ROC_REG_JAN_DELETE" => Key deleted successfully.
C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => Moved successfully.
C:\ProgramData\TEMP => ":689AB7E9" ADS removed successfully.
C:\ProgramData\TEMP => ":CB0AACC9" ADS removed successfully.
C:\Users\korovjov\AppData\Local\Olrdics => Moved successfully.
C:\ProgramData\Spybot - Search & Destroy => Moved successfully.
C:\Program Files (x86)\Spybot - Search & Destroy 2 => Moved successfully.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2" => File/Directory not found.
"C:\Windows\system32\sdnclean64.exe" => File/Directory not found.
C:\Users\korovjov\Downloads\spybot-2.4.exe => Moved successfully.
"C:\Users\korovjov\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter" => File/Directory not found.
"C:\sh4ldr" => File/Directory not found.
C:\Program Files\Enigma Software Group => Moved successfully.
"C:\Windows\system32\Drivers\EsgScanner.sys" => File/Directory not found.
C:\Users\korovjov\Downloads\SpyHunter-Installer (1).exe => Moved successfully.
C:\Users\korovjov\Downloads\SpyHunter-Installer.exe => Moved successfully.
"C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job" => File/Directory not found.
"C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job" => File/Directory not found.
C:\Users\korovjov\AppData\Roaming\Wise Registry Cleaner => Moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner => Moved successfully.
C:\Users\korovjov\Downloads\WRCFree.exe => Moved successfully.
C:\Users\korovjov\AppData\Local\YtjcPack => Moved successfully.
"C:\Users\korovjov\AppData\Local\Olrdics" => File/Directory not found.
C:\Users\korovjov\AppData\Roaming\BitTorrent => Moved successfully.
C:\Users\korovjov\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp63k6n9.dll => Moved successfully.
C:\Users\korovjov\AppData\Roaming\Ishaewga => Moved successfully.
C:\ProgramData\Microsoft\Secure\Icons\temp => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 1.6 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====


#5 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:05:50 PM

Posted 12 October 2014 - 03:48 PM

Hi korovjov
 

Now I haven't received any notifications about viruses since yesterday, but I've had optimistic days before, and then the problems reoccur, and several different viruses, malware/trojan agents start to show up again under different names (Hijack trojan, IDP trojan, etc.)


Please let me know if your Anti-virus finds it again and also the Path of the Infected file.

RogueKiller.png Scan with RogueKiller

Please download RogueKiller and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on RogueKiller.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the pre-scan will be done. It shouldn't take more than 2-3 minutes.
  • Accept the Terms of use.
  • When the Scan button becomes available, please click it. RogueKiller will start a full scan.
  • Let this process run uninterrupted!.
  • When finished, a Report button will become available. Click it. You will be presented with a logfile.

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#6 korovjov

korovjov
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:50 PM

Posted 12 October 2014 - 04:30 PM

Hi, seedy21,

 

Thank you once more! The scan has just been completed, please find the log below. Not sure what to do now - should I delete the listed elements?

 

(Now that I see, the first path is pretty damn suspicious! SecureIcons Provider... The infected files had appeared in C:\ProgramData\Microsoft\Secure\Icons\temp earlier. However, I think I'll just leave things be until you reply. No new infections detected so far, although I haven't initiated an antivirus / Malwarebytes search since yesterday...)

 

---

 

RogueKiller V10.0.1.0 [Oct 10 2014] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : korovjov [Administrator]
Mode : Scan -- Date : 10/12/2014  23:27:24
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 24 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\1SecureIconsProvider | (default) : {FC9D8189-520A-4417-AED7-9EAC810C6FBA}  -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\gdrv (\??\C:\Windows\gdrv.sys) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gdrv (\??\C:\Windows\gdrv.sys) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\gdrv (\??\C:\Windows\gdrv.sys) -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 84.2.46.1 84.2.44.1  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 84.2.46.1 84.2.44.1  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 84.2.46.1 84.2.44.1  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6C2C7714-871C-4A61-B44C-A05E8FF0A7B5} | DhcpNameServer : 84.2.44.1 84.2.46.1  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A6D15746-4853-429B-811F-88F20005E462} | DhcpNameServer : 84.2.46.1 84.2.44.1  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E4C2E3F5-CECC-409A-AB8C-AC3E9C3AC6ED} | DhcpNameServer : 84.2.46.1 84.2.44.1  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{6C2C7714-871C-4A61-B44C-A05E8FF0A7B5} | DhcpNameServer : 84.2.44.1 84.2.46.1  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{A6D15746-4853-429B-811F-88F20005E462} | DhcpNameServer : 84.2.46.1 84.2.44.1  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{E4C2E3F5-CECC-409A-AB8C-AC3E9C3AC6ED} | DhcpNameServer : 84.2.46.1 84.2.44.1  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{6C2C7714-871C-4A61-B44C-A05E8FF0A7B5} | DhcpNameServer : 84.2.44.1 84.2.46.1  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{A6D15746-4853-429B-811F-88F20005E462} | DhcpNameServer : 84.2.46.1 84.2.44.1  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{E4C2E3F5-CECC-409A-AB8C-AC3E9C3AC6ED} | DhcpNameServer : 84.2.46.1 84.2.44.1  -> Found
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1772277445-4011010567-3041638281-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1772277445-4011010567-3041638281-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤
 
¤¤¤ Web browsers : 3 ¤¤¤
[PUP][FIREFX:Addon] p5m7w0sb.default : DVDVideoSoft YouTube MP3 and Video Download [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] -> Found
[PUP][FIREFX:Addon] p5m7w0sb.default : AVG Web TuneUp [avg@toolbar] -> Found
[PUM.HomePage][FIREFX:Config] p5m7w0sb.default : user_pref("browser.startup.homepage", "https://mysearch.avg.com?cid={964C05CB-951F-4962-ABAD-D9E4291573BF}&mid=07e53b2b54194e2992aac86854fa5551-61eadd4d372409aca854c37bfd877771a0cf5a49&lang=hu&ds=AVG&coid=avgtbavg&pr=fr&d=2014-09-09 11:53:30&v=3.2.0.15&pid=wtu&sg=&sap=hp"); -> Found
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG HD154UI SCSI Disk Device +++++
--- User ---
[MBR] d0a6a3c201319a6e61798ee4ae7d9454
[BSP] 75246b137086d97a4f9e66aa4d916cf2 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 102400 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 209922048 | Size: 1328297 MB
User = LL1 ... OK
Error reading LL2 MBR! ([1] Nem megfelel? funkció. )

Edited by korovjov, 12 October 2014 - 04:37 PM.


#7 korovjov

korovjov
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:50 PM

Posted 12 October 2014 - 10:23 PM

Okay, so I left the TogueKiler window open, but in the menatime, ran a Malewarebytes Anti-malware scan, which found a threat:

 

Trojan.Dorkbot.ED, C:\FRST\Quarantine\C\ProgramData\Microsoft\Secure\Icons\temp\tmpFE99.exe, , [6412b45f6517dc5a32c78be71be6de22] - now in quarantine.

 

Just thought to let you know.

 

Cheers



#8 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:05:50 PM

Posted 13 October 2014 - 02:20 PM

Hi korovjov
 
Step 1
 

RogueKiller.png Fix with RogueKiller
 
Please re-run RogueKiller.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on RogueKiller.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the pre-scan will be done. It shouldn't take more than 2-3 minutes.
  • Accept the Terms of use.
  • When the Scan button becomes available, please click it. RogueKiller will start a full scan.
  • Upon completion, Mark sure only the following are checked :-

[PUP][FIREFX:Addon] p5m7w0sb.default : DVDVideoSoft YouTube MP3 and Video Download [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] -> Found
[PUP][FIREFX:Addon] p5m7w0sb.default : AVG Web TuneUp [avg@toolbar] -> Found
[PUM.HomePage][FIREFX:Config] p5m7w0sb.default : user_pref("browser.startup.homepage", "https://mysearch.avg.com?cid={964C05CB-951F-4962-ABAD-D9E4291573BF}&mid=07e53b2b54194e2992aac86854fa5551-61eadd4d372409aca854c37bfd877771a0cf5a49&lang=hu&ds=AVG&coid=avgtbavg&pr=fr&d=2014-09-09 11:53:30&v=3.2.0.15&pid=wtu&sg=&sap=hp"); -> Found

  • The Delete button will become available. Click it.
  • Removal process may take some time. Also your machine may be restarted during this procedure. It's normal.
  • Let this process run uninterrupted!.
  • When finished, a Report button will become available. Click it. You will be presented with a logfile.

Please include the content of this logfile in your next reply.
 
 
Step 2
 
More information about Installing and run Combofix can be found HERE

Please download ComboFix from one of the following locations:

**IMPORTANT! Save ComboFix to your Desktop. Read the following thoroughly

  • Close any open browsers.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs
  • Double click on 'ComboFix.exe' & follow the prompts.
  • If ComboFix finds any Updates, Please allow ComboFix to run them.
  • ComboFix will now disconnect your computer from the Internet and start scanning for Malware so do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet. When ComboFix has finished it will automatically restore your Internet connection. please be patient.
  • When the scan finished, it will delete the malware found and reboot your computer automatically. Don't reboot your computer manually, let ComboFix do it.
  • Once your computer is rebooted, ComboFix will start preparing a log. Please let it do so unhindered.
  • If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.

Please include the contents of C:\ComboFix.txt in your next reply.

Please Enable your Anti-virus Software again !!

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. ComboFix may reset a number of Internet Explorer's settings, including making Internet Explorer the default browser.
4. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security.


“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#9 korovjov

korovjov
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:50 PM

Posted 14 October 2014 - 05:14 AM

Hello, speedy21,

 

Done, please find the log below. But I also have to confess: In your previous post, you instructed me to delet only the given few elements (which I did afterwards) - But since until yesterday I haven't received a reply from you, and I had to power off th PC, I deleted all the suspicious registry keys and paths listed by Roguekiller in my previous post. I did not want to leave it that way... I don't know if it's a really bad thing or not - my system is working (although the infection remained up until now (more files have been detected, and dllhost process was active again yesterday).

 

It is strange, that sometimes the system seems to be clean and quiet and then these processes become active again, and avast is signalling threats and new infected files, such as:

 

C:\ProgramData\Microsoft\Secure\Icons\temp\tmp2727.exe
C:\ProgramData\Microsoft\Secure\Icons\temp\tmp7A47.exe
 
Also, in this current ComboFix log, there are a few suspicious things for me regarding Adobe Flash Player (e.g.: 2014-10-14 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-21 01:09]). Just a reminder: once I received constant FlashPlayerUpdate pop-up windows, which were obviously manipulated (the other user reported the same).
 
Anyways, here are the two logs.
 
**********From RogueKiller:**********
RogueKiller V10.0.1.0 [Oct 10 2014] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : korovjov [Administrator]
Mode : Scan -- Date : 10/14/2014  06:29:28
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 6 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 84.2.46.1 84.2.44.1  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 84.2.46.1 84.2.44.1  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 84.2.46.1 84.2.44.1  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A6D15746-4853-429B-811F-88F20005E462} | DhcpNameServer : 84.2.46.1 84.2.44.1  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{A6D15746-4853-429B-811F-88F20005E462} | DhcpNameServer : 84.2.46.1 84.2.44.1  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{A6D15746-4853-429B-811F-88F20005E462} | DhcpNameServer : 84.2.46.1 84.2.44.1  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
 
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤
 
¤¤¤ Web browsers : 3 ¤¤¤
[PUP][FIREFX:Addon] p5m7w0sb.default : DVDVideoSoft YouTube MP3 and Video Download [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] -> Found
[PUP][FIREFX:Addon] p5m7w0sb.default : AVG Web TuneUp [avg@toolbar] -> Found
[PUM.HomePage][FIREFX:Config] p5m7w0sb.default : user_pref("browser.startup.homepage", "https://mysearch.avg.com?cid={964C05CB-951F-4962-ABAD-D9E4291573BF}&mid=07e53b2b54194e2992aac86854fa5551-61eadd4d372409aca854c37bfd877771a0cf5a49&lang=hu&ds=AVG&coid=avgtbavg&pr=fr&d=2014-09-09 11:53:30&v=3.2.0.15&pid=wtu&sg=&sap=hp"); -> Found
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG HD154UI SCSI Disk Device +++++
--- User ---
[MBR] d0a6a3c201319a6e61798ee4ae7d9454
[BSP] 75246b137086d97a4f9e66aa4d916cf2 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 102400 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 209922048 | Size: 1328297 MB
User = LL1 ... OK
Error reading LL2 MBR! ([1] Nem megfelel? funkció. )
 
 
============================================
RKreport_DEL_10132014_201845.log - RKreport_DEL_10132014_201918.log - RKreport_SCN_10122014_232724.log
 
 
 
 
****************From ComboFix:****************
ComboFix 14-10-13.01 - korovjov 014.10.14.  11:52:58.1.8 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1250.36.1038.18.4091.2596 [GMT 2:00]
Running from: c:\users\korovjov\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2014-09-14 to 2014-10-14  )))))))))))))))))))))))))))))))
.
.
2014-10-14 10:00 . 2014-10-14 10:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-10-14 04:23 . 2014-10-14 04:23 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4B6C6E8E-E5DD-4C47-ACBD-58FCD2F02EB8}\offreg.dll
2014-10-13 02:00 . 2014-09-15 00:08 11578928 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4B6C6E8E-E5DD-4C47-ACBD-58FCD2F02EB8}\mpengine.dll
2014-10-12 21:12 . 2014-10-14 04:21 34808 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-10-12 21:12 . 2014-10-12 21:12 -------- d-----w- c:\programdata\RogueKiller
2014-10-12 16:13 . 2014-10-12 16:13 -------- d-----w- c:\users\korovjov\AppData\Roaming\DZED
2014-10-12 16:13 . 2014-10-12 16:13 -------- d-----w- c:\program files (x86)\Common Files\DZED
2014-10-12 12:57 . 2014-10-12 12:57 -------- d-----w- c:\users\korovjov\Dragonframe
2014-10-12 12:46 . 2014-10-12 12:46 -------- d-----w- c:\programdata\DZED
2014-10-12 05:44 . 2014-10-12 05:44 -------- d-----w- c:\windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-10-12 05:34 . 2014-10-12 05:34 -------- d-----w- c:\users\korovjov\AppData\Roaming\TuneUp Software
2014-10-11 09:42 . 2014-10-12 05:56 -------- d-----w- C:\FRST
2014-10-05 14:14 . 2014-10-05 14:14 -------- d-----w- c:\users\korovjov\AppData\Roaming\AVAST Software
2014-10-05 14:08 . 2014-10-05 14:08 92008 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-10-05 14:08 . 2014-10-05 14:08 224896 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-10-05 14:08 . 2014-10-05 14:08 1041168 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-10-05 14:08 . 2014-10-05 14:09 427360 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-10-05 14:08 . 2014-10-05 14:08 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-10-05 14:08 . 2014-10-05 14:08 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-10-05 14:08 . 2014-10-05 14:08 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-10-05 14:08 . 2014-10-05 14:08 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-10-05 14:08 . 2014-10-05 14:08 307344 ----a-w- c:\windows\system32\aswBoot.exe
2014-10-05 14:08 . 2014-10-05 14:08 43152 ----a-w- c:\windows\avastSS.scr
2014-10-05 14:05 . 2014-10-05 14:06 -------- d-----w- c:\programdata\AVAST Software
2014-10-05 12:43 . 2014-10-05 12:43 -------- d-----w- C:\TDSSKiller_Quarantine
2014-10-04 08:53 . 2014-10-04 08:54 -------- d-----w- c:\users\korovjov\AppData\Roaming\Toyzamni
2014-10-01 19:51 . 2013-04-01 21:12 178176 ----a-w- c:\windows\system32\xrhkbzil.dll
2014-10-01 12:28 . 2014-10-01 19:24 -------- d-----w- c:\users\korovjov\AppData\Roaming\Zaexdeel
2014-09-30 20:29 . 2014-09-25 02:08 371712 ----a-w- c:\windows\system32\qdvd.dll
2014-09-30 20:29 . 2014-09-25 01:40 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
2014-09-29 14:22 . 2014-10-01 06:34 -------- d-----w- c:\program files (x86)\William Hill Poker
2014-09-29 13:23 . 2014-09-29 19:21 -------- d-----w- c:\programdata\SecTaskMan
2014-09-29 12:04 . 2014-09-29 12:04 -------- d-----w- c:\users\korovjov\AppData\Roaming\Faritou
2014-09-25 09:53 . 2014-09-25 09:53 -------- d-----w- c:\windows\ERUNT
2014-09-24 18:31 . 2014-09-25 07:38 -------- d-----w- c:\users\korovjov\AppData\Roaming\Cilyyv
2014-09-23 20:40 . 2014-09-09 22:11 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-23 20:40 . 2014-09-09 21:47 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-09-21 16:01 . 2014-10-07 19:19 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-09-20 10:23 . 2014-09-20 10:23 -------- d-----w- c:\users\korovjov\AppData\Roaming\LavasoftStatistics
2014-09-20 10:22 . 2014-09-20 10:22 -------- d-----w- c:\program files\Lavasoft
2014-09-20 10:20 . 2014-09-20 10:20 -------- d-----w- c:\program files\Common Files\Lavasoft
2014-09-20 10:20 . 2014-09-20 10:20 -------- d-----w- c:\programdata\Lavasoft
2014-09-20 07:25 . 2014-09-20 07:25 27256 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-13 18:57 . 2014-08-04 21:35 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-10-01 09:11 . 2014-08-04 21:34 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-10-01 09:11 . 2014-08-04 21:34 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-10-01 09:11 . 2014-01-05 07:33 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-09-28 01:09 . 2013-03-21 09:37 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-09-28 01:09 . 2011-11-30 21:46 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-28 01:07 . 2014-09-10 18:35 3675824 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-09-15 07:06 . 2011-04-19 14:02 278152 ------w- c:\windows\system32\MpSigStub.exe
2014-09-09 09:51 . 2014-09-09 09:53 50976 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2014-09-09 09:48 . 2010-06-24 09:33 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-09-09 09:43 . 2014-09-09 09:43 2498560 ----a-w- c:\programdata\Microsoft\Secure\Icons\IconsCacheHelper.dll
2014-09-09 09:43 . 2014-09-09 09:43 3140096 ----a-w- c:\programdata\Microsoft\Secure\Icons\SecureIconsProvider.dll
2014-08-23 02:07 . 2014-08-28 15:00 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-08-23 01:45 . 2014-08-28 15:00 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-08-23 00:59 . 2014-08-28 15:00 3163648 ----a-w- c:\windows\system32\win32k.sys
2014-08-19 18:05 . 2014-09-11 10:25 374968 ----a-w- c:\windows\system32\iedkcs32.dll
2014-08-18 23:01 . 2014-09-11 10:25 23591424 ----a-w- c:\windows\system32\mshtml.dll
2014-08-18 22:29 . 2014-09-11 10:25 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-08-18 22:29 . 2014-09-11 10:25 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-08-18 22:20 . 2014-09-11 10:25 2793984 ----a-w- c:\windows\system32\iertutil.dll
2014-08-18 22:19 . 2014-09-11 10:25 5833728 ----a-w- c:\windows\system32\jscript9.dll
2014-08-18 22:15 . 2014-09-11 10:25 547328 ----a-w- c:\windows\system32\vbscript.dll
2014-08-18 22:15 . 2014-09-11 10:25 66048 ----a-w- c:\windows\system32\iesetup.dll
2014-08-18 22:14 . 2014-09-11 10:25 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-08-18 22:14 . 2014-09-11 10:25 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-08-18 22:08 . 2014-09-11 10:25 51200 ----a-w- c:\windows\system32\jsproxy.dll
2014-08-18 22:08 . 2014-09-11 10:25 4232704 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-08-18 22:08 . 2014-09-11 10:25 33792 ----a-w- c:\windows\system32\iernonce.dll
2014-08-18 22:05 . 2014-09-11 10:25 596480 ----a-w- c:\windows\system32\ieui.dll
2014-08-18 22:03 . 2014-09-11 10:25 139264 ----a-w- c:\windows\system32\ieUnatt.exe
2014-08-18 22:03 . 2014-09-11 10:25 111616 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-08-18 22:03 . 2014-09-11 10:25 758272 ----a-w- c:\windows\system32\jscript9diag.dll
2014-08-18 21:57 . 2014-09-11 10:25 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-08-18 21:56 . 2014-09-11 10:25 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-08-18 21:51 . 2014-09-11 10:25 446464 ----a-w- c:\windows\system32\dxtmsft.dll
2014-08-18 21:46 . 2014-09-11 10:25 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-08-18 21:45 . 2014-09-11 10:25 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2014-08-18 21:45 . 2014-09-11 10:25 72704 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-08-18 21:44 . 2014-09-11 10:25 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2014-08-18 21:44 . 2014-09-11 10:25 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2014-08-18 21:40 . 2014-09-11 10:25 195584 ----a-w- c:\windows\system32\msrating.dll
2014-08-18 21:39 . 2014-09-11 10:25 85504 ----a-w- c:\windows\system32\mshtmled.dll
2014-08-18 21:38 . 2014-09-11 10:25 289280 ----a-w- c:\windows\system32\dxtrans.dll
2014-08-18 21:36 . 2014-09-11 10:25 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2014-08-18 21:35 . 2014-09-11 10:25 597504 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2014-08-18 21:25 . 2014-09-11 10:25 727040 ----a-w- c:\windows\system32\msfeeds.dll
2014-08-18 21:25 . 2014-09-11 10:25 707072 ----a-w- c:\windows\system32\ie4uinit.exe
2014-08-18 21:23 . 2014-09-11 10:25 2104832 ----a-w- c:\windows\system32\inetcpl.cpl
2014-08-18 21:23 . 2014-09-11 10:25 1249280 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-08-18 21:22 . 2014-09-11 10:25 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-08-18 21:16 . 2014-09-11 10:25 13588480 ----a-w- c:\windows\system32\ieframe.dll
2014-08-18 21:15 . 2014-09-11 10:25 2310656 ----a-w- c:\windows\system32\wininet.dll
2014-08-18 21:08 . 2014-09-11 10:25 2014208 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2014-08-18 21:07 . 2014-09-11 10:25 1068032 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2014-08-18 20:55 . 2014-09-11 10:25 1447424 ----a-w- c:\windows\system32\urlmon.dll
2014-08-18 20:46 . 2014-09-11 10:25 1812992 ----a-w- c:\windows\SysWow64\wininet.dll
2014-08-18 20:38 . 2014-09-11 10:25 775168 ----a-w- c:\windows\system32\ieapfltr.dll
2014-08-01 11:53 . 2014-09-11 06:01 1031168 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-08-01 11:35 . 2014-09-11 06:01 793600 ----a-w- c:\windows\SysWow64\TSWorkspace.dll
2014-07-25 00:35 . 2014-07-25 00:35 875688 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
2014-07-24 21:47 . 2014-07-24 21:47 869544 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\korovjov\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\korovjov\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\korovjov\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\korovjov\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\korovjov\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\korovjov\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\korovjov\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\korovjov\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"StartCCC"="d:\program files\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-12-06 766208]
"Acrobat Assistant 8.0"="d:\program files\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" [2014-09-12 3499920]
"AvastUI.exe"="d:\program files\AVAST Software\Avast\AvastUI.exe" [2014-10-05 4085896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *\0sdnclean64.exe
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 JMB36X;JMB36X;c:\windows\SysWOW64\XSrvSetup.exe;c:\windows\SysWOW64\XSrvSetup.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 vToolbarUpdater3.2.0;vToolbarUpdater3.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\ToolbarUpdater.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys;c:\windows\SYSNATIVE\drivers\libusb0.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows aktiválási technológiák szolgáltatás;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 anodlwf;ANOD Network Security Filter driver;c:\windows\system32\DRIVERS\anodlwfx.sys;c:\windows\SYSNATIVE\DRIVERS\anodlwfx.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
S2 DWA-123_PBC_WPS;DWA-123_PBC_WPS Service;c:\program files (x86)\D-Link\DWA-123\ALPBCSVC.exe;c:\program files (x86)\D-Link\DWA-123\ALPBCSVC.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 LavasoftAdAwareService11;Ad-Aware Service 11;c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareService.exe;c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareService.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-09-25 07:41 1096520 ----a-w- c:\program files (x86)\Google\Chrome\Application\37.0.2062.124\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-10-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-21 01:09]
.
2014-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-02 22:15]
.
2014-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-02 22:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\korovjov\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\korovjov\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\korovjov\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\korovjov\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\korovjov\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\korovjov\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\korovjov\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\korovjov\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-10-05 14:08 634872 ----a-w- d:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2012-10-16 00:42 480888 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2012-10-16 00:42 480888 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2012-10-16 00:42 480888 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2012-10-16 00:42 480888 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-08 9642528]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 108144]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\korovjov\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 84.2.46.1 84.2.44.1
TCP: Interfaces\{479859E5-A3B4-47C4-9FF9-74642A9BBC4D}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
TCP: Interfaces\{6C2C7714-871C-4A61-B44C-A05E8FF0A7B5}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
TCP: Interfaces\{9C23154A-ABD7-41AB-AAEF-A6E714616AD0}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
TCP: Interfaces\{A6D15746-4853-429B-811F-88F20005E462}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
TCP: Interfaces\{E4C2E3F5-CECC-409A-AB8C-AC3E9C3AC6ED}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
FF - ProfilePath - c:\users\korovjov\AppData\Roaming\Mozilla\Firefox\Profiles\p5m7w0sb.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
Wow6432Node-HKU-Default-RunOnce-Report - \AdwCleaner\AdwCleaner[S0].txt
SafeBoot-79809006.sys
SafeBoot-84502521.sys
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-WavePad - c:\program files (x86)\NCH Software\WavePad\wavepad.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-10-14  12:03:37
ComboFix-quarantined-files.txt  2014-10-14 10:03
.
Pre-Run: 3 491 041 280 bájt szabad
Post-Run: 3 443 429 376 bájt szabad
.
- - End Of File - - 775A59837875EE0E6642EEA8473E6C83
 

Edited by korovjov, 14 October 2014 - 05:17 AM.


#10 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:05:50 PM

Posted 15 October 2014 - 09:29 AM

Hi korovjov
 

I deleted all the suspicious registry keys and paths listed by Roguekiller in my previous post.


Please read what I posted and don't delete anything unless instructed by me. The programs we are running can flag up False positives.

Step 1

I would like you to post the following logs so I can see what was deleted with RougeKiller

RKreport_DEL_10132014_201845.log
RKreport_DEL_10132014_201918.log


Step 2

Did you run Defogger as I asked? Combofix is showing the DAEMON Tools is still running. This program has been known to interfere with some of the fixes we will run.

Please Re Run Defogger before continuing.

Step 3
I assume you still have ComboFix on your system. If not, please download Combofix from one of the following locations:
 

  • LINK 1
  • LINK 2

    Please open Notepad (Through Start Menu -> Accessories -> Notepad) and copy/paste this code into notepad, exactly as it is: (DON'T include the 'Quote:')

    KILLALL::

    Driver::
    vToolbarUpdater3.2.0
    LavasoftAdAwareService11

    File::
    c:\windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP

    c:\windows\system32\drivers\FixZeroAccess.sys

    Folder::
    c:\users\korovjov\AppData\Roaming\Toyzamni
    c:\users\korovjov\AppData\Roaming\Zaexdeel
    c:\programdata\SecTaskMan
    c:\users\korovjov\AppData\Roaming\Faritou
    c:\users\korovjov\AppData\Roaming\Cilyyv
    C:\ProgramData\Microsoft\Secure\Icons
    c:\program files (x86)\Common Files\AVG Secure Search\
    c:\users\korovjov\AppData\Roaming\LavasoftStatistics
    c:\program files\Lavasoft
    c:\program files\Common Files\Lavasoft
    c:\programdata\Lavasoft


    RegLock::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

    JavaClearCache::

    Reboot::


    Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    Make sure your Anti-Virus is disabled while we do this. You can disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, please read this.

    CFScriptB-4.gif

    Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.

    ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.

    When the scan finished, it will execute the script and reboot your computer automatically. Don't reboot your computer manually, let ComboFix do it.

    Once your computer is rebooted, ComboFix will start preparing a log. Please let it do so unhindered. After a few minutes, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

    Step 4

    Perform an Online Antivirus Scan with ESET:


    Note:ESET recommends disabling your resident antivirus's active protection component BEFORE scanning , how to do so can be read here. Use Internet Explorer to navigate to the scanner website because you must approve install an ActiveX add-on to complete the scan. If you are using Vista or Windows 7 or 8, launch Internet Explorer by right-clicking the Start Menu icon & selecting "Run as Administrator".
     
  • Please go here then click on Run ESET ONLINE SCANNER
  • Select the option YES, I accept the Terms of Use then click on START
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is checked.
  • Now click on Advanced Settings and select the following:
     
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
     
  • Now click on START
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
    When the scan is complete,

    If no threats were found:
     
  • Check in "Uninstall application on close"
  • Close program

    If threats were found:
     
  • Select "list of threats found"
  • Select "Export to Text File" & Save the Report to your Desktop as ESETScanLog"
  • Select Back
  • Place a checkmark in "Uninstall application on close"
  • Select Finish & Exit the program
  • Copy and paste ESETScanLog.txt in your next reply
     

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#11 korovjov

korovjov
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:50 PM

Posted 16 October 2014 - 07:28 PM

Hello, seedy21,

 

First of all, thank you for you patience and your support. I have maximum respect for you and for this forum. 

 

1. Strange, but I cannot locate the logs you have requested. Maybe I haven't clicked the Report button when I deleted those paths/registry keys. I'm really sorry about that impulsive decision. I'm not sure if there is any way to retrieve/reproduce those logs. But I'm optimistic as the system is still running :)

 

2. Yes, I ran Defogger, but it was kinda strange... I received the "Finished" message, but both buttons (disable - re-enable) were still there. Now I have uninstalled daemon tools, just to make sure... I also ran Defogger once more.

 

3. I ran the Combofix Script you posted. The log is too long, I guess - I can't send my post, I'll try to post that log separately.

 

4. When I right-clicked Internet Explorer to run it as administrator, a Lavasoft pop-up window appeared and started to install Ad-Aware. Not sure why that happened, I have downloaded Ad-Aware before when trying to look for a soulution... However, I was able to click it and open it (without choosing "run as admin").

 

The scan has been completed, threats found and deleted/quarantined, see log at the bottom.

 

 

Question 1: Should I shut down my PC, while waiting for you reply? Or is it better, if I select Sleep Mode? Is it possible for malware/viruses to be active in sleep mode?

 

Question 2: A few days before, I noticed that two icons have appeared on my desktop: My Computer and My User folder (korovjov), which are NOT shortcuts (the My computer shortcut from earlier is still there as well, however). I did not want to open any of them, but I don't know if I can delete them or how to remove/hide them. What do you think? How is this possibe and what should I do with it?

 

Thanks a lot-lot-lot!

 

Cheers!

 

 

 

---ESET log---

 

C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Secure\Icons\IconsCacheHelper.dll.vir a variant of Win64/Sathurbot.A trojan cleaned by deleting - quarantined

C:\Users\korovjov\Downloads\avc-free.exe Win32/OpenCandy potentially unsafe application deleted - quarantined

C:\Users\korovjov\Downloads\DVDStyler-2.7.2-win32 (1).exe Win32/Somoto.E potentially unwanted application deleted - quarantined

C:\Users\korovjov\Downloads\DVDStyler-2.7.2-win32.exe Win32/Somoto.E potentially unwanted application deleted - quarantined

C:\Users\korovjov\Downloads\DVDStyler-2.8b2-win32.exe Win32/Somoto.E potentially unwanted application deleted - quarantined

C:\Users\korovjov\Downloads\FFSetup3-3-5-0.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application deleted - quarantined

C:\Users\korovjov\Downloads\FreemakeVideoConverterSetup.exe a variant of Win32/OpenCandy.A potentially unsafe application deleted - quarantined

D:\Downloads\BrotherSoftExtreme_CT2776682.exe a variant of Win32/Toolbar.Conduit.B potentially unwanted application deleted - quarantined

D:\Downloads\cnet2_VSE-Setup_exe.exe a variant of Win32/InstallCore.D potentially unwanted application deleted - quarantined

D:\Downloads\FreeStudio.exe Win32/Toolbar.Conduit potentially unwanted application deleted - quarantined

D:\Downloads\FreeYouTubeDownload.exe Win32/Toolbar.Conduit potentially unwanted application deleted - quarantined

D:\Downloads\wpsetup.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted - quarantined



#12 korovjov

korovjov
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:50 PM

Posted 16 October 2014 - 07:33 PM

Okay... it was still too long.. so I cut some pretty repetitive part (left the first few and last few numberings, the rest inbetween was the same path with different numbers at the end before the extension.)

 

---ComboFix log---

 

ComboFix 14-10-13.01 - korovjov 014.10.16.  23:19:55.2.8 - x64

Microsoft Windows 7 Professional   6.1.7601.1.1250.36.1038.18.4091.2210 [GMT 2:00]

Running from: c:\users\korovjov\Desktop\ComboFix.exe

Command switches used :: c:\users\korovjov\Desktop\CFScript.txt

AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}

SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Created a new restore point

.

FILE ::

"c:\windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP"

"c:\windows\system32\drivers\FixZeroAccess.sys"

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\Common Files\Lavasoft

c:\program files\Common Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus Updater\11.3.6321.0\AdAwareIncompatibles.dll

c:\program files\Common Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus Updater\11.3.6321.0\AdAwareThreatWorkAlliance.dll

c:\program files\Common Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus Updater\11.3.6321.0\AdAwareUpdater.exe

c:\program files\Common Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus Updater\11.3.6321.0\AdAwareUpdaterDefaultSkin.dll

c:\program files\Common Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus Updater\11.3.6321.0\AdAwareUpdaterKernel.dll

c:\program files\Common Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus Updater\11.3.6321.0\AdAwareWebInstaller.exe

c:\program files\Common Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus Updater\11.3.6321.0\boost_chrono-vc100-mt-1_55.dll

c:\program files\Common Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus Updater\11.3.6321.0\boost_date_time-vc100-mt-1_55.dll

c:\program files\Common Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus Updater\11.3.6321.0\boost_filesystem-vc100-mt-1_55.dll

c:\program files\Common Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus Updater\11.3.6321.0\boost_locale-vc100-mt-1_55.dll

c:\program files\Common Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus Updater\11.3.6321.0\boost_program_options-vc100-mt-1_55.dll

c:\program files\Common Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus Updater\11.3.6321.0\boost_regex-vc100-mt-1_55.dll

c:\program files\Common Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus Updater\11.3.6321.0\boost_system-vc100-mt-1_55.dll

c:\program files\Common Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus Updater\11.3.6321.0\boost_thread-vc100-mt-1_55.dll

c:\program files\Common Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus Updater\11.3.6321.0\boost_timer-vc100-mt-1_55.dll

c:\program files\Common Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus Updater\11.3.6321.0\detection.xml

c:\program files\Common Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus Updater\11.3.6321.0\DllStorage.dll

c:\program files\Common Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus Updater\11.3.6321.0\htmlayout.dll

c:\program files\Common Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus Updater\11.3.6321.0\HtmlFramework.dll

c:\program files\Common Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus Updater\11.3.6321.0\Localization.dll

c:\program files\Common Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus Updater\11.3.6321.0\msvcp100.dll

c:\program files\Common Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus Updater\11.3.6321.0\msvcr100.dll

c:\program files\Common Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus Updater\11.3.6321.0\OEMUninstall.dll

c:\program files\Common Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus Updater\11.3.6321.0\RCF.dll

c:\program files\Common Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus Updater\11.3.6321.0\Statistics.dll

c:\program files\Lavasoft

c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareActivation.dll

c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareAntiMalwareEngine.dll

c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareAntiPhishing.dll

c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareAntiRootkitEngine.dll

c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareAntiSpam.dll

c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareApplicationUpdater.dll

c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareAvcEngine.dll

c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareCommandLine.exe

c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareCrashHandler.dll

c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareDefinitionsUpdater.dll

c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareDefinitionsUpdaterScheduler.dll

c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareDesktop.exe

c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareDesktopDefaultSkin.dll

c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareEmailProtection.dll

c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareFeedback.dll

c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareGamingMode.dll

c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareIgnoreList.dll

c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareIncompatibles.dll

c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareNetworkProtection.dll

c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareNotice.dll

c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareParentalControl.dll

c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwarePinCode.dll

c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwarePromo.dll

c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareQuarantine.dll

c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareRealTimeProtection.dll

c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareReset.dll

c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareScanner.dll

c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareScannerHistory.dll

c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareScannerScheduler.dll

c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareSecurityCenter.exe

c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareService.exe

c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareServiceKernel.dll

c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareShellExtension.dll

c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareThreatWorkAlliance.dll

c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareTime.dll

c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareTray.exe

c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareTrayDefaultSkin.dll

c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareUpdaterKernel.dll

c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareWebProtection.dll

c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\avcbd64.dll

c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\avccore.dll

c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\bdnimbus.dll

c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\bdpredir.dll

c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\boost_chrono-vc100-mt-1_55.dll

c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\boost_date_time-vc100-mt-1_55.dll

c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\boost_filesystem-vc100-mt-1_55.dll

c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\boost_locale-vc100-mt-1_55.dll

c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\boost_program_options-vc100-mt-1_55.dll

c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\boost_regex-vc100-mt-1_55.dll

c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\boost_system-vc100-mt-1_55.dll

c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\boost_thread-vc100-mt-1_55.dll

c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\boost_timer-vc100-mt-1_55.dll

c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\dbghelp64.dll

c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\dbokf.dll

c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\DllStorage.dll

c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\htmlayout.dll

c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\HtmlFramework.dll

c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\Localization.dll

c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\msvcp100.dll

c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\msvcr100.dll

c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\RCF.dll

c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\SecurityCenter.dll

c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\WSDNS.dll

c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\WSLib.dll

c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\WSPack.dll

c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\WSUtils.dll

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\bdardrv.dll

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\bdnc.dll

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\bdnc.ini

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\bdquar.dll

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\bdsmartdb.dll

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\BDUpdateServiceCom.dll

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\bdcore.dll

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\7zip.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\access.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\ace.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\adsntfs.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\aitok.cvd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\alz.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\ar.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\arc.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\arj.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\aspy_emu.cvd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\auto.000

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\auto.cvd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\auto.cvd.upd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\auto.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\autoit.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\avxdisk.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\bach.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\boot.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\bzip2.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\cab.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\cache.000

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\cache.001

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\cache.002

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\cache.003

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\cache.004

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\cache.005

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\cache.006

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\cache.007

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\cache.008

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\cache.009

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\cache.010

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\cache.011

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\cache.012

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\cache.013

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\cache.014

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\cache.015

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\cache.016

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\catdb

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\ceva_dll.cvd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\ceva_emu.cvd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\ceva_vfs.cvd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\ceva_vfs.ivd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\cevakrnl.cvd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\cevakrnl.ivd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\cevakrnl.rv0

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\cevakrnl.rv1

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\cevakrnl.rv2

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\cevakrnl.rv3

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\cevakrnl.rv3.upd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\cevakrnl.rv4

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\cevakrnl.rv4.upd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\cevakrnl.rv5

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\cevakrnl.rv5.upd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\cevakrnl.rv6

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\cevakrnl.rv7

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\cevakrnl.rv8

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\cevakrnl.rv8.upd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\cevakrnl.rv9

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\cevakrnl.rvd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\cevakrnl.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\chm.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\cookie.cvd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\cookie.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\cpio.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\cran.cvd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\cran.ivd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\cran.ivd.upd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\dalvik.cvd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\dalvik.cvd.gzip

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\dalvik.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\dbx.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\disp.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\docfile.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\dummyarch.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\dummyscan.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\e_spyw.cvd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\e_spyw.i00

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\e_spyw.i00.upd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\e_spyw.i01

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\e_spyw.i02

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\e_spyw.i03

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\e_spyw.i04

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\e_spyw.i05

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\e_spyw.i06

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\e_spyw.i07

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\e_spyw.i08

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\e_spyw.i09

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\e_spyw.i10

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\e_spyw.i11

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\e_spyw.i12

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\e_spyw.i13

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\e_spyw.i14

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\e_spyw.i14.upd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\e_spyw.i15

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\e_spyw.i15.upd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\e_spyw.i16

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\e_spyw.i16.upd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\e_spyw.i17

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\e_spyw.i17.upd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\e_spyw.i18

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\e_spyw.i18.upd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\e_spyw.i19

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\e_spyw.i19.upd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\e_spyw.i20

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\e_spyw.i20.upd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\e_spyw.i21

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\e_spyw.i22

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\e_spyw.i23

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\e_spyw.i24

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\e_spyw.i25

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\e_spyw.i26

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\e_spyw.i27

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\e_spyw.i28

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\e_spyw.i29

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\e_spyw.i30

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\e_spyw.i31

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\e_spyw.i32

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\e_spyw.i33

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\e_spyw.i34

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\e_spyw.i35

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\e_spyw.i36

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\e_spyw.i37

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\e_spyw.i38

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\e_spyw.i39

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\e_spyw.i40

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\e_spyw.i41

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\e_spyw.i42

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\e_spyw.i43

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\e_spyw.i44

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\e_spyw.i45

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\e_spyw.i46

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\e_spyw.i47

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\e_spyw.i48

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\e_spyw.i49

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\e_spyw.ivd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\emalware.000

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\emalware.000.upd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\emalware.001

............

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\emalware.598

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\emalware.599

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\emalware.c00

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\emalware.c01

.............

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\emalware.i99

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\emalware.ivd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\engines.cvd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\epoc.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\gvmscripts.cvd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\gzip.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\ha.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\hlp.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\hpe.cvd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\hqx.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\html.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\htmltok.cvd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\htmltok.cvd.upd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\imp.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\inno.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\instyler.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\iso.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\java.cvd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\java.cvd.upd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\java.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\jay.cvd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\jpeg.cvd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\jpeg.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\jpeg.xmd.upd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\krnl.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\lha.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\lib.cvd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\lib.ivd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\lib.rvd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\lnk.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\lyme.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\machofat.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\mbox.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\mbx.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\mdx.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\mdx.xmd.upd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\mdx_97.cvd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\mdx_97.ivd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\mdx_w95.cvd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\mdx_x95.cvd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\mdx_xf.cvd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\mime.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\mobmalware.cvd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\mobmalware.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\mso.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\na.cvd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\nelf.cvd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\nelf.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\newjava.cvd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\nsis.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\objd.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\orice.rvd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\pdf.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\pdf.xmd.upd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\pdftok.cvd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\proc.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\pst.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\quickbfc.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\rar.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\regarch.cvd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\regarch.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\regscan.cvd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\regscan.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\rpm.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\rtf.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\rup.cvd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\rup.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\sdx.cvd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\sdx.ivd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\sdx.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\sfx.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\soul.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\swf.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\tar.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\td0.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\thebat.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\tknscan.cvd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\tnef.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\uif.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\unpack.cvd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\unpack.ivd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\unpack.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\update.txt

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\update.txt.upd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\uudecode.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\variant.c00

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\variant.c01

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\variant.c02

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\variant.cvd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\ve.cvd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\ve.ivd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\ve.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\vedata.cvd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\viza.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\wim.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\wise.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\xar.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\xcookies.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\xishield.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\xlmrd.cvd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\xlmrd.ivd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\xzengine.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\yishield.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\z.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\zip.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\Plugins\zoo.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\versions.dat.512A26895407AEF4F2964BE772AF939A

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc1\versions.id.512A26895407AEF4F2964BE772AF939A

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\bdcore.dll

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\7zip.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\access.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\ace.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\adsntfs.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\aitok.cvd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\alz.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\ar.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\arc.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\arj.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\aspy_emu.cvd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\auto.000

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\auto.cvd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\auto.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\autoit.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\avxdisk.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\bach.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\boot.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\bzip2.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\cab.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\cache.000

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\cache.001

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\cache.002

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\cache.003

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\cache.004

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\cache.005

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\cache.006

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\cache.007

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\cache.008

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\cache.009

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\cache.010

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\cache.011

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\cache.012

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\cache.013

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\cache.014

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\cache.015

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\cache.016

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\catdb

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\ceva_dll.cvd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\ceva_emu.cvd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\ceva_vfs.cvd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\ceva_vfs.ivd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\cevakrnl.cvd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\cevakrnl.ivd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\cevakrnl.rv0

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\cevakrnl.rv1

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\cevakrnl.rv2

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\cevakrnl.rv3

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\cevakrnl.rv4

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\cevakrnl.rv5

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\cevakrnl.rv6

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\cevakrnl.rv7

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\cevakrnl.rv8

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\cevakrnl.rv9

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\cevakrnl.rvd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\cevakrnl.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\chm.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\cookie.cvd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\cookie.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\cpio.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\cran.cvd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\cran.ivd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\dalvik.cvd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\dalvik.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\dbx.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\disp.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\docfile.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\dummyarch.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\dummyscan.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\e_spyw.cvd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\e_spyw.i00

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\e_spyw.i01

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\e_spyw.i02

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\e_spyw.i03

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\e_spyw.i04

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\e_spyw.i05

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\e_spyw.i06

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\e_spyw.i07

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\e_spyw.i08

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\e_spyw.i09

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\e_spyw.i10

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\e_spyw.i11

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\e_spyw.i12

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\e_spyw.i13

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\e_spyw.i14

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\e_spyw.i15

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\e_spyw.i16

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\e_spyw.i17

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\e_spyw.i18

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\e_spyw.i19

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\e_spyw.i20

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\e_spyw.i21

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\e_spyw.i22

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\e_spyw.i23

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\e_spyw.i24

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\e_spyw.i25

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\e_spyw.i26

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\e_spyw.i27

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\e_spyw.i28

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\e_spyw.i29

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\e_spyw.i30

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\e_spyw.i31

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\e_spyw.i32

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\e_spyw.i33

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\e_spyw.i34

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\e_spyw.i35

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\e_spyw.i36

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\e_spyw.i37

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\e_spyw.i38

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\e_spyw.i39

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\e_spyw.i40

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\e_spyw.i41

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\e_spyw.i42

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\e_spyw.i43

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\e_spyw.i44

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\e_spyw.i45

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\e_spyw.i46

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\e_spyw.i47

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\e_spyw.i48

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\e_spyw.i49

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\e_spyw.ivd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\emalware.000

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\emalware.001

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\emalware.002

..................

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\emalware.597

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\emalware.598

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\emalware.599

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\emalware.c00

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\emalware.c01

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\emalware.c02

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\emalware.c03

 

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\emalware.i99

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\emalware.ivd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\engines.cvd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\epoc.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\gvmscripts.cvd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\gzip.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\ha.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\hlp.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\hpe.cvd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\hqx.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\html.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\htmltok.cvd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\imp.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\inno.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\instyler.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\iso.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\java.cvd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\java.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\jay.cvd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\jpeg.cvd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\jpeg.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\krnl.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\lha.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\lib.cvd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\lib.ivd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\lib.rvd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\lnk.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\lyme.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\machofat.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\mbox.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\mbx.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\mdx.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\mdx_97.cvd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\mdx_97.ivd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\mdx_w95.cvd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\mdx_x95.cvd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\mdx_xf.cvd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\mime.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\mobmalware.cvd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\mobmalware.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\mso.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\na.cvd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\nelf.cvd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\nelf.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\newjava.cvd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\nsis.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\objd.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\orice.rvd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\pdf.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\pdftok.cvd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\proc.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\pst.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\quickbfc.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\rar.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\regarch.cvd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\regarch.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\regscan.cvd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\regscan.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\rpm.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\rtf.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\rup.cvd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\rup.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\sdx.cvd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\sdx.ivd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\sdx.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\sfx.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\soul.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\swf.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\tar.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\td0.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\thebat.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\tknscan.cvd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\tnef.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\uif.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\unpack.cvd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\unpack.ivd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\unpack.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\update.txt

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\uudecode.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\variant.c00

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\variant.c01

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\variant.c02

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\variant.cvd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\ve.cvd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\ve.ivd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\ve.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\vedata.cvd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\viza.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\wim.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\wise.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\xar.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\xcookies.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\xishield.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\xlmrd.cvd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\xlmrd.ivd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\xzengine.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\yishield.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\z.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\zip.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\Plugins\zoo.xmd

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\versions.dat.512A26895407AEF4F2964BE772AF939A

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\definitions\loc2\versions.id.512A26895407AEF4F2964BE772AF939A

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\detection.xml

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\extern\ACA.xml

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\extern\Ad-Aware.xml

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\extern\Agnitum.xml

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\extern\Ahn Lab.xml

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\extern\AntiVir.xml

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\extern\asus.xml

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\extern\avast.xml

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\extern\AVG.xml

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\extern\Avira.xml

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\extern\BackWeb.xml

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\extern\Bitdefender 2011.xml

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\extern\Bitdefender Antivirus.xml

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\extern\Bitdefender Bussiness Client.xml

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\extern\Bitdefender Gonzales.xml

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\extern\Bitdefender Internet Security.xml

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\extern\Bitdefender Total Security.xml

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\extern\BullGuard.xml

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\extern\cciss.xml

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\extern\COMODO.xml

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\extern\CYBERsitter.xml

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\extern\DRWEB.xml

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\extern\Eastlink.xml

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\extern\eScan.xml

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\extern\ESET.xml

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\extern\eTrust.xml

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\extern\F-Secure.xml

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\extern\G Data.xml

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\extern\Jiagmin.xml

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\extern\K7 AV.xml

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\extern\Kaspersky.xml

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\extern\Kerio.xml

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\extern\Kingsoft Safeguard.xml

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\extern\Lavasoft.xml

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\extern\McAfee.xml

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\extern\MicroPoint.xml

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\extern\Microsoft Security Essentials.xml

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\extern\Mobile.xml

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\extern\netinteligence.xml

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\extern\Norman.xml

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\extern\Norton.xml

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\extern\Panda.xml

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\extern\PC Tools.xml

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\extern\Premium.xml

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\extern\QQ PC Manager.xml

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\extern\QuickHeal.xml

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\extern\Rav.xml

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\extern\RP.xml

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\extern\ServerProtect.xml

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\extern\Shield Deluxe.xml

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\extern\Sophos.xml

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\extern\Spybot.xml

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\extern\SunBelt.xml

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\extern\TinyFirewall.xml

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\extern\Trend Micro.xml

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\extern\Virus Security .xml

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\extern\Virus.xml

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\extern\Webroot.xml

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\extern\ZoneAlarm.xml

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\OEMUninstall.dll

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\scan.dll

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\smartdb-ntfs.db

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\smartdbv2.dat

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\smartmd5.dat

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\smartmd5cache.dat

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\trufos.cat

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\trufos.dll

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\trufos.inf

c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\trufos.sys

c:\programdata\Lavasoft

c:\programdata\Lavasoft\Ad-Aware 11\Cache\ParentalControl.db

c:\programdata\Lavasoft\Ad-Aware 11\History\Scanner.db

c:\programdata\Lavasoft\Ad-Aware 11\Logs\20141015T184611.044482PID2680_AdAwareService.log

c:\programdata\Lavasoft\Ad-Aware 11\Logs\20141016T210227.190185PID2088_AdAwareService.log

c:\programdata\Lavasoft\Ad-Aware 11\Logs\avc_log_20141015T204723.599899.txt

c:\programdata\Lavasoft\Ad-Aware 11\Logs\avc_log_20141016T230253.663432.txt

c:\programdata\Lavasoft\Ad-Aware 11\Logs\avc_trace_20141015T204723.599899.txt

c:\programdata\Lavasoft\Ad-Aware 11\Logs\avc_trace_20141016T230253.663432.txt

c:\programdata\Lavasoft\Ad-Aware 11\Options\Application.db

c:\programdata\Lavasoft\Ad-Aware 11\Options\Avc.db

c:\programdata\Lavasoft\Ad-Aware 11\Options\DefinitionsUpdater.db

c:\programdata\Lavasoft\Ad-Aware 11\Options\DefinitionsUpdaterScheduler.db

c:\programdata\Lavasoft\Ad-Aware 11\Options\IgnoreList.db

c:\programdata\Lavasoft\Ad-Aware 11\Options\NetworkProtection.db

c:\programdata\Lavasoft\Ad-Aware 11\Options\Notice.db

c:\programdata\Lavasoft\Ad-Aware 11\Options\NotificationCenter.db

c:\programdata\Lavasoft\Ad-Aware 11\Options\ParentalControl.db

c:\programdata\Lavasoft\Ad-Aware 11\Options\Partner.xml

c:\programdata\Lavasoft\Ad-Aware 11\Options\PinCode.db

c:\programdata\Lavasoft\Ad-Aware 11\Options\Promo.db

c:\programdata\Lavasoft\Ad-Aware 11\Options\Scanner.db

c:\programdata\Lavasoft\Ad-Aware 11\Options\ScannerScheduler.db

c:\programdata\Lavasoft\Ad-Aware 11\Options\ThreatWorkAlliance.db

c:\programdata\Lavasoft\Ad-Aware 11\Options\UpdateServer.xml

c:\programdata\Lavasoft\Ad-Aware 11\Options\WebProtection.db

c:\programdata\Microsoft\Secure\Icons

c:\programdata\Microsoft\Secure\Icons\CachedIcons\zepplauncher.mif

c:\programdata\Microsoft\Secure\Icons\IconsCacheHelper.dll

c:\programdata\Microsoft\Secure\Icons\SecureIconsProvider.dll

c:\programdata\SecTaskMan

c:\programdata\SecTaskMan\_entreelist.dll

c:\programdata\SecTaskMan\_enviewlist.dll

c:\programdata\SecTaskMan\_IAStorIcon6BB0581C

c:\programdata\SecTaskMan\_iexplore2DC90

c:\programdata\SecTaskMan\_iexplore2DC95CC4

c:\programdata\SecTaskMan\_ssv1CD57F5

c:\programdata\SecTaskMan\IAStorIcon.exe.q_Quarantine_442E581C_q

c:\programdata\SecTaskMan\IAStorIcon.exe.q_Quarantine_442E581C_q.ini

c:\programdata\SecTaskMan\icm_000021599B0090400100000000F01FEC

c:\programdata\SecTaskMan\icm_000021599B0090400100000000F01FEC.dll

c:\programdata\SecTaskMan\icm_00004109110000000100000000F01FEC

c:\programdata\SecTaskMan\icm_00004109110000000100000000F01FEC.dll

c:\programdata\SecTaskMan\icm_000041091A0090400100000000F01FEC

c:\programdata\SecTaskMan\icm_000041091A0090400100000000F01FEC.dll

c:\programdata\SecTaskMan\icm_00004109340000000100000000F01FEC

c:\programdata\SecTaskMan\icm_00004109340000000100000000F01FEC.dll

c:\programdata\SecTaskMan\icm_00004109340090400100000000F01FEC

c:\programdata\SecTaskMan\icm_00004109340090400100000000F01FEC.dll

c:\programdata\SecTaskMan\icm_00004109440090400100000000F01FEC

c:\programdata\SecTaskMan\icm_00004109440090400100000000F01FEC.dll

c:\programdata\SecTaskMan\icm_00004109510090400100000000F01FEC

c:\programdata\SecTaskMan\icm_00004109510090400100000000F01FEC.dll

c:\programdata\SecTaskMan\icm_00004109511090400100000000F01FEC

c:\programdata\SecTaskMan\icm_00004109511090400100000000F01FEC.dll

c:\programdata\SecTaskMan\icm_00004109610090400100000000F01FEC

c:\programdata\SecTaskMan\icm_00004109610090400100000000F01FEC.dll

c:\programdata\SecTaskMan\icm_00004109711090400100000000F01FEC

c:\programdata\SecTaskMan\icm_00004109711090400100000000F01FEC.dll

c:\programdata\SecTaskMan\icm_00004109810090400100000000F01FEC

c:\programdata\SecTaskMan\icm_00004109810090400100000000F01FEC.dll

c:\programdata\SecTaskMan\icm_00004109910090400100000000F01FEC

c:\programdata\SecTaskMan\icm_00004109910090400100000000F01FEC.dll

c:\programdata\SecTaskMan\icm_00004109A10090400100000000F01FEC

c:\programdata\SecTaskMan\icm_00004109A10090400100000000F01FEC.dll

c:\programdata\SecTaskMan\icm_00004109AB0090400100000000F01FEC

c:\programdata\SecTaskMan\icm_00004109AB0090400100000000F01FEC.dll

c:\programdata\SecTaskMan\icm_00004109B10090400100000000F01FEC

c:\programdata\SecTaskMan\icm_00004109B10090400100000000F01FEC.dll

c:\programdata\SecTaskMan\icm_00004109C20090400100000000F01FEC

c:\programdata\SecTaskMan\icm_00004109C20090400100000000F01FEC.dll

c:\programdata\SecTaskMan\icm_00004109E60090400100000000F01FEC

c:\programdata\SecTaskMan\icm_00004109E60090400100000000F01FEC.dll

c:\programdata\SecTaskMan\icm_00004109F10090400100000000F01FEC

c:\programdata\SecTaskMan\icm_00004109F10090400100000000F01FEC.dll

c:\programdata\SecTaskMan\icm_00004109F100A0C00100000000F01FEC

c:\programdata\SecTaskMan\icm_00004109F100A0C00100000000F01FEC.dll

c:\programdata\SecTaskMan\icm_00004109F100C0400100000000F01FEC

c:\programdata\SecTaskMan\icm_00004109F100C0400100000000F01FEC.dll

c:\programdata\SecTaskMan\icm_028B16A8D8952B50F5D837881EA52EBD

c:\programdata\SecTaskMan\icm_028B16A8D8952B50F5D837881EA52EBD.dll

c:\programdata\SecTaskMan\icm_05156B64AA8F2F2449BF72928AEAF5E7

c:\programdata\SecTaskMan\icm_05156B64AA8F2F2449BF72928AEAF5E7.dll

c:\programdata\SecTaskMan\icm_06AEBDCF0F97EAF4BB8A552AC606A994

c:\programdata\SecTaskMan\icm_06AEBDCF0F97EAF4BB8A552AC606A994.dll

c:\programdata\SecTaskMan\icm_076CFAAAB965F2A4284B2449E5D03EFE

c:\programdata\SecTaskMan\icm_076CFAAAB965F2A4284B2449E5D03EFE.dll

c:\programdata\SecTaskMan\icm_08BC1706CBADD01B2F44F714F03B1B05

c:\programdata\SecTaskMan\icm_08BC1706CBADD01B2F44F714F03B1B05.dll

c:\programdata\SecTaskMan\icm_09AB59D18F4FCE748A2844C1993DC0E1

c:\programdata\SecTaskMan\icm_09AB59D18F4FCE748A2844C1993DC0E1.dll

c:\programdata\SecTaskMan\icm_0BC82964154C1E11E9260FD42AA3C585

c:\programdata\SecTaskMan\icm_0BC82964154C1E11E9260FD42AA3C585.dll

c:\programdata\SecTaskMan\icm_0D11A3D8529DF0AF343F42E29479C52D

c:\programdata\SecTaskMan\icm_0D11A3D8529DF0AF343F42E29479C52D.dll

c:\programdata\SecTaskMan\icm_0D756077321A70C3E844C138CE981581

c:\programdata\SecTaskMan\icm_0D756077321A70C3E844C138CE981581.dll

c:\programdata\SecTaskMan\icm_11F12B5E3396B0E42AC597363E0CD711

c:\programdata\SecTaskMan\icm_11F12B5E3396B0E42AC597363E0CD711.dll

c:\programdata\SecTaskMan\icm_121E2D80A6F7BE3479DF26B944094330

c:\programdata\SecTaskMan\icm_121E2D80A6F7BE3479DF26B944094330.dll

c:\programdata\SecTaskMan\icm_12342rg

c:\programdata\SecTaskMan\icm_12346db

c:\programdata\SecTaskMan\icm_12350vi2

c:\programdata\SecTaskMan\icm_1867624861FB6B04594672CB757D7DC1

c:\programdata\SecTaskMan\icm_1867624861FB6B04594672CB757D7DC1.dll

c:\programdata\SecTaskMan\icm_19DA96544F74E9D4F89C17E73CD2A71E

c:\programdata\SecTaskMan\icm_19DA96544F74E9D4F89C17E73CD2A71E.dll

c:\programdata\SecTaskMan\icm_1D034B0FAA6BD374B960AAD30DF10D8B

c:\programdata\SecTaskMan\icm_1D034B0FAA6BD374B960AAD30DF10D8B.dll

c:\programdata\SecTaskMan\icm_1D5E3C0FEDA1E123187686FED06E995A

c:\programdata\SecTaskMan\icm_1D5E3C0FEDA1E123187686FED06E995A.dll

c:\programdata\SecTaskMan\icm_1F764691F11C67F458B88521DA8CB349

c:\programdata\SecTaskMan\icm_1F764691F11C67F458B88521DA8CB349.dll

c:\programdata\SecTaskMan\icm_1F905C24154C1E11EA9C0FD42AA3C585

c:\programdata\SecTaskMan\icm_1F905C24154C1E11EA9C0FD42AA3C585.dll

c:\programdata\SecTaskMan\icm_20B91A1DE71869244AB57058F37DD475

c:\programdata\SecTaskMan\icm_20B91A1DE71869244AB57058F37DD475.dll

c:\programdata\SecTaskMan\icm_217F5AC9AAC9BC3B203D1743FD8C08E1

c:\programdata\SecTaskMan\icm_217F5AC9AAC9BC3B203D1743FD8C08E1.dll

c:\programdata\SecTaskMan\icm_232F27270E7AB2B45A2D177B5C2E73C9

c:\programdata\SecTaskMan\icm_232F27270E7AB2B45A2D177B5C2E73C9.dll

c:\programdata\SecTaskMan\icm_25BBB29DFF28DE24A8C3E460F249A47B

c:\programdata\SecTaskMan\icm_25BBB29DFF28DE24A8C3E460F249A47B.dll

c:\programdata\SecTaskMan\icm_26CEF00243C306D4C98ECE73E2100CF8

c:\programdata\SecTaskMan\icm_26CEF00243C306D4C98ECE73E2100CF8.dll

c:\programdata\SecTaskMan\icm_2B7A37F2E05E6A93A9CBFE984E6CE263

c:\programdata\SecTaskMan\icm_2B7A37F2E05E6A93A9CBFE984E6CE263.dll

c:\programdata\SecTaskMan\icm_326EA10EBF7083E4C8ACE8018BB68E15

c:\programdata\SecTaskMan\icm_326EA10EBF7083E4C8ACE8018BB68E15.dll

c:\programdata\SecTaskMan\icm_3674A35834664064D84682DB8D29F5C4

c:\programdata\SecTaskMan\icm_3674A35834664064D84682DB8D29F5C4.dll

c:\programdata\SecTaskMan\icm_39103BDF0ADFAAD3CAAC7AE5FE5E6370

c:\programdata\SecTaskMan\icm_39103BDF0ADFAAD3CAAC7AE5FE5E6370.dll

c:\programdata\SecTaskMan\icm_398FA8864BEC4DC41A61CB9A8C3EAFBA

c:\programdata\SecTaskMan\icm_398FA8864BEC4DC41A61CB9A8C3EAFBA.dll

c:\programdata\SecTaskMan\icm_3D04254D3B6B9FF42B3445CE3E1E0066

c:\programdata\SecTaskMan\icm_3D04254D3B6B9FF42B3445CE3E1E0066.dll

c:\programdata\SecTaskMan\icm_4314AE291D01A814191EA5403531A183

c:\programdata\SecTaskMan\icm_4314AE291D01A814191EA5403531A183.dll

c:\programdata\SecTaskMan\icm_432F190285BE08B4C869E87BC808C87F

c:\programdata\SecTaskMan\icm_432F190285BE08B4C869E87BC808C87F.dll

c:\programdata\SecTaskMan\icm_436345E052E7F8B4D8B57988E0E50588

c:\programdata\SecTaskMan\icm_436345E052E7F8B4D8B57988E0E50588.dll

c:\programdata\SecTaskMan\icm_44D27FB32F80D8F4BA9D6768C0367EDC

c:\programdata\SecTaskMan\icm_44D27FB32F80D8F4BA9D6768C0367EDC.dll

c:\programdata\SecTaskMan\icm_48D43BEE1A293EB7D67BBA1D4C19D2B6

c:\programdata\SecTaskMan\icm_48D43BEE1A293EB7D67BBA1D4C19D2B6.dll

c:\programdata\SecTaskMan\icm_4E9B274AFFA0B7F42BD56FF4E829A8BA

c:\programdata\SecTaskMan\icm_4E9B274AFFA0B7F42BD56FF4E829A8BA.dll

c:\programdata\SecTaskMan\icm_4EA42A62D9304AC4784BF238120673FF

c:\programdata\SecTaskMan\icm_4EA42A62D9304AC4784BF238120673FF.dll

c:\programdata\SecTaskMan\icm_50E7C3A773EE6D74991EE20BA5D33A7F

c:\programdata\SecTaskMan\icm_50E7C3A773EE6D74991EE20BA5D33A7F.dll

c:\programdata\SecTaskMan\icm_5402F88BA9FCC6996107F6D7561F1DA8

c:\programdata\SecTaskMan\icm_5402F88BA9FCC6996107F6D7561F1DA8.dll

c:\programdata\SecTaskMan\icm_54D6507AA36C4EF46AD9BF45FEB912BB

c:\programdata\SecTaskMan\icm_54D6507AA36C4EF46AD9BF45FEB912BB.dll

c:\programdata\SecTaskMan\icm_55E5455990339291FF1492809A077624

c:\programdata\SecTaskMan\icm_55E5455990339291FF1492809A077624.dll

c:\programdata\SecTaskMan\icm_56EB1580B492ABB4A8D01C23D0BCCB3A

c:\programdata\SecTaskMan\icm_56EB1580B492ABB4A8D01C23D0BCCB3A.dll

c:\programdata\SecTaskMan\icm_576374F8207D9F54E8CB43B2041CB75F

c:\programdata\SecTaskMan\icm_576374F8207D9F54E8CB43B2041CB75F.dll

c:\programdata\SecTaskMan\icm_57DB56DE3FEC2C0CE9C9AF654748FF06

c:\programdata\SecTaskMan\icm_57DB56DE3FEC2C0CE9C9AF654748FF06.dll

c:\programdata\SecTaskMan\icm_58A3356E29DE798FB28685CAB38DF749

c:\programdata\SecTaskMan\icm_58A3356E29DE798FB28685CAB38DF749.dll

c:\programdata\SecTaskMan\icm_5A043F3FCE46CEEAB4FDCD35D793B05F

c:\programdata\SecTaskMan\icm_5A043F3FCE46CEEAB4FDCD35D793B05F.dll

c:\programdata\SecTaskMan\icm_5CC1EE1BDEC61084FBFF48452FA142A5

c:\programdata\SecTaskMan\icm_5CC1EE1BDEC61084FBFF48452FA142A5.dll

c:\programdata\SecTaskMan\icm_5CD9A3EDD5A9584669264317267C4EAC

c:\programdata\SecTaskMan\icm_5CD9A3EDD5A9584669264317267C4EAC.dll

c:\programdata\SecTaskMan\icm_5DAB1C8C6E456414DA70A3A83D56963C

c:\programdata\SecTaskMan\icm_5DAB1C8C6E456414DA70A3A83D56963C.dll

c:\programdata\SecTaskMan\icm_5FF82D77F242A884285139D7A6D4960E

c:\programdata\SecTaskMan\icm_5FF82D77F242A884285139D7A6D4960E.dll

c:\programdata\SecTaskMan\icm_60B75FEA494B0818FA7C50FE1BBDB246

c:\programdata\SecTaskMan\icm_60B75FEA494B0818FA7C50FE1BBDB246.dll

c:\programdata\SecTaskMan\icm_60EA627A3AAA1D34783E075F0113F440

c:\programdata\SecTaskMan\icm_60EA627A3AAA1D34783E075F0113F440.dll

c:\programdata\SecTaskMan\icm_618A821AF3DFE099DD081E37B57D81EA

c:\programdata\SecTaskMan\icm_618A821AF3DFE099DD081E37B57D81EA.dll

c:\programdata\SecTaskMan\icm_620C3C0635BDBAD4B879C721149F8A74

c:\programdata\SecTaskMan\icm_620C3C0635BDBAD4B879C721149F8A74.dll

c:\programdata\SecTaskMan\icm_62D372DE453EB5A10A0DBC25854DB32D

c:\programdata\SecTaskMan\icm_62D372DE453EB5A10A0DBC25854DB32D.dll

c:\programdata\SecTaskMan\icm_68AB67CA3301FFFF7706000000000060

c:\programdata\SecTaskMan\icm_68AB67CA3301FFFF7706000000000060.dll

c:\programdata\SecTaskMan\icm_68AB67CA7DA73301B744BA0000000010

c:\programdata\SecTaskMan\icm_68AB67CA7DA73301B744BA0000000010.dll

c:\programdata\SecTaskMan\icm_6CF743CC7D8CA3947BE0D1982E62197A

c:\programdata\SecTaskMan\icm_6CF743CC7D8CA3947BE0D1982E62197A.dll

c:\programdata\SecTaskMan\icm_6E58EC68CABDDFF39B774E7BF9389C90

c:\programdata\SecTaskMan\icm_6E58EC68CABDDFF39B774E7BF9389C90.dll

c:\programdata\SecTaskMan\icm_6E815EB96CCE9A53884E7857C57002F0

c:\programdata\SecTaskMan\icm_6E815EB96CCE9A53884E7857C57002F0.dll

c:\programdata\SecTaskMan\icm_6EEA8244E5AF3192D8214B018EE511AA

c:\programdata\SecTaskMan\icm_6EEA8244E5AF3192D8214B018EE511AA.dll

c:\programdata\SecTaskMan\icm_6F9E66FF7E38E3A3FA41D89E8A906A4A

c:\programdata\SecTaskMan\icm_6F9E66FF7E38E3A3FA41D89E8A906A4A.dll

c:\programdata\SecTaskMan\icm_6FD1814415727C849B81271F54801F72

c:\programdata\SecTaskMan\icm_6FD1814415727C849B81271F54801F72.dll

c:\programdata\SecTaskMan\icm_74F606BCE0D7FD0459BBE045311A92F5

c:\programdata\SecTaskMan\icm_74F606BCE0D7FD0459BBE045311A92F5.dll

c:\programdata\SecTaskMan\icm_766F6333940964D4896BC447E3BE5C1B

c:\programdata\SecTaskMan\icm_766F6333940964D4896BC447E3BE5C1B.dll

c:\programdata\SecTaskMan\icm_7692FC6BE18C0C0489510C7547EF1F02

c:\programdata\SecTaskMan\icm_7692FC6BE18C0C0489510C7547EF1F02.dll

c:\programdata\SecTaskMan\icm_79755181E2FE9964A961EF87C7C401BD

c:\programdata\SecTaskMan\icm_79755181E2FE9964A961EF87C7C401BD.dll

c:\programdata\SecTaskMan\icm_797E271421EC74CA507BE084DB3BE357

c:\programdata\SecTaskMan\icm_797E271421EC74CA507BE084DB3BE357.dll

c:\programdata\SecTaskMan\icm_79C25329756C98BDF5A38E3C87D9C998

c:\programdata\SecTaskMan\icm_79C25329756C98BDF5A38E3C87D9C998.dll

c:\programdata\SecTaskMan\icm_7B292C385A83B0447A137070E0186AF4

c:\programdata\SecTaskMan\icm_7B292C385A83B0447A137070E0186AF4.dll

c:\programdata\SecTaskMan\icm_7BD4C90EC03660F46A13E87A329932FA

c:\programdata\SecTaskMan\icm_7BD4C90EC03660F46A13E87A329932FA.dll

c:\programdata\SecTaskMan\icm_7ECD61D08D5607033B9413CD0BE54248

c:\programdata\SecTaskMan\icm_7ECD61D08D5607033B9413CD0BE54248.dll

c:\programdata\SecTaskMan\icm_811CF9E1D156439479EB5EC3EAC5D754

c:\programdata\SecTaskMan\icm_811CF9E1D156439479EB5EC3EAC5D754.dll

c:\programdata\SecTaskMan\icm_86D9821F84C1F03915FC75B7BD732125

c:\programdata\SecTaskMan\icm_86D9821F84C1F03915FC75B7BD732125.dll

c:\programdata\SecTaskMan\icm_87CA01AB786E3254B839454082CF52F6

c:\programdata\SecTaskMan\icm_87CA01AB786E3254B839454082CF52F6.dll

c:\programdata\SecTaskMan\icm_87F7FEEF6785B8345B454CCC24A63420

c:\programdata\SecTaskMan\icm_87F7FEEF6785B8345B454CCC24A63420.dll

c:\programdata\SecTaskMan\icm_8F7463F0D15ECCF48826A9D8C0A5FC52

c:\programdata\SecTaskMan\icm_8F7463F0D15ECCF48826A9D8C0A5FC52.dll

c:\programdata\SecTaskMan\icm_8FECB1DB6DC5DE8DD763132C710267AE

c:\programdata\SecTaskMan\icm_8FECB1DB6DC5DE8DD763132C710267AE.dll

c:\programdata\SecTaskMan\icm_91785D291CBB3CC40AB8659C8E48CCC2

c:\programdata\SecTaskMan\icm_91785D291CBB3CC40AB8659C8E48CCC2.dll

c:\programdata\SecTaskMan\icm_9322D015E2C6B754590984E55C259DD4

c:\programdata\SecTaskMan\icm_9322D015E2C6B754590984E55C259DD4.dll

c:\programdata\SecTaskMan\icm_93BAD29AC2E44034A96BCB446EB8552E

c:\programdata\SecTaskMan\icm_93BAD29AC2E44034A96BCB446EB8552E.dll

c:\programdata\SecTaskMan\icm_979257759C1A20C458B6BF2BA74C0EC2

c:\programdata\SecTaskMan\icm_979257759C1A20C458B6BF2BA74C0EC2.dll

c:\programdata\SecTaskMan\icm_9ACE9CFAE4A60731893F00B2365BFAE8

c:\programdata\SecTaskMan\icm_9ACE9CFAE4A60731893F00B2365BFAE8.dll

c:\programdata\SecTaskMan\icm_9B00314CD581E574FBCE93FE37F2911B

c:\programdata\SecTaskMan\icm_9B00314CD581E574FBCE93FE37F2911B.dll

c:\programdata\SecTaskMan\icm_9C8928403D4AB094F99FBA20A329833F

c:\programdata\SecTaskMan\icm_9C8928403D4AB094F99FBA20A329833F.dll

c:\programdata\SecTaskMan\icm_A0BECE3F0A289BD4BB4493A366AB8017

c:\programdata\SecTaskMan\icm_A0BECE3F0A289BD4BB4493A366AB8017.dll

c:\programdata\SecTaskMan\icm_A294792E411E0EAC05E2F5633C68DD03

c:\programdata\SecTaskMan\icm_A294792E411E0EAC05E2F5633C68DD03.dll

c:\programdata\SecTaskMan\icm_A361CABEE885A5E1C38E28E6A9442944

c:\programdata\SecTaskMan\icm_A361CABEE885A5E1C38E28E6A9442944.dll

c:\programdata\SecTaskMan\icm_A6C64DD86500CEF47BA082BB611A1FF1

c:\programdata\SecTaskMan\icm_A6C64DD86500CEF47BA082BB611A1FF1.dll

c:\programdata\SecTaskMan\icm_A79EF87A8C0CEC94980DDE5D421A3729

c:\programdata\SecTaskMan\icm_A79EF87A8C0CEC94980DDE5D421A3729.dll

c:\programdata\SecTaskMan\icm_A8EBD2D00D340387A77EACC6998A237E

c:\programdata\SecTaskMan\icm_A8EBD2D00D340387A77EACC6998A237E.dll

c:\programdata\SecTaskMan\icm_AB6B3436F79F633BE98DFF4D73678ED4

c:\programdata\SecTaskMan\icm_AB6B3436F79F633BE98DFF4D73678ED4.dll

c:\programdata\SecTaskMan\icm_AD150803840070A7EFB8B9E61C919A8E

c:\programdata\SecTaskMan\icm_AD150803840070A7EFB8B9E61C919A8E.dll

c:\programdata\SecTaskMan\icm_B1EF5FCA27738604B878D2A2E6DFA050

c:\programdata\SecTaskMan\icm_B1EF5FCA27738604B878D2A2E6DFA050.dll

c:\programdata\SecTaskMan\icm_b25099274a207264182f8181add555d0

c:\programdata\SecTaskMan\icm_b25099274a207264182f8181add555d0.dll

c:\programdata\SecTaskMan\icm_B3E61BF1BFA3BC64E638F2A5C04FDE61

c:\programdata\SecTaskMan\icm_B3E61BF1BFA3BC64E638F2A5C04FDE61.dll

c:\programdata\SecTaskMan\icm_B5DEF536D6C2EB94786EA7F6DC22CBA5

c:\programdata\SecTaskMan\icm_B5DEF536D6C2EB94786EA7F6DC22CBA5.dll

c:\programdata\SecTaskMan\icm_B65297BC0E0C6C04E87BDB7D69025318

c:\programdata\SecTaskMan\icm_B65297BC0E0C6C04E87BDB7D69025318.dll

c:\programdata\SecTaskMan\icm_B6ACDB9A3563B764CA384963D73AFB3E

c:\programdata\SecTaskMan\icm_B6ACDB9A3563B764CA384963D73AFB3E.dll

c:\programdata\SecTaskMan\icm_B850D529A465A3444B2BE7096C34E255

c:\programdata\SecTaskMan\icm_B850D529A465A3444B2BE7096C34E255.dll

c:\programdata\SecTaskMan\icm_B8CF35CA81EEC9F3B9950639D7B081C2

c:\programdata\SecTaskMan\icm_B8CF35CA81EEC9F3B9950639D7B081C2.dll

c:\programdata\SecTaskMan\icm_BAF5E720674195C4AA4B23FE82253099

c:\programdata\SecTaskMan\icm_BAF5E720674195C4AA4B23FE82253099.dll

c:\programdata\SecTaskMan\icm_BCA1BC2A2A49AB231AE5D70813F95798

c:\programdata\SecTaskMan\icm_BCA1BC2A2A49AB231AE5D70813F95798.dll

c:\programdata\SecTaskMan\icm_BE4EBED704B66673BB53C5BB3C58AD73

c:\programdata\SecTaskMan\icm_BE4EBED704B66673BB53C5BB3C58AD73.dll

c:\programdata\SecTaskMan\icm_BF18A3E22597BC8FA95D0545E4F28483

c:\programdata\SecTaskMan\icm_BF18A3E22597BC8FA95D0545E4F28483.dll

c:\programdata\SecTaskMan\icm_BFF8CCA148D950C44AED2DA8B99C6189

c:\programdata\SecTaskMan\icm_BFF8CCA148D950C44AED2DA8B99C6189.dll

c:\programdata\SecTaskMan\icm_C0D69DEB34773EC37FFD0A4A74F5FBF2

c:\programdata\SecTaskMan\icm_C0D69DEB34773EC37FFD0A4A74F5FBF2.dll

c:\programdata\SecTaskMan\icm_C173E5AD3336A8D3394AF65D2BB0CCE6

c:\programdata\SecTaskMan\icm_C173E5AD3336A8D3394AF65D2BB0CCE6.dll

c:\programdata\SecTaskMan\icm_c1c4f01781cc94c4c8fb1542c0981a2a

c:\programdata\SecTaskMan\icm_c1c4f01781cc94c4c8fb1542c0981a2a.dll

c:\programdata\SecTaskMan\icm_C4B69A87346AF0D4892C8A1EA666969F

c:\programdata\SecTaskMan\icm_C4B69A87346AF0D4892C8A1EA666969F.dll

c:\programdata\SecTaskMan\icm_C7937558D24AF684793B2ABC2C735239

c:\programdata\SecTaskMan\icm_C7937558D24AF684793B2ABC2C735239.dll

c:\programdata\SecTaskMan\icm_CFD2C1F142D260E3CB8B271543DA9F98

c:\programdata\SecTaskMan\icm_CFD2C1F142D260E3CB8B271543DA9F98.dll

c:\programdata\SecTaskMan\icm_D04749118BD0805A13AB7E2295B75461

c:\programdata\SecTaskMan\icm_D04749118BD0805A13AB7E2295B75461.dll

c:\programdata\SecTaskMan\icm_D0AC3A29DC55D5C4AB59C562002CF062

c:\programdata\SecTaskMan\icm_D0AC3A29DC55D5C4AB59C562002CF062.dll

c:\programdata\SecTaskMan\icm_D20352A90C039D93DBF6126ECE614057

c:\programdata\SecTaskMan\icm_D20352A90C039D93DBF6126ECE614057.dll

c:\programdata\SecTaskMan\icm_D276F30548C6A844F8F8B43CA58C4314

c:\programdata\SecTaskMan\icm_D276F30548C6A844F8F8B43CA58C4314.dll

c:\programdata\SecTaskMan\icm_D5ADFB912EF152F4799FA197DD40EE02

c:\programdata\SecTaskMan\icm_D5ADFB912EF152F4799FA197DD40EE02.dll

c:\programdata\SecTaskMan\icm_D7314F9862C648A4DB8BE2A5B47BE100

c:\programdata\SecTaskMan\icm_D7314F9862C648A4DB8BE2A5B47BE100.dll

c:\programdata\SecTaskMan\icm_DDD5BC011E832BE26FC21C49A89949E3

c:\programdata\SecTaskMan\icm_DDD5BC011E832BE26FC21C49A89949E3.dll

c:\programdata\SecTaskMan\icm_DDE7F2BCF1D91C3409CFF425AE1E271A

c:\programdata\SecTaskMan\icm_DDE7F2BCF1D91C3409CFF425AE1E271A.dll

c:\programdata\SecTaskMan\icm_E18D5725DA384ED4CBB2E6B63A3A2344

c:\programdata\SecTaskMan\icm_E18D5725DA384ED4CBB2E6B63A3A2344.dll

c:\programdata\SecTaskMan\icm_E3351FF4C2FFA40A52DD8AEA6CAF01B6

c:\programdata\SecTaskMan\icm_E3351FF4C2FFA40A52DD8AEA6CAF01B6.dll

c:\programdata\SecTaskMan\icm_E8387B8BE944781B751EA16A682F52CD

c:\programdata\SecTaskMan\icm_E8387B8BE944781B751EA16A682F52CD.dll

c:\programdata\SecTaskMan\icm_E873E3303DA65DA4DBBEBC6DB91340C6

c:\programdata\SecTaskMan\icm_E873E3303DA65DA4DBBEBC6DB91340C6.dll

c:\programdata\SecTaskMan\icm_E97A59ECCF4EFFF4A857920FB449F22F

c:\programdata\SecTaskMan\icm_E97A59ECCF4EFFF4A857920FB449F22F.dll

c:\programdata\SecTaskMan\icm_EA08A93E0CC0EE34BAB6EB11CDF469F9

c:\programdata\SecTaskMan\icm_EA08A93E0CC0EE34BAB6EB11CDF469F9.dll

c:\programdata\SecTaskMan\icm_EAE38CF18C4727C44800D2E8040A71ED

c:\programdata\SecTaskMan\icm_EAE38CF18C4727C44800D2E8040A71ED.dll

c:\programdata\SecTaskMan\icm_EE97B6403DE74A7326A1EF92E74F482C

c:\programdata\SecTaskMan\icm_EE97B6403DE74A7326A1EF92E74F482C.dll

c:\programdata\SecTaskMan\icm_EFF22990351DEA44B806AEC38B80F839

c:\programdata\SecTaskMan\icm_EFF22990351DEA44B806AEC38B80F839.dll

c:\programdata\SecTaskMan\icm_F132F0B0A6ECD384AA32773B467F9571

c:\programdata\SecTaskMan\icm_F132F0B0A6ECD384AA32773B467F9571.dll

c:\programdata\SecTaskMan\icm_F173C5F32AE852F4D9D30D4B25E6A3AE

c:\programdata\SecTaskMan\icm_F173C5F32AE852F4D9D30D4B25E6A3AE.dll

c:\programdata\SecTaskMan\icm_F45FAD3B52BD6854E91F692DB41B0488

c:\programdata\SecTaskMan\icm_F45FAD3B52BD6854E91F692DB41B0488.dll

c:\programdata\SecTaskMan\icm_F4E3B286A696ED244AC1C470AE61874B

c:\programdata\SecTaskMan\icm_F4E3B286A696ED244AC1C470AE61874B.dll

c:\programdata\SecTaskMan\icm_F60730A4A66673047777F5728467D401

c:\programdata\SecTaskMan\icm_F60730A4A66673047777F5728467D401.dll

c:\programdata\SecTaskMan\icm_F6244CCF6920D03D27C97EC6E827257C

c:\programdata\SecTaskMan\icm_F6244CCF6920D03D27C97EC6E827257C.dll

c:\programdata\SecTaskMan\icm_F9A93FE875A66079685A39219DDE0861

c:\programdata\SecTaskMan\icm_F9A93FE875A66079685A39219DDE0861.dll

c:\programdata\SecTaskMan\iexplore.exe.q_Quarantine_19630_q.ini

c:\programdata\SecTaskMan\iexplore.exe.q_Quarantine_19635CC4_q

c:\programdata\SecTaskMan\iexplore.exe.q_Quarantine_19635CC4_q.ini

c:\users\korovjov\AppData\Roaming\Cilyyv

c:\users\korovjov\AppData\Roaming\Faritou

c:\users\korovjov\AppData\Roaming\LavasoftStatistics

c:\users\korovjov\AppData\Roaming\LavasoftStatistics\adaware.xml

c:\users\korovjov\AppData\Roaming\Toyzamni

c:\users\korovjov\AppData\Roaming\Zaexdeel

.

.

(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_LavasoftAdAwareService11

-------\Service_vToolbarUpdater3.2.0

.

.

(((((((((((((((((((((((((   Files Created from 2014-09-16 to 2014-10-16  )))))))))))))))))))))))))))))))

.

.

2014-10-16 21:32 . 2014-10-16 21:32 -------- d-----w- c:\users\Default\AppData\Local\temp

2014-10-16 21:08 . 2014-10-16 21:08 -------- d-----w- c:\users\korovjov\AppData\Local\CrashDumps

2014-10-15 18:32 . 2014-08-19 03:11 693176 ----a-w- c:\windows\system32\winload.efi

2014-10-15 18:31 . 2014-09-19 02:25 23631360 ----a-w- c:\windows\system32\mshtml.dll

2014-10-15 18:30 . 2014-09-13 01:58 77312 ----a-w- c:\windows\system32\packager.dll

2014-10-15 18:30 . 2014-09-13 01:40 67072 ----a-w- c:\windows\SysWow64\packager.dll

2014-10-15 18:09 . 2014-09-15 00:08 11578928 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{390BA4CC-87E3-4D1F-A020-99D634E29910}\mpengine.dll

2014-10-12 21:12 . 2014-10-15 18:09 34808 ----a-w- c:\windows\system32\drivers\TrueSight.sys

2014-10-12 21:12 . 2014-10-12 21:12 -------- d-----w- c:\programdata\RogueKiller

2014-10-12 16:13 . 2014-10-12 16:13 -------- d-----w- c:\users\korovjov\AppData\Roaming\DZED

2014-10-12 16:13 . 2014-10-12 16:13 -------- d-----w- c:\program files (x86)\Common Files\DZED

2014-10-12 12:46 . 2014-10-12 12:46 -------- d-----w- c:\programdata\DZED

2014-10-12 05:44 . 2014-10-12 05:44 -------- d-----w- c:\windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP

2014-10-12 05:34 . 2014-10-12 05:34 -------- d-----w- c:\users\korovjov\AppData\Roaming\TuneUp Software

2014-10-11 09:42 . 2014-10-12 05:56 -------- d-----w- C:\FRST

2014-10-05 14:14 . 2014-10-05 14:14 -------- d-----w- c:\users\korovjov\AppData\Roaming\AVAST Software

2014-10-05 14:08 . 2014-10-05 14:08 92008 ----a-w- c:\windows\system32\drivers\aswStm.sys

2014-10-05 14:08 . 2014-10-05 14:08 224896 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2014-10-05 14:08 . 2014-10-05 14:08 1041168 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2014-10-05 14:08 . 2014-10-05 14:09 427360 ----a-w- c:\windows\system32\drivers\aswsp.sys

2014-10-05 14:08 . 2014-10-05 14:08 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys

2014-10-05 14:08 . 2014-10-05 14:08 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2014-10-05 14:08 . 2014-10-05 14:08 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys

2014-10-05 14:08 . 2014-10-05 14:08 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2014-10-05 14:08 . 2014-10-05 14:08 307344 ----a-w- c:\windows\system32\aswBoot.exe

2014-10-05 14:08 . 2014-10-05 14:08 43152 ----a-w- c:\windows\avastSS.scr

2014-10-05 14:05 . 2014-10-05 14:06 -------- d-----w- c:\programdata\AVAST Software

2014-10-05 12:43 . 2014-10-05 12:43 -------- d-----w- C:\TDSSKiller_Quarantine

2014-10-01 19:51 . 2013-04-01 21:12 178176 ----a-w- c:\windows\system32\xrhkbzil.dll

2014-09-30 20:29 . 2014-09-25 02:08 371712 ----a-w- c:\windows\system32\qdvd.dll

2014-09-30 20:29 . 2014-09-25 01:40 519680 ----a-w- c:\windows\SysWow64\qdvd.dll

2014-09-29 14:22 . 2014-10-01 06:34 -------- d-----w- c:\program files (x86)\William Hill Poker

2014-09-25 09:53 . 2014-09-25 09:53 -------- d-----w- c:\windows\ERUNT

2014-09-23 20:40 . 2014-09-09 22:11 2048 ----a-w- c:\windows\system32\tzres.dll

2014-09-23 20:40 . 2014-09-09 21:47 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2014-09-21 16:01 . 2014-10-07 19:19 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)

2014-09-20 07:25 . 2014-09-20 07:25 27256 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-10-13 18:57 . 2014-08-04 21:35 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys

2014-10-01 09:11 . 2014-08-04 21:34 63704 ----a-w- c:\windows\system32\drivers\mwac.sys

2014-10-01 09:11 . 2014-08-04 21:34 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2014-10-01 09:11 . 2014-01-05 07:33 25816 ----a-w- c:\windows\system32\drivers\mbam.sys

2014-09-28 01:09 . 2013-03-21 09:37 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2014-09-28 01:09 . 2011-11-30 21:46 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2014-09-28 01:07 . 2014-09-10 18:35 3675824 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2014-09-15 07:06 . 2011-04-19 14:02 278152 ------w- c:\windows\system32\MpSigStub.exe

2014-09-09 09:51 . 2014-09-09 09:53 50976 ----a-w- c:\windows\system32\drivers\avgtpx64.sys

2014-09-09 09:48 . 2010-06-24 09:33 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2014-08-23 02:07 . 2014-08-28 15:00 404480 ----a-w- c:\windows\system32\gdi32.dll

2014-08-23 01:45 . 2014-08-28 15:00 311808 ----a-w- c:\windows\SysWow64\gdi32.dll

2014-08-01 11:53 . 2014-09-11 06:01 1031168 ----a-w- c:\windows\system32\TSWorkspace.dll

2014-08-01 11:35 . 2014-09-11 06:01 793600 ----a-w- c:\windows\SysWow64\TSWorkspace.dll

2014-07-25 00:35 . 2014-07-25 00:35 875688 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll

2014-07-24 21:47 . 2014-07-24 21:47 869544 ----a-w- c:\windows\system32\msvcr120_clr0400.dll

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2014-06-24 22:04 131480 ----a-w- c:\users\korovjov\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2014-06-24 22:04 131480 ----a-w- c:\users\korovjov\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]

@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]

2014-06-24 22:04 131480 ----a-w- c:\users\korovjov\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]

@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]

2014-06-24 22:04 131480 ----a-w- c:\users\korovjov\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2014-06-24 22:04 131480 ----a-w- c:\users\korovjov\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]

@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]

2014-06-24 22:04 131480 ----a-w- c:\users\korovjov\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2014-06-24 22:04 131480 ----a-w- c:\users\korovjov\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]

@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]

2014-06-24 22:04 131480 ----a-w- c:\users\korovjov\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"StartCCC"="d:\program files\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-12-06 766208]

"Acrobat Assistant 8.0"="d:\program files\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" [2014-09-12 3499920]

"AvastUI.exe"="d:\program files\AVAST Software\Avast\AvastUI.exe" [2014-10-05 4085896]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ    autocheck autochk *\0sdnclean64.exe

.

R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]

R2 JMB36X;JMB36X;c:\windows\SysWOW64\XSrvSetup.exe;c:\windows\SysWOW64\XSrvSetup.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]

R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys;c:\windows\SYSNATIVE\drivers\libusb0.sys [x]

R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]

R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows aktiválási technológiák szolgáltatás;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

S0 aswRvrt;avast! Revert; [x]

S0 aswVmm;avast! VM Monitor; [x]

S1 anodlwf;ANOD Network Security Filter driver;c:\windows\system32\DRIVERS\anodlwfx.sys;c:\windows\SYSNATIVE\DRIVERS\anodlwfx.sys [x]

S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]

S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]

S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]

S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]

S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]

S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]

S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

S2 DWA-123_PBC_WPS;DWA-123_PBC_WPS Service;c:\program files (x86)\D-Link\DWA-123\ALPBCSVC.exe;c:\program files (x86)\D-Link\DWA-123\ALPBCSVC.exe [x]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2014-10-15 18:33 1089352 ----a-w- c:\program files (x86)\Google\Chrome\Application\38.0.2125.104\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2014-10-16 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-21 01:09]

.

2014-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-02 22:15]

.

2014-10-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-02 22:15]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2014-06-24 22:04 164760 ----a-w- c:\users\korovjov\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2014-06-24 22:04 164760 ----a-w- c:\users\korovjov\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]

@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]

2014-06-24 22:04 164760 ----a-w- c:\users\korovjov\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]

@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]

2014-06-24 22:04 164760 ----a-w- c:\users\korovjov\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2014-06-24 22:04 164760 ----a-w- c:\users\korovjov\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]

@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]

2014-06-24 22:04 164760 ----a-w- c:\users\korovjov\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2014-06-24 22:04 164760 ----a-w- c:\users\korovjov\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]

@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]

2014-06-24 22:04 164760 ----a-w- c:\users\korovjov\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2014-10-05 14:08 634872 ----a-w- d:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]

@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"

[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]

2012-10-16 00:42 480888 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]

@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"

[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]

2012-10-16 00:42 480888 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]

@="{A759AFF6-5851-457D-A540-F4ECED148351}"

[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]

2012-10-16 00:42 480888 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]

@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"

[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]

2012-10-16 00:42 480888 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-08 9642528]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 108144]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000

IE: Free YouTube Download - c:\users\korovjov\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm

IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 84.2.46.1 84.2.44.1

TCP: Interfaces\{479859E5-A3B4-47C4-9FF9-74642A9BBC4D}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

TCP: Interfaces\{6C2C7714-871C-4A61-B44C-A05E8FF0A7B5}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

TCP: Interfaces\{9C23154A-ABD7-41AB-AAEF-A6E714616AD0}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

TCP: Interfaces\{A6D15746-4853-429B-811F-88F20005E462}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

TCP: Interfaces\{E4C2E3F5-CECC-409A-AB8C-AC3E9C3AC6ED}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

FF - ProfilePath - c:\users\korovjov\AppData\Roaming\Mozilla\Firefox\Profiles\p5m7w0sb.default\

FF - prefs.js: browser.search.selectedEngine - AVG Secure Search

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-WavePad - c:\program files (x86)\NCH Software\WavePad\wavepad.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]

@Denied: (A 2) (Everyone)

@="IFlashBroker6"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

------------------------ Other Running Processes ------------------------

.

d:\program files\AVAST Software\Avast\AvastSvc.exe

.

**************************************************************************

.

Completion time: 2014-10-16  23:41:19 - machine was rebooted

ComboFix-quarantined-files.txt  2014-10-16 21:41

ComboFix2.txt  2014-10-14 10:03

.

Pre-Run: 2 702 295 040 bájt szabad

Post-Run: 2 479 968 256 bájt szabad

.

- - End Of File - - 99EC16CA4741D7EFF75383FB23C5081D



#13 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:05:50 PM

Posted 19 October 2014 - 02:05 PM

Hi korovjov

 

Sorry for the delay on this !
 

Question 1: Should I shut down my PC, while waiting for you reply? Or is it better, if I select Sleep Mode? Is it possible for malware/viruses to be active in sleep mode?


I would suggest shuting the PC down.
 

Question 2: A few days before, I noticed that two icons have appeared on my desktop: My Computer and My User folder (korovjov), which are NOT shortcuts (the My computer shortcut from earlier is still there as well, however). I did not want to open any of them, but I don't know if I can delete them or how to remove/hide them. What do you think? How is this possibe and what should I do with it?


Combofix would of told me if they was a new folders placed on your desktop. Are you sure they are not shortcuts?

I assume you still have ComboFix on your system. If not, please download Combofix from one of the following locations:

Please open Notepad (Through Start Menu -> Accessories -> Notepad) and copy/paste this code into notepad, exactly as it is: (DON'T include the 'Quote:')
 

KILLALL::

Driver::
avgtp

File::
c:\windows\system32\drivers\avgtpx64.sys

Firefox::
FF - ProfilePath - c:\users\korovjov\AppData\Roaming\Mozilla\Firefox\Profiles\p5m7w0sb.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search


Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

Make sure your Anti-Virus is disabled while we do this. You can disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, please read this.

CFScriptB-4.gif

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.

ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.

When the scan finished, it will execute the script and reboot your computer automatically. Don't reboot your computer manually, let ComboFix do it.

Once your computer is rebooted, ComboFix will start preparing a log. Please let it do so unhindered. After a few minutes, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.


I would suggest we run your machine for a couple of days and let me know if the infection comes back again.


“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#14 korovjov

korovjov
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:50 PM

Posted 20 October 2014 - 04:08 PM

Hi, seedy21,

 

No problem for the delay. Since I've completed the instructions in your previous post, no threats have been reported. Do you think that it is possible that it has been removed?

 

I've ran the new Script, please find the log file below.

 

As for the desktop icons - they are not shortcuts (not the new ones at least). I'll try to attach a screenshot:

 

desktop-screen.png?dl=0 (https://www.dropbox.com/s/uv38xgq5gcw8zx6/desktop-screen.png?dl=0)

 

Do you think that I can delete these icons? Is it even possible, if they are the original ones? What should I do with them? :)

 

Thanks in advance, hope that soon I won't have to bother you anymore :)

 

 

LOG:

 

ComboFix 14-10-13.01 - korovjov 014.10.20.  22:41:12.3.8 - x64

Microsoft Windows 7 Professional   6.1.7601.1.1250.36.1038.18.4091.2322 [GMT 2:00]

Running from: c:\users\korovjov\Desktop\ComboFix.exe

Command switches used :: c:\users\korovjov\Desktop\CFScript.txt

AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}

SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Created a new restore point

.

FILE ::

"c:\windows\system32\drivers\avgtpx64.sys"

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\korovjov\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6BB24968-748D-47B7-8215-0CC9E987E348}.xps

.

.

(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_AVGTP

-------\Service_avgtp

.

.

(((((((((((((((((((((((((   Files Created from 2014-09-20 to 2014-10-20  )))))))))))))))))))))))))))))))

.

.

2014-10-20 20:49 . 2014-10-20 20:49 -------- d-----w- c:\users\Default\AppData\Local\temp

2014-10-17 15:53 . 2014-10-19 23:00 56 ---h--w- c:\windows\SysWow64\azkorovjov.sys

2014-10-17 15:53 . 2012-03-16 08:52 444928 ----a-w- c:\windows\SysWow64\midas.dll

2014-10-17 15:53 . 2014-10-17 15:53 -------- d-----w- c:\users\korovjov\AppData\Local\AIT

2014-10-17 15:53 . 2014-10-17 15:53 -------- d-----w- c:\programdata\AIT

2014-10-16 21:51 . 2014-10-16 21:51 -------- d-----w- c:\program files (x86)\ESET

2014-10-16 21:08 . 2014-10-16 21:08 -------- d-----w- c:\users\korovjov\AppData\Local\CrashDumps

2014-10-15 18:32 . 2014-08-19 03:11 693176 ----a-w- c:\windows\system32\winload.efi

2014-10-15 18:31 . 2014-09-19 02:25 23631360 ----a-w- c:\windows\system32\mshtml.dll

2014-10-15 18:30 . 2014-09-13 01:58 77312 ----a-w- c:\windows\system32\packager.dll

2014-10-15 18:30 . 2014-09-13 01:40 67072 ----a-w- c:\windows\SysWow64\packager.dll

2014-10-12 21:12 . 2014-10-15 18:09 34808 ----a-w- c:\windows\system32\drivers\TrueSight.sys

2014-10-12 21:12 . 2014-10-12 21:12 -------- d-----w- c:\programdata\RogueKiller

2014-10-12 16:13 . 2014-10-12 16:13 -------- d-----w- c:\users\korovjov\AppData\Roaming\DZED

2014-10-12 16:13 . 2014-10-12 16:13 -------- d-----w- c:\program files (x86)\Common Files\DZED

2014-10-12 12:46 . 2014-10-12 12:46 -------- d-----w- c:\programdata\DZED

2014-10-12 05:44 . 2014-10-12 05:44 -------- d-----w- c:\windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP

2014-10-12 05:34 . 2014-10-12 05:34 -------- d-----w- c:\users\korovjov\AppData\Roaming\TuneUp Software

2014-10-11 09:42 . 2014-10-12 05:56 -------- d-----w- C:\FRST

2014-10-05 14:14 . 2014-10-05 14:14 -------- d-----w- c:\users\korovjov\AppData\Roaming\AVAST Software

2014-10-05 14:08 . 2014-10-05 14:08 92008 ----a-w- c:\windows\system32\drivers\aswStm.sys

2014-10-05 14:08 . 2014-10-05 14:08 224896 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2014-10-05 14:08 . 2014-10-05 14:08 1041168 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2014-10-05 14:08 . 2014-10-05 14:09 427360 ----a-w- c:\windows\system32\drivers\aswsp.sys

2014-10-05 14:08 . 2014-10-05 14:08 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys

2014-10-05 14:08 . 2014-10-05 14:08 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2014-10-05 14:08 . 2014-10-05 14:08 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys

2014-10-05 14:08 . 2014-10-05 14:08 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2014-10-05 14:08 . 2014-10-05 14:08 307344 ----a-w- c:\windows\system32\aswBoot.exe

2014-10-05 14:08 . 2014-10-05 14:08 43152 ----a-w- c:\windows\avastSS.scr

2014-10-05 14:05 . 2014-10-05 14:06 -------- d-----w- c:\programdata\AVAST Software

2014-10-05 12:43 . 2014-10-05 12:43 -------- d-----w- C:\TDSSKiller_Quarantine

2014-10-01 19:51 . 2013-04-01 21:12 178176 ----a-w- c:\windows\system32\xrhkbzil.dll

2014-09-30 20:29 . 2014-09-25 02:08 371712 ----a-w- c:\windows\system32\qdvd.dll

2014-09-30 20:29 . 2014-09-25 01:40 519680 ----a-w- c:\windows\SysWow64\qdvd.dll

2014-09-25 09:53 . 2014-09-25 09:53 -------- d-----w- c:\windows\ERUNT

2014-09-23 20:40 . 2014-09-09 22:11 2048 ----a-w- c:\windows\system32\tzres.dll

2014-09-23 20:40 . 2014-09-09 21:47 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2014-09-21 16:01 . 2014-10-07 19:19 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-10-17 15:45 . 2014-08-04 21:35 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys

2014-10-01 09:11 . 2014-08-04 21:34 63704 ----a-w- c:\windows\system32\drivers\mwac.sys

2014-10-01 09:11 . 2014-08-04 21:34 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2014-10-01 09:11 . 2014-01-05 07:33 25816 ----a-w- c:\windows\system32\drivers\mbam.sys

2014-09-28 01:09 . 2013-03-21 09:37 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2014-09-28 01:09 . 2011-11-30 21:46 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2014-09-28 01:07 . 2014-09-10 18:35 3675824 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2014-09-20 07:25 . 2014-09-20 07:25 27256 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys

2014-09-15 07:06 . 2011-04-19 14:02 278152 ------w- c:\windows\system32\MpSigStub.exe

2014-09-15 00:08 . 2014-10-20 17:36 11578928 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EAB4103F-2F05-4075-AA8B-912F60BB1B42}\mpengine.dll

2014-09-09 09:51 . 2014-09-09 09:53 50976 ----a-w- c:\windows\system32\drivers\avgtpx64.sys

2014-09-09 09:48 . 2010-06-24 09:33 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2014-08-23 02:07 . 2014-08-28 15:00 404480 ----a-w- c:\windows\system32\gdi32.dll

2014-08-23 01:45 . 2014-08-28 15:00 311808 ----a-w- c:\windows\SysWow64\gdi32.dll

2014-08-01 11:53 . 2014-09-11 06:01 1031168 ----a-w- c:\windows\system32\TSWorkspace.dll

2014-08-01 11:35 . 2014-09-11 06:01 793600 ----a-w- c:\windows\SysWow64\TSWorkspace.dll

2014-07-25 00:35 . 2014-07-25 00:35 875688 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll

2014-07-24 21:47 . 2014-07-24 21:47 869544 ----a-w- c:\windows\system32\msvcr120_clr0400.dll

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"StartCCC"="d:\program files\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-12-06 766208]

"Acrobat Assistant 8.0"="d:\program files\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" [2014-09-12 3499920]

"AvastUI.exe"="d:\program files\AVAST Software\Avast\AvastUI.exe" [2014-10-05 4085896]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ   autocheck autochk *\0sdnclean64.exe

.

R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 JMB36X;JMB36X;c:\windows\SysWOW64\XSrvSetup.exe;c:\windows\SysWOW64\XSrvSetup.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]

R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys;c:\windows\SYSNATIVE\drivers\libusb0.sys [x]

R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]

R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows aktiválási technológiák szolgáltatás;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

S0 aswRvrt;avast! Revert; [x]

S0 aswVmm;avast! VM Monitor; [x]

S1 anodlwf;ANOD Network Security Filter driver;c:\windows\system32\DRIVERS\anodlwfx.sys;c:\windows\SYSNATIVE\DRIVERS\anodlwfx.sys [x]

S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]

S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]

S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]

S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]

S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]

S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]

S2 DWA-123_PBC_WPS;DWA-123_PBC_WPS Service;c:\program files (x86)\D-Link\DWA-123\ALPBCSVC.exe;c:\program files (x86)\D-Link\DWA-123\ALPBCSVC.exe [x]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2014-10-15 18:33 1089352 ----a-w- c:\program files (x86)\Google\Chrome\Application\38.0.2125.104\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2014-10-20 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-21 01:09]

.

2014-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-02 22:15]

.

2014-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-02 22:15]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2014-10-05 14:08 634872 ----a-w- d:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]

@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"

[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]

2012-10-16 00:42 480888 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]

@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"

[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]

2012-10-16 00:42 480888 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]

@="{A759AFF6-5851-457D-A540-F4ECED148351}"

[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]

2012-10-16 00:42 480888 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]

@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"

[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]

2012-10-16 00:42 480888 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-08 9642528]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 108144]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000

IE: Free YouTube Download - c:\users\korovjov\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm

IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 84.2.46.1 84.2.44.1

TCP: Interfaces\{479859E5-A3B4-47C4-9FF9-74642A9BBC4D}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

TCP: Interfaces\{6C2C7714-871C-4A61-B44C-A05E8FF0A7B5}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

TCP: Interfaces\{9C23154A-ABD7-41AB-AAEF-A6E714616AD0}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

TCP: Interfaces\{A6D15746-4853-429B-811F-88F20005E462}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

TCP: Interfaces\{E4C2E3F5-CECC-409A-AB8C-AC3E9C3AC6ED}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

FF - ProfilePath - c:\users\korovjov\AppData\Roaming\Mozilla\Firefox\Profiles\p5m7w0sb.default\

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-WavePad - c:\program files (x86)\NCH Software\WavePad\wavepad.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]

@Denied: (A 2) (Everyone)

@="IFlashBroker6"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

------------------------ Other Running Processes ------------------------

.

d:\program files\AVAST Software\Avast\AvastSvc.exe

.

**************************************************************************

.

Completion time: 2014-10-20  22:59:09 - machine was rebooted

ComboFix-quarantined-files.txt  2014-10-20 20:59

ComboFix2.txt  2014-10-16 21:41

ComboFix3.txt  2014-10-14 10:03

.

Pre-Run: 5 541 326 848 bájt szabad

Post-Run: 5 532 704 768 bájt szabad

.

- - End Of File - - 09E1383DC8359E9E3E52792066F47A42



#15 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:05:50 PM

Posted 21 October 2014 - 04:50 PM

Hi korovjov

Glad to hear the infection seems to be gone. Please run your machine for 48 hours and let me know if it returns.
 

As for the desktop icons - they are not shortcuts (not the new ones at least). I'll try to attach a screenshot:


The tools we have run will not have created or moved any of icons.

Are you the only person that uses this machine? Can you Right Click korovjov Folder and then click Properties. Please take a screenshot and paste me a link to it.
 


“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png





2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users