Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Poweliks and Dllhost.exe*32 COM Surrogate


  • Please log in to reply
35 replies to this topic

#1 MylesG30

MylesG30

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:35 AM

Posted 10 November 2014 - 05:51 PM

Hello everyone,
 
Recently my computer seems to been afflicted with a Trojan called Poweliks :ranting:  and it's causing problems.
My Norton internet security constantly notifies me on intrusion attempts from this Trojan and several other malware ([which it 'says'  is in quarantine <_< ], as well as notifications
that COM Surrogate is using a lot of my computer memory. On top of that by opening task manager I see that there are multiple copies of dllhost.exe*32 COM Surrogate all coming from the process dllhost.exe (which if I try to end gives me an error message saying this operation cannot be completed, access denied). Yesterday and today I heard some computer sounds as if someone was trying to complete an action but were unable too or if an error occurred. (I looked to see if it was coming from one of the tabs I had opened, but there was no evidence of a source. Also today I tried to access my pictures but I received an error message saying: Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item. I tried several attempts at removing this pesky thing (even deleted some things from the registry, which I hope I won't come to regret later on :blink: ), and read several forums and help guides talking about manual removal of this Trojan. I really need some assistance in getting this off my computer. I am prepared to take any amount of time to remove it from my system for good.
 
 

Additional information:

I have Windows 7 home premium 64-bit operating system

my system model is the p6-2003w manufactured from HP

 

 

 

UPDATE: I'm starting to suspect that the processes in task manager that do not have a description are fake processes, as I tried to open their file location to no avail. I then tried to delete them but was unable to do to the same error message I received when trying to end dllhost.exe


Edited by MylesG30, 10 November 2014 - 07:01 PM.
moved from Windows 7 to the appropriate forum


BC AdBot (Login to Remove)

 


m

#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,571 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:35 PM

Posted 10 November 2014 - 07:43 PM

Please download Powelikscleaner (by ESET) and save it to your Desktop.

  • Double-click the file to start the tool.
  • Read the terms of the End-user license agreement and click Agree if you agree to them.
  • The tool will run automatically. If the cleaner finds a Poweliks infection, press the Y key on your keyboard to remove it.
  • If Poweliks was detected "Win32/Poweliks was successfully removed from your system" will be displayed. Press any key to exit the tool and reboot your PC.
  • The tool will produce a log in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 MylesG30

MylesG30
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:35 AM

Posted 10 November 2014 - 09:09 PM

I'm guessing this is the log:

 

2014.11.10 19:59:22.953] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.953] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.953] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.953] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.953] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.953] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.953] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.953] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.953] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.953] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.953] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.953] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.953] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.953] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0036-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.953] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0036-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.953] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0036-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.953] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.953] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.953] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.953] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.953] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.953] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.953] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.953] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.953] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.953] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0040-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.953] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0040-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.953] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0040-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.953] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0041-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.953] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0041-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.953] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0041-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.953] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0042-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.953] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0042-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.953] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0042-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.953] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0043-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.953] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0043-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.953] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0043-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.953] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0044-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.953] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0044-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.953] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0044-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.953] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0046-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0046-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0046-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0047-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0047-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0047-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0048-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0048-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0048-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0049-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0049-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0049-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0050-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0050-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0050-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0051-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0051-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0051-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0052-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0052-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0052-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0053-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0053-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0053-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0054-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0054-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0054-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0055-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0055-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0055-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0056-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0056-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0056-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0057-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0057-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0057-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0058-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0058-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0058-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0059-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0059-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0059-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0060-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0060-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0060-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0061-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0061-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0061-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0062-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0062-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0062-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0063-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0063-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0063-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0064-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0064-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0064-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0065-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0065-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0065-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0066-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0066-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0066-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0067-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0067-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0067-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0068-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0068-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0068-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0069-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0069-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0069-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0070-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0070-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0070-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0071-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0071-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0071-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0072-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0072-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0072-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0073-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0073-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0073-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0074-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0074-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0074-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0075-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0075-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0075-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0076-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0076-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0076-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0077-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0077-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0077-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0078-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0078-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0078-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0079-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0079-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0079-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0080-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0080-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0080-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0081-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0081-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0081-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0002-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0002-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0006-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0006-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0006-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0007-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0007-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0008-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0008-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0008-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0010-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0010-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0011-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0011-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0012-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0012-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0012-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0013-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0013-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0014-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0014-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0014-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0015-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0015-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0016-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0016-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0016-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0017-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0017-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0018-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0018-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0018-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0019-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0019-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.963] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0019-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.973] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0020-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.973] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0020-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.973] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0020-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.973] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.973] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0021-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.973] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0021-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.973] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0022-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.973] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0022-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.973] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0022-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.973] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0023-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.973] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0023-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.973] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0023-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.973] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0024-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.973] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0024-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.973] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0024-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.973] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.974] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0025-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.974] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0025-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.974] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0026-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.974] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0026-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.974] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0026-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.974] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0027-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.974] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0027-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.974] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0027-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.974] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0028-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.974] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0028-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.974] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0028-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.974] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0029-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.974] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0029-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.974] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0029-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.974] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0030-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.974] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0030-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.974] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0030-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.974] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0031-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.975] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0031-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.975] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0031-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.975] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0032-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.975] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0032-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.975] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0032-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.975] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0033-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.975] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0033-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.975] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0033-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.975] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0034-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.975] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0034-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.975] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0034-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.975] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0035-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.975] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0035-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.975] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0035-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.975] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0036-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.975] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0036-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.975] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0036-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.976] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0037-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.976] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0037-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.976] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0037-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.976] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0038-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.976] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0038-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.976] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0038-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.976] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0039-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.976] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0039-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.976] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0039-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.976] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0040-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.976] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0040-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.976] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0040-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.976] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0041-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.976] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0041-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.976] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0041-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.976] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0042-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.976] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0042-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.977] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0042-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.977] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0043-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.977] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0043-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.977] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0043-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.977] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0044-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.977] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0044-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.977] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0044-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.977] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.977] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0045-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.977] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0045-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.977] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0046-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.977] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0046-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.977] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0046-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.977] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0047-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.977] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0047-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.977] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0047-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.977] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0048-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.977] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0048-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.978] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0048-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.978] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0049-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.978] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0049-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.978] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0049-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.978] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0050-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.978] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0050-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.978] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0050-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.978] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0051-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.978] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0051-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.978] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0051-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.978] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0052-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.978] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0052-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.978] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0052-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.978] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0053-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.978] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0053-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.978] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0053-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.978] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0054-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.979] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0054-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.979] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0054-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.979] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0055-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.979] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0055-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.979] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0055-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.979] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0056-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.979] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0056-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.979] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0056-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.979] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0057-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.979] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0057-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.979] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0057-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.979] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0058-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.979] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0058-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.979] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0058-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.979] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0059-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.979] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0059-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.979] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0059-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.984] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0060-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.984] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0060-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.984] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0060-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.984] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0061-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.984] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0061-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.984] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0061-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.984] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0062-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.984] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0062-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.984] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0062-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.984] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0063-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.984] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0063-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.984] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0063-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.984] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0064-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.985] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0064-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.985] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0064-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.985] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0065-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.985] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0065-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.985] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0065-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.985] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0066-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.985] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0066-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.985] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0066-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.985] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0067-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.985] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0067-ABCDEFFEDCBB}]
[2014.11.10 19:59:22.985] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0067-ABCDEFFEDCBC}]
[2014.11.10 19:59:22.985] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-FFFF-ABCDEFFEDCBA}]
[2014.11.10 19:59:22.985] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}]
[2014.11.10 19:59:22.986] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}]
[2014.11.10 19:59:22.986] - INFO: Deleted classid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}]
[2014.11.10 19:59:22.986] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}]
[2014.11.10 19:59:22.986] - INFO: Processing clsid [\Registry\User\S-1-5-21-513061697-399777416-1958245227-1000\SOFTWARE\Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}]
[2014.11.10 19:59:22.986] - INFO: Processing [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
[2014.11.10 19:59:22.986] - INFO: Processing value [] = [%systemroot%\sysWOW64\wbem\wmiprvse.exe]
[2014.11.10 19:59:22.986] - INFO: Processing value [] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2014.11.10 19:59:22.986] - INFO: Processing invalid values in [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
[2014.11.10 19:59:22.986] - INFO: Processing value [] = [%systemroot%\sysWOW64\wbem\wmiprvse.exe]
[2014.11.10 19:59:22.986] - INFO: Processing value [ServerExecutable] = [%systemroot%\sysWOW64\wbem\wmiprvse.exe]
[2014.11.10 19:59:22.987] - INFO: Processing value [] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2014.11.10 19:59:22.987] - INFO: Processing value [ServerExecutable] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2014.11.10 19:59:22.987] - INFO: Processing invalid subkeys in [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
[2014.11.10 19:59:22.987] - INFO: Processing [HKLM\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}]...
[2014.11.10 19:59:22.987] - INFO: Processing subkey [\Registry\Machine\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32]
[2014.11.10 19:59:22.987] - INFO: Processing subkey [\Registry\Machine\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32]
[2014.11.10 19:59:22.987] - INFO: Cleaning status: 0
[2014.11.10 19:59:36.797] - End

(question: if this tool was run twice one after the other does it replace the first log with the second? or does it only log if the Trojan was found and removed?)


Edited by MylesG30, 10 November 2014 - 09:32 PM.


#4 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,571 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:35 PM

Posted 10 November 2014 - 10:58 PM

Yes it is possible the first log was overwritten.

 

Any improvement with how your computer is running?


The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#5 MylesG30

MylesG30
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:35 AM

Posted 10 November 2014 - 11:08 PM

My computer seems to be running find, I've checked task manager and there is no sign of dllhost, nor do I receive any notifications from Norton on Powerlik and Com surrogate or any other malware. However I do seem to have problems with accesing some of my files (some are lighter colored and deny access, other are locked with the lock icon and also deny access. I am also unable to edit permissions for my user account, or do anything concerning such, I'm not sure if I should post a new topic on this or not.



#6 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,571 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:35 PM

Posted 10 November 2014 - 11:54 PM

Please download Rkill (courtesy of BleepingComputer.com) to your desktop.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

 
Do not reboot after running Rkill and then please download Malwarebytes Anti-Malware to your desktop. [https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/]

  • Double-click mb3-setup-1878.1878-3.3.1.2183.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

Edited by Budapest, 10 November 2014 - 11:55 PM.

The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#7 MylesG30

MylesG30
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:35 AM

Posted 11 November 2014 - 12:19 AM

 The link you've provided for malwarebytes doesn't seem to be working at the time, I did however search for it and see there is a newer version (mbam-setup-2.0.3.1025.exe) available, though I didn't download it yet. :mellow:


Edited by MylesG30, 11 November 2014 - 12:21 AM.


#8 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,571 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:35 PM

Posted 11 November 2014 - 12:23 AM

Yes please use the newer version.


The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#9 MylesG30

MylesG30
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:35 AM

Posted 11 November 2014 - 01:32 AM

Ok so I removed 238 PUPs and restarted my computer. during the scan Norton auto-protect kept warning my about Powerlik so had to resolve that by restarting  a second time. Malwarebytes blocked an attack from some site didn't catch the name, and Norton auto-protect keeps notifying me that its processing threats, I'm not sure why though. It keeps telling me I need to restart my computer which I've done twice already



#10 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,571 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:35 PM

Posted 11 November 2014 - 01:34 AM

Download 51a5f31352b88-icon_MBAR.pngMalwarebytes Anti-Rootkit to your desktop.
  • Double click on downloaded file. OK self extracting prompt.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • MBAR will start. Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder and paste the content of the following files in your next reply:
    • "mbar-log-{date} (xx-xx-xx).txt"
    • "system-log.txt"

The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#11 MylesG30

MylesG30
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:35 AM

Posted 11 November 2014 - 11:38 AM

Update(from last reply): After I had restarted once more Norton finally calmed down

 

I've gotten to the scan option for the rootkit installer but it keeps giving me an error message telling me

the version of anti-rootkit requires I completely exit out of the Malwarebytes application to continue and I don't have It opened. :unsure:

 

I've been looking through my computer files and I've noticed several near translucent paper icons with a gear at the bottom left of them, they all say desktop also 

Edit: I just went into task manager and found the process for malwarebytes and ended the process tree instead of just the process, the Anti-Rootkit scan is running now


Edited by MylesG30, 11 November 2014 - 12:45 PM.


#12 MylesG30

MylesG30
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:35 AM

Posted 11 November 2014 - 01:25 PM

Ok here is the mbar log:

 

Malwarebytes Anti-Rootkit BETA 1.08.0.1001
www.malwarebytes.org

Database version: v2014.11.11.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17358
Myles :: MYLES-HP [administrator]

11/11/2014 11:41:50 AM
mbar-log-2014-11-11 (11-41-50).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 371575
Time elapsed: 32 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

 

here is the system log:

 

Malwarebytes Anti-Rootkit BETA 1.08.0.1001

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17358

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.395000 GHz
Memory total: 3744280576, free: 1880264704

Downloaded database version: v2014.11.11.05
Downloaded database version: v2014.11.10.01
=======================================
Initializing...
This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.
Initializing...
=======================================
This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.
=======================================

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.0.1001

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17358

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.395000 GHz
Memory total: 3744280576, free: 1964666880

Downloaded database version: v2014.11.11.05
Downloaded database version: v2014.11.10.01
=======================================
Initializing...
This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.
Initializing...
=======================================
This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.
Initializing...
======================
This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.
=======================================

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.0.1001

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17358

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.395000 GHz
Memory total: 3744280576, free: 2058428416

=======================================

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.0.1001

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17358

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.395000 GHz
Memory total: 3744280576, free: 2059530240

Initializing...
======================
This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.
=======================================
Initializing...
This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.
=======================================
Initializing...
This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.
=======================================
Initializing...
This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.
=======================================

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.0.1001

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17358

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.395000 GHz
Memory total: 3744280576, free: 1729863680

=======================================
Initializing...
This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.
=======================================
Initializing...
This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.
=======================================

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.0.1001

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17358

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.395000 GHz
Memory total: 3744280576, free: 1956421632

Downloaded database version: v2014.11.11.06
Downloaded database version: v2014.11.10.01
=======================================
Initializing...
------------ Kernel report ------------
     11/11/2014 11:41:37
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\amd_sata.sys
\SystemRoot\system32\drivers\storport.sys
\SystemRoot\system32\drivers\amd_xata.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\NISx64\1506000.020\SYMDS64.SYS
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\NISx64\1506000.020\SYMEFA64.SYS
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\cdrom.sys
\SystemRoot\system32\drivers\NISx64\1506000.020\ccSetx64.sys
\SystemRoot\System32\Drivers\NISx64\1506000.020\SRTSP64.SYS
\SystemRoot\system32\drivers\NISx64\1506000.020\SRTSPX64.SYS
\SystemRoot\system32\drivers\NISx64\1506000.020\Ironx64.SYS
\??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\SymIMv.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\System32\Drivers\NISx64\1506000.020\SYMNETS.SYS
\??\C:\Users\Myles\SASKUTIL64.SYS
\??\C:\Users\Myles\SASDIFSV64.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\drivers\blbdrive.sys
\??\C:\Program Files (x86)\Norton Internet Security\NortonData\21.4.0.13\Definitions\BASHDefs\20141107.001\BHDrvx64.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\drivers\usbfilter.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\sdbus.sys
\SystemRoot\system32\drivers\amdppm.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\hidusb.sys
\SystemRoot\system32\drivers\HIDCLASS.SYS
\SystemRoot\system32\drivers\HIDPARSE.SYS
\SystemRoot\system32\drivers\USBD.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\netr28ux.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_amd_sata.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\??\C:\Program Files (x86)\Norton Internet Security\NortonData\21.4.0.13\Definitions\VirusDefs\20141110.032\EX64.SYS
\??\C:\Program Files (x86)\Norton Internet Security\NortonData\21.4.0.13\Definitions\VirusDefs\20141110.032\ENG64.SYS
\??\C:\Program Files (x86)\Norton Internet Security\NortonData\21.4.0.13\Definitions\IPSDefs\20141108.001\IDSvia64.sys
\??\C:\Windows\system32\drivers\mwac.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8003717790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000071\
Lower Device Object: 0xfffffa8005585540
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa800459e6f0
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000062\
Lower Device Object: 0xfffffa80042ea060
Lower Device Driver Name: \Driver\amd_sata\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800459e6f0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800459e220, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800459e6f0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8004305ac0, DeviceName: Unknown, DriverName: \Driver\amd_xata\
DevicePointer: 0xfffffa80042ea060, DeviceName: \Device\00000062\, DriverName: \Driver\amd_sata\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: AD3BF0E0

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 1928904704

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1929111552  Numsec = 24410112

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xfffffa8003717790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80037172c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8003717790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8005585540, DeviceName: \Device\00000071\, DriverName: \Driver\USBSTOR\
------------ End ----------
Scan finished
=======================================

Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished

 

Norton is back at telling me Poweliks is unresolved and I need to restart (I might have to uninstall it and then reinstall it again)


Edited by MylesG30, 11 November 2014 - 01:37 PM.


#13 rockpoth

rockpoth

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:35 AM

Posted 11 November 2014 - 03:16 PM

Hi, is this a "topic discussion" where I Can get one on one help in answering my questions about the virus attack that happened on My laptop? this is the virus I got, Poweliks and Dllhost.exe*32 COM Surrogate, Every time I start my own post I get locked out, where no one can reply, and I am told to go to topic discussion. Do I post all my questions in this post CryptoWall - new variant of CryptoDefense.?
I need help, please.    Sorry I am not navigating this site correctly

thanks

Rock


Edited by rockpoth, 11 November 2014 - 03:16 PM.


#14 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,571 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:35 PM

Posted 11 November 2014 - 04:37 PM

Rock, please post your questions in the CryptoWall topic. CryptoWall is not the same type of infection as Poweliks.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#15 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,571 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:35 PM

Posted 11 November 2014 - 04:40 PM

MylesG30,

Please run the ESET Poweliks Cleaner again but make sure you download a new copy before running it.

http://download.eset.com/special/ESETPoweliksCleaner.exe
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users