Problems with sirefef/patched.a.gen trojan

Solved
By vlac112
Oct 12, 2012
  1. Hi,

    I made the steps with the logs, could you please help me with this trojans? Thank you in advance.


    Malwarebytes Anti-Malware (Trial) 1.65.0.1400
    www.malwarebytes.org

    Database version: v2012.10.12.07

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Babi :: BABI-PC [administrator]

    Protection: Enabled

    2012.10.13. 1:04:00
    mbam-log-2012-10-13 (01-04-00).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 206907
    Time elapsed: 1 minute(s),

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    MER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-10-13 00:46:45
    Windows 6.1.7601 Service Pack 1
    Running: wuorfjqr.exe




    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\904ce5f3d92a
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Games\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x49 0xF9 0x68 0x74 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x42 0x43 0xAB 0x45 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x14 0xE3 0x85 0xBD ...
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\904ce5f3d92a (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Games\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x49 0xF9 0x68 0x74 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x42 0x43 0xAB 0x45 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x14 0xE3 0x85 0xBD ...

    ---- EOF - GMER 1.0.15 ----




    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
    Run by Babi at 0:47:53 on 2012-10-13
    Microsoft Windows 7 Home Premium 6.1.7601.1.1250.36.1038.18.4092.2529 [GMT 2:00]
    .
    AV: ESET Smart Security 5.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
    SP: ESET Smart Security 5.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: ESET Személyi tűzfal *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
    C:\Windows\system32\atieclxx.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\rundll32.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
    c:\program files (x86)\microsoft enterprise instrumentation\bin\trace service\tracesessionmanager.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\DellTPad\Apoint.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\Program Files\ESET\ESET Smart Security\egui.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
    C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
    c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\Samsung\Samsung Media Studio 5\SMSTray.exe
    C:\Program Files (x86)\MarkAny\ContentSafer\MaAgent.exe
    C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
    C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\Program Files (x86)\CyberLink\Shared Files\brs.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www1.euro.dell.com/content/default.aspx?c=hu&l=hu&s=gen
    uDefault_Page_URL = hxxp://www1.euro.dell.com/content/default.aspx?c=hu&l=hu&s=gen
    uInternet Settings,ProxyOverride = *.local
    mWinlogon: Userinit=userinit.exe,
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
    mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
    mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
    mRun: [IME JPN 2007 Migration] C:\PROGRA~2\COMMON~1\MICROS~1\IME12\IMEJP\IMJPKLMG.EXE /Preload
    mRun: [Korean IME Migration] C:\PROGRA~2\COMMON~1\MICROS~1\IME12\IMEKR\IMKRMIG.EXE
    mRun: [Microsoft Pinyin IME Migration] C:\PROGRA~2\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE /INSTALL
    mRun: [SMSTray] C:\Program Files (x86)\Samsung\Samsung Media Studio 5\SMSTray.exe
    mRun: [MAAgent] C:\Program Files (x86)\MarkAny\ContentSafer\MAAgent.exe
    mRun: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
    mRun: [MDS_Menu] "C:\Program Files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\MediaShow4" UpdateWithCreateOnce "Software\CyberLink\MediaShow\4.1"
    mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
    mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
    mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
    mRun: [UpdatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
    mRun: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\1.0"
    mRun: [LGODDFU] "C:\Program Files (x86)\lg_fwupdate\lgfw.exe" blrun
    mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\VPNGUI~1.LNK - C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xportálás a Microsoft Excel programba - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Kép küldése &Bluetooth-eszköznek... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Oldal küldése &Bluetooth-eszköznek... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
    LSP: mswsock.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{9EF5042B-67E3-4C53-976C-1CA00D73D06E} : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{9EF5042B-67E3-4C53-976C-1CA00D73D06E}\441435D2457425 : DhcpNameServer = 195.184.180.4 195.184.181.4
    TCP: Interfaces\{9EF5042B-67E3-4C53-976C-1CA00D73D06E}\544696D616870225F657475627 : DhcpNameServer = 192.168.2.1 192.168.2.1
    TCP: Interfaces\{9EF5042B-67E3-4C53-976C-1CA00D73D06E}\75966696A5F6E65623 : DhcpNameServer = 10.103.82.254
    TCP: Interfaces\{9EF5042B-67E3-4C53-976C-1CA00D73D06E}\84F4453505F445 : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{9EF5042B-67E3-4C53-976C-1CA00D73D06E}\B62756D216A6B6 : DhcpNameServer = 213.163.34.66 62.77.203.10
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    SEH: ShellHook Class: {88485281-8b4b-4f8d-9ede-82e29a064277} - C:\PROGRA~2\MarkAny\CONTEN~1\MACSMA~1.DLL
    {18DF081C-E8AD-4283-A596-FA578C2EBDC3}
    {3049C3E9-B461-4BC5-8870-4C09146192CA}
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
    {9030D464-4C02-4ABF-8ECC-5164760863C6}
    {DBC80044-A445-435b-BC74-9C25C1C588A9}
    mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
    mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
    mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
    mRun-x64: [IME JPN 2007 Migration] C:\PROGRA~2\COMMON~1\MICROS~1\IME12\IMEJP\IMJPKLMG.EXE /Preload
    mRun-x64: [Korean IME Migration] C:\PROGRA~2\COMMON~1\MICROS~1\IME12\IMEKR\IMKRMIG.EXE
    mRun-x64: [Microsoft Pinyin IME Migration] C:\PROGRA~2\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE /INSTALL
    mRun-x64: [SMSTray] C:\Program Files (x86)\Samsung\Samsung Media Studio 5\SMSTray.exe
    mRun-x64: [MAAgent] C:\Program Files (x86)\MarkAny\ContentSafer\MAAgent.exe
    mRun-x64: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
    mRun-x64: [MDS_Menu] "C:\Program Files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\MediaShow4" UpdateWithCreateOnce "Software\CyberLink\MediaShow\4.1"
    mRun-x64: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
    mRun-x64: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    mRun-x64: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
    mRun-x64: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
    mRun-x64: [UpdatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
    mRun-x64: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\1.0"
    mRun-x64: [LGODDFU] "C:\Program Files (x86)\lg_fwupdate\lgfw.exe" blrun
    mRun-x64: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    SEH-X64: {88485281-8b4b-4f8d-9ede-82e29a064277}: MarkAny Contents Safer Manager 1.0
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Babi\AppData\Roaming\Mozilla\Firefox\Profiles\jwbzp6i6.default\
    FF - prefs.js: browser.startup.homepage - www.google.hu
    FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 epfwwfp;epfwwfp;C:\Windows\system32\DRIVERS\epfwwfp.sys --> C:\Windows\system32\DRIVERS\epfwwfp.sys [?]
    R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
    R1 archlp;archlp;C:\Windows\system32\drivers\archlp.sys --> C:\Windows\system32\drivers\archlp.sys [?]
    R1 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]
    R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\system32\DRIVERS\EpfwLWF.sys --> C:\Windows\system32\DRIVERS\EpfwLWF.sys [?]
    R1 StarPortLite;StarPort Storage Controller (Lite);C:\Windows\system32\DRIVERS\StarPortLite.sys --> C:\Windows\system32\DRIVERS\StarPortLite.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2012-3-7 913144]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-13 399432]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-13 676936]
    R2 TeamViewer5;TeamViewer 5;C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-3-18 172328]
    R2 Windows Trace Session Manager;Windows Trace Session Manager;C:\Program Files (x86)\Microsoft Enterprise Instrumentation\Bin\Trace Service\TraceSessionManager.exe [2003-9-3 125616]
    R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
    R3 INIDVD;Initio USB DVD Filter Driver;C:\Windows\system32\DRIVERS\inidvd.sys --> C:\Windows\system32\DRIVERS\inidvd.sys [?]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
    S2 CLKMSVC10_9EC60124;CyberLink Product - 2011/05/14 09:15:32;C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-5-25 246256]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate1ca9f7d64f5f5ff;Google frissítési szolgáltatás (gupdate1ca9f7d64f5f5ff);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-27 133104]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-14 250808]
    S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
    S3 gupdatem;Google frissítés Szolgáltatás (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-27 133104]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-26 114144]
    S3 nmwcdcx64;Nokia USB Generic;C:\Windows\system32\drivers\ccdcmbox64.sys --> C:\Windows\system32\drivers\ccdcmbox64.sys [?]
    S3 nmwcdx64;Nokia USB Phone Parent;C:\Windows\system32\drivers\ccdcmbx64.sys --> C:\Windows\system32\drivers\ccdcmbx64.sys [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 WatAdminSvc;Windows aktiválási technológiák szolgáltatás;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    .
    =============== Created Last 30 ================
    .
    2012-10-12 22:05:34 -------- d-----w- C:\Users\Babi\AppData\Roaming\Malwarebytes
    2012-10-12 22:05:26 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-10-12 22:05:25 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-10-12 22:05:24 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-10-12 10:06:51 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
    2012-10-10 16:43:33 -------- d-----w- C:\Users\Babi\AppData\Roaming\Frogwares
    2012-10-10 14:04:18 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
    2012-10-10 14:04:12 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-10-10 14:04:08 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2012-10-10 14:04:08 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2012-10-10 14:02:59 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
    2012-10-09 14:46:15 9308616 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A1FF99D6-98C7-4132-8B88-CBCAA651D401}\mpengine.dll
    2012-10-08 18:25:56 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
    2012-10-08 18:06:12 -------- d-----w- C:\Program Files (x86)\Focus
    2012-09-26 12:48:26 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
    2012-09-23 10:24:36 304128 ----a-w- C:\Windows\IsUninst.exe
    2012-09-23 09:51:02 -------- d-----w- C:\ProgramData\Fugazo
    .
    ==================== Find3M ====================
    .
    2012-10-10 16:48:29 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-10-10 16:48:29 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
    2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2012-08-26 12:56:21 138400 ----a-w- C:\Windows\SysWow64\drivers\AnyDVD.sys
    2012-08-26 12:56:21 138400 ----a-w- C:\Windows\System32\drivers\AnyDVD.sys
    2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll
    2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
    2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
    2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
    2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
    2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll
    2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll
    2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
    2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll
    2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
    2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll
    2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe
    2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
    2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
    2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2012-08-11 00:56:03 715776 ----a-w- C:\Windows\System32\kerberos.dll
    2012-08-10 23:56:14 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
    2012-08-02 17:58:52 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
    2012-08-02 16:57:20 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
    2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
    .
    ============= FINISH: 0:48:36,55 ===============


    DSS Attach:

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 2010.01.27. 10:19:39
    System Uptime: 2012.10.13. 0:10:51 (0 hours ago)
    .
    Motherboard: Dell Inc. | | 0CJG36
    Processor: Intel(R) Core(TM)2 Duo CPU T6600 @ 2.20GHz | Microprocessor | 1188/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 283 GiB total, 3,345 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    F: is Removable
    G: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Cisco Systems VPN Adapter for 64-bit Windows
    Device ID: ROOT\NET\0000
    Manufacturer: Cisco Systems
    Name: Cisco Systems VPN Adapter for 64-bit Windows
    PNP Device ID: ROOT\NET\0000
    Service: CVirtA
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader 9.5.1 - Hungarian
    Adobe Shockwave Player 11.6
    Advanced Audio FX Engine
    AnyDVD
    Apple Application Support
    Apple Software Update
    Aqualux Deluxe 1.2.0.0
    ArcSoft TotalMedia Theatre 3
    ATI Catalyst Control Center
    Audacity 1.3.13 (Unicode)
    AviSynth 2.5
    Batman: Arkham Asylum
    BDCMF Creator Ver1.2.4b
    BitTorrent
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-core-static
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CDex extraction audio
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    CloneCD
    CrystalSetup
    CyberLink BD Advisor 2.0
    CyberLink Blu-ray Disc Suite
    CyberLink LabelPrint
    CyberLink LG Burning Tool
    CyberLink MediaShow
    CyberLink PowerBackup
    CyberLink PowerDVD 9
    CyberLink PowerProducer
    CyberLink YouCam
    Dell Webcam Central
    DVD Decrypter (Remove Only)
    DVD Shrink 3.2
    DVDFab 8.0.9.2 (12/05/2011) Qt
    EasyBD Lite 1.0
    Enterprise Instrumentation
    ffdshow v1.1.3882 [2011-06-13]
    FFmpeg v0.6.2 for Audacity
    Film Fatale
    Google Chrome
    Google Föld
    Google Update Helper
    Haali Media Splitter
    Heroes of Might and Magic® IV
    Heroes of Might and Magic® IV: Winds of War
    ImageMagick 6.2.2-4 Q8 (05/14/05)
    ImgBurn
    Intel(R) Rapid Storage Technology
    J2SE Runtime Environment 5.0 Update 7
    Java Auto Updater
    Java(TM) 6 Update 17
    Java(TM) 6 Update 31
    Kompatibilitási csomag a 2007-es Office rendszerhez
    LADSPA_plugins-win-0.4.15
    Lame ACM MP3 Codec
    LAME v3.98.3 for Audacity
    LG Tool Kit
    Live! Cam Avatar Creator
    Malwarebytes Anti-Malware 1.65.0.1400 verzió
    Microsoft .NET Framework 1.1
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Games for Windows Marketplace
    Microsoft J# Redist 2003 Hotfix (KB891863)
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Excel 2007 Help-frissítés (KB963678)
    Microsoft Office Excel MUI (Hungarian) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office IME (Chinese (Simplified)) 2007
    Microsoft Office IME (Chinese (Traditional)) 2007
    Microsoft Office IME (Japanese) 2007
    Microsoft Office IME (Korean) 2007
    Microsoft Office Outlook MUI (Hungarian) 2007
    Microsoft Office Powerpoint 2007 Help-frissítés (KB963669)
    Microsoft Office PowerPoint MUI (Hungarian) 2007
    Microsoft Office PowerPoint Viewer 2007 (Hungarian)
    Microsoft Office Proof (Arabic) 2007
    Microsoft Office Proof (Basque) 2007
    Microsoft Office Proof (Bulgarian) 2007
    Microsoft Office Proof (Catalan) 2007
    Microsoft Office Proof (Chinese (Simplified)) 2007
    Microsoft Office Proof (Chinese (Traditional)) 2007
    Microsoft Office Proof (Croatian) 2007
    Microsoft Office Proof (Czech) 2007
    Microsoft Office Proof (Danish) 2007
    Microsoft Office Proof (Dutch) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (Estonian) 2007
    Microsoft Office Proof (Finnish) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Galician) 2007
    Microsoft Office Proof (German) 2007
    Microsoft Office Proof (Greek) 2007
    Microsoft Office Proof (Gujarati) 2007
    Microsoft Office Proof (Hebrew) 2007
    Microsoft Office Proof (Hindi) 2007
    Microsoft Office Proof (Hungarian) 2007
    Microsoft Office Proof (Italian) 2007
    Microsoft Office Proof (Japanese) 2007
    Microsoft Office Proof (Kannada) 2007
    Microsoft Office Proof (Korean) 2007
    Microsoft Office Proof (Latvian) 2007
    Microsoft Office Proof (Lithuanian) 2007
    Microsoft Office Proof (Marathi) 2007
    Microsoft Office Proof (Norwegian (Bokmal)) 2007
    Microsoft Office Proof (Norwegian (Nynorsk)) 2007
    Microsoft Office Proof (Polish) 2007
    Microsoft Office Proof (Portuguese (Brazil)) 2007
    Microsoft Office Proof (Portuguese (Portugal)) 2007
    Microsoft Office Proof (Punjabi) 2007
    Microsoft Office Proof (Romanian) 2007
    Microsoft Office Proof (Russian) 2007
    Microsoft Office Proof (Serbian (Latin)) 2007
    Microsoft Office Proof (Slovak) 2007
    Microsoft Office Proof (Slovenian) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proof (Swedish) 2007
    Microsoft Office Proof (Tamil) 2007
    Microsoft Office Proof (Telugu) 2007
    Microsoft Office Proof (Thai) 2007
    Microsoft Office Proof (Turkish) 2007
    Microsoft Office Proof (Ukrainian) 2007
    Microsoft Office Proof (Urdu) 2007
    Microsoft Office Proofing (Hungarian) 2007
    Microsoft Office Proofing Kit 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Proofing Tools Kit 2007
    Microsoft Office ProofMUI (English) 2007
    Microsoft Office Shared MUI (Hungarian) 2007
    Microsoft Office Standard 2007
    Microsoft Office Word 2007 Help-frissítés (KB963665)
    Microsoft Office Word MUI (Hungarian) 2007
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Microsoft Visual J# .NET Redistributable Package 1.1
    Microsoft Works
    MindMapper 2008
    Monkey Island™ Special Edition Collection
    Mozilla Firefox 15.0.1 (x86 hu)
    Mozilla Maintenance Service
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    Nero Suite
    NVIDIA PhysX
    Pavtube Blu-ray Ripper Ver 3.11.2.925
    Pavtube Blu-ray Ripper Ver 4.1.1.3857
    Pavtube Blu-Ray Ripper version 3.6.2.2053
    PowerDVD DX
    QuickTime
    RealPlayer
    RealUpgrade 1.0
    Restaurant Empire II
    Roxio Burn
    Roxio Update Manager
    Samsung Media Studio
    Security Update for A Microsoft .NET-keretrendszer 4-es verziójához tartozó ügyfélprofil HUN nyelvi csomagja (KB2478663)
    Security Update for A Microsoft .NET-keretrendszer 4-es verziójához tartozó ügyfélprofil HUN nyelvi csomagja (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition
    Skins
    Skype™ 5.10
    Subtitle Workshop 2.51
    swMSM
    TeamViewer 5
    The Testament of Sherlock Holmes
    Total Commander (Remove or Repair)
    Tropico 3 1.00
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft Office 2007 suites (KB2597120) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition
    Version 6.0 (Build 20091202)
    VLC media player 1.1.1
    WavePad Sound Editor
    Windows Media Player Firefox Plugin
    WinRAR archiver
    XviD MPEG-4 Video Codec
    .
    ==== End Of File ===========================
  2. Broni

    Broni Malware Annihilator Posts: 46,373   +252

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===================================

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

    =================================

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    =================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
  3. vlac112

    vlac112 Newcomer, in training Topic Starter

    Hi,

    thank you for your help, I think the the tools have been working good, I did not get any new alerts after I run them.

    Here are the logs:

    TDSSKiller:
    07:49:29.0200 1256 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
    07:49:29.0263 1256 ============================================================
    07:49:29.0263 1256 Current date / time: 2012/10/13 07:49:29.0263
    07:49:29.0263 1256 SystemInfo:
    07:49:29.0263 1256
    07:49:29.0263 1256 OS Version: 6.1.7601 ServicePack: 1.0
    07:49:29.0263 1256 Product type: Workstation
    07:49:29.0263 1256 ComputerName: BABI-PC
    07:49:29.0263 1256 UserName: Babi
    07:49:29.0263 1256 Windows directory: C:\Windows
    07:49:29.0263 1256 System windows directory: C:\Windows
    07:49:29.0263 1256 Running under WOW64
    07:49:29.0263 1256 Processor architecture: Intel x64
    07:49:29.0263 1256 Number of processors: 2
    07:49:29.0263 1256 Page size: 0x1000
    07:49:29.0263 1256 Boot type: Normal boot
    07:49:29.0263 1256 ============================================================
    07:49:30.0604 1256 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    07:49:30.0620 1256 Drive \Device\Harddisk1\DR1 - Size: 0x3D800000 (0.96 Gb), SectorSize: 0x200, Cylinders: 0x7D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    07:49:30.0620 1256 ============================================================
    07:49:30.0620 1256 \Device\Harddisk0\DR0:
    07:49:30.0620 1256 MBR partitions:
    07:49:30.0620 1256 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
    07:49:30.0620 1256 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x236CE2B0
    07:49:30.0620 1256 \Device\Harddisk1\DR1:
    07:49:30.0620 1256 MBR partitions:
    07:49:30.0620 1256 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0x1EBFE0
    07:49:30.0620 1256 ============================================================
    07:49:30.0651 1256 C: <-> \Device\Harddisk0\DR0\Partition2
    07:49:30.0651 1256 ============================================================
    07:49:30.0651 1256 Initialize success
    07:49:30.0651 1256 ============================================================
    07:49:36.0938 1188 ============================================================
    07:49:36.0938 1188 Scan started
    07:49:36.0938 1188 Mode: Manual;
    07:49:36.0938 1188 ============================================================
    07:49:37.0125 1188 ================ Scan system memory ========================
    07:49:37.0125 1188 System memory - ok
    07:49:37.0125 1188 ================ Scan services =============================
    07:49:37.0312 1188 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
    07:49:37.0328 1188 1394ohci - ok
    07:49:37.0390 1188 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
    07:49:37.0390 1188 ACPI - ok
    07:49:37.0437 1188 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
    07:49:37.0437 1188 AcpiPmi - ok
    07:49:37.0578 1188 [ 63F8A1722B88D5065650D7E49A4AC143 ] Adobe LM Service C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    07:49:37.0593 1188 Adobe LM Service - ok
    07:49:37.0749 1188 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    07:49:37.0749 1188 AdobeFlashPlayerUpdateSvc - ok
    07:49:37.0796 1188 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
  4. vlac112

    vlac112 Newcomer, in training Topic Starter

    RogueKiller:

    RogueKiller V8.1.1 [10/03/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Babi [Admin rights]
    Mode : Scan -- Date : 10/13/2012 07:59:47

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 4 ¤¤¤
    [TASK][SUSP PATH] {63B7A2CC-C478-4E10-810B-93E362FE5AC8} : C:\Users\Babi\Desktop\Scenarist_Designer_221B10A\Scenarist Designer 221B10A\Crack\installMC.exe -> FOUND
    [TASK][SUSP PATH] {F311C1D8-BBC5-40CF-A776-04E32AAB4A4C} : C:\Windows\system32\pcalua.exe -a "C:\Users\Babi\Desktop\Scenarist_Designer_221B10A\Scenarist Designer 221B10A\Crack\installMC.exe" -d "C:\Users\Babi\Desktop\Scenarist_Designer_221B10A\Scenarist Designer 221B10A\Crack" -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤
    [ZeroAccess][FILE] @ : C:\Windows\Installer\{d1cda5b9-aedb-b369-805d-808993f06024}\@ --> FOUND
    [ZeroAccess][FOLDER] U : C:\Windows\Installer\{d1cda5b9-aedb-b369-805d-808993f06024}\U --> FOUND
    [ZeroAccess][FOLDER] L : C:\Windows\Installer\{d1cda5b9-aedb-b369-805d-808993f06024}\L --> FOUND
    [ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini --> FOUND
    [ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini --> FOUND
    [Susp.ASLR][FILE] services.exe : C:\Windows\system32\services.exe --> FOUND

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ Infection : ZeroAccess ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts



    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: WDC WD3200BEVT-75ZCT2 +++++
    --- User ---
    [MBR] 9838eb46b525a3fef9fc79946803871b
    [BSP] f3d5e8be2ed024224649ed2c4911a025 : Windows Vista MBR Code
    Partition table:
    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 290204 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: Kingston DataTraveler 2.0 USB Device +++++
    --- User ---
    [MBR] c64c7eb4c0f7c1b2403337ac82bf5de0
    [BSP] ef3177ea6997481f5647d45aa222b26f : MBR Code unknown
    Partition table:
    0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 32 | Size: 983 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Finished : << RKreport[1].txt >>
    RKreport[1].txt



    RogueKiller V8.1.1 [10/03/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Babi [Admin rights]
    Mode : Scan -- Date : 10/13/2012 08:00:56

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 8 ¤¤¤
    [TASK][PREVRUN] {2C34A78B-F309-44EF-964D-D8C862AE715A} : C:\Windows\system32\pcalua.exe -a C:\film\RSL\uninstall.exe -> FOUND
    [TASK][SUSP PATH] {63B7A2CC-C478-4E10-810B-93E362FE5AC8} : C:\Users\Babi\Desktop\Scenarist_Designer_221B10A\Scenarist Designer 221B10A\Crack\installMC.exe -> FOUND
    [TASK][PREVRUN] {76AE6A84-8C3E-452E-B5F3-8FD088AA3C58} : C:\Windows\system32\pcalua.exe -a "C:\film\Új mappa\daemon4.exe" -d "C:\Program Files (x86)\Mozilla Firefox" -> FOUND
    [TASK][PREVRUN] {D4AEFCFD-80CB-4EE9-909C-3CA109FE7ABC} : C:\Windows\system32\pcalua.exe -a C:\film\RSL\uninstall.exe -> FOUND
    [TASK][PREVRUN] {D5DA4AB2-C199-4B1E-90F5-8349D11D653B} : C:\Windows\system32\pcalua.exe -a D:\setup.exe -d D:\ -> FOUND
    [TASK][PREVRUN] {F311C1D8-BBC5-40CF-A776-04E32AAB4A4C} : C:\Windows\system32\pcalua.exe -a "C:\Users\Babi\Desktop\Scenarist_Designer_221B10A\Scenarist Designer 221B10A\Crack\installMC.exe" -d "C:\Users\Babi\Desktop\Scenarist_Designer_221B10A\Scenarist Designer 221B10A\Crack" -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤
    [ZeroAccess][FILE] @ : C:\Windows\Installer\{d1cda5b9-aedb-b369-805d-808993f06024}\@ --> FOUND
    [ZeroAccess][FOLDER] U : C:\Windows\Installer\{d1cda5b9-aedb-b369-805d-808993f06024}\U --> FOUND
    [ZeroAccess][FOLDER] L : C:\Windows\Installer\{d1cda5b9-aedb-b369-805d-808993f06024}\L --> FOUND
    [ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini --> FOUND
    [ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini --> FOUND
    [Susp.ASLR][FILE] services.exe : C:\Windows\system32\services.exe --> FOUND

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ Infection : ZeroAccess ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts



    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: WDC WD3200BEVT-75ZCT2 +++++
    --- User ---
    [MBR] 9838eb46b525a3fef9fc79946803871b
    [BSP] f3d5e8be2ed024224649ed2c4911a025 : Windows Vista MBR Code
    Partition table:
    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 290204 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: Kingston DataTraveler 2.0 USB Device +++++
    --- User ---
    [MBR] c64c7eb4c0f7c1b2403337ac82bf5de0
    [BSP] ef3177ea6997481f5647d45aa222b26f : MBR Code unknown
    Partition table:
    0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 32 | Size: 983 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Finished : << RKreport[2].txt >>
    RKreport[1].txt ; RKreport[2].txt


    RogueKiller V8.1.1 [10/03/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Babi [Admin rights]
    Mode : Remove -- Date : 10/13/2012 08:01:52

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 8 ¤¤¤
    [TASK][PREVRUN] {2C34A78B-F309-44EF-964D-D8C862AE715A} : C:\Windows\system32\pcalua.exe -a C:\film\RSL\uninstall.exe -> DELETED
    [TASK][SUSP PATH] {63B7A2CC-C478-4E10-810B-93E362FE5AC8} : C:\Users\Babi\Desktop\Scenarist_Designer_221B10A\Scenarist Designer 221B10A\Crack\installMC.exe -> DELETED
    [TASK][PREVRUN] {76AE6A84-8C3E-452E-B5F3-8FD088AA3C58} : C:\Windows\system32\pcalua.exe -a "C:\film\Új mappa\daemon4.exe" -d "C:\Program Files (x86)\Mozilla Firefox" -> DELETED
    [TASK][PREVRUN] {D4AEFCFD-80CB-4EE9-909C-3CA109FE7ABC} : C:\Windows\system32\pcalua.exe -a C:\film\RSL\uninstall.exe -> DELETED
    [TASK][PREVRUN] {D5DA4AB2-C199-4B1E-90F5-8349D11D653B} : C:\Windows\system32\pcalua.exe -a D:\setup.exe -d D:\ -> DELETED
    [TASK][PREVRUN] {F311C1D8-BBC5-40CF-A776-04E32AAB4A4C} : C:\Windows\system32\pcalua.exe -a "C:\Users\Babi\Desktop\Scenarist_Designer_221B10A\Scenarist Designer 221B10A\Crack\installMC.exe" -d "C:\Users\Babi\Desktop\Scenarist_Designer_221B10A\Scenarist Designer 221B10A\Crack" -> DELETED
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Particular Files / Folders: ¤¤¤
    [ZeroAccess][FILE] @ : C:\Windows\Installer\{d1cda5b9-aedb-b369-805d-808993f06024}\@ --> REMOVED AT REBOOT
    [Del.Parent][FILE] 00000004.@ : C:\Windows\Installer\{d1cda5b9-aedb-b369-805d-808993f06024}\U\00000004.@ --> REMOVED
    [Del.Parent][FILE] 00000008.@ : C:\Windows\Installer\{d1cda5b9-aedb-b369-805d-808993f06024}\U\00000008.@ --> REMOVED
    [Del.Parent][FILE] 000000cb.@ : C:\Windows\Installer\{d1cda5b9-aedb-b369-805d-808993f06024}\U\000000cb.@ --> REMOVED
    [Del.Parent][FILE] 80000000.@ : C:\Windows\Installer\{d1cda5b9-aedb-b369-805d-808993f06024}\U\80000000.@ --> REMOVED
    [Del.Parent][FILE] 80000032.@ : C:\Windows\Installer\{d1cda5b9-aedb-b369-805d-808993f06024}\U\80000032.@ --> REMOVED
    [Del.Parent][FILE] 80000064.@ : C:\Windows\Installer\{d1cda5b9-aedb-b369-805d-808993f06024}\U\80000064.@ --> REMOVED
    [ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{d1cda5b9-aedb-b369-805d-808993f06024}\U --> REMOVED
    [Del.Parent][FILE] 00000004.@ : C:\Windows\Installer\{d1cda5b9-aedb-b369-805d-808993f06024}\L\00000004.@ --> REMOVED
    [Del.Parent][FILE] 201d3dde : C:\Windows\Installer\{d1cda5b9-aedb-b369-805d-808993f06024}\L\201d3dde --> REMOVED
    [ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{d1cda5b9-aedb-b369-805d-808993f06024}\L --> REMOVED
    [ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini --> REMOVED AT REBOOT
    [ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini --> REMOVED AT REBOOT
    [Susp.ASLR][FILE] services.exe : C:\Windows\system32\services.exe --> REPLACED AT REBOOT (C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe)

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ Infection : ZeroAccess ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts



    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: WDC WD3200BEVT-75ZCT2 +++++
    --- User ---
    [MBR] 9838eb46b525a3fef9fc79946803871b
    [BSP] f3d5e8be2ed024224649ed2c4911a025 : Windows Vista MBR Code
    Partition table:
    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 290204 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: Kingston DataTraveler 2.0 USB Device +++++
    --- User ---
    [MBR] c64c7eb4c0f7c1b2403337ac82bf5de0
    [BSP] ef3177ea6997481f5647d45aa222b26f : MBR Code unknown
    Partition table:
    0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 32 | Size: 983 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Finished : << RKreport[3].txt >>
    RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
  5. vlac112

    vlac112 Newcomer, in training Topic Starter

    aswMBR:

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-10-13 08:05:47
    -----------------------------
    08:05:47.733 OS Version: Windows x64 6.1.7601 Service Pack 1
    08:05:47.733 Number of processors: 2 586 0x170A
    08:05:47.733 ComputerName: BABI-PC UserName: Babi
    08:05:49.527 Initialize success
    08:09:26.963 AVAST engine defs: 12101202
    08:09:35.340 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    08:09:35.356 Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3
    08:09:35.371 Disk 0 MBR read successfully
    08:09:35.371 Disk 0 MBR scan
    08:09:35.403 Disk 0 Windows VISTA default MBR code
    08:09:35.403 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
    08:09:35.434 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 81920
    08:09:35.465 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 290204 MB offset 30801920
    08:09:35.496 Disk 0 scanning C:\Windows\system32\drivers
    08:10:00.082 Service scanning
    08:10:43.247 Modules scanning
    08:10:43.247 Disk 0 trace - called modules:
    08:10:43.278 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys spkq.sys hal.dll
    08:10:43.278 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004705230]
    08:10:43.278 3 CLASSPNP.SYS[fffff88001c0143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800455d050]
    08:10:46.008 AVAST engine scan C:\Windows
    08:10:51.500 AVAST engine scan C:\Windows\system32
    08:17:03.825 AVAST engine scan C:\Windows\system32\drivers
    08:17:23.825 AVAST engine scan C:\Users\Babi
    08:27:30.775 AVAST engine scan C:\ProgramData
    08:29:43.765 Scan finished successfully
    08:31:23.995 Disk 0 MBR has been saved successfully to "C:\Users\Babi\Desktop\MBR.dat"
    08:31:24.011 The log file has been saved successfully to "C:\Users\Babi\Desktop\aswMBR.txt"


    This also created an MBR.dat file and RogueKiller created a Quarantine folder with files in it.
  6. Broni

    Broni Malware Annihilator Posts: 46,373   +252

    TDSSKiller log is incomplete.
    Repost or redo.
  7. vlac112

    vlac112 Newcomer, in training Topic Starter

    Sorry, this is the whole log (part 1):

    07:49:29.0200 1256 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
    07:49:29.0263 1256 ============================================================
    07:49:29.0263 1256 Current date / time: 2012/10/13 07:49:29.0263
    07:49:29.0263 1256 SystemInfo:
    07:49:29.0263 1256
    07:49:29.0263 1256 OS Version: 6.1.7601 ServicePack: 1.0
    07:49:29.0263 1256 Product type: Workstation
    07:49:29.0263 1256 ComputerName: BABI-PC
    07:49:29.0263 1256 UserName: Babi
    07:49:29.0263 1256 Windows directory: C:\Windows
    07:49:29.0263 1256 System windows directory: C:\Windows
    07:49:29.0263 1256 Running under WOW64
    07:49:29.0263 1256 Processor architecture: Intel x64
    07:49:29.0263 1256 Number of processors: 2
    07:49:29.0263 1256 Page size: 0x1000
    07:49:29.0263 1256 Boot type: Normal boot
    07:49:29.0263 1256 ============================================================
    07:49:30.0604 1256 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    07:49:30.0620 1256 Drive \Device\Harddisk1\DR1 - Size: 0x3D800000 (0.96 Gb), SectorSize: 0x200, Cylinders: 0x7D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    07:49:30.0620 1256 ============================================================
    07:49:30.0620 1256 \Device\Harddisk0\DR0:
    07:49:30.0620 1256 MBR partitions:
    07:49:30.0620 1256 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
    07:49:30.0620 1256 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x236CE2B0
    07:49:30.0620 1256 \Device\Harddisk1\DR1:
    07:49:30.0620 1256 MBR partitions:
    07:49:30.0620 1256 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0x1EBFE0
    07:49:30.0620 1256 ============================================================
    07:49:30.0651 1256 C: <-> \Device\Harddisk0\DR0\Partition2
    07:49:30.0651 1256 ============================================================
    07:49:30.0651 1256 Initialize success
    07:49:30.0651 1256 ============================================================
    07:49:36.0938 1188 ============================================================
    07:49:36.0938 1188 Scan started
    07:49:36.0938 1188 Mode: Manual;
    07:49:36.0938 1188 ============================================================
    07:49:37.0125 1188 ================ Scan system memory ========================
    07:49:37.0125 1188 System memory - ok
    07:49:37.0125 1188 ================ Scan services =============================
    07:49:37.0312 1188 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
    07:49:37.0328 1188 1394ohci - ok
    07:49:37.0390 1188 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
    07:49:37.0390 1188 ACPI - ok
    07:49:37.0437 1188 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
    07:49:37.0437 1188 AcpiPmi - ok
    07:49:37.0578 1188 [ 63F8A1722B88D5065650D7E49A4AC143 ] Adobe LM Service C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    07:49:37.0593 1188 Adobe LM Service - ok
    07:49:37.0749 1188 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    07:49:37.0749 1188 AdobeFlashPlayerUpdateSvc - ok
    07:49:37.0796 1188 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
    07:49:37.0905 1188 adp94xx - ok
    07:49:37.0952 1188 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
    07:49:37.0952 1188 adpahci - ok
    07:49:37.0999 1188 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
    07:49:37.0999 1188 adpu320 - ok
    07:49:38.0046 1188 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    07:49:38.0046 1188 AeLookupSvc - ok
    07:49:38.0092 1188 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
    07:49:38.0124 1188 AFD - ok
    07:49:38.0170 1188 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
    07:49:38.0170 1188 agp440 - ok
    07:49:38.0217 1188 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
    07:49:38.0217 1188 ALG - ok
    07:49:38.0264 1188 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
    07:49:38.0264 1188 aliide - ok
    07:49:38.0311 1188 [ 9A5495EDEBE7D6B3F7E9A86EBE5EA248 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
    07:49:38.0311 1188 AMD External Events Utility - ok
    07:49:38.0358 1188 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
    07:49:38.0373 1188 amdide - ok
    07:49:38.0404 1188 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
    07:49:38.0404 1188 AmdK8 - ok
    07:49:38.0420 1188 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
    07:49:38.0420 1188 AmdPPM - ok
    07:49:38.0482 1188 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
    07:49:38.0514 1188 amdsata - ok
    07:49:38.0545 1188 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
    07:49:38.0560 1188 amdsbs - ok
    07:49:38.0623 1188 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
    07:49:38.0623 1188 amdxata - ok
    07:49:38.0685 1188 [ B5C0F65D6657C6ADD9ED75EC7583390B ] AnyDVD C:\Windows\system32\Drivers\AnyDVD.sys
    07:49:38.0685 1188 AnyDVD - ok
    07:49:38.0732 1188 [ 1412E9A88FE1F7E35CE6058A2EF03664 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
    07:49:38.0732 1188 ApfiltrService - ok
    07:49:38.0779 1188 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
    07:49:38.0794 1188 AppID - ok
    07:49:38.0826 1188 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    07:49:38.0826 1188 AppIDSvc - ok
    07:49:38.0888 1188 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
    07:49:38.0888 1188 Appinfo - ok
    07:49:38.0966 1188 [ 70D7BE78061126DD0C3ACCDB7E129017 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    07:49:38.0982 1188 Apple Mobile Device - ok
    07:49:39.0028 1188 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
    07:49:39.0028 1188 arc - ok
    07:49:39.0122 1188 [ F97C3AAF0699E0B85DF1A02DE8AAE333 ] archlp C:\Windows\system32\drivers\archlp.sys
    07:49:39.0153 1188 archlp - ok
    07:49:39.0200 1188 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
    07:49:39.0200 1188 arcsas - ok
    07:49:39.0372 1188 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
    07:49:39.0450 1188 aspnet_state - ok
    07:49:39.0465 1188 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    07:49:39.0481 1188 AsyncMac - ok
    07:49:39.0543 1188 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
    07:49:39.0543 1188 atapi - ok
    07:49:39.0715 1188 [ A08339AE90972E268B9622C668F450E8 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
    07:49:39.0871 1188 atikmdag - ok
    07:49:39.0980 1188 [ 64F07381335E37C142F6D176705FFCA6 ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys
    07:49:40.0011 1188 atksgt - ok
    07:49:40.0308 1188 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    07:49:41.0197 1188 AudioEndpointBuilder - ok
    07:49:41.0212 1188 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
    07:49:41.0228 1188 AudioSrv - ok
    07:49:41.0306 1188 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
    07:49:41.0337 1188 AxInstSV - ok
    07:49:41.0462 1188 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
    07:49:41.0509 1188 b06bdrv - ok
    07:49:41.0602 1188 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    07:49:41.0665 1188 b57nd60a - ok
    07:49:41.0727 1188 [ E001DD475A7C27EBE5A0DB45C11BAD71 ] BCM42RLY C:\Windows\system32\drivers\BCM42RLY.sys
    07:49:41.0743 1188 BCM42RLY - ok
    07:49:41.0914 1188 [ F4CD5F52850BF2C978DE178F256BA372 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
    07:49:41.0930 1188 BCM43XX - ok
    07:49:42.0008 1188 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
    07:49:42.0039 1188 BDESVC - ok
    07:49:42.0133 1188 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
    07:49:42.0148 1188 Beep - ok
    07:49:42.0242 1188 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
    07:49:42.0336 1188 BFE - ok
    07:49:42.0367 1188 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
    07:49:42.0398 1188 blbdrive - ok
    07:49:42.0523 1188 [ 673CF4F6BB1FBE09331B526802FBB892 ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    07:49:42.0585 1188 Bonjour Service - ok
    07:49:42.0694 1188 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    07:49:42.0726 1188 bowser - ok
    07:49:42.0772 1188 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
    07:49:42.0788 1188 BrFiltLo - ok
    07:49:42.0804 1188 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
    07:49:42.0835 1188 BrFiltUp - ok
    07:49:42.0944 1188 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
    07:49:43.0022 1188 Browser - ok
    07:49:43.0084 1188 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    07:49:43.0162 1188 Brserid - ok
    07:49:43.0240 1188 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    07:49:43.0287 1188 BrSerWdm - ok
    07:49:43.0334 1188 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    07:49:43.0365 1188 BrUsbMdm - ok
    07:49:43.0428 1188 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    07:49:43.0443 1188 BrUsbSer - ok
    07:49:43.0568 1188 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
    07:49:43.0599 1188 BthEnum - ok
    07:49:43.0677 1188 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
    07:49:43.0708 1188 BTHMODEM - ok
    07:49:43.0755 1188 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
    07:49:43.0786 1188 BthPan - ok
    07:49:43.0989 1188 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
    07:49:44.0098 1188 BTHPORT - ok
    07:49:44.0176 1188 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
    07:49:44.0208 1188 bthserv - ok
    07:49:44.0270 1188 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
    07:49:44.0301 1188 BTHUSB - ok
    07:49:44.0348 1188 [ 6BCFDC2B5B7F66D484486D4BD4B39A6B ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
    07:49:44.0379 1188 btwaudio - ok
    07:49:44.0488 1188 [ 82DC8B7C626E526681C1BEBED2BC3FF9 ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys
    07:49:44.0520 1188 btwavdt - ok
    07:49:44.0629 1188 [ D65AA164ACD0F6706DBCFBBCC9731584 ] btwdins c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    07:49:44.0707 1188 btwdins - ok
    07:49:44.0738 1188 [ 6149301DC3F81D6F9667A3FBAC410975 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
    07:49:44.0769 1188 btwl2cap - ok
    07:49:44.0800 1188 [ 28E105AD3B79F440BF94780F507BF66A ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
    07:49:44.0800 1188 btwrchid - ok
    07:49:44.0832 1188 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    07:49:44.0832 1188 cdfs - ok
    07:49:44.0910 1188 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    07:49:44.0910 1188 cdrom - ok
    07:49:44.0956 1188 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
    07:49:44.0972 1188 CertPropSvc - ok
    07:49:45.0003 1188 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
    07:49:45.0019 1188 circlass - ok
    07:49:45.0050 1188 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
    07:49:45.0066 1188 CLFS - ok
    07:49:45.0206 1188 [ FE1C81A049E5C5D67C4AB7C31C899F6F ] CLKMSVC10_9EC60124 C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe
    07:49:45.0206 1188 CLKMSVC10_9EC60124 - ok
    07:49:45.0284 1188 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    07:49:45.0300 1188 clr_optimization_v2.0.50727_32 - ok
    07:49:45.0346 1188 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    07:49:45.0346 1188 clr_optimization_v2.0.50727_64 - ok
    07:49:45.0471 1188 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    07:49:45.0658 1188 clr_optimization_v4.0.30319_32 - ok
    07:49:45.0690 1188 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    07:49:45.0799 1188 clr_optimization_v4.0.30319_64 - ok
    07:49:45.0846 1188 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
    07:49:45.0846 1188 CmBatt - ok
    07:49:45.0861 1188 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
    07:49:45.0877 1188 cmdide - ok
    07:49:45.0924 1188 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
    07:49:45.0939 1188 CNG - ok
    07:49:46.0002 1188 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
    07:49:46.0002 1188 Compbatt - ok
    07:49:46.0048 1188 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
    07:49:46.0064 1188 CompositeBus - ok
    07:49:46.0064 1188 COMSysApp - ok
    07:49:46.0095 1188 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
    07:49:46.0095 1188 crcdisk - ok
    07:49:46.0158 1188 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
    07:49:46.0158 1188 CryptSvc - ok
    07:49:46.0189 1188 [ ED5CF92396A62F4C15110DCDB5E854D9 ] CtClsFlt C:\Windows\system32\DRIVERS\CtClsFlt.sys
    07:49:46.0189 1188 CtClsFlt - ok
    07:49:46.0251 1188 [ 44BDDEB03C84A1C993C992FFB5700357 ] CVirtA C:\Windows\system32\DRIVERS\CVirtA64.sys
    07:49:46.0267 1188 CVirtA - ok
    07:49:46.0392 1188 [ 66257CB4E4FB69887CDDC71663741435 ] CVPND C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
    07:49:46.0407 1188 CVPND - ok
    07:49:46.0485 1188 [ CC8E52DAA9826064BA464DBE531F2BB5 ] CVPNDRVA C:\Windows\system32\Drivers\CVPNDRVA.sys
    07:49:46.0485 1188 CVPNDRVA - ok
    07:49:46.0548 1188 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
    07:49:46.0563 1188 DcomLaunch - ok
    07:49:46.0626 1188 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
    07:49:46.0626 1188 defragsvc - ok
    07:49:46.0672 1188 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    07:49:46.0672 1188 DfsC - ok
    07:49:46.0735 1188 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
    07:49:46.0750 1188 Dhcp - ok
    07:49:46.0782 1188 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
    07:49:46.0782 1188 discache - ok
    07:49:46.0813 1188 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
    07:49:46.0813 1188 Disk - ok
    07:49:46.0891 1188 [ 05CB5910B3CA6019FC3CCA815EE06FFB ] DNE C:\Windows\system32\DRIVERS\dne64x.sys
    07:49:46.0891 1188 DNE - ok
    07:49:46.0953 1188 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    07:49:46.0953 1188 Dnscache - ok
    07:49:47.0000 1188 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
    07:49:47.0000 1188 dot3svc - ok
    07:49:47.0047 1188 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
    07:49:47.0047 1188 DPS - ok
    07:49:47.0078 1188 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    07:49:47.0078 1188 drmkaud - ok
    07:49:47.0140 1188 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    07:49:47.0156 1188 DXGKrnl - ok
    07:49:47.0234 1188 [ D00EAE9C735A7DEE8049E50D73D25434 ] eamonm C:\Windows\system32\DRIVERS\eamonm.sys
    07:49:47.0234 1188 eamonm - ok
    07:49:47.0265 1188 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
    07:49:47.0281 1188 EapHost - ok
    07:49:47.0390 1188 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
    07:49:47.0484 1188 ebdrv - ok
    07:49:47.0530 1188 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
    07:49:47.0562 1188 EFS - ok
    07:49:47.0640 1188 [ E5EDDE3C8158DD0CBC5812F201DCDED0 ] ehdrv C:\Windows\system32\DRIVERS\ehdrv.sys
    07:49:47.0640 1188 ehdrv - ok
    07:49:47.0733 1188 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    07:49:47.0749 1188 ehRecvr - ok
    07:49:47.0796 1188 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
    07:49:47.0796 1188 ehSched - ok
    07:49:47.0952 1188 [ AD4FAADE819E0DA9933BEA7C01D2C763 ] ekrn C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
    07:49:47.0952 1188 ekrn - ok
    07:49:48.0061 1188 [ 8D18A680BDAB2ACA00506FE6F8AEF81A ] ElbyCDFL C:\Windows\system32\Drivers\ElbyCDFL.sys
    07:49:48.0061 1188 ElbyCDFL - ok
    07:49:48.0092 1188 [ A05FC7ECA0966EBB70E4D17B855A853B ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys
    07:49:48.0092 1188 ElbyCDIO - ok
    07:49:48.0154 1188 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
    07:49:48.0170 1188 elxstor - ok
    07:49:48.0248 1188 [ 587F0F4145A1536A6E37EFD769B7665F ] epfw C:\Windows\system32\DRIVERS\epfw.sys
    07:49:48.0264 1188 epfw - ok
    07:49:48.0326 1188 [ D2F812358EE8EE23CBB5C4DAFFB5B819 ] EpfwLWF C:\Windows\system32\DRIVERS\EpfwLWF.sys
    07:49:48.0326 1188 EpfwLWF - ok
    07:49:48.0388 1188 [ 34BF55D69AB74D14C7E7A17259CB7DF8 ] epfwwfp C:\Windows\system32\DRIVERS\epfwwfp.sys
    07:49:48.0388 1188 epfwwfp - ok
    07:49:48.0420 1188 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
    07:49:48.0420 1188 ErrDev - ok
    07:49:48.0482 1188 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
    07:49:48.0498 1188 EventSystem - ok
    07:49:48.0544 1188 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
    07:49:48.0544 1188 exfat - ok
    07:49:48.0576 1188 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
    07:49:48.0576 1188 fastfat - ok
    07:49:48.0654 1188 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
    07:49:48.0669 1188 Fax - ok
    07:49:48.0716 1188 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    07:49:48.0732 1188 fdc - ok
    07:49:48.0747 1188 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
    07:49:48.0763 1188 fdPHost - ok
    07:49:48.0763 1188 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
    07:49:48.0763 1188 FDResPub - ok
    07:49:48.0778 1188 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    07:49:48.0794 1188 FileInfo - ok
    07:49:48.0794 1188 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    07:49:48.0794 1188 Filetrace - ok
    07:49:48.0841 1188 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    07:49:48.0841 1188 flpydisk - ok
    07:49:48.0888 1188 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    07:49:48.0888 1188 FltMgr - ok
    07:49:48.0966 1188 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
    07:49:49.0028 1188 FontCache - ok
    07:49:49.0106 1188 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    07:49:49.0106 1188 FontCache3.0.0.0 - ok
    07:49:49.0137 1188 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    07:49:49.0137 1188 FsDepends - ok
    07:49:49.0168 1188 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    07:49:49.0184 1188 Fs_Rec - ok
    07:49:49.0231 1188 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    07:49:49.0231 1188 fvevol - ok
    07:49:49.0262 1188 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
    07:49:49.0262 1188 gagp30kx - ok
    07:49:49.0324 1188 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    07:49:49.0356 1188 GEARAspiWDM - ok
    07:49:49.0402 1188 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
    07:49:49.0434 1188 gpsvc - ok
    07:49:49.0480 1188 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1ca9f7d64f5f5ff C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    07:49:49.0496 1188 gupdate1ca9f7d64f5f5ff - ok
    07:49:49.0512 1188 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    07:49:49.0512 1188 gupdatem - ok
    07:49:49.0543 1188 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    07:49:49.0574 1188 hcw85cir - ok
    07:49:49.0605 1188 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
    07:49:49.0605 1188 HDAudBus - ok
    07:49:49.0636 1188 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
    07:49:49.0636 1188 HidBatt - ok
    07:49:49.0652 1188 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
    07:49:49.0668 1188 HidBth - ok
    07:49:49.0683 1188 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
    07:49:49.0683 1188 HidIr - ok
    07:49:49.0714 1188 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
    07:49:49.0714 1188 hidserv - ok
    07:49:49.0746 1188 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
    07:49:49.0746 1188 HidUsb - ok
    07:49:49.0792 1188 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
    07:49:49.0792 1188 hkmsvc - ok
    07:49:49.0824 1188 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    07:49:49.0839 1188 HomeGroupListener - ok
    07:49:49.0886 1188 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    07:49:49.0886 1188 HomeGroupProvider - ok
    07:49:49.0933 1188 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    07:49:49.0933 1188 HpSAMD - ok
    07:49:50.0011 1188 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    07:49:50.0026 1188 HTTP - ok
    07:49:50.0073 1188 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    07:49:50.0073 1188 hwpolicy - ok
    07:49:50.0151 1188 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
    07:49:50.0151 1188 i8042prt - ok
    07:49:50.0198 1188 [ 7548066DF68A8A1A56B043359F915F37 ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    07:49:50.0214 1188 IAANTMON - ok
    07:49:50.0260 1188 [ 4F6FB2CDBDEEFC47E7D2066E78254580 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
    07:49:50.0276 1188 iaStor - ok
    07:49:50.0323 1188 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    07:49:50.0338 1188 iaStorV - ok
    07:49:50.0416 1188 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    07:49:50.0432 1188 IDriverT - ok
    07:49:50.0494 1188 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    07:49:50.0526 1188 idsvc - ok
    07:49:50.0572 1188 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
    07:49:50.0572 1188 iirsp - ok
    07:49:50.0635 1188 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
    07:49:50.0666 1188 IKEEXT - ok
    07:49:50.0713 1188 [ ED9F842A948412A58C58EE8C46234AA8 ] INIDVD C:\Windows\system32\DRIVERS\inidvd.sys
    07:49:50.0713 1188 INIDVD - ok
    07:49:50.0760 1188 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
    07:49:50.0760 1188 intelide - ok
    07:49:50.0775 1188 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    07:49:50.0791 1188 intelppm - ok
    07:49:50.0806 1188 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    07:49:50.0822 1188 IPBusEnum - ok
    07:49:50.0853 1188 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    07:49:50.0853 1188 IpFilterDriver - ok
    07:49:50.0931 1188 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
    07:49:50.0947 1188 iphlpsvc - ok
    07:49:51.0009 1188 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
    07:49:51.0025 1188 IPMIDRV - ok
    07:49:51.0087 1188 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    07:49:51.0087 1188 IPNAT - ok
    07:49:51.0150 1188 [ F0EAC938ECC1B2764D04CE16F8627E56 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    07:49:51.0181 1188 iPod Service - ok
    07:49:51.0228 1188 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    07:49:51.0228 1188 IRENUM - ok
    07:49:51.0274 1188 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    07:49:51.0274 1188 isapnp - ok
    07:49:51.0321 1188 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
    07:49:51.0321 1188 iScsiPrt - ok
    07:49:51.0368 1188 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
    07:49:51.0368 1188 kbdclass - ok
    07:49:51.0399 1188 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
    07:49:51.0399 1188 kbdhid - ok
    07:49:51.0415 1188 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
    07:49:51.0415 1188 KeyIso - ok
    07:49:51.0462 1188 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    07:49:51.0477 1188 KSecDD - ok
    07:49:51.0524 1188 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    07:49:51.0524 1188 KSecPkg - ok
    07:49:51.0571 1188 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    07:49:51.0586 1188 ksthunk - ok
    07:49:51.0633 1188 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
    07:49:51.0649 1188 KtmRm - ok
    07:49:51.0727 1188 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
    07:49:51.0727 1188 LanmanServer - ok
    07:49:51.0789 1188 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    07:49:51.0789 1188 LanmanWorkstation - ok
    07:49:51.0883 1188 [ 83BA097ACAAD0B00505634A62D90F93A ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys
    07:49:51.0883 1188 lirsgt - ok
    07:49:51.0930 1188 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    07:49:51.0945 1188 lltdio - ok
    07:49:51.0976 1188 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
    07:49:51.0992 1188 lltdsvc - ok
    07:49:52.0023 1188 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
    07:49:52.0054 1188 lmhosts - ok
    07:49:52.0070 1188 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
    07:49:52.0086 1188 LSI_FC - ok
    07:49:52.0101 1188 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
    07:49:52.0101 1188 LSI_SAS - ok
    07:49:52.0117 1188 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
    07:49:52.0117 1188 LSI_SAS2 - ok
    07:49:52.0148 1188 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
    07:49:52.0148 1188 LSI_SCSI - ok
    07:49:52.0179 1188 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
    07:49:52.0195 1188 luafv - ok
    07:49:52.0226 1188 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
    07:49:52.0242 1188 MBAMProtector - ok
    07:49:52.0320 1188 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    07:49:52.0335 1188 MBAMScheduler - ok
    07:49:52.0382 1188 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    07:49:52.0398 1188 MBAMService - ok
    07:49:52.0460 1188 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    07:49:52.0460 1188 Mcx2Svc - ok
    07:49:52.0491 1188 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
    07:49:52.0507 1188 megasas - ok
    07:49:52.0538 1188 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
    07:49:52.0538 1188 MegaSR - ok
    07:49:52.0632 1188 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
    07:49:52.0632 1188 MMCSS - ok
    07:49:52.0632 1188 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
    07:49:52.0632 1188 Modem - ok
    07:49:52.0678 1188 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    07:49:52.0678 1188 monitor - ok
    07:49:52.0866 1188 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
    07:49:52.0866 1188 mouclass - ok
    07:49:52.0928 1188 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    07:49:52.0928 1188 mouhid - ok
    07:49:53.0209 1188 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    07:49:53.0209 1188 mountmgr - ok
    07:49:53.0365 1188 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    07:49:53.0365 1188 MozillaMaintenance - ok
  8. vlac112

    vlac112 Newcomer, in training Topic Starter

    Part 2:

    07:49:53.0599 1188 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
    07:49:53.0599 1188 mpio - ok
    07:49:53.0661 1188 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    07:49:53.0661 1188 mpsdrv - ok
    07:49:53.0724 1188 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
    07:49:53.0770 1188 MpsSvc - ok
    07:49:53.0817 1188 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    07:49:53.0817 1188 MRxDAV - ok
    07:49:53.0864 1188 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    07:49:53.0895 1188 mrxsmb - ok
    07:49:54.0004 1188 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    07:49:54.0004 1188 mrxsmb10 - ok
    07:49:54.0145 1188 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    07:49:54.0145 1188 mrxsmb20 - ok
    07:49:54.0316 1188 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
    07:49:54.0332 1188 msahci - ok
    07:49:54.0504 1188 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    07:49:54.0722 1188 msdsm - ok
    07:49:54.0769 1188 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
    07:49:54.0784 1188 MSDTC - ok
    07:49:54.0878 1188 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    07:49:54.0878 1188 Msfs - ok
    07:49:54.0894 1188 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    07:49:54.0894 1188 mshidkmdf - ok
    07:49:54.0956 1188 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    07:49:54.0956 1188 msisadrv - ok
    07:49:55.0003 1188 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    07:49:55.0018 1188 MSiSCSI - ok
    07:49:55.0018 1188 msiserver - ok
    07:49:55.0050 1188 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    07:49:55.0050 1188 MSKSSRV - ok
    07:49:55.0096 1188 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    07:49:55.0096 1188 MSPCLOCK - ok
    07:49:55.0112 1188 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    07:49:55.0112 1188 MSPQM - ok
    07:49:55.0190 1188 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    07:49:55.0206 1188 MsRPC - ok
    07:49:55.0237 1188 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
    07:49:55.0237 1188 mssmbios - ok
    07:49:55.0268 1188 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    07:49:55.0268 1188 MSTEE - ok
    07:49:55.0284 1188 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
    07:49:55.0299 1188 MTConfig - ok
    07:49:55.0330 1188 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
    07:49:55.0330 1188 Mup - ok
    07:49:55.0393 1188 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
    07:49:55.0408 1188 napagent - ok
    07:49:55.0440 1188 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    07:49:55.0471 1188 NativeWifiP - ok
    07:49:55.0533 1188 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
    07:49:55.0580 1188 NDIS - ok
    07:49:55.0611 1188 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    07:49:55.0611 1188 NdisCap - ok
    07:49:55.0642 1188 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    07:49:55.0642 1188 NdisTapi - ok
    07:49:55.0908 1188 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    07:49:55.0908 1188 Ndisuio - ok
    07:49:55.0986 1188 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    07:49:55.0986 1188 NdisWan - ok
    07:49:56.0048 1188 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    07:49:56.0095 1188 NDProxy - ok
    07:49:56.0142 1188 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    07:49:56.0173 1188 NetBIOS - ok
    07:49:56.0235 1188 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    07:49:56.0235 1188 NetBT - ok
    07:49:56.0266 1188 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
    07:49:56.0282 1188 Netlogon - ok
    07:49:56.0344 1188 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
    07:49:56.0360 1188 Netman - ok
    07:49:56.0532 1188 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    07:49:56.0594 1188 NetMsmqActivator - ok
    07:49:56.0594 1188 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    07:49:56.0594 1188 NetPipeActivator - ok
    07:49:56.0641 1188 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
    07:49:56.0656 1188 netprofm - ok
    07:49:56.0672 1188 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    07:49:56.0672 1188 NetTcpActivator - ok
    07:49:56.0672 1188 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    07:49:56.0688 1188 NetTcpPortSharing - ok
    07:49:56.0734 1188 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
    07:49:56.0734 1188 nfrd960 - ok
    07:49:56.0797 1188 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
    07:49:56.0812 1188 NlaSvc - ok
    07:49:56.0859 1188 [ 216BDF8B1017BB52692C9EE3C1E50597 ] nmwcdcx64 C:\Windows\system32\drivers\ccdcmbox64.sys
    07:49:56.0859 1188 nmwcdcx64 - ok
    07:49:56.0906 1188 [ C9773EF9CBF2877725A45F07396D5DA6 ] nmwcdx64 C:\Windows\system32\drivers\ccdcmbx64.sys
    07:49:56.0906 1188 nmwcdx64 - ok
    07:49:56.0922 1188 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    07:49:56.0922 1188 Npfs - ok
    07:49:56.0953 1188 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
    07:49:56.0953 1188 nsi - ok
    07:49:56.0968 1188 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    07:49:56.0968 1188 nsiproxy - ok
    07:49:57.0062 1188 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    07:49:57.0124 1188 Ntfs - ok
    07:49:57.0156 1188 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
    07:49:57.0156 1188 Null - ok
    07:49:57.0218 1188 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
    07:49:57.0218 1188 nvraid - ok
    07:49:57.0296 1188 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
    07:49:57.0296 1188 nvstor - ok
    07:49:57.0374 1188 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    07:49:57.0374 1188 nv_agp - ok
    07:49:57.0468 1188 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    07:49:57.0483 1188 odserv - ok
    07:49:57.0530 1188 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    07:49:57.0530 1188 ohci1394 - ok
    07:49:57.0577 1188 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    07:49:57.0592 1188 ose - ok
    07:49:57.0655 1188 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    07:49:57.0655 1188 p2pimsvc - ok
    07:49:57.0686 1188 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
    07:49:57.0702 1188 p2psvc - ok
    07:49:57.0733 1188 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
    07:49:57.0748 1188 Parport - ok
    07:49:57.0795 1188 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
    07:49:57.0811 1188 partmgr - ok
    07:49:57.0842 1188 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
    07:49:57.0858 1188 PcaSvc - ok
    07:49:57.0873 1188 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
    07:49:57.0873 1188 pci - ok
    07:49:57.0920 1188 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
    07:49:57.0920 1188 pciide - ok
    07:49:57.0967 1188 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
    07:49:57.0967 1188 pcmcia - ok
    07:49:57.0982 1188 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
    07:49:57.0998 1188 pcw - ok
    07:49:58.0029 1188 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    07:49:58.0045 1188 PEAUTH - ok
    07:49:58.0154 1188 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
    07:49:58.0154 1188 PerfHost - ok
    07:49:58.0216 1188 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
    07:49:58.0263 1188 pla - ok
    07:49:58.0326 1188 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    07:49:58.0372 1188 PlugPlay - ok
    07:49:58.0419 1188 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    07:49:58.0419 1188 PNRPAutoReg - ok
    07:49:58.0466 1188 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    07:49:58.0466 1188 PNRPsvc - ok
    07:49:58.0528 1188 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    07:49:58.0544 1188 PolicyAgent - ok
    07:49:58.0591 1188 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
    07:49:58.0591 1188 Power - ok
    07:49:58.0653 1188 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    07:49:58.0669 1188 PptpMiniport - ok
    07:49:58.0700 1188 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
    07:49:58.0700 1188 Processor - ok
    07:49:58.0731 1188 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
    07:49:58.0747 1188 ProfSvc - ok
    07:49:58.0762 1188 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
    07:49:58.0762 1188 ProtectedStorage - ok
    07:49:58.0825 1188 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    07:49:58.0825 1188 Psched - ok
    07:49:58.0872 1188 [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
    07:49:58.0872 1188 PxHlpa64 - ok
    07:49:58.0934 1188 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
    07:49:58.0981 1188 ql2300 - ok
    07:49:59.0028 1188 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
    07:49:59.0028 1188 ql40xx - ok
    07:49:59.0074 1188 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
    07:49:59.0090 1188 QWAVE - ok
    07:49:59.0106 1188 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    07:49:59.0152 1188 QWAVEdrv - ok
    07:49:59.0340 1188 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    07:49:59.0355 1188 RasAcd - ok
    07:49:59.0386 1188 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    07:49:59.0418 1188 RasAgileVpn - ok
    07:49:59.0527 1188 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
    07:49:59.0542 1188 RasAuto - ok
    07:49:59.0683 1188 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    07:49:59.0683 1188 Rasl2tp - ok
    07:49:59.0792 1188 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
    07:49:59.0839 1188 RasMan - ok
    07:49:59.0886 1188 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    07:49:59.0886 1188 RasPppoe - ok
    07:49:59.0932 1188 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    07:49:59.0932 1188 RasSstp - ok
    07:50:00.0010 1188 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    07:50:00.0010 1188 rdbss - ok
    07:50:00.0073 1188 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
    07:50:00.0073 1188 rdpbus - ok
    07:50:00.0088 1188 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    07:50:00.0088 1188 RDPCDD - ok
    07:50:00.0182 1188 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    07:50:00.0198 1188 RDPENCDD - ok
    07:50:00.0213 1188 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    07:50:00.0213 1188 RDPREFMP - ok
    07:50:00.0276 1188 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    07:50:00.0276 1188 RDPWD - ok
    07:50:00.0400 1188 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    07:50:00.0416 1188 rdyboost - ok
    07:50:00.0463 1188 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
    07:50:00.0463 1188 RemoteAccess - ok
    07:50:00.0510 1188 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    07:50:00.0525 1188 RemoteRegistry - ok
    07:50:00.0588 1188 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
    07:50:00.0603 1188 RFCOMM - ok
    07:50:00.0681 1188 [ F12A68ED55053940CADD59CA5E3468DD ] RichVideo C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
    07:50:00.0744 1188 RichVideo - ok
    07:50:00.0775 1188 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    07:50:00.0790 1188 RpcEptMapper - ok
    07:50:00.0822 1188 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
    07:50:00.0822 1188 RpcLocator - ok
    07:50:00.0900 1188 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
    07:50:00.0900 1188 RpcSs - ok
    07:50:00.0993 1188 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    07:50:00.0993 1188 rspndr - ok
    07:50:01.0071 1188 [ 4A25DC970C58104602ED274DACAFD784 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
    07:50:01.0071 1188 RSUSBSTOR - ok
    07:50:01.0102 1188 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
    07:50:01.0102 1188 SamSs - ok
    07:50:01.0149 1188 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    07:50:01.0149 1188 sbp2port - ok
    07:50:01.0212 1188 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
    07:50:01.0227 1188 SCardSvr - ok
    07:50:01.0258 1188 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    07:50:01.0258 1188 scfilter - ok
    07:50:01.0352 1188 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
    07:50:01.0383 1188 Schedule - ok
    07:50:01.0461 1188 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
    07:50:01.0461 1188 SCPolicySvc - ok
    07:50:01.0680 1188 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    07:50:01.0680 1188 SDRSVC - ok
    07:50:01.0898 1188 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    07:50:01.0898 1188 secdrv - ok
    07:50:02.0148 1188 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
    07:50:02.0148 1188 seclogon - ok
    07:50:02.0179 1188 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
    07:50:02.0194 1188 SENS - ok
    07:50:02.0210 1188 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
    07:50:02.0226 1188 SensrSvc - ok
    07:50:02.0319 1188 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
    07:50:02.0335 1188 Serenum - ok
    07:50:02.0428 1188 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
    07:50:02.0444 1188 Serial - ok
    07:50:02.0553 1188 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
    07:50:02.0553 1188 sermouse - ok
    07:50:02.0678 1188 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
    07:50:02.0694 1188 SessionEnv - ok
    07:50:02.0756 1188 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    07:50:02.0756 1188 sffdisk - ok
    07:50:02.0803 1188 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    07:50:02.0803 1188 sffp_mmc - ok
    07:50:02.0881 1188 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    07:50:02.0881 1188 sffp_sd - ok
    07:50:02.0974 1188 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
    07:50:02.0974 1188 sfloppy - ok
    07:50:03.0084 1188 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
    07:50:03.0099 1188 SharedAccess - ok
    07:50:03.0130 1188 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    07:50:03.0146 1188 ShellHWDetection - ok
    07:50:03.0255 1188 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
    07:50:03.0255 1188 SiSRaid2 - ok
    07:50:03.0302 1188 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
    07:50:03.0302 1188 SiSRaid4 - ok
    07:50:03.0396 1188 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
    07:50:03.0411 1188 SkypeUpdate - ok
    07:50:03.0614 1188 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    07:50:03.0630 1188 Smb - ok
    07:50:03.0692 1188 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    07:50:03.0708 1188 SNMPTRAP - ok
    07:50:03.0770 1188 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
    07:50:03.0770 1188 spldr - ok
    07:50:03.0848 1188 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
    07:50:03.0926 1188 Spooler - ok
    07:50:04.0051 1188 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
    07:50:04.0222 1188 sppsvc - ok
    07:50:04.0285 1188 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    07:50:04.0316 1188 sppuinotify - ok
    07:50:04.0410 1188 [ 602884696850C86434530790B110E8EB ] sptd C:\Windows\system32\Drivers\sptd.sys
    07:50:04.0410 1188 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850C86434530790B110E8EB
    07:50:04.0410 1188 sptd ( LockedFile.Multi.Generic ) - warning
    07:50:04.0410 1188 sptd - detected LockedFile.Multi.Generic (1)
    07:50:04.0488 1188 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
    07:50:04.0519 1188 srv - ok
    07:50:04.0534 1188 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    07:50:04.0550 1188 srv2 - ok
    07:50:04.0566 1188 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    07:50:04.0566 1188 srvnet - ok
    07:50:04.0612 1188 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    07:50:04.0612 1188 SSDPSRV - ok
    07:50:04.0675 1188 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
    07:50:04.0675 1188 SstpSvc - ok
    07:50:04.0846 1188 [ 444109453A2B87E6C16BCDA5953E81A9 ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
    07:50:04.0862 1188 STacSV - ok
    07:50:05.0065 1188 [ 415205B445C60B09E779F78D6DF25667 ] StarPortLite C:\Windows\system32\DRIVERS\StarPortLite.sys
    07:50:05.0080 1188 StarPortLite - ok
    07:50:05.0143 1188 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
    07:50:05.0174 1188 stexstor - ok
    07:50:05.0205 1188 [ 02E784FA49032F84964DB90A3ED81890 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
    07:50:05.0221 1188 STHDA - ok
    07:50:05.0314 1188 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
    07:50:05.0346 1188 stisvc - ok
    07:50:05.0408 1188 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
    07:50:05.0408 1188 swenum - ok
    07:50:05.0470 1188 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
    07:50:05.0517 1188 swprv - ok
    07:50:05.0626 1188 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
    07:50:05.0704 1188 SysMain - ok
    07:50:05.0798 1188 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
    07:50:05.0798 1188 TabletInputService - ok
    07:50:05.0876 1188 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
    07:50:05.0892 1188 TapiSrv - ok
    07:50:05.0923 1188 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
    07:50:05.0923 1188 TBS - ok
    07:50:06.0048 1188 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    07:50:06.0094 1188 Tcpip - ok
    07:50:06.0188 1188 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    07:50:06.0188 1188 TCPIP6 - ok
    07:50:06.0250 1188 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    07:50:06.0250 1188 tcpipreg - ok
    07:50:06.0344 1188 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    07:50:06.0360 1188 TDPIPE - ok
    07:50:06.0422 1188 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    07:50:06.0422 1188 TDTCP - ok
    07:50:06.0500 1188 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    07:50:06.0500 1188 tdx - ok
    07:50:06.0625 1188 [ D91CB8A2D5A0F60E53EB7A0B0BC2E0F0 ] TeamViewer5 C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
    07:50:06.0625 1188 TeamViewer5 - ok
    07:50:06.0672 1188 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
    07:50:06.0672 1188 TermDD - ok
    07:50:06.0734 1188 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
    07:50:06.0750 1188 TermService - ok
    07:50:06.0812 1188 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
    07:50:06.0812 1188 Themes - ok
    07:50:06.0843 1188 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
    07:50:06.0843 1188 THREADORDER - ok
    07:50:06.0906 1188 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
    07:50:06.0906 1188 TrkWks - ok
    07:50:06.0999 1188 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    07:50:06.0999 1188 TrustedInstaller - ok
    07:50:07.0046 1188 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    07:50:07.0046 1188 tssecsrv - ok
    07:50:07.0093 1188 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
    07:50:07.0093 1188 TsUsbFlt - ok
    07:50:07.0155 1188 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    07:50:07.0155 1188 tunnel - ok
    07:50:07.0186 1188 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
    07:50:07.0186 1188 uagp35 - ok
    07:50:07.0249 1188 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    07:50:07.0249 1188 udfs - ok
    07:50:07.0296 1188 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    07:50:07.0296 1188 UI0Detect - ok
    07:50:07.0311 1188 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    07:50:07.0311 1188 uliagpkx - ok
    07:50:07.0389 1188 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
    07:50:07.0405 1188 umbus - ok
    07:50:07.0420 1188 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
    07:50:07.0420 1188 UmPass - ok
    07:50:07.0483 1188 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
    07:50:07.0483 1188 upnphost - ok
    07:50:07.0530 1188 [ F49988FBF59413B974B1380D6F743EBC ] upperdev C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
    07:50:07.0530 1188 upperdev - ok
    07:50:07.0576 1188 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    07:50:07.0576 1188 usbccgp - ok
    07:50:07.0623 1188 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    07:50:07.0639 1188 usbcir - ok
    07:50:07.0701 1188 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
    07:50:07.0701 1188 usbehci - ok
    07:50:07.0717 1188 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    07:50:07.0732 1188 usbhub - ok
    07:50:07.0748 1188 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
    07:50:07.0748 1188 usbohci - ok
    07:50:07.0779 1188 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    07:50:07.0779 1188 usbprint - ok
    07:50:07.0842 1188 [ 4ACEE387FA8FD39F83564FCD2FC234F2 ] usbser C:\Windows\system32\drivers\usbser.sys
    07:50:07.0842 1188 usbser - ok
    07:50:07.0904 1188 [ 0FE9E048FC762DCAC087CB9EE1680079 ] UsbserFilt C:\Windows\system32\DRIVERS\usbser_lowerfltx64j.sys
    07:50:07.0920 1188 UsbserFilt - ok
    07:50:07.0935 1188 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    07:50:07.0935 1188 USBSTOR - ok
    07:50:07.0951 1188 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
    07:50:07.0966 1188 usbuhci - ok
    07:50:08.0013 1188 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
    07:50:08.0013 1188 usbvideo - ok
    07:50:08.0044 1188 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
    07:50:08.0060 1188 UxSms - ok
    07:50:08.0076 1188 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
    07:50:08.0076 1188 VaultSvc - ok
    07:50:08.0107 1188 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
    07:50:08.0107 1188 vdrvroot - ok
    07:50:08.0154 1188 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
    07:50:08.0154 1188 vds - ok
    07:50:08.0200 1188 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    07:50:08.0200 1188 vga - ok
    07:50:08.0216 1188 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
    07:50:08.0232 1188 VgaSave - ok
    07:50:08.0247 1188 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
    07:50:08.0247 1188 vhdmp - ok
    07:50:08.0294 1188 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
    07:50:08.0294 1188 viaide - ok
    07:50:08.0310 1188 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    07:50:08.0325 1188 volmgr - ok
    07:50:08.0356 1188 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    07:50:08.0372 1188 volmgrx - ok
    07:50:08.0419 1188 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    07:50:08.0419 1188 volsnap - ok
    07:50:08.0466 1188 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
    07:50:08.0466 1188 vsmraid - ok
    07:50:08.0544 1188 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
    07:50:08.0606 1188 VSS - ok
    07:50:08.0637 1188 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
    07:50:08.0637 1188 vwifibus - ok
    07:50:08.0668 1188 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
    07:50:08.0668 1188 vwififlt - ok
    07:50:08.0700 1188 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
    07:50:08.0731 1188 W32Time - ok
    07:50:08.0762 1188 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
    07:50:08.0762 1188 WacomPen - ok
    07:50:08.0824 1188 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    07:50:08.0824 1188 WANARP - ok
    07:50:08.0840 1188 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    07:50:08.0840 1188 Wanarpv6 - ok
    07:50:08.0934 1188 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    07:50:08.0996 1188 WatAdminSvc - ok
    07:50:09.0074 1188 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
    07:50:09.0136 1188 wbengine - ok
    07:50:09.0168 1188 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    07:50:09.0168 1188 WbioSrvc - ok
    07:50:09.0214 1188 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
    07:50:09.0230 1188 wcncsvc - ok
    07:50:09.0246 1188 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    07:50:09.0246 1188 WcsPlugInService - ok
    07:50:09.0277 1188 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
    07:50:09.0277 1188 Wd - ok
    07:50:09.0308 1188 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    07:50:09.0324 1188 Wdf01000 - ok
    07:50:09.0339 1188 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
    07:50:09.0339 1188 WdiServiceHost - ok
    07:50:09.0355 1188 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
    07:50:09.0355 1188 WdiSystemHost - ok
    07:50:09.0386 1188 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
    07:50:09.0402 1188 WebClient - ok
    07:50:09.0417 1188 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
    07:50:09.0433 1188 Wecsvc - ok
    07:50:09.0448 1188 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    07:50:09.0464 1188 wercplsupport - ok
    07:50:09.0480 1188 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
    07:50:09.0480 1188 WerSvc - ok
    07:50:09.0511 1188 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    07:50:09.0511 1188 WfpLwf - ok
    07:50:09.0542 1188 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    07:50:09.0542 1188 WIMMount - ok
    07:50:09.0589 1188 WinDefend - ok
    07:50:09.0636 1188 [ 2A3D8684AA22C94F91D7C6454600C7AA ] Windows Trace Session Manager c:\program files (x86)\microsoft enterprise instrumentation\bin\trace service\tracesessionmanager.exe
    07:50:09.0651 1188 Windows Trace Session Manager - ok
    07:50:09.0651 1188 WinHttpAutoProxySvc - ok
    07:50:09.0838 1188 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    07:50:09.0870 1188 Winmgmt - ok
    07:50:09.0963 1188 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
    07:50:10.0026 1188 WinRM - ok
    07:50:10.0135 1188 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
    07:50:10.0135 1188 WinUsb - ok
    07:50:10.0213 1188 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
    07:50:10.0228 1188 Wlansvc - ok
    07:50:10.0509 1188 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    07:50:10.0603 1188 wlidsvc - ok
    07:50:10.0650 1188 [ 13B0A570E1AE451C92DA550085D72CF3 ] wltrysvc C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
    07:50:10.0650 1188 wltrysvc - ok
    07:50:10.0696 1188 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    07:50:10.0696 1188 WmiAcpi - ok
    07:50:10.0728 1188 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    07:50:10.0728 1188 wmiApSrv - ok
    07:50:10.0759 1188 WMPNetworkSvc - ok
    07:50:10.0790 1188 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
    07:50:10.0790 1188 WPCSvc - ok
    07:50:10.0837 1188 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    07:50:10.0837 1188 WPDBusEnum - ok
    07:50:10.0852 1188 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    07:50:10.0868 1188 ws2ifsl - ok
    07:50:10.0930 1188 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
    07:50:10.0930 1188 wscsvc - ok
    07:50:10.0930 1188 WSearch - ok
    07:50:10.0977 1188 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    07:50:10.0993 1188 WudfPf - ok
    07:50:11.0055 1188 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    07:50:11.0055 1188 WUDFRd - ok
    07:50:11.0102 1188 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    07:50:11.0102 1188 wudfsvc - ok
    07:50:11.0133 1188 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
    07:50:11.0133 1188 WwanSvc - ok
    07:50:11.0211 1188 [ 64F88AF327AA74E03658AE32B48CCB8B ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
    07:50:11.0211 1188 yukonw7 - ok
    07:50:11.0227 1188 ================ Scan global ===============================
    07:50:11.0289 1188 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
    07:50:11.0336 1188 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
    07:50:11.0352 1188 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
    07:50:11.0430 1188 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
    07:50:11.0476 1188 [ 50BEA589F7D7958BDD2528A8F69D05CC ] C:\Windows\system32\services.exe
    07:50:11.0492 1188 Suspicious file (NoAccess): C:\Windows\system32\services.exe. md5: 50BEA589F7D7958BDD2528A8F69D05CC
    07:50:11.0492 1188 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - infected
    07:50:11.0492 1188 C:\Windows\system32\services.exe - detected Virus.Win64.ZAccess.a (0)
    07:50:11.0492 1188 ================ Scan MBR ==================================
    07:50:11.0586 1188 [ CDB4DE4BBD714F152979DA2DCBEF57EB ] \Device\Harddisk0\DR0
    07:50:11.0898 1188 \Device\Harddisk0\DR0 - ok
    07:50:11.0913 1188 [ 65E858A8A0293BE11A920B0BC99D695E ] \Device\Harddisk1\DR1
    07:50:12.0428 1188 \Device\Harddisk1\DR1 - ok
    07:50:12.0428 1188 ================ Scan VBR ==================================
    07:50:12.0428 1188 [ D45D46484E2634DF64699A9705D3B27D ] \Device\Harddisk0\DR0\Partition1
    07:50:12.0428 1188 \Device\Harddisk0\DR0\Partition1 - ok
    07:50:12.0475 1188 [ 88ADAFEB03C90938C6F7F2E8C80E10C5 ] \Device\Harddisk0\DR0\Partition2
    07:50:12.0490 1188 \Device\Harddisk0\DR0\Partition2 - ok
    07:50:12.0490 1188 [ A6AB40E383448973C6ECE2DAF961A704 ] \Device\Harddisk1\DR1\Partition1
    07:50:12.0490 1188 \Device\Harddisk1\DR1\Partition1 - ok
    07:50:12.0490 1188 ============================================================
    07:50:12.0490 1188 Scan finished
    07:50:12.0490 1188 ============================================================
    07:50:12.0506 1416 Detected object count: 2
    07:50:12.0506 1416 Actual detected object count: 2
    07:50:59.0820 1416 sptd ( LockedFile.Multi.Generic ) - skipped by user
    07:50:59.0820 1416 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
    07:50:59.0945 1416 C:\Windows\system32\services.exe - copied to quarantine
    07:51:04.0320 1416 C:\Windows\installer\{d1cda5b9-aedb-b369-805d-808993f06024}\@ - copied to quarantine
    07:51:04.0370 1416 C:\Windows\installer\{d1cda5b9-aedb-b369-805d-808993f06024}\L\00000004.@ - copied to quarantine
    07:51:04.0450 1416 C:\Windows\installer\{d1cda5b9-aedb-b369-805d-808993f06024}\L\201d3dde - copied to quarantine
    07:51:04.0470 1416 C:\Windows\installer\{d1cda5b9-aedb-b369-805d-808993f06024}\U\80000032.@ - copied to quarantine
    07:53:17.0408 1416 Backup copy not found, trying to cure infected file..
    07:53:17.0408 1416 C:\Windows\system32\services.exe - Cure failed (FFFFFFFF)
    07:53:17.0408 1416 C:\Windows\system32\services.exe - processing error
    07:53:17.0408 1416 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - User select action: Cure
    07:55:14.0564 1224 Deinitialize success
  9. Broni

    Broni Malware Annihilator Posts: 46,373   +252

    Good :)

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

    Next...

    Re-run FRST again.
    Type the following in the edit box after "Search:".

    services.exe

    Click Search button and post the log (Search.txt) it makes in your reply.

    I'll expect two logs:
    - FRST.txt
    - Search.txt
  10. vlac112

    vlac112 Newcomer, in training Topic Starter

    Hi Broni,

    FRST.txt

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-10-2012
    Ran by SYSTEM at 14-10-2012 19:46:43
    Running from G:\
    Windows 7 Home Premium (X64) OS Language: 040E
    The current controlset is ControlSet001

    ==================== Registry (Whitelisted) ===================

    HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [305664 2009-01-23] (Alps Electric Co., Ltd.)
    HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [444416 2009-06-29] (IDT, Inc.)
    HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [171520 2009-12-12] (Sun Microsystems, Inc.)
    HKLM\...\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [4968960 2009-07-17] (Dell Inc.)
    HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [3180624 2009-07-02] (Dell Inc.)
    HKLM\...\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
    HKLM\...\Run: [IME JPN 2007 Migration] C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMEJP\IMJPKLMG.EXE /Preload [119664 2011-05-26] (Microsoft Corporation)
    HKLM\...\Run: [Korean IME Migration] C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMEKR\IMKRMIG.EXE [43808 2006-10-26] (Microsoft Corporation)
    HKLM\...\Run: [Microsoft Pinyin IME Migration] C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE /INSTALL [59248 2011-05-26] (Microsoft Corporation)
    HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice [4081008 2012-03-07] (ESET)
    HKLM-x32\...\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2009-06-26] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [140520 2010-01-07] (CyberLink Corp.)
    HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [409744 2009-06-24] (Creative Technology Ltd)
    HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [494064 2009-06-19] ()
    HKLM-x32\...\Run: [IME JPN 2007 Migration] C:\PROGRA~2\COMMON~1\MICROS~1\IME12\IMEJP\IMJPKLMG.EXE /Preload [63856 2011-09-19] (Microsoft Corporation)
    HKLM-x32\...\Run: [Korean IME Migration] C:\PROGRA~2\COMMON~1\MICROS~1\IME12\IMEKR\IMKRMIG.EXE [26400 2006-10-26] (Microsoft Corporation)
    HKLM-x32\...\Run: [Microsoft Pinyin IME Migration] C:\PROGRA~2\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE /INSTALL [32112 2011-05-31] (Microsoft Corporation)
    HKLM-x32\...\Run: [SMSTray] C:\Program Files (x86)\Samsung\Samsung Media Studio 5\SMSTray.exe [126976 2007-02-23] (SAMSUNG ELECTRONICS)
    HKLM-x32\...\Run: [MAAgent] C:\Program Files (x86)\MarkAny\ContentSafer\MAAgent.exe [57344 2007-01-30] ((?)????)
    HKLM-x32\...\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot [202256 2010-04-02] (RealNetworks, Inc.)
    HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-09-08] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421160 2010-09-24] (Apple Inc.)
    HKLM-x32\...\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" [222504 2009-05-19] (CyberLink Corp.)
    HKLM-x32\...\Run: [MDS_Menu] "C:\Program Files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\MediaShow4" UpdateWithCreateOnce "Software\CyberLink\MediaShow\4.1" [218408 2009-02-25] (CyberLink Corp.)
    HKLM-x32\...\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [103720 2009-12-15] (CyberLink)
    HKLM-x32\...\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [222504 2009-05-19] (CyberLink Corp.)
    HKLM-x32\...\Run: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [87336 2009-07-06] (CyberLink Corp.)
    HKLM-x32\...\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2010-05-25] (cyberlink)
    HKLM-x32\...\Run: [UpdatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0" [222504 2009-05-19] (CyberLink Corp.)
    HKLM-x32\...\Run: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\1.0" [218408 2009-02-17] (CyberLink Corp.)
    HKLM-x32\...\Run: [LGODDFU] "C:\Program Files (x86)\lg_fwupdate\lgfw.exe" blrun [27760 2012-07-20] (Bitleader)
    HKLM-x32\...\Run: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" [222504 2010-06-01] (CyberLink Corp.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-03-27] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
    ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\vpngui.exe.lnk
    ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe ()

    ==================== Services (Whitelisted) ===================

    3 Adobe LM Service; "C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe" [72704 2011-05-28] (Adobe Systems)
    2 ekrn; "C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe" [913144 2012-03-07] (ESET)
    2 gupdate1ca9f7d64f5f5ff; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [133104 2010-01-27] (Google Inc.)
    2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-07] (Malwarebytes Corporation)
    2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-07] (Malwarebytes Corporation)
    2 RichVideo; "C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe" [244904 2009-07-02] ()
    2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe [240128 2009-06-29] (IDT, Inc.)
    2 TeamViewer5; "C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe" -service [172328 2010-03-18] (TeamViewer GmbH)
    2 Windows Trace Session Manager; C:\program files (x86)\microsoft enterprise instrumentation\bin\trace service\tracesessionmanager.exe [125616 2003-09-03] (Microsoft Corporation)
    2 WinDefend; C:\Program Files (x86)\Windows Defender\mpsvc.dll [x]

    ==================== Drivers (Whitelisted) =====================

    3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138400 2012-08-26] (SlySoft, Inc.)
    3 AnyDVD; C:\Windows\SysWow64\Drivers\AnyDVD.sys [138400 2012-08-26] (SlySoft, Inc.)
    1 archlp; C:\Windows\System32\Drivers\archlp.sys [142848 2010-01-12] ()
    2 atksgt; C:\Windows\System32\Drivers\atksgt.sys [314016 2012-04-30] ()
    3 CVPNDRVA; C:\Windows\System32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
    1 eamonm; C:\Windows\System32\Drivers\eamonm.sys [209768 2012-03-14] (ESET)
    1 ehdrv; C:\Windows\System32\Drivers\ehdrv.sys [148528 2012-03-14] (ESET)
    3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [40648 2006-12-26] (SlySoft, Inc.)
    3 ElbyCDFL; C:\Windows\SysWow64\Drivers\ElbyCDFL.sys [40648 2006-12-26] (SlySoft, Inc.)
    2 epfw; C:\Windows\System32\Drivers\epfw.sys [187632 2012-03-14] (ESET)
    1 EpfwLWF; C:\Windows\System32\Drivers\EpfwLWF.sys [38288 2012-03-14] (ESET)
    0 epfwwfp; C:\Windows\System32\Drivers\epfwwfp.sys [62496 2012-03-14] (ESET)
    3 INIDVD; C:\Windows\System32\Drivers\INIDVD.sys [18328 2010-04-09] (Initio Corporation)
    2 lirsgt; C:\Windows\System32\Drivers\lirsgt.sys [43680 2012-04-30] ()
    3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [25928 2012-09-07] (Malwarebytes Corporation)
    3 nmwcdcx64; C:\Windows\System32\drivers\ccdcmbox64.sys [23552 2008-05-02] (Nokia)
    3 nmwcdx64; C:\Windows\System32\drivers\ccdcmbx64.sys [18432 2008-05-02] (Nokia)
    0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2011-04-16] (Duplex Secure Ltd.)
    1 StarPortLite; C:\Windows\System32\Drivers\StarPortLite.sys [118888 2009-04-15] (Rocket Division Software)
    3 upperdev; C:\Windows\System32\DRIVERS\usbser_lowerfltx64.sys [8704 2008-05-02] (Windows (R) Codename Longhorn DDK provider)
    3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltx64j.sys [8704 2008-05-02] (Windows (R) Codename Longhorn DDK provider)
    3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()

    ==================== NetSvcs (Whitelisted) ====================


    ==================== One Month Created Files and Folders ========

    2012-10-13 07:46 - 2012-10-13 07:48 - 00000000 ____D C:\Users\Babi\Desktop\Virusirtas
    2012-10-13 06:50 - 2012-10-13 06:50 - 00000000 ____D C:\TDSSKiller_Quarantine
    2012-10-12 23:05 - 2012-10-12 23:05 - 00000000 ____D C:\Users\Babi\AppData\Roaming\Malwarebytes
    2012-10-12 23:05 - 2012-10-12 23:05 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-10-12 23:05 - 2012-10-12 23:05 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-10-12 23:05 - 2012-09-07 16:04 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-10-12 11:06 - 2012-10-12 11:06 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
    2012-10-10 17:43 - 2012-10-10 17:43 - 00000000 ____D C:\Users\Babi\AppData\Roaming\Frogwares
    2012-10-10 15:04 - 2012-08-31 19:19 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
    2012-10-10 15:04 - 2012-08-30 19:03 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-10-10 15:04 - 2012-08-30 18:12 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-10-10 15:04 - 2012-08-30 18:12 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-10-10 15:03 - 2012-09-14 20:19 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
    2012-10-10 15:03 - 2012-09-14 19:28 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2012-10-10 15:03 - 2012-08-24 19:05 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
    2012-10-10 15:03 - 2012-08-24 17:57 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
    2012-10-10 15:03 - 2012-08-20 19:48 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
    2012-10-10 15:03 - 2012-08-20 19:48 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
    2012-10-10 15:03 - 2012-08-20 19:48 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
    2012-10-10 15:03 - 2012-08-20 19:48 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
    2012-10-10 15:03 - 2012-08-20 19:48 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
    2012-10-10 15:03 - 2012-08-20 19:48 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
    2012-10-10 15:03 - 2012-08-20 19:48 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
    2012-10-10 15:03 - 2012-08-20 19:46 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
    2012-10-10 15:03 - 2012-08-20 19:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
    2012-10-10 15:03 - 2012-08-20 19:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
    2012-10-10 15:03 - 2012-08-20 19:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
    2012-10-10 15:03 - 2012-08-20 19:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
    2012-10-10 15:03 - 2012-08-20 19:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-10-10 15:03 - 2012-08-20 19:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
    2012-10-10 15:03 - 2012-08-20 19:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
    2012-10-10 15:03 - 2012-08-20 19:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
    2012-10-10 15:03 - 2012-08-20 19:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-10-10 15:03 - 2012-08-20 19:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-10-10 15:03 - 2012-08-20 19:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-10-10 15:03 - 2012-08-20 19:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
    2012-10-10 15:03 - 2012-08-20 19:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
    2012-10-10 15:03 - 2012-08-20 19:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-10-10 15:03 - 2012-08-20 19:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
    2012-10-10 15:03 - 2012-08-20 19:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
    2012-10-10 15:03 - 2012-08-20 19:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
    2012-10-10 15:03 - 2012-08-20 19:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
    2012-10-10 15:03 - 2012-08-20 19:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
    2012-10-10 15:03 - 2012-08-20 19:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
    2012-10-10 15:03 - 2012-08-20 19:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
    2012-10-10 15:03 - 2012-08-20 19:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
    2012-10-10 15:03 - 2012-08-20 19:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
    2012-10-10 15:03 - 2012-08-20 19:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-10-10 15:03 - 2012-08-20 19:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
    2012-10-10 15:03 - 2012-08-20 19:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
    2012-10-10 15:03 - 2012-08-20 19:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
    2012-10-10 15:03 - 2012-08-20 19:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
    2012-10-10 15:03 - 2012-08-20 18:40 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2012-10-10 15:03 - 2012-08-20 18:38 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2012-10-10 15:03 - 2012-08-20 18:37 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2012-10-10 15:03 - 2012-08-20 18:37 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2012-10-10 15:03 - 2012-08-20 18:37 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2012-10-10 15:03 - 2012-08-20 18:32 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2012-10-10 15:03 - 2012-08-20 18:32 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2012-10-10 15:03 - 2012-08-20 18:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-10-10 15:03 - 2012-08-20 18:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2012-10-10 15:03 - 2012-08-20 18:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2012-10-10 15:03 - 2012-08-20 18:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2012-10-10 15:03 - 2012-08-20 18:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2012-10-10 15:03 - 2012-08-20 18:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-10-10 15:03 - 2012-08-20 18:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-10-10 15:03 - 2012-08-20 18:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2012-10-10 15:03 - 2012-08-20 18:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-10-10 15:03 - 2012-08-20 18:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2012-10-10 15:03 - 2012-08-20 18:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2012-10-10 15:03 - 2012-08-20 18:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2012-10-10 15:03 - 2012-08-20 18:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-10-10 15:03 - 2012-08-20 18:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2012-10-10 15:03 - 2012-08-20 18:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2012-10-10 15:03 - 2012-08-20 18:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2012-10-10 15:03 - 2012-08-20 18:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2012-10-10 15:03 - 2012-08-20 18:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-10-10 15:03 - 2012-08-20 18:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2012-10-10 15:03 - 2012-08-20 18:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2012-10-10 15:03 - 2012-08-20 18:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2012-10-10 15:03 - 2012-08-20 18:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2012-10-10 15:03 - 2012-08-20 16:38 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2012-10-10 15:03 - 2012-08-20 16:38 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2012-10-10 15:03 - 2012-08-20 16:33 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2012-10-10 15:03 - 2012-08-20 16:33 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-10-10 15:03 - 2012-08-20 16:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2012-10-10 15:03 - 2012-08-20 16:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2012-10-10 15:03 - 2012-08-11 01:56 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
    2012-10-10 15:03 - 2012-08-11 00:56 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2012-10-10 15:03 - 2012-06-02 06:41 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-10-10 15:03 - 2012-06-02 06:41 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-10-10 15:03 - 2012-06-02 06:41 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-10-10 15:03 - 2012-06-02 05:36 - 01159680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2012-10-10 15:03 - 2012-06-02 05:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2012-10-10 15:02 - 2012-06-02 05:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2012-10-08 19:25 - 2012-10-08 19:25 - 00001434 ____A C:\Users\Public\Desktop\Play The Testament of Sherlock Holmes.lnk
    2012-10-08 19:25 - 2012-10-08 19:25 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
    2012-10-08 19:06 - 2012-10-08 19:06 - 00000000 ____D C:\Program Files (x86)\Focus
    2012-10-08 09:22 - 2012-10-08 09:22 - 00000000 ____D C:\Users\Babi\Documents\My Cheat Tables
    2012-10-08 09:18 - 2012-10-08 09:18 - 00000000 ____D C:\Users\Babi\Documents\FLiNGTrainer
    2012-10-04 10:18 - 2012-10-04 10:18 - 00000040 ___SH C:\Users\All Users\.zreglib
    2012-09-29 00:37 - 2012-10-14 18:35 - 00000372 ____A C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Babi.job
    2012-09-29 00:37 - 2012-10-14 00:50 - 00000362 ____A C:\Windows\Tasks\ReclaimerUpdateXML_Babi.job
    2012-09-29 00:37 - 2012-10-13 23:50 - 00000366 ____A C:\Windows\Tasks\ReclaimerUpdateFiles_Babi.job
    2012-09-26 13:48 - 2012-08-21 22:01 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
    2012-09-23 11:24 - 1998-01-23 11:22 - 00304128 ____A (InstallShield Software Corporation) C:\Windows\IsUninst.exe
    2012-09-23 10:51 - 2012-09-23 10:51 - 00000000 ____D C:\Users\All Users\Fugazo
    2012-09-23 02:00 - 2012-08-24 12:15 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-09-23 02:00 - 2012-08-24 11:39 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-09-23 02:00 - 2012-08-24 11:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-09-23 02:00 - 2012-08-24 11:22 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-09-23 02:00 - 2012-08-24 11:21 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-09-23 02:00 - 2012-08-24 11:20 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-09-23 02:00 - 2012-08-24 11:18 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-09-23 02:00 - 2012-08-24 11:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-09-23 02:00 - 2012-08-24 11:14 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-09-23 02:00 - 2012-08-24 11:14 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-09-23 02:00 - 2012-08-24 11:13 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2012-09-23 02:00 - 2012-08-24 11:12 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-09-23 02:00 - 2012-08-24 11:11 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2012-09-23 02:00 - 2012-08-24 11:10 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-09-23 02:00 - 2012-08-24 11:09 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-09-23 02:00 - 2012-08-24 11:04 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-09-23 02:00 - 2012-08-24 08:27 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-09-23 02:00 - 2012-08-24 08:03 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-09-23 02:00 - 2012-08-24 07:59 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-09-23 02:00 - 2012-08-24 07:51 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-09-23 02:00 - 2012-08-24 07:51 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-09-23 02:00 - 2012-08-24 07:51 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-09-23 02:00 - 2012-08-24 07:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-09-23 02:00 - 2012-08-24 07:48 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-09-23 02:00 - 2012-08-24 07:47 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-09-23 02:00 - 2012-08-24 07:47 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2012-09-23 02:00 - 2012-08-24 07:47 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-09-23 02:00 - 2012-08-24 07:45 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2012-09-23 02:00 - 2012-08-24 07:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-09-23 02:00 - 2012-08-24 07:44 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-09-23 02:00 - 2012-08-24 07:43 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-09-23 02:00 - 2012-08-24 07:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-09-22 09:10 - 2012-09-22 09:10 - 00051030 ____A C:\Users\Babi\Desktop\My Fair Lady Dvd HunSzink.srt


    ==================== 3 Months Modified Files ==================

    2012-10-14 18:38 - 2009-07-14 05:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-10-14 18:38 - 2009-07-14 05:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-10-14 18:36 - 2010-01-27 19:32 - 00001024 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-10-14 18:35 - 2012-09-29 00:37 - 00000372 ____A C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Babi.job
    2012-10-14 18:35 - 2011-05-19 16:31 - 00000306 __ASH C:\Windows\Tasks\YIKOZADEHA.job
    2012-10-14 18:35 - 2009-07-14 06:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-10-14 18:35 - 2009-07-14 05:51 - 00144008 ____A C:\Windows\setupact.log
    2012-10-14 18:14 - 2009-07-14 13:46 - 00698408 ____A C:\Windows\System32\perfh00E.dat
    2012-10-14 18:14 - 2009-07-14 13:46 - 00179166 ____A C:\Windows\System32\perfc00E.dat
    2012-10-14 18:14 - 2009-07-14 06:13 - 01670922 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-10-14 18:09 - 2009-07-14 06:10 - 01377927 ____A C:\Windows\WindowsUpdate.log
    2012-10-14 00:50 - 2012-09-29 00:37 - 00000362 ____A C:\Windows\Tasks\ReclaimerUpdateXML_Babi.job
    2012-10-14 00:48 - 2012-04-14 07:19 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-10-14 00:06 - 2010-01-27 19:32 - 00001028 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-10-13 23:50 - 2012-09-29 00:37 - 00000366 ____A C:\Windows\Tasks\ReclaimerUpdateFiles_Babi.job
    2012-10-13 07:02 - 2009-12-11 18:30 - 00037908 ____A C:\Windows\PFRO.log
    2012-10-12 22:25 - 2009-07-14 06:08 - 00032594 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-10-10 22:11 - 2010-01-27 22:05 - 65309168 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-10-10 17:48 - 2012-04-14 07:19 - 00696760 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-10-10 17:48 - 2011-05-19 06:48 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-10-08 19:27 - 2010-01-30 12:51 - 00522421 ____A C:\Windows\DirectX.log
    2012-10-08 19:25 - 2012-10-08 19:25 - 00001434 ____A C:\Users\Public\Desktop\Play The Testament of Sherlock Holmes.lnk
    2012-10-04 17:21 - 2010-01-28 08:14 - 2308187136 ____A C:\Users\Babi\Documents\backup.pst
    2012-10-04 10:18 - 2012-10-04 10:18 - 00000040 ___SH C:\Users\All Users\.zreglib
    2012-10-01 06:23 - 2011-07-06 22:50 - 00000118 ____A C:\Windows\StarPort.INI
    2012-09-30 10:24 - 2011-12-15 20:26 - 00000786 ____A C:\Users\Public\Desktop\AnyDVD.lnk
    2012-09-22 09:10 - 2012-09-22 09:10 - 00051030 ____A C:\Users\Babi\Desktop\My Fair Lady Dvd HunSzink.srt
    2012-09-14 20:19 - 2012-10-10 15:03 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
    2012-09-14 19:28 - 2012-10-10 15:03 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2012-09-07 16:04 - 2012-10-12 23:05 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-08-31 19:19 - 2012-10-10 15:04 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
    2012-08-30 19:03 - 2012-10-10 15:04 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-08-30 18:12 - 2012-10-10 15:04 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-08-30 18:12 - 2012-10-10 15:04 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-08-26 13:56 - 2012-08-26 13:56 - 00138400 ____A (SlySoft, Inc.) C:\Windows\SysWOW64\Drivers\AnyDVD.sys
    2012-08-26 13:56 - 2012-08-26 13:56 - 00138400 ____A (SlySoft, Inc.) C:\Windows\System32\Drivers\AnyDVD.sys
    2012-08-24 19:05 - 2012-10-10 15:03 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
    2012-08-24 17:57 - 2012-10-10 15:03 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
    2012-08-24 12:15 - 2012-09-23 02:00 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-08-24 11:39 - 2012-09-23 02:00 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-08-24 11:31 - 2012-09-23 02:00 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-08-24 11:22 - 2012-09-23 02:00 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-08-24 11:21 - 2012-09-23 02:00 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-08-24 11:20 - 2012-09-23 02:00 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-08-24 11:18 - 2012-09-23 02:00 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-08-24 11:17 - 2012-09-23 02:00 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-08-24 11:14 - 2012-09-23 02:00 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-08-24 11:14 - 2012-09-23 02:00 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-08-24 11:13 - 2012-09-23 02:00 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2012-08-24 11:12 - 2012-09-23 02:00 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-08-24 11:11 - 2012-09-23 02:00 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2012-08-24 11:10 - 2012-09-23 02:00 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-08-24 11:09 - 2012-09-23 02:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-08-24 11:04 - 2012-09-23 02:00 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-08-24 08:27 - 2012-09-23 02:00 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-08-24 08:03 - 2012-09-23 02:00 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-08-24 07:59 - 2012-09-23 02:00 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-08-24 07:51 - 2012-09-23 02:00 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-08-24 07:51 - 2012-09-23 02:00 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-08-24 07:51 - 2012-09-23 02:00 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-08-24 07:49 - 2012-09-23 02:00 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-08-24 07:48 - 2012-09-23 02:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-08-24 07:47 - 2012-09-23 02:00 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-08-24 07:47 - 2012-09-23 02:00 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2012-08-24 07:47 - 2012-09-23 02:00 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-08-24 07:45 - 2012-09-23 02:00 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2012-08-24 07:44 - 2012-09-23 02:00 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-08-24 07:44 - 2012-09-23 02:00 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-08-24 07:43 - 2012-09-23 02:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-08-24 07:40 - 2012-09-23 02:00 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-08-22 19:12 - 2012-09-12 19:35 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
    2012-08-22 19:12 - 2012-09-12 19:35 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
    2012-08-22 19:12 - 2012-09-12 19:35 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
    2012-08-22 19:12 - 2012-09-12 19:35 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
    2012-08-21 22:01 - 2012-09-26 13:48 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
    2012-08-20 19:48 - 2012-10-10 15:03 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
    2012-08-20 19:48 - 2012-10-10 15:03 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
    2012-08-20 19:48 - 2012-10-10 15:03 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
    2012-08-20 19:48 - 2012-10-10 15:03 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
    2012-08-20 19:48 - 2012-10-10 15:03 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
    2012-08-20 19:48 - 2012-10-10 15:03 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
    2012-08-20 19:48 - 2012-10-10 15:03 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
    2012-08-20 19:46 - 2012-10-10 15:03 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
    2012-08-20 19:38 - 2012-10-10 15:03 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
    2012-08-20 19:38 - 2012-10-10 15:03 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
    2012-08-20 19:38 - 2012-10-10 15:03 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
    2012-08-20 19:38 - 2012-10-10 15:03 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
    2012-08-20 19:38 - 2012-10-10 15:03 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-08-20 19:38 - 2012-10-10 15:03 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
    2012-08-20 19:38 - 2012-10-10 15:03 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
    2012-08-20 19:38 - 2012-10-10 15:03 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
    2012-08-20 19:38 - 2012-10-10 15:03 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-08-20 19:38 - 2012-10-10 15:03 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-08-20 19:38 - 2012-10-10 15:03 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-08-20 19:38 - 2012-10-10 15:03 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
    2012-08-20 19:38 - 2012-10-10 15:03 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
    2012-08-20 19:38 - 2012-10-10 15:03 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-08-20 19:38 - 2012-10-10 15:03 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
    2012-08-20 19:38 - 2012-10-10 15:03 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
    2012-08-20 19:38 - 2012-10-10 15:03 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
    2012-08-20 19:38 - 2012-10-10 15:03 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
    2012-08-20 19:38 - 2012-10-10 15:03 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
    2012-08-20 19:38 - 2012-10-10 15:03 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
    2012-08-20 19:38 - 2012-10-10 15:03 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
    2012-08-20 19:38 - 2012-10-10 15:03 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
    2012-08-20 19:38 - 2012-10-10 15:03 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
    2012-08-20 19:38 - 2012-10-10 15:03 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-08-20 19:38 - 2012-10-10 15:03 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
    2012-08-20 19:38 - 2012-10-10 15:03 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
    2012-08-20 19:38 - 2012-10-10 15:03 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
    2012-08-20 19:38 - 2012-10-10 15:03 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
    2012-08-20 18:40 - 2012-10-10 15:03 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2012-08-20 18:38 - 2012-10-10 15:03 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2012-08-20 18:37 - 2012-10-10 15:03 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2012-08-20 18:37 - 2012-10-10 15:03 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2012-08-20 18:37 - 2012-10-10 15:03 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2012-08-20 18:32 - 2012-10-10 15:03 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2012-08-20 18:32 - 2012-10-10 15:03 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2012-08-20 18:32 - 2012-10-10 15:03 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-08-20 18:32 - 2012-10-10 15:03 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2012-08-20 18:32 - 2012-10-10 15:03 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2012-08-20 18:32 - 2012-10-10 15:03 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2012-08-20 18:32 - 2012-10-10 15:03 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2012-08-20 18:32 - 2012-10-10 15:03 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-08-20 18:32 - 2012-10-10 15:03 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-08-20 18:32 - 2012-10-10 15:03 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2012-08-20 18:32 - 2012-10-10 15:03 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-08-20 18:32 - 2012-10-10 15:03 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2012-08-20 18:32 - 2012-10-10 15:03 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2012-08-20 18:32 - 2012-10-10 15:03 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2012-08-20 18:32 - 2012-10-10 15:03 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-08-20 18:32 - 2012-10-10 15:03 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2012-08-20 18:32 - 2012-10-10 15:03 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2012-08-20 18:32 - 2012-10-10 15:03 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2012-08-20 18:32 - 2012-10-10 15:03 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2012-08-20 18:32 - 2012-10-10 15:03 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-08-20 18:32 - 2012-10-10 15:03 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2012-08-20 18:32 - 2012-10-10 15:03 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2012-08-20 18:32 - 2012-10-10 15:03 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2012-08-20 18:32 - 2012-10-10 15:03 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2012-08-20 16:38 - 2012-10-10 15:03 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2012-08-20 16:38 - 2012-10-10 15:03 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2012-08-20 16:33 - 2012-10-10 15:03 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2012-08-20 16:33 - 2012-10-10 15:03 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-08-20 16:33 - 2012-10-10 15:03 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2012-08-20 16:33 - 2012-10-10 15:03 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2012-08-19 22:22 - 2009-07-14 05:45 - 02291976 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-08-11 01:56 - 2012-10-10 15:03 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
    2012-08-11 00:56 - 2012-10-10 15:03 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2012-08-02 18:58 - 2012-09-12 19:35 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
    2012-08-02 17:57 - 2012-09-12 19:35 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
    2012-07-20 23:17 - 2011-05-14 08:18 - 00000344 ____A C:\Windows\lgfwup.ini
    2012-07-18 19:15 - 2012-08-19 20:21 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys


    ZeroAccess:
    C:\Windows\Installer\{d1cda5b9-aedb-b369-805d-808993f06024}
    C:\Windows\Installer\{d1cda5b9-aedb-b369-805d-808993f06024}\U

    ==================== Known DLLs (Whitelisted) =================


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points =========================


    ==================== Memory info ===========================

    Percentage of memory in use: 15%
    Total physical RAM: 4092.36 MB
    Available physical RAM: 3454.84 MB
    Total Pagefile: 4090.5 MB
    Available Pagefile: 3459.7 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.88 MB

    ==================== Partitions =============================

    1 Drive c: (OS) (Fixed) (Total:283.4 GB) (Free:3.03 GB) NTFS
    4 Drive g: (KINGSTON) (Removable) (Total:0.96 GB) (Free:0.18 GB) FAT32
    5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    6 Drive y: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:10.98 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    A Lemez ### µllapot M‚ret Szabad Din Gpt
    --------- -------------- -------- --------- --- ---
    Lemez 0 Online 298 GB 0 B
    Lemez 1 šres 0 B 0 B
    Lemez 2 Online 984 MB 0 B

    Kil‚p‚s a DiskPart programb˘l...


    Last Boot: 2012-10-08 07:32

    ==================== End Of Log =============================
  11. vlac112

    vlac112 Newcomer, in training Topic Starter

    Search.txt

    Farbar Recovery Scan Tool (x64) Version: 12-10-2012
    Ran by SYSTEM at 2012-10-14 19:49:39
    Running from G:\

    ================== Search: "services.exe" ===================

    C:\Windows\System32\services.exe
    [2009-07-14 00:19] - [2009-07-14 02:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    ====== End Of Search ======
     
  12. Broni

    Broni Malware Annihilator Posts: 46,373   +252

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Next....

    Restart normally.

    =================================

    Create new restore point before proceeding with the next step....
    How to:
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    =================================

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If restarting doesn't help use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

    Attached Files:

  13. vlac112

    vlac112 Newcomer, in training Topic Starter

    Hi Broni,

    here are the logs:

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-10-2012
    Ran by SYSTEM at 2012-10-14 20:33:43 Run:1
    Running from G:\

    ==============================================

    HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
    C:\Windows\System32\consrv.dll not found.
    C:\Windows\Installer\{d1cda5b9-aedb-b369-805d-808993f06024} moved successfully.

    ==== End of Fixlog ====


    ComboFix 12-10-14.03 - Babi 012.10.14. 20:49:24.1.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1250.36.1038.18.4092.2883 [GMT 2:00]
    Running from: c:\users\Babi\Desktop\ComboFix.exe
    AV: ESET Smart Security 5.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
    FW: ESET Személyi tűzfal *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
    SP: ESET Smart Security 5.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\data.dll
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
    c:\windows\pkunzip.pif
    c:\windows\pkzip.pif
    c:\windows\security\Database\tmp.edb
    c:\windows\SysWow64\muzapp.exe
    c:\windows\SysWow64\URTTemp
    c:\windows\SysWow64\URTTemp\regtlib.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-09-14 to 2012-10-14 )))))))))))))))))))))))))))))))
    .
    .
    2012-10-14 19:00 . 2012-10-14 19:00 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-10-14 18:46 . 2012-10-14 18:46 -------- d-----w- C:\FRST
    2012-10-13 05:50 . 2012-10-13 05:50 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-10-12 22:05 . 2012-10-12 22:05 -------- d-----w- c:\users\Babi\AppData\Roaming\Malwarebytes
    2012-10-12 22:05 . 2012-10-12 22:05 -------- d-----w- c:\programdata\Malwarebytes
    2012-10-12 22:05 . 2012-09-07 15:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-10-12 22:05 . 2012-10-12 22:05 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-10-12 10:06 . 2012-10-12 10:06 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
    2012-10-10 16:43 . 2012-10-10 16:43 -------- d-----w- c:\users\Babi\AppData\Roaming\Frogwares
    2012-10-10 14:04 . 2012-08-31 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
    2012-10-10 14:04 . 2012-08-30 18:03 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-10-10 14:04 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2012-10-10 14:04 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2012-10-10 14:02 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
    2012-10-09 14:46 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A1FF99D6-98C7-4132-8B88-CBCAA651D401}\mpengine.dll
    2012-10-08 18:25 . 2012-10-08 18:25 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
    2012-10-08 18:06 . 2012-10-08 18:06 -------- d-----w- c:\program files (x86)\Focus
    2012-09-26 12:48 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
    2012-09-23 10:24 . 1998-01-23 10:22 304128 ----a-w- c:\windows\IsUninst.exe
    2012-09-23 09:51 . 2012-09-23 09:51 -------- d-----w- c:\programdata\Fugazo
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-10-10 21:11 . 2010-01-27 21:05 65309168 ----a-w- c:\windows\system32\MRT.exe
    2012-10-10 16:48 . 2012-04-14 06:19 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-10-10 16:48 . 2011-05-19 05:48 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-10-09 20:28 . 2010-02-14 20:20 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
    2012-10-09 20:28 . 2010-02-05 18:26 462672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
    2012-09-16 19:15 . 2010-01-27 17:20 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
    2012-09-16 19:14 . 2010-01-27 17:20 462672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2012-08-26 12:56 . 2012-08-26 12:56 138400 ----a-w- c:\windows\SysWow64\drivers\AnyDVD.sys
    2012-08-26 12:56 . 2012-08-26 12:56 138400 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
    2012-08-22 18:12 . 2012-09-12 18:35 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2012-08-22 18:12 . 2012-09-12 18:35 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
    2012-08-22 18:12 . 2012-09-12 18:35 376688 ----a-w- c:\windows\system32\drivers\netio.sys
    2012-08-22 18:12 . 2012-09-12 18:35 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
    2012-08-20 17:38 . 2012-10-10 14:03 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2012-08-02 17:58 . 2012-09-12 18:35 574464 ----a-w- c:\windows\system32\d3d10level9.dll
    2012-08-02 16:57 . 2012-09-12 18:35 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
    2012-07-18 18:15 . 2012-08-19 19:21 3148800 ----a-w- c:\windows\system32\win32k.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-26 98304]
    "PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2010-01-07 140520]
    "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
    "Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-06-19 494064]
    "IME JPN 2007 Migration"="c:\progra~2\COMMON~1\MICROS~1\IME12\IMEJP\IMJPKLMG.EXE" [2011-09-19 63856]
    "Korean IME Migration"="c:\progra~2\COMMON~1\MICROS~1\IME12\IMEKR\IMKRMIG.EXE" [2006-10-26 26400]
    "Microsoft Pinyin IME Migration"="c:\progra~2\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE" [2011-05-31 32112]
    "SMSTray"="c:\program files (x86)\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-02-23 126976]
    "MAAgent"="c:\program files (x86)\MarkAny\ContentSafer\MAAgent.exe" [2007-01-30 57344]
    "TkBellExe"="c:\program files (x86)\Common Files\Real\Update_OB\realsched.exe" [2010-04-02 202256]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-09-08 421888]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-09-24 421160]
    "UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
    "MDS_Menu"="c:\program files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
    "CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-12-15 103720]
    "UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
    "RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
    "BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2010-05-25 75048]
    "UpdatePPShortCut"="c:\program files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
    "UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-17 218408]
    "LGODDFU"="c:\program files (x86)\lg_fwupdate\lgfw.exe" [2012-07-20 27760]
    "UpdatePSTShortCut"="c:\program files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" [2010-06-01 222504]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-2 1079584]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "mixer1"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804]
    IME File REG_SZ IMSC12.IME
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200411]
    Ime File REG_SZ imjp12.ime
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200412]
    Ime File REG_SZ IMKR12.IME
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    R2 CLKMSVC10_9EC60124;CyberLink Product - 2011/05/14 09:15;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-05-25 246256]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate1ca9f7d64f5f5ff;Google frissítési szolgáltatás (gupdate1ca9f7d64f5f5ff);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-27 133104]
    R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-10 250808]
    R3 gupdatem;Google frissítés Szolgáltatás (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-27 133104]
    R3 INIDVD;Initio USB DVD Filter Driver;c:\windows\system32\DRIVERS\inidvd.sys [2010-04-09 18328]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-10 114144]
    R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [2008-05-02 23552]
    R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [2008-05-02 18432]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 WatAdminSvc;Windows aktiválási technológiák szolgáltatás;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-18 1255736]
    S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2012-03-14 62496]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-04-16 834544]
    S1 archlp;archlp;c:\windows\system32\drivers\archlp.sys [2010-01-12 142848]
    S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-03-14 209768]
    S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-03-14 148528]
    S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2012-03-14 38288]
    S1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\DRIVERS\StarPortLite.sys [2009-04-15 118888]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-06-25 203264]
    S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2012-03-07 913144]
    S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]
    S2 TeamViewer5;TeamViewer 5;c:\program files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-03-18 172328]
    S2 Windows Trace Session Manager;Windows Trace Session Manager;c:\program files (x86)\microsoft enterprise instrumentation\bin\trace service\tracesessionmanager.exe [2003-09-03 125616]
    S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-08-05 35104]
    S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-05-08 215552]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - CLKMDRV10_9EC60124
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-10-14 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 16:48]
    .
    2012-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-27 18:20]
    .
    2012-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-27 18:20]
    .
    2012-10-13 c:\windows\Tasks\ReclaimerUpdateFiles_Babi.job
    - c:\users\Babi\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-09-23 20:36]
    .
    2012-10-13 c:\windows\Tasks\ReclaimerUpdateXML_Babi.job
    - c:\users\Babi\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-09-23 20:36]
    .
    2012-10-14 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Babi.job
    - c:\users\Babi\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-09-23 20:36]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-01-23 305664]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-12 171520]
    "Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
    "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
    "IME JPN 2007 Migration"="c:\progra~1\COMMON~1\MICROS~1\IME12\IMEJP\IMJPKLMG.EXE" [2011-05-26 119664]
    "Korean IME Migration"="c:\progra~1\COMMON~1\MICROS~1\IME12\IMEKR\IMKRMIG.EXE" [2006-10-26 43808]
    "Microsoft Pinyin IME Migration"="c:\progra~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE" [2011-05-26 59248]
    "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-03-07 4081008]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www1.euro.dell.com/content/default.aspx?c=hu&l=hu&s=gen
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xportálás a Microsoft Excel programba - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Kép küldése &Bluetooth-eszköznek... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Oldal küldése &Bluetooth-eszköznek... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\Babi\AppData\Roaming\Mozilla\Firefox\Profiles\jwbzp6i6.default\
    FF - prefs.js: browser.startup.homepage - www.google.hu
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Toolbar-Locked - (no file)
    AddRemove-AnyDVD - h:\blu-ray\Blu-Ray editors\AnyDVD\AnyDVD-uninst.exe
    AddRemove-BDDecrypter_is1 - g:\blu-ray\Blu-Ray editors\BDDecrypter\unins000.exe
    AddRemove-C2674998-8A64-440C-810F-576D782404B3_is1 - g:\blu-ray editors\Blu-ray Ripper\unins000.exe
    AddRemove-DVDFab 8 Qt_is1 - g:\blu-ray editors\DVDFab 8 Qt\unins000.exe
    AddRemove-EasyBD Lite_is1 - g:\blu-ray editors\EasyBD Lite 1.0\unins000.exe
    AddRemove-Film Fatale_is1 - h:\egyéb\Film Fatale\unins000.exe
    AddRemove-ImgBurn - g:\egyéb\Blu-Ray editors\ImgBurn\uninstall.exe
    AddRemove-SubtitleWorkshop - g:\blu-ray\Blu-Ray editors\Subtitle Workshop\uninstall.exe
    AddRemove-{C2674998-8A64-440C-810F-576D782404B3}_is1 - h:\blu-ray\Blu-ray Ripper\unins001.exe
    AddRemove-{FB216244-7728-4D97-893F-84B715E0886B}_is1 - g:\blu-ray ripper\unins000.exe
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Event Sinks]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Event Sources: Request]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Event Sources: Software Element]
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-10-14 21:18:14
    ComboFix-quarantined-files.txt 2012-10-14 19:18
    .
    Pre-Run: 2 742 734 848 bájt szabad
    Post-Run: 2 783 973 376 bájt szabad
    .
    - - End Of File - - 9FE83A5406C27A43AC96574519C65F03
  14. Broni

    Broni Malware Annihilator Posts: 46,373   +252

    Looks good :)

    Any current issues?

    ==========================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  15. vlac112

    vlac112 Newcomer, in training Topic Starter

    Good to hear :)

    No, I hav no current issues, I did not have any alert, since I've started.

    The logs:

    OTL logfile created on: 2012.10.14. 22:57:21 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Babi\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 0000040e | Country: Magyarország | Language: HUN | Date Format: yyyy.MM.dd.

    4,00 Gb Total Physical Memory | 2,48 Gb Available Physical Memory | 62,03% Memory free
    7,99 Gb Paging File | 6,25 Gb Available in Paging File | 78,16% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 283,40 Gb Total Space | 2,69 Gb Free Space | 0,95% Space Free | Partition Type: NTFS

    Computer Name: BABI-PC | User Name: Babi | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012.10.14 22:56:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Babi\Desktop\OTL.exe
    PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    PRC - [2012.03.07 15:40:34 | 000,913,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
    PRC - [2010.05.25 03:39:52 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared Files\brs.exe
    PRC - [2010.04.02 07:59:04 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
    PRC - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
    PRC - [2010.03.18 11:26:08 | 000,172,328 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
    PRC - [2010.01.07 17:11:28 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    PRC - [2009.12.15 13:47:00 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
    PRC - [2009.07.06 14:22:04 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
    PRC - [2009.07.02 02:54:04 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
    PRC - [2009.06.25 00:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
    PRC - [2009.06.19 05:46:24 | 000,494,064 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
    PRC - [2009.06.05 03:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    PRC - [2009.06.05 03:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    PRC - [2007.02.23 17:32:56 | 000,126,976 | ---- | M] (SAMSUNG ELECTRONICS) -- C:\Program Files (x86)\Samsung\Samsung Media Studio 5\SMSTray.exe
    PRC - [2007.01.30 21:36:30 | 000,057,344 | ---- | M] ((주)마크애니) -- C:\Program Files (x86)\MarkAny\ContentSafer\MaAgent.exe
    PRC - [2003.09.03 13:57:20 | 000,125,616 | ---- | M] (Microsoft Corporation) -- c:\program files (x86)\microsoft enterprise instrumentation\bin\trace service\tracesessionmanager.exe


    ========== Modules (No Company Name) ==========

    MOD - [2010.04.02 08:00:07 | 000,040,960 | ---- | M] () -- C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
    MOD - [2009.12.15 13:49:20 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
    MOD - [2009.12.15 13:46:38 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
    MOD - [2009.11.03 16:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2009.06.19 05:46:24 | 000,494,064 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe


    ========== Services (SafeList) ==========

    SRV:64bit: - [2012.03.07 15:40:34 | 000,913,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
    SRV:64bit: - [2009.07.17 03:06:22 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
    SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009.07.02 02:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
    SRV:64bit: - [2009.06.29 06:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe -- (STacSV)
    SRV:64bit: - [2009.06.25 12:48:28 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV - [2012.10.10 18:48:30 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012.09.10 18:14:35 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2010.05.25 10:39:52 | 000,246,256 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe -- (CLKMSVC10_9EC60124)
    SRV - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
    SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010.03.18 11:26:08 | 000,172,328 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
    SRV - [2009.06.29 06:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe -- (STacSV)
    SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009.06.05 03:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON)
    SRV - [2003.09.03 13:57:20 | 000,125,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\program files (x86)\microsoft enterprise instrumentation\bin\trace service\tracesessionmanager.exe -- (Windows Trace Session Manager)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2012.08.26 14:56:21 | 000,138,400 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD)
    DRV:64bit: - [2012.04.30 18:25:10 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
    DRV:64bit: - [2012.04.30 18:25:10 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
    DRV:64bit: - [2012.03.14 08:40:04 | 000,187,632 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
    DRV:64bit: - [2012.03.14 08:40:04 | 000,062,496 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
    DRV:64bit: - [2012.03.14 08:40:04 | 000,038,288 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EpfwLWF.sys -- (EpfwLWF)
    DRV:64bit: - [2012.03.14 08:40:02 | 000,209,768 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
    DRV:64bit: - [2012.03.14 08:40:02 | 000,148,528 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
    DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011.06.15 10:10:14 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2011.04.16 15:57:02 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
    DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010.12.17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
    DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010.11.20 12:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
    DRV:64bit: - [2010.04.09 15:23:28 | 000,018,328 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\inidvd.sys -- (INIDVD)
    DRV:64bit: - [2010.03.23 13:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
    DRV:64bit: - [2010.02.08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
    DRV:64bit: - [2010.01.12 16:19:10 | 000,142,848 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ArcHlp.sys -- (archlp)
    DRV:64bit: - [2009.09.28 10:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
    DRV:64bit: - [2009.08.05 02:28:36 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
    DRV:64bit: - [2009.08.05 02:28:32 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
    DRV:64bit: - [2009.08.05 02:28:32 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
    DRV:64bit: - [2009.08.05 02:28:32 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
    DRV:64bit: - [2009.07.17 03:06:20 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
    DRV:64bit: - [2009.07.17 03:06:16 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
    DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009.07.09 12:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2009.06.29 06:44:38 | 000,487,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
    DRV:64bit: - [2009.06.25 13:24:30 | 006,036,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
    DRV:64bit: - [2009.06.15 21:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
    DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2009.05.08 10:15:18 | 000,215,552 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
    DRV:64bit: - [2009.04.15 10:03:40 | 000,118,888 | ---- | M] (Rocket Division Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\StarPortLite.sys -- (StarPortLite)
    DRV:64bit: - [2009.02.05 13:54:10 | 000,225,328 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
    DRV:64bit: - [2008.11.16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
    DRV:64bit: - [2008.05.02 11:59:08 | 000,008,704 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64j.sys -- (UsbserFilt)
    DRV:64bit: - [2008.05.02 11:58:50 | 000,008,704 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
    DRV:64bit: - [2008.05.02 11:58:48 | 000,023,552 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdcx64)
    DRV:64bit: - [2008.05.02 11:58:48 | 000,018,432 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcdx64)
    DRV:64bit: - [2006.12.26 14:54:37 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ElbyCDFL.sys -- (ElbyCDFL)
    DRV - [2012.08.26 14:56:21 | 000,138,400 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)
    DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    DRV - [2006.12.26 14:54:37 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys -- (ElbyCDFL)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-2094679090-2261037132-3170482699-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default.aspx?c=hu&l=hu&s=gen
    IE - HKU\S-1-5-21-2094679090-2261037132-3170482699-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-2094679090-2261037132-3170482699-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-2094679090-2261037132-3170482699-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-2094679090-2261037132-3170482699-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "www.google.hu"
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..network.proxy.no_proxies_on: "*.local"
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.732: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.04.02 08:00:07 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.10 18:14:37 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.08 07:51:22 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012.07.07 16:45:36 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.10 18:14:37 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.08 07:51:22 | 000,000,000 | ---D | M]

    [2010.05.22 19:06:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Babi\AppData\Roaming\mozilla\Extensions
    [2012.05.02 21:07:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Babi\AppData\Roaming\mozilla\Firefox\Profiles\jwbzp6i6.default\extensions
    [2012.04.26 17:14:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
    [2012.09.10 18:14:37 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012.04.21 09:53:08 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
    [2011.03.10 18:27:50 | 000,000,760 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
    [2012.06.23 08:13:59 | 000,000,980 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-hu.xml
    [2011.03.10 18:27:50 | 000,001,426 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\polymeta.xml
    [2012.06.23 08:13:59 | 000,001,628 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\sztaki-en-hu.xml
    [2012.06.23 08:13:59 | 000,000,974 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\vatera.xml
    [2012.06.23 08:13:59 | 000,001,189 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-hu.xml

    ========== Chrome ==========

    CHR - homepage: http://www.google.com

    O1 HOSTS File: ([2012.10.14 21:00:50 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
    O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
    O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
    O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
    O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink)
    O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
    O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
    O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
    O4 - HKLM..\Run: [IME JPN 2007 Migration] C:\PROGRA~2\COMMON~1\MICROS~1\IME12\IMEJP\IMJPKLMG.EXE /Preload File not found
    O4 - HKLM..\Run: [Korean IME Migration] C:\PROGRA~2\COMMON~1\MICROS~1\IME12\IMEKR\IMKRMIG.EXE (Microsoft Corporation)
    O4 - HKLM..\Run: [LGODDFU] C:\Program Files (x86)\lg_fwupdate\lgfw.exe (Bitleader)
    O4 - HKLM..\Run: [MAAgent] C:\Program Files (x86)\MarkAny\ContentSafer\MAAgent.exe ((주)마크애니)
    O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [Microsoft Pinyin IME Migration] C:\PROGRA~2\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE /INSTALL File not found
    O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [SMSTray] C:\Program Files (x86)\Samsung\Samsung Media Studio 5\SMSTray.exe (SAMSUNG ELECTRONICS)
    O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2094679090-2261037132-3170482699-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2094679090-2261037132-3170482699-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: E&xportálás a Microsoft Excel programba - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
    O8:64bit: - Extra context menu item: Kép küldése &Bluetooth-eszköznek... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8:64bit: - Extra context menu item: Oldal küldése &Bluetooth-eszköznek... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O8 - Extra context menu item: E&xportálás a Microsoft Excel programba - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
    O8 - Extra context menu item: Kép küldése &Bluetooth-eszköznek... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8 - Extra context menu item: Oldal küldése &Bluetooth-eszköznek... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
    O9 - Extra Button: Küldés Bluetoothra - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : Küldés &Bluetooth eszköznek... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
    O16:64bit: - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab (Java Plug-in 1.5.0_07)
    O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9EF5042B-67E3-4C53-976C-1CA00D73D06E}: DhcpNameServer = 192.168.1.1
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O28 - HKLM ShellExecuteHooks: {88485281-8b4b-4f8d-9ede-82e29a064277} - C:\PROGRA~2\MarkAny\CONTEN~1\MACSMA~1.DLL (MarkAny Cooperation.)
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012.10.14 22:56:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Babi\Desktop\OTL.exe
    [2012.10.14 21:20:39 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012.10.14 21:18:34 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012.10.14 20:47:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012.10.14 20:47:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012.10.14 20:47:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012.10.14 20:46:51 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012.10.14 20:46:30 | 000,000,000 | ---D | C] -- C:\FRST
    [2012.10.14 20:46:28 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012.10.13 08:46:28 | 000,000,000 | ---D | C] -- C:\Users\Babi\Desktop\Virusirtas
    [2012.10.13 07:50:59 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012.10.13 00:05:34 | 000,000,000 | ---D | C] -- C:\Users\Babi\AppData\Roaming\Malwarebytes
    [2012.10.13 00:05:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012.10.13 00:05:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012.10.13 00:05:25 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012.10.13 00:05:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012.10.12 12:06:51 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
    [2012.10.10 18:43:33 | 000,000,000 | ---D | C] -- C:\Users\Babi\AppData\Roaming\Frogwares
    [2012.10.08 20:25:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
    [2012.10.08 20:25:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Focus Home Interactive
    [2012.10.08 20:06:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Focus
    [2012.10.08 10:22:27 | 000,000,000 | ---D | C] -- C:\Users\Babi\Documents\My Cheat Tables
    [2012.10.08 10:18:45 | 000,000,000 | ---D | C] -- C:\Users\Babi\Documents\FLiNGTrainer
    [2012.09.23 11:51:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Fugazo
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012.10.14 23:01:09 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012.10.14 23:01:09 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012.10.14 23:00:19 | 001,670,922 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012.10.14 23:00:19 | 000,698,408 | ---- | M] () -- C:\Windows\SysNative\perfh00E.dat
    [2012.10.14 23:00:19 | 000,667,474 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012.10.14 23:00:19 | 000,179,166 | ---- | M] () -- C:\Windows\SysNative\perfc00E.dat
    [2012.10.14 23:00:19 | 000,127,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012.10.14 22:56:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Babi\Desktop\OTL.exe
    [2012.10.14 22:53:31 | 000,001,024 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012.10.14 22:53:28 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Babi.job
    [2012.10.14 22:53:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012.10.14 22:53:04 | 3218,358,272 | -HS- | M] () -- C:\hiberfil.sys
    [2012.10.14 21:06:00 | 000,001,028 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012.10.14 21:00:50 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012.10.14 20:48:08 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012.10.14 01:50:42 | 000,000,362 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateXML_Babi.job
    [2012.10.14 00:50:00 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateFiles_Babi.job
    [2012.10.08 20:25:14 | 000,001,434 | ---- | M] () -- C:\Users\Public\Desktop\Play The Testament of Sherlock Holmes.lnk
    [2012.10.04 18:21:38 | 2308,187,136 | ---- | M] () -- C:\Users\Babi\Documents\backup.pst
    [2012.10.04 11:18:58 | 000,000,040 | -HS- | M] () -- C:\ProgramData\.zreglib
    [2012.10.01 07:23:33 | 000,000,118 | ---- | M] () -- C:\Windows\StarPort.INI
    [2012.09.30 11:24:20 | 000,000,786 | ---- | M] () -- C:\Users\Public\Desktop\AnyDVD.lnk
    [2012.09.22 10:10:30 | 000,051,030 | ---- | M] () -- C:\Users\Babi\Desktop\My Fair Lady Dvd HunSzink.srt
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012.10.14 20:47:02 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012.10.14 20:47:02 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012.10.14 20:47:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012.10.14 20:47:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012.10.14 20:47:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012.10.08 20:25:14 | 000,001,434 | ---- | C] () -- C:\Users\Public\Desktop\Play The Testament of Sherlock Holmes.lnk
    [2012.10.04 11:18:58 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
    [2012.09.29 01:37:01 | 000,000,372 | ---- | C] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Babi.job
    [2012.09.29 01:37:00 | 000,000,366 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateFiles_Babi.job
    [2012.09.29 01:37:00 | 000,000,362 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateXML_Babi.job
    [2012.09.22 10:10:27 | 000,051,030 | ---- | C] () -- C:\Users\Babi\Desktop\My Fair Lady Dvd HunSzink.srt
    [2012.04.26 22:14:14 | 000,007,605 | ---- | C] () -- C:\Users\Babi\AppData\Local\Resmon.ResmonCfg
    [2011.07.30 17:54:57 | 000,917,504 | ---- | C] () -- C:\Windows\SysWow64\dtsdecoderdll.dll
    [2011.07.30 17:54:56 | 000,258,048 | ---- | C] () -- C:\Windows\SysWow64\libFLAC.dll
    [2011.07.30 17:48:55 | 000,000,147 | ---- | C] () -- C:\Windows\WININIT.INI
    [2011.07.06 23:50:53 | 000,000,118 | ---- | C] () -- C:\Windows\StarPort.INI
    [2011.06.19 20:13:57 | 000,007,892 | ---- | C] () -- C:\Users\Babi\.recently-used.xbel
    [2011.06.11 21:32:20 | 000,000,000 | ---- | C] () -- C:\Users\Babi\AppData\Local\{6D337313-DD5B-4A1A-81A7-EACAF300A956}
    [2011.06.11 20:12:41 | 000,000,092 | ---- | C] () -- C:\Users\Babi\AppData\Local\fusioncache.dat
    [2011.06.11 19:59:46 | 001,646,132 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011.05.22 22:51:41 | 000,004,608 | ---- | C] () -- C:\Users\Babi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011.05.15 15:01:36 | 000,073,216 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
    [2011.05.14 09:18:34 | 000,000,344 | ---- | C] () -- C:\Windows\lgfwup.ini
    [2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
    [2011.01.17 00:04:43 | 000,000,116 | ---- | C] () -- C:\Windows\NeroDigital.ini

    ========== ZeroAccess Check ==========

    [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2011.08.15 17:58:33 | 000,000,000 | ---D | M] -- C:\Users\Babi\AppData\Roaming\.dvdcss
    [2012.10.08 01:10:35 | 000,000,000 | ---D | M] -- C:\Users\Babi\AppData\Roaming\Audacity
    [2011.07.30 16:58:19 | 000,000,000 | ---D | M] -- C:\Users\Babi\AppData\Roaming\Avid
    [2010.04.24 10:37:45 | 000,000,000 | ---D | M] -- C:\Users\Babi\AppData\Roaming\avidemux
    [2011.05.19 20:49:03 | 000,000,000 | ---D | M] -- C:\Users\Babi\AppData\Roaming\BDREBUILDER
    [2012.10.12 01:06:24 | 000,000,000 | ---D | M] -- C:\Users\Babi\AppData\Roaming\BitTorrent
    [2011.04.16 16:04:23 | 000,000,000 | ---D | M] -- C:\Users\Babi\AppData\Roaming\DAEMON Tools Lite
    [2010.01.27 19:49:42 | 000,000,000 | ---D | M] -- C:\Users\Babi\AppData\Roaming\DataCast
    [2011.05.22 08:58:28 | 000,000,000 | ---D | M] -- C:\Users\Babi\AppData\Roaming\DVDLogic
    [2012.07.07 16:47:09 | 000,000,000 | ---D | M] -- C:\Users\Babi\AppData\Roaming\ESET
    [2012.10.10 18:43:33 | 000,000,000 | ---D | M] -- C:\Users\Babi\AppData\Roaming\Frogwares
    [2012.04.30 18:26:57 | 000,000,000 | ---D | M] -- C:\Users\Babi\AppData\Roaming\Games
    [2012.08.25 23:04:24 | 000,000,000 | ---D | M] -- C:\Users\Babi\AppData\Roaming\GetRight
    [2011.02.03 14:11:14 | 000,000,000 | ---D | M] -- C:\Users\Babi\AppData\Roaming\GHISLER
    [2011.05.21 12:27:57 | 000,000,000 | ---D | M] -- C:\Users\Babi\AppData\Roaming\gtk-2.0
    [2011.05.15 10:47:03 | 000,000,000 | ---D | M] -- C:\Users\Babi\AppData\Roaming\ImgBurn
    [2011.10.01 11:43:03 | 000,000,000 | ---D | M] -- C:\Users\Babi\AppData\Roaming\LucasArts
    [2010.08.31 20:05:59 | 000,000,000 | ---D | M] -- C:\Users\Babi\AppData\Roaming\MindMapper 2008
    [2010.01.27 18:19:53 | 000,000,000 | ---D | M] -- C:\Users\Babi\AppData\Roaming\NCH Swift Sound
    [2012.06.13 22:13:36 | 000,000,000 | ---D | M] -- C:\Users\Babi\AppData\Roaming\Pavtube
    [2010.12.24 23:11:59 | 000,000,000 | ---D | M] -- C:\Users\Babi\AppData\Roaming\PgcEdit
    [2012.09.02 16:47:02 | 000,000,000 | ---D | M] -- C:\Users\Babi\AppData\Roaming\ShinyTales
    [2010.09.18 18:31:34 | 000,000,000 | ---D | M] -- C:\Users\Babi\AppData\Roaming\SupRip
    [2010.03.23 19:55:05 | 000,000,000 | ---D | M] -- C:\Users\Babi\AppData\Roaming\TeamViewer
    [2012.07.07 18:15:19 | 000,000,000 | ---D | M] -- C:\Users\Babi\AppData\Roaming\Tropico 3

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:DBC416F8

    < End of report >
  16. vlac112

    vlac112 Newcomer, in training Topic Starter

    OTL Extras logfile created on: 2012.10.14. 22:57:21 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Babi\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 0000040e | Country: Magyarország | Language: HUN | Date Format: yyyy.MM.dd.

    4,00 Gb Total Physical Memory | 2,48 Gb Available Physical Memory | 62,03% Memory free
    7,99 Gb Paging File | 6,25 Gb Available in Paging File | 78,16% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 283,40 Gb Total Space | 2,69 Gb Free Space | 0,95% Space Free | Partition Type: NTFS

    Computer Name: BABI-PC | User Name: Babi | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-2094679090-2261037132-3170482699-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{104FB32A-7CE3-4C4B-B2AA-70C613FF9DFA}" = iTunes
    "{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java(TM) 6 Update 14 (64-bit)
    "{3156336D-8E44-3671-A6FE-AE51D3D6564E}" = Microsoft Windows SDK for Windows 7 (7.1)
    "{33EB1061-ABF1-4470-A540-32E97A610536}" = Apple Mobile Device Support
    "{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
    "{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{63140E2E-FC1B-3F88-8A7C-AC04DB549823}" = Microsoft .NET Framework 4 Client Profile HUN Language Pack
    "{6C8D7973-31F9-32E1-A820-8DD857910323}" = Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (30514)
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    "{84452C2C-BDCC-36F3-A189-CE15F02A47FB}" = Microsoft Windows SDK for Windows 7 Headers and Libraries (30514)
    "{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
    "{89026002-A893-42D9-9E20-6829B844735E}" = Application Verifier (x64)
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
    "{90120000-0028-0404-1000-0000000FF1CE}" = Microsoft Office IME (Chinese (Traditional)) 2007
    "{90120000-0028-0411-1000-0000000FF1CE}" = Microsoft Office IME (Japanese) 2007
    "{90120000-0028-0412-1000-0000000FF1CE}" = Microsoft Office IME (Korean) 2007
    "{90120000-0028-0804-1000-0000000FF1CE}" = Microsoft Office IME (Chinese (Simplified)) 2007
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-040E-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Hungarian) 2007
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
    "{951E6223-AC28-345E-BCF4-B55C1267E321}" = Microsoft Windows SDK for Windows 7 Samples (30514)
    "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
    "{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth szoftver
    "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
    "{A0B0F02C-410B-3DE3-9740-EC4C3D902532}" = Microsoft Windows SDK for Windows 7 Common Utilities (30514)
    "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
    "{C2797F7C-7E62-4421-8889-15C9BCAB9E4E}" = ESET Smart Security
    "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    "{DBFC6AAE-DCCB-4C23-B01C-3EDDDC03298B}" = Debugging Tools for Windows (x64)
    "{E461C0B2-523B-2940-C5DF-D174284CE609}" = ccc-utility64
    "{E7F9E526-2324-437B-A609-E8C5309465CB}" = Microsoft Windows Performance Toolkit
    "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{FBADEF1E-AFE3-309D-9B42-C030684502C7}" = Microsoft .NET Framework 4 Extended HUN Language Pack
    "Dell Wireless WLAN Card Utility" = Dell Wireless WLAN Card Utility
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Client Profile HUN Language Pack" = A Microsoft .NET-keretrendszer 4-es verziójához tartozó ügyfélprofil HUN nyelvi csomagja
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft .NET Framework 4 Extended HUN Language Pack" = A kiterjesztett Microsoft .NET-keretrendszer 4 HUN nyelvi csomagja
    "SDKSetup_7.1.7600.0.30514" = Microsoft Windows SDK for Windows 7 (7.1)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "{03CFDC67-5B03-EE5C-4176-F545B0D2F485}" = CCC Help Korean
    "{04F3038E-4120-44CC-B330-E05F737246A5}" = Roxio Update Manager
    "{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
    "{0A2AC888-61DC-CD55-5969-8602A7E9716D}" = CCC Help Italian
    "{0CF884B6-C6D8-EB7B-D2BF-2877C6F49EBC}" = CCC Help Swedish
    "{185CC275-907C-0D83-B0C2-7B065C5108D8}" = CCC Help Chinese Traditional
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
    "{232E984E-F02D-4DAE-80F4-97884EC52F16}" = MindMapper 2008
    "{26A24AE4-039D-4CA4-87B4-2F83216017F0}" = Java(TM) 6 Update 17
    "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
    "{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}" = CyberLink BD Advisor 2.0
    "{2ED967AD-FBB0-5355-F5F2-E7A03AAD4F71}" = Catalyst Control Center Localization All
    "{30FA0F5C-B1A9-39EB-8148-3D574C0C8332}" = Catalyst Control Center Graphics Previews Common
    "{3248F0A8-6813-11D6-A77B-00B0D0150070}" = J2SE Runtime Environment 5.0 Update 7
    "{35852FDE-7263-23EA-435F-44E4B61996D0}" = CCC Help Japanese
    "{38A96559-FF39-4089-A609-BFD76C4A6C07}_is1" = The Testament of Sherlock Holmes
    "{3A07247E-0645-8BCF-8419-FD857790108D}" = Skins
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink LG Burning Tool
    "{445F6C1F-C48F-0CC9-A030-040D3EA42C93}" = Catalyst Control Center Graphics Full New
    "{46E08E5F-02B4-E854-CD4F-ED3E4FEBE122}" = CCC Help French
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4C1A1D19-9293-499F-A58A-79478BA66A2A}_is1" = Aqualux Deluxe 1.2.0.0
    "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
    "{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}" = Batman: Arkham Asylum
    "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
    "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Föld
    "{5A841BCF-1C5B-E3DA-9475-892CA6576425}" = CCC Help Finnish
    "{5B8741B6-4BEA-47D3-DB77-959C7FF35B39}" = Catalyst Control Center Graphics Full Existing
    "{5FA16D15-FA5B-7F0F-7CBB-369E1E2937C9}" = CCC Help Spanish
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG Tool Kit
    "{61F27C5E-5274-0DB8-67CC-5253C6CF2B93}" = CCC Help Dutch
    "{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}" = NVIDIA PhysX
    "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
    "{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
    "{6625CE8F-6E89-561F-D828-1B8535DEEBB6}" = Catalyst Control Center Core Implementation
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
    "{69533745-1E2D-4C98-8B4A-B7643EF9E1A2}" = Catalyst Control Center - Branding
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6D2CCC4B-007D-EEE7-3E69-578B178A7B91}" = Catalyst Control Center Graphics Previews Vista
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{71E3D92F-2C51-B4E9-F2B6-EAF89C33E580}" = CCC Help Portuguese
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{75448837-6222-434C-9204-4D548095232F}_is1" = Restaurant Empire II
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{77F218D6-EAF4-402C-36B1-C3F0EC62598D}" = ccc-core-static
    "{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
    "{86C527CC-4AF2-903C-7BFF-5975272CC645}" = Catalyst Control Center InstallProxy
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{8DDFDDE9-C206-F32E-66AD-D17558D7677E}" = CCC Help German
    "{90120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
    "{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-040E-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Hungarian) 2007
    "{90120000-0016-040E-0000-0000000FF1CE}_STANDARD_{D6F600AB-D132-40CA-B78A-20BE2C83395E}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-040E-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Hungarian) 2007
    "{90120000-0018-040E-0000-0000000FF1CE}_STANDARD_{D6F600AB-D132-40CA-B78A-20BE2C83395E}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-040E-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Hungarian) 2007
    "{90120000-001A-040E-0000-0000000FF1CE}_STANDARD_{D6F600AB-D132-40CA-B78A-20BE2C83395E}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-040E-0000-0000000FF1CE}" = Microsoft Office Word MUI (Hungarian) 2007
    "{90120000-001B-040E-0000-0000000FF1CE}_STANDARD_{D6F600AB-D132-40CA-B78A-20BE2C83395E}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
    "{90120000-001F-0401-0000-0000000FF1CE}_PROOFKIT_{3E8EA473-ECCE-405F-A9CA-59446AEADD3A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0402-0000-0000000FF1CE}" = Microsoft Office Proof (Bulgarian) 2007
    "{90120000-001F-0402-0000-0000000FF1CE}_PROOFKIT_{CB0A77FC-E59E-4418-9C1E-82E486C90EA5}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2007
    "{90120000-001F-0403-0000-0000000FF1CE}_PROOFKIT_{BEADB115-DB47-4BD0-A9EC-AE585AFAB2D8}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0404-0000-0000000FF1CE}" = Microsoft Office Proof (Chinese (Traditional)) 2007
    "{90120000-001F-0404-0000-0000000FF1CE}_PROOFKIT_{E4E8AF9E-0F8C-40E8-950A-CA40B7138049}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
    "{90120000-001F-0405-0000-0000000FF1CE}_PROOFKIT_{0B7A4B67-2A38-42B1-9857-662FAB361E08}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0406-0000-0000000FF1CE}" = Microsoft Office Proof (Danish) 2007
    "{90120000-001F-0406-0000-0000000FF1CE}_PROOFKIT_{8F771259-9037-4097-AA88-8613F3BE5627}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
    "{90120000-001F-0407-0000-0000000FF1CE}_PROOFKIT_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0407-0000-0000000FF1CE}_STANDARD_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0408-0000-0000000FF1CE}" = Microsoft Office Proof (Greek) 2007
    "{90120000-001F-0408-0000-0000000FF1CE}_PROOFKIT_{DB0C1C5A-7998-4B95-8BD5-ACACD18B0B53}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_PROOFKIT_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}_STANDARD_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040B-0000-0000000FF1CE}" = Microsoft Office Proof (Finnish) 2007
    "{90120000-001F-040B-0000-0000000FF1CE}_PROOFKIT_{C3B4672B-3FE7-4D6F-AFF3-80D290C1131E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_PROOFKIT_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040D-0000-0000000FF1CE}" = Microsoft Office Proof (Hebrew) 2007
    "{90120000-001F-040D-0000-0000000FF1CE}_PROOFKIT_{51590837-F141-43A8-B0EC-AEF16F1CBE78}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040E-0000-0000000FF1CE}" = Microsoft Office Proof (Hungarian) 2007
    "{90120000-001F-040E-0000-0000000FF1CE}_PROOFKIT_{0AD4BB83-13B4-4C9D-9BAC-7F64E0B2D5D7}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040E-0000-0000000FF1CE}_STANDARD_{0AD4BB83-13B4-4C9D-9BAC-7F64E0B2D5D7}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
    "{90120000-001F-0410-0000-0000000FF1CE}_PROOFKIT_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0411-0000-0000000FF1CE}" = Microsoft Office Proof (Japanese) 2007
    "{90120000-001F-0411-0000-0000000FF1CE}_PROOFKIT_{8B0BBAAA-BB10-41E1-B27E-24CF08CBB253}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0412-0000-0000000FF1CE}" = Microsoft Office Proof (Korean) 2007
    "{90120000-001F-0412-0000-0000000FF1CE}_PROOFKIT_{2E46C2DF-47D7-4737-BA5C-8746DE103FFC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
    "{90120000-001F-0413-0000-0000000FF1CE}_PROOFKIT_{2C95E7EE-FEA7-4B3A-A6E5-DF90A88B816A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0414-0000-0000000FF1CE}" = Microsoft Office Proof (Norwegian (Bokmål)) 2007
    "{90120000-001F-0414-0000-0000000FF1CE}_PROOFKIT_{F47DC432-9E71-4DC4-A488-9842D767DDDB}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007
    "{90120000-001F-0415-0000-0000000FF1CE}_PROOFKIT_{9CC96D78-9E1D-46E0-AF4D-3EB440CD4619}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
    "{90120000-001F-0416-0000-0000000FF1CE}_PROOFKIT_{8A524694-0CA4-476A-9301-B1E9D70FC952}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0418-0000-0000000FF1CE}" = Microsoft Office Proof (Romanian) 2007
    "{90120000-001F-0418-0000-0000000FF1CE}_PROOFKIT_{0E2DB3D7-94EA-4B12-A9C1-D3C52BDE07D8}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0419-0000-0000000FF1CE}" = Microsoft Office Proof (Russian) 2007
    "{90120000-001F-0419-0000-0000000FF1CE}_PROOFKIT_{EFE123B8-9F0A-4C50-A67B-0BADF3CB00DC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-041A-0000-0000000FF1CE}" = Microsoft Office Proof (Croatian) 2007
    "{90120000-001F-041A-0000-0000000FF1CE}_PROOFKIT_{9DECF714-4963-48E2-924A-B9075485AF6B}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
    "{90120000-001F-041B-0000-0000000FF1CE}_PROOFKIT_{FDF9A959-241A-4662-A8DE-7DED9C22D160}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-041D-0000-0000000FF1CE}" = Microsoft Office Proof (Swedish) 2007
    "{90120000-001F-041D-0000-0000000FF1CE}_PROOFKIT_{4A960AFC-E28F-4233-953F-1903BE859B79}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-041E-0000-0000000FF1CE}" = Microsoft Office Proof (Thai) 2007
    "{90120000-001F-041E-0000-0000000FF1CE}_PROOFKIT_{E9E01036-7842-437F-B99E-984D738A81DA}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-041F-0000-0000000FF1CE}" = Microsoft Office Proof (Turkish) 2007
    "{90120000-001F-041F-0000-0000000FF1CE}_PROOFKIT_{6A61C934-56F9-4AC6-A43B-30E3F9D886F5}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0420-0000-0000000FF1CE}" = Microsoft Office Proof (Urdu) 2007
    "{90120000-001F-0420-0000-0000000FF1CE}_PROOFKIT_{993FF26C-43DC-467C-9ABF-AE9E9829EA20}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0422-0000-0000000FF1CE}" = Microsoft Office Proof (Ukrainian) 2007
    "{90120000-001F-0422-0000-0000000FF1CE}_PROOFKIT_{E23630A0-8B0D-4145-9CEA-9B4967CDDC0E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0424-0000-0000000FF1CE}" = Microsoft Office Proof (Slovenian) 2007
    "{90120000-001F-0424-0000-0000000FF1CE}_PROOFKIT_{8FF4ED5D-9EA1-4EC5-8F10-767E1705310C}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0425-0000-0000000FF1CE}" = Microsoft Office Proof (Estonian) 2007
    "{90120000-001F-0425-0000-0000000FF1CE}_PROOFKIT_{4D7B3A39-E637-4B9C-970D-C06AB960EB90}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0426-0000-0000000FF1CE}" = Microsoft Office Proof (Latvian) 2007
    "{90120000-001F-0426-0000-0000000FF1CE}_PROOFKIT_{FD888746-EF69-4D85-9E6B-5BDDB45A9E37}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0427-0000-0000000FF1CE}" = Microsoft Office Proof (Lithuanian) 2007
    "{90120000-001F-0427-0000-0000000FF1CE}_PROOFKIT_{C1CD6235-85A4-48EA-9B51-093ADB86C2D2}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2007
    "{90120000-001F-042D-0000-0000000FF1CE}_PROOFKIT_{017A6981-5E03-4A97-830A-35FE0927BB7F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0439-0000-0000000FF1CE}" = Microsoft Office Proof (Hindi) 2007
    "{90120000-001F-0439-0000-0000000FF1CE}_PROOFKIT_{4EF953D3-7040-4A7E-B0B3-A33860DE65E5}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0446-0000-0000000FF1CE}" = Microsoft Office Proof (Punjabi) 2007
    "{90120000-001F-0446-0000-0000000FF1CE}_PROOFKIT_{9C98BA5F-7C34-4687-8A26-F233D7E563AD}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0447-0000-0000000FF1CE}" = Microsoft Office Proof (Gujarati) 2007
    "{90120000-001F-0447-0000-0000000FF1CE}_PROOFKIT_{01C5E251-73B2-4DE0-8C48-78A272DDB6E1}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0449-0000-0000000FF1CE}" = Microsoft Office Proof (Tamil) 2007
    "{90120000-001F-0449-0000-0000000FF1CE}_PROOFKIT_{543343AF-DFAD-4281-872A-83A033DBE59C}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-044A-0000-0000000FF1CE}" = Microsoft Office Proof (Telugu) 2007
    "{90120000-001F-044A-0000-0000000FF1CE}_PROOFKIT_{9718BA87-FBBF-453B-BD3B-43A13C1D7CCF}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-044B-0000-0000000FF1CE}" = Microsoft Office Proof (Kannada) 2007
    "{90120000-001F-044B-0000-0000000FF1CE}_PROOFKIT_{7DA86C45-3502-4C82-AF29-202C7B0382B5}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-044E-0000-0000000FF1CE}" = Microsoft Office Proof (Marathi) 2007
    "{90120000-001F-044E-0000-0000000FF1CE}_PROOFKIT_{92CCDCF1-46B6-4042-ACC0-9269D5317E48}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2007
    "{90120000-001F-0456-0000-0000000FF1CE}_PROOFKIT_{A3A03B41-14EA-4E50-97D8-FCF429AE0CCB}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0804-0000-0000000FF1CE}" = Microsoft Office Proof (Chinese (Simplified)) 2007
    "{90120000-001F-0804-0000-0000000FF1CE}_PROOFKIT_{0454BB31-DAD9-400F-9E06-45B36D4BA53B}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0814-0000-0000000FF1CE}" = Microsoft Office Proof (Norwegian (Nynorsk)) 2007
    "{90120000-001F-0814-0000-0000000FF1CE}_PROOFKIT_{67BED6C1-5AE1-45CD-8060-BFFD37ED0DDD}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0816-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Portugal)) 2007
    "{90120000-001F-0816-0000-0000000FF1CE}_PROOFKIT_{C8246FCF-12F8-4212-BC89-6ED049BA2FB8}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-081A-0000-0000000FF1CE}" = Microsoft Office Proof (Serbian (Latin)) 2007
    "{90120000-001F-081A-0000-0000000FF1CE}_PROOFKIT_{82FEB6ED-595A-4873-BD85-0578E83B90BB}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_PROOFKIT_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-0020-040E-0000-0000000FF1CE}" = Kompatibilitási csomag a 2007-es Office rendszerhez
    "{90120000-0028-0404-0000-0000000FF1CE}" = Microsoft Office IME (Chinese (Traditional)) 2007
    "{90120000-0028-0404-0000-0000000FF1CE}_PROOFKIT_{55F3B092-C18B-4E04-9E53-F794641B39F4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0028-0404-1000-0000000FF1CE}_PROOFKIT_{490B52AE-965C-460C-9E0F-EE65C96F7AA1}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0028-0411-0000-0000000FF1CE}" = Microsoft Office IME (Japanese) 2007
    "{90120000-0028-0411-0000-0000000FF1CE}_PROOFKIT_{277B1BCF-97A7-40F2-87A5-3CACB0E9714B}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0028-0411-1000-0000000FF1CE}_PROOFKIT_{8A3FCBEB-9029-40E2-8799-2299CBBEF4D8}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0028-0412-0000-0000000FF1CE}" = Microsoft Office IME (Korean) 2007
    "{90120000-0028-0412-0000-0000000FF1CE}_PROOFKIT_{12D06165-60AA-4402-9834-B5F37221001D}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0028-0412-1000-0000000FF1CE}_PROOFKIT_{198C790E-501A-4968-9091-95D84DCA4FD6}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0028-0804-0000-0000000FF1CE}" = Microsoft Office IME (Chinese (Simplified)) 2007
    "{90120000-0028-0804-0000-0000000FF1CE}_PROOFKIT_{803AB362-E418-4474-84E6-8ABFAF8D3A1E}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0028-0804-1000-0000000FF1CE}_PROOFKIT_{2F660432-0FA3-458E-86AB-4880366640B8}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0000-1000-0000000FF1CE}_STANDARD_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-040E-1000-0000000FF1CE}_STANDARD_{1E71F4A2-F832-4B10-8CA5-2B49A20AAD87}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002C-040E-0000-0000000FF1CE}" = Microsoft Office Proofing (Hungarian) 2007
    "{90120000-0048-0409-0000-0000000FF1CE}" = Microsoft Office ProofMUI (English) 2007
    "{90120000-006E-040E-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Hungarian) 2007
    "{90120000-006E-040E-0000-0000000FF1CE}_STANDARD_{1E71F4A2-F832-4B10-8CA5-2B49A20AAD87}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{91120000-0103-0000-0000-0000000FF1CE}" = Microsoft Office Proofing Kit 2007
    "{95120000-00AF-040E-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (Hungarian)
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9E8A483C-BE5B-4EDC-B649-63E0A47FB779}" = Enterprise Instrumentation
    "{A2A4AC67-DC60-A92B-DD50-65BEE8FA8D71}" = CCC Help Russian
    "{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
    "{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1038-7B44-A95000000001}" = Adobe Reader 9.5.1 - Hungarian
    "{ADD5DB49-72CF-11D8-9D75-000129760D75}" = CyberLink PowerBackup
    "{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
    "{B5F47039-9B19-4AC3-9A4A-E1CA3068E59F}" = ArcSoft TotalMedia Theatre 3
    "{B6AA470F-73AE-4C11-8615-5F9DDFD406AA}" = CrystalSetup
    "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
    "{B9C5005C-56CA-38E4-A093-79F22ECA0427}" = CCC Help Norwegian
    "{C20CE592-B0F8-4D20-BF31-0151CA6331A6}" = Samsung Media Studio
    "{C2674998-8A64-440C-810F-576D782404B3}_is1" = Pavtube Blu-ray Ripper Ver 4.1.1.3857
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
    "{C7F2F1C7-4AFB-4025-8CE2-848CEF731B88}" = Microsoft Works
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
    "{DC93F14E-D2C9-D6D1-31B6-D31AC2AD3BB0}" = Catalyst Control Center Graphics Light
    "{E19B66BB-29E9-4853-9916-3C368D3B40B5}" = BDCMF Creator Ver1.2.4b
    "{E6E0F53B-B7B8-E052-5C32-76C885536A3E}" = CCC Help Danish
    "{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
    "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
    "{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
    "{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
    "{F7FE3C6E-ECB8-0853-584F-BE19BA05B1B8}" = CCC Help Chinese Standard
    "{FB216244-7728-4D97-893F-84B715E0886B}_is1" = Pavtube Blu-Ray Ripper version 3.6.2.2053
    "{FCC49808-C684-FEFA-3C02-46A04A7C9EBD}" = CCC Help English
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.6
    "Advanced Audio FX Engine" = Advanced Audio FX Engine
    "AnyDVD" = AnyDVD
    "Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
    "AviSynth" = AviSynth 2.5
    "BDDecrypter_is1" = Version 6.0 (Build 20091202)
    "BitTorrent" = BitTorrent
    "C2674998-8A64-440C-810F-576D782404B3_is1" = Pavtube Blu-ray Ripper Ver 3.11.2.925
    "CDex" = CDex extraction audio
    "CloneCD" = CloneCD
    "Dell Webcam Central" = Dell Webcam Central
    "DVD Decrypter" = DVD Decrypter (Remove Only)
    "DVD Shrink_is1" = DVD Shrink 3.2
    "DVDFab 8 Qt_is1" = DVDFab 8.0.9.2 (12/05/2011) Qt
    "EasyBD Lite_is1" = EasyBD Lite 1.0
    "ffdshow_is1" = ffdshow v1.1.3882 [2011-06-13]
    "FFmpeg for Audacity_is1" = FFmpeg v0.6.2 for Audacity
    "Film Fatale_is1" = Film Fatale
    "Google Chrome" = Google Chrome
    "HaaliMkx" = Haali Media Splitter
    "Heroes of Might and Magic IV" = Heroes of Might and Magic® IV: Winds of War
    "Heroes of Might and Magic® IV" = Heroes of Might and Magic® IV
    "ImageMagick 6.2.2 Q8_is1" = ImageMagick 6.2.2-4 Q8 (05/14/05)
    "ImgBurn" = ImgBurn
    "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink LG Burning Tool
    "InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
    "InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
    "InstallShield_{B5F47039-9B19-4AC3-9A4A-E1CA3068E59F}" = ArcSoft TotalMedia Theatre 3
    "InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
    "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
    "LADSPA_plugins-win_is1" = LADSPA_plugins-win-0.4.15
    "LAME for Audacity_is1" = LAME v3.98.3 for Audacity
    "Lame MP3 Codec (for the ACM)" = Lame ACM MP3 Codec
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware 1.65.0.1400 verzió
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft Visual J# .NET Redistributable Package 1.1 (1033)" = Microsoft Visual J# .NET Redistributable Package 1.1
    "MISEC" = Monkey Island™ Special Edition Collection
    "Mozilla Firefox 15.0.1 (x86 hu)" = Mozilla Firefox 15.0.1 (x86 hu)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "NeroMultiInstaller!UninstallKey" = Nero Suite
    "PROOFKIT" = Microsoft Office Proofing Tools Kit 2007
    "RealPlayer 12.0" = RealPlayer
    "STANDARD" = Microsoft Office Standard 2007
    "SubtitleWorkshop" = Subtitle Workshop 2.51
    "TeamViewer 5" = TeamViewer 5
    "Totalcmd" = Total Commander (Remove or Repair)
    "Tropico3" = Tropico 3 1.00
    "VLC media player" = VLC media player 1.1.1
    "WavePad" = WavePad Sound Editor
    "WinRAR archiver" = WinRAR archiver
    "XviD_is1" = XviD MPEG-4 Video Codec

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-2094679090-2261037132-3170482699-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 2012.10.03. 14:17:58 | Computer Name = Babi-PC | Source = Application Error | ID = 1000
    Description = A hibát okozó alkalmazás neve: audacity.exe, verzió: 1.3.13.0, időbélyeg:
    0x4d9cdea9 A hibát okozó modul neve: ntdll.dll, verzió: 6.1.7601.17725, időbélyeg:
    0x4ec49b8f Kivételkód: 0xc0000005 Hiba pozíciója: 0x0002e41b A hibát okozó folyamat
    azonosítója: 0x1334 A hibát okozó alkalmazás indításának időpontja: 0x01cda1936758dd36
    A
    hibát okozó alkalmazás elérési útja: C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\audacity.exe
    A
    hibát okozó modul elérési útja: C:\Windows\SysWOW64\ntdll.dll Jelentés azonosítója:
    a858a2a4-0d86-11e2-96e3-0025647ff5b4

    Error - 2012.10.10. 13:41:24 | Computer Name = Babi-PC | Source = Application Error | ID = 1000
    Description = A hibát okozó alkalmazás neve: game.exe, verzió: 0.0.0.0, időbélyeg:
    0x5052114a A hibát okozó modul neve: unknown, verzió: 0.0.0.0, időbélyeg: 0x00000000
    Kivételkód:
    0xc0000005 Hiba pozíciója: 0xf8ad6384 A hibát okozó folyamat azonosítója: 0x1718 A
    hibát okozó alkalmazás indításának időpontja: 0x01cda706626f03e9 A hibát okozó alkalmazás
    elérési útja: C:\Program Files (x86)\Focus\Frogwares\The Testament of Sherlock
    Holmes\game.exe A hibát okozó modul elérési útja: unknown Jelentés azonosítója: b55fa50d-1301-11e2-b8ee-0025647ff5b4

    Error - 2012.10.10. 14:08:45 | Computer Name = Babi-PC | Source = Application Error | ID = 1000
    Description = A hibát okozó alkalmazás neve: game.exe, verzió: 0.0.0.0, időbélyeg:
    0x5052114a A hibát okozó modul neve: unknown, verzió: 0.0.0.0, időbélyeg: 0x00000000
    Kivételkód:
    0xc0000005 Hiba pozíciója: 0xf81d6396 A hibát okozó folyamat azonosítója: 0x1748 A
    hibát okozó alkalmazás indításának időpontja: 0x01cda70e81624b65 A hibát okozó alkalmazás
    elérési útja: C:\Program Files (x86)\Focus\Frogwares\The Testament of Sherlock
    Holmes\game.exe A hibát okozó modul elérési útja: unknown Jelentés azonosítója: 877b740f-1305-11e2-b8ee-0025647ff5b4

    Error - 2012.10.10. 15:12:57 | Computer Name = Babi-PC | Source = Application Error | ID = 1000
    Description = A hibát okozó alkalmazás neve: game.exe, verzió: 0.0.0.0, időbélyeg:
    0x5052114a A hibát okozó modul neve: unknown, verzió: 0.0.0.0, időbélyeg: 0x00000000
    Kivételkód:
    0xc0000096 Hiba pozíciója: 0x20b5979a A hibát okozó folyamat azonosítója: 0x9c0 A
    hibát okozó alkalmazás indításának időpontja: 0x01cda717abe8e9f1 A hibát okozó alkalmazás
    elérési útja: C:\Program Files (x86)\Focus\Frogwares\The Testament of Sherlock
    Holmes\game.exe A hibát okozó modul elérési útja: unknown Jelentés azonosítója: 7f96eb25-130e-11e2-b8ee-0025647ff5b4

    Error - 2012.10.10. 15:12:57 | Computer Name = Babi-PC | Source = Application Error | ID = 1005
    Description = A Windows a következő okok valamelyike miatt nem tudja elérni a(z)
    fájlt: meghibásodott a hálózati kapcsolat, a fájlt tároló lemez vagy a számítógépen
    telepített tárolóeszköz-illesztőprogram; vagy hiányzik a lemez. A hiba miatt a Windows
    bezárta a(z) game.exe programot. Program: game.exe Fájl: A hibaérték a További adatok
    című szakaszban található. FelhasználóI művelet 1. Nyissa meg újra a fájlt. Lehetséges,
    hogy átmeneti probléma lépett fel, amely a program ismételt futtatásával megszűnik.
    2.
    Ha
    a fájl továbbra sem érhető el és - a hálózaton található, akkor a hálózati rendszergazdának
    ellenőriznie kell, hogy nem lépett-e fel hálózati probléma, és a kiszolgáló elérhető-e.
    -
    Ha cserélhető lemezen található, például hajlékonylemezen vagy CD-ROM-on, ellenőrizze,
    hogy a lemez megfelelően van-e behelyezve a számítógépbe. 3. A CHKDSK futtatásával
    ellenőrizze a fájlrendszert, és javítsa a hibáit. A CHKDSK program futtatásához
    kattintson a Start gombra, kattintson a Futtatás parancsra, írja be a CMD parancsot,
    majd kattintson az OK gombra. A parancssorba írja be a CHKDSK /F parancsot, majd
    nyomja le az ENTER billentyűt. 4. Ha a probléma továbbra is fennáll, állítsa helyre
    egy mentésből a fájlrendszert. 5. Vizsgálja meg, hogy ugyanazon a lemezen lévő más
    fájlokat meg lehet-e nyitni. Ha nem, akkor valószínűleg megsérült a lemez. Ha merevlemezről
    van szó, további segítségért forduljon a rendszergazdához vagy a számítógép forgalmazójához.

    További
    adatok Hibaérték: 00000000 Lemeztípus: 0

    Error - 2012.10.10. 17:03:15 | Computer Name = Babi-PC | Source = Application Error | ID = 1000
    Description = A hibát okozó alkalmazás neve: game.exe, verzió: 0.0.0.0, időbélyeg:
    0x5052114a A hibát okozó modul neve: unknown, verzió: 0.0.0.0, időbélyeg: 0x00000000
    Kivételkód:
    0xc0000096 Hiba pozíciója: 0x1875abf4 A hibát okozó folyamat azonosítója: 0xc80 A
    hibát okozó alkalmazás indításának időpontja: 0x01cda7292f6e7162 A hibát okozó alkalmazás
    elérési útja: C:\Program Files (x86)\Focus\Frogwares\The Testament of Sherlock
    Holmes\game.exe A hibát okozó modul elérési útja: unknown Jelentés azonosítója: e8178565-131d-11e2-b8ee-0025647ff5b4

    Error - 2012.10.10. 17:03:15 | Computer Name = Babi-PC | Source = Application Error | ID = 1005
    Description = A Windows a következő okok valamelyike miatt nem tudja elérni a(z)
    fájlt: meghibásodott a hálózati kapcsolat, a fájlt tároló lemez vagy a számítógépen
    telepített tárolóeszköz-illesztőprogram; vagy hiányzik a lemez. A hiba miatt a Windows
    bezárta a(z) game.exe programot. Program: game.exe Fájl: A hibaérték a További adatok
    című szakaszban található. FelhasználóI művelet 1. Nyissa meg újra a fájlt. Lehetséges,
    hogy átmeneti probléma lépett fel, amely a program ismételt futtatásával megszűnik.
    2.
    Ha
    a fájl továbbra sem érhető el és - a hálózaton található, akkor a hálózati rendszergazdának
    ellenőriznie kell, hogy nem lépett-e fel hálózati probléma, és a kiszolgáló elérhető-e.
    -
    Ha cserélhető lemezen található, például hajlékonylemezen vagy CD-ROM-on, ellenőrizze,
    hogy a lemez megfelelően van-e behelyezve a számítógépbe. 3. A CHKDSK futtatásával
    ellenőrizze a fájlrendszert, és javítsa a hibáit. A CHKDSK program futtatásához
    kattintson a Start gombra, kattintson a Futtatás parancsra, írja be a CMD parancsot,
    majd kattintson az OK gombra. A parancssorba írja be a CHKDSK /F parancsot, majd
    nyomja le az ENTER billentyűt. 4. Ha a probléma továbbra is fennáll, állítsa helyre
    egy mentésből a fájlrendszert. 5. Vizsgálja meg, hogy ugyanazon a lemezen lévő más
    fájlokat meg lehet-e nyitni. Ha nem, akkor valószínűleg megsérült a lemez. Ha merevlemezről
    van szó, további segítségért forduljon a rendszergazdához vagy a számítógép forgalmazójához.

    További
    adatok Hibaérték: 00000000 Lemeztípus: 0

    Error - 2012.10.10. 17:20:01 | Computer Name = Babi-PC | Source = Application Error | ID = 1000
    Description = A hibát okozó alkalmazás neve: game.exe, verzió: 0.0.0.0, időbélyeg:
    0x5052114a A hibát okozó modul neve: unknown, verzió: 0.0.0.0, időbélyeg: 0x00000000
    Kivételkód:
    0xc0000005 Hiba pozíciója: 0x44559d05 A hibát okozó folyamat azonosítója: 0xf24 A
    hibát okozó alkalmazás indításának időpontja: 0x01cda72cd726a12d A hibát okozó alkalmazás
    elérési útja: C:\Program Files (x86)\Focus\Frogwares\The Testament of Sherlock
    Holmes\game.exe A hibát okozó modul elérési útja: unknown Jelentés azonosítója: 3fa29336-1320-11e2-a49c-0025647ff5b4

    Error - 2012.10.11. 16:39:58 | Computer Name = Babi-PC | Source = Application Error | ID = 1000
    Description = A hibát okozó alkalmazás neve: game.exe, verzió: 0.0.0.0, időbélyeg:
    0x5052114a A hibát okozó modul neve: unknown, verzió: 0.0.0.0, időbélyeg: 0x00000000
    Kivételkód:
    0xc0000005 Hiba pozíciója: 0x1a556dff A hibát okozó folyamat azonosítója: 0xbe0 A
    hibát okozó alkalmazás indításának időpontja: 0x01cda7f069c3cdd6 A hibát okozó alkalmazás
    elérési útja: C:\Program Files (x86)\Focus\Frogwares\The Testament of Sherlock
    Holmes\game.exe A hibát okozó modul elérési útja: unknown Jelentés azonosítója: d1f572f1-13e3-11e2-99fa-904ce5f3d92a

    Error - 2012.10.11. 16:40:44 | Computer Name = Babi-PC | Source = Application Error | ID = 1000
    Description = A hibát okozó alkalmazás neve: game.exe, verzió: 0.0.0.0, időbélyeg:
    0x5052114a A hibát okozó modul neve: unknown, verzió: 0.0.0.0, időbélyeg: 0x00000000
    Kivételkód:
    0xc0000005 Hiba pozíciója: 0x991e0808 A hibát okozó folyamat azonosítója: 0xa74 A
    hibát okozó alkalmazás indításának időpontja: 0x01cda7f0969d38df A hibát okozó alkalmazás
    elérési útja: C:\Program Files (x86)\Focus\Frogwares\The Testament of Sherlock
    Holmes\game.exe A hibát okozó modul elérési útja: unknown Jelentés azonosítója: ed4e61d8-13e3-11e2-99fa-904ce5f3d92a

    [ Media Center Events ]
    Error - 2012.10.13. 16:51:11 | Computer Name = Babi-PC | Source = MCUpdate | ID = 0
    Description = 22:51:11 - Hiba történt az internethez való kapcsolódás közben. 22:51:11
    - A kiszolgáló nem érhető el..

    Error - 2012.10.13. 16:51:21 | Computer Name = Babi-PC | Source = MCUpdate | ID = 0
    Description = 22:51:16 - Hiba történt az internethez való kapcsolódás közben. 22:51:16
    - A kiszolgáló nem érhető el..

    Error - 2012.10.13. 17:51:26 | Computer Name = Babi-PC | Source = MCUpdate | ID = 0
    Description = 23:51:26 - Hiba történt az internethez való kapcsolódás közben. 23:51:26
    - A kiszolgáló nem érhető el..

    Error - 2012.10.13. 17:51:32 | Computer Name = Babi-PC | Source = MCUpdate | ID = 0
    Description = 23:51:31 - Hiba történt az internethez való kapcsolódás közben. 23:51:31
    - A kiszolgáló nem érhető el..

    Error - 2012.10.13. 18:51:37 | Computer Name = Babi-PC | Source = MCUpdate | ID = 0
    Description = 0:51:37 - Hiba történt az internethez való kapcsolódás közben. 0:51:37
    - A kiszolgáló nem érhető el..

    Error - 2012.10.13. 18:51:43 | Computer Name = Babi-PC | Source = MCUpdate | ID = 0
    Description = 0:51:42 - Hiba történt az internethez való kapcsolódás közben. 0:51:42
    - A kiszolgáló nem érhető el..

    Error - 2012.10.13. 19:51:48 | Computer Name = Babi-PC | Source = MCUpdate | ID = 0
    Description = 1:51:48 - Hiba történt az internethez való kapcsolódás közben. 1:51:48
    - A kiszolgáló nem érhető el..

    Error - 2012.10.13. 19:51:55 | Computer Name = Babi-PC | Source = MCUpdate | ID = 0
    Description = 1:51:53 - Hiba történt az internethez való kapcsolódás közben. 1:51:53
    - A kiszolgáló nem érhető el..

    Error - 2012.10.14. 14:51:12 | Computer Name = Babi-PC | Source = MCUpdate | ID = 0
    Description = 20:51:12 - Hiba történt az internethez való kapcsolódás közben. 20:51:12
    - A kiszolgáló nem érhető el..

    Error - 2012.10.14. 14:52:27 | Computer Name = Babi-PC | Source = MCUpdate | ID = 0
    Description = 20:51:17 - Hiba történt az internethez való kapcsolódás közben. 20:51:17
    - A kiszolgáló nem érhető el..

    [ OSession Events ]
    Error - 2010.04.01. 14:31:27 | Computer Name = Babi-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2256
    seconds with 1620 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 2012.10.14. 13:18:41 | Computer Name = Babi-PC | Source = Disk | ID = 262155
    Description = Az illesztőprogram vezérlési hibát talált a következőn: \Device\Harddisk1\DR1.

    Error - 2012.10.14. 13:31:29 | Computer Name = Babi-PC | Source = Service Control Manager | ID = 7009
    Description = Letelt egy időkorlát (30000 ms) a(z) Windows Trace Session Manager
    szolgáltatás kapcsolódására való várakozás közben.

    Error - 2012.10.14. 13:31:29 | Computer Name = Babi-PC | Source = Service Control Manager | ID = 7000
    Description = A szolgáltatás (Windows Trace Session Manager) a következő hiba következtében
    leállt: %%1053

    Error - 2012.10.14. 13:38:35 | Computer Name = Babi-PC | Source = Service Control Manager | ID = 7023
    Description = A szolgáltatás (Windows Defender) leállt a következő hibával: %%126

    Error - 2012.10.14. 13:57:55 | Computer Name = Babi-PC | Source = Service Control Manager | ID = 7023
    Description = A szolgáltatás (Windows Defender) leállt a következő hibával: %%126

    Error - 2012.10.14. 14:36:53 | Computer Name = Babi-PC | Source = Service Control Manager | ID = 7023
    Description = A szolgáltatás (Windows Defender) leállt a következő hibával: %%126

    Error - 2012.10.14. 14:44:34 | Computer Name = Babi-PC | Source = Service Control Manager | ID = 7023
    Description = A szolgáltatás (Windows Defender) leállt a következő hibával: %%126

    Error - 2012.10.14. 14:53:15 | Computer Name = Babi-PC | Source = Service Control Manager | ID = 7030
    Description = A(z) PEVSystemStart szolgáltatás interaktív szolgáltatásként van megjelölve.
    A rendszer azonban úgy van beállítva, hogy az interaktív szolgáltatások nem futhatnak.
    Ez a szolgáltatás valószínűleg nem működik megfelelően.

    Error - 2012.10.14. 14:56:44 | Computer Name = Babi-PC | Source = Application Popup | ID = 1060
    Description = A(z) \??\C:\ComboFix\catchme.sys betöltését a rendszer blokkolta,
    mert nem kompatibilis a rendszerrel. Lépjen kapcsolatba a szoftver szállítójával
    az illesztőprogram kompatibilis verziójának beszerzéséért.

    Error - 2012.10.14. 15:01:01 | Computer Name = Babi-PC | Source = Service Control Manager | ID = 7030
    Description = A(z) PEVSystemStart szolgáltatás interaktív szolgáltatásként van megjelölve.
    A rendszer azonban úgy van beállítva, hogy az interaktív szolgáltatások nem futhatnak.
    Ez a szolgáltatás valószínűleg nem működik megfelelően.


    < End of report >
  17. Broni

    Broni Malware Annihilator Posts: 46,373   +252

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O8:64bit: - Extra context menu item: E&xportálás a Microsoft Excel programba - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
      O8 - Extra context menu item: E&xportálás a Microsoft Excel programba - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
      [2012.10.14 20:46:30 | 000,000,000 | ---D | C] -- C:\FRST
      [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
      
      [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
      
      [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
      
      [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
      
      [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
      
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
      "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment
      
      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
      "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment
      
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
      "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Free
      
      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
      "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Free
      
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
      "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Both
      
      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
      @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:DBC416F8
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    =============================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    3. Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    Next...

    • Double click on adwcleaner.exe to run the tool.
    • Click on Uninstall.
    • Confirm with yes.

    4. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    5. Please, run F-Secure Online Scanner

    • Disable your Antivirus program.
    • Checkmark I have read and accepted the license terms.
    • Click on Run Check button.
    • Quick scan (recommended) option will come pre-checked. Don't change it.
    • Click on Start button.
    • When scan is done, in Step 3: Clean the files, leave all settings as they're.
    • Click Next button.
    • Click Full report... button.
    • Copy report's content and paste it into your next reply.
  18. vlac112

    vlac112 Newcomer, in training Topic Starter

    Hi Broni,

    I've done the checks, here are the logs:

    OTL:

    All processes killed
    ========== OTL ==========
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
    64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xportálás a Microsoft Excel programba\ deleted successfully.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xportálás a Microsoft Excel programba\ not found.
    C:\FRST\Quarantine\{d1cda5b9-aedb-b369-805d-808993f06024}\U folder moved successfully.
    C:\FRST\Quarantine\{d1cda5b9-aedb-b369-805d-808993f06024} folder moved successfully.
    C:\FRST\Quarantine folder moved successfully.
    C:\FRST\Logs folder moved successfully.
    C:\FRST\Hives folder moved successfully.
    C:\FRST folder moved successfully.
    C:\Windows\assembly\Desktop.ini moved successfully.
    File EY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 not found.
    File EY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
    File EY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 not found.
    File EY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] not found.
    File EY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 not found.
    File EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
    Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64\ not found.
    Folder EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]\ not found.
    Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64\ not found.
    Folder EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]\ not found.
    ADS C:\ProgramData\Temp:DBC416F8 deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Babi
    ->Temp folder emptied: 2468 bytes
    ->Temporary Internet Files folder emptied: 1569073891 bytes
    ->Java cache emptied: 28029715 bytes
    ->FireFox cache emptied: 441411729 bytes
    ->Google Chrome cache emptied: 6138516 bytes
    ->Flash cache emptied: 3309 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 1533399 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 26024426 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50517 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 1 976,00 mb


    [EMPTYJAVA]

    User: All Users

    User: Babi
    ->Java cache emptied: 0 bytes

    User: Default

    User: Default User

    User: Public

    Total Java Files Cleaned = 0,00 mb


    [EMPTYFLASH]

    User: All Users

    User: Babi
    ->Flash cache emptied: 0 bytes

    User: Default

    User: Default User

    User: Public

    Total Flash Files Cleaned = 0,00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 10152012_001225

    Files\Folders moved on Reboot...
    C:\Users\Babi\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...






    Security Check:

    Results of screen317's Security Check version 0.99.51
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Security Center service is not running! This report may not be accurate!
    ESET Smart Security 5.2
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware 1.65.0.1400 verzió
    Java(TM) 6 Update 17
    Java(TM) 6 Update 31
    Java version out of Date!
    Adobe Flash Player 11.4.402.287
    Adobe Reader 9 Adobe Reader out of Date!
    Mozilla Firefox (15.0.1)
    Google Chrome 21.0.1180.83
    Google Chrome 21.0.1180.89
    Google Chrome 22.0.1229.79
    Google Chrome 22.0.1229.92
    Google Chrome 22.0.1229.94
    ````````Process Check: objlist.exe by Laurent````````
    ESET NOD32 Antivirus egui.exe
    ESET NOD32 Antivirus ekrn.exe
    Malwarebytes' Anti-Malware mbamscheduler.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C:
    ````````````````````End of Log``````````````````````
  19. vlac112

    vlac112 Newcomer, in training Topic Starter

    FSS:

    Farbar Service Scanner Version: 07-10-2012
    Ran by Babi (administrator) on 15-10-2012 at 00:21:31
    Running from "C:\Users\Babi\Desktop"
    Microsoft Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============

    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll
    [2012-10-10 16:03] - [2012-06-02 07:41] - 0184320 ____A (Microsoft Corporation) 9C01375BE382E834CC26D1B7EAF2C4FE

    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****



    AdwCleaner:

    # AdwCleaner v2.005 - Logfile created 10/15/2012 at 00:23:01
    # Updated 14/10/2012 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : Babi - BABI-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Babi\Desktop\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****


    ***** [Registry] *****

    Key Deleted : HKCU\Software\Softonic
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415c-8A37-763AE183E7E4}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16421

    [OK] Registry is clean.

    -\\ Mozilla Firefox v15.0.1 (hu)

    Profile name : default
    File : C:\Users\Babi\AppData\Roaming\Mozilla\Firefox\Profiles\jwbzp6i6.default\prefs.js

    [OK] File is clean.

    -\\ Google Chrome v [Unable to get version]

    File : C:\Users\Babi\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[S1].txt - [1358 octets] - [15/10/2012 00:23:01]

    ########## EOF - C:\AdwCleaner[S1].txt - [1418 octets] ##########


    TFC run without any problems.


    F-Secure Online Scanner:

    Scanning Report

    Monday, October 15, 2012 07:57:44 - 08:01:50

    Computer name: BABI-PC
    Scanning type: Quick scan
    Target: System
    No malware found

    Statistics

    Scanned:
    • Files: 6356
    • System: 6356
    • Not scanned: 0
    Actions:
    • Disinfected: 0
    • Renamed: 0
    • Deleted: 0
    • Not cleaned: 0
    • Submitted: 0
    Options

    Scanning engines:
  20. Broni

    Broni Malware Annihilator Posts: 46,373   +252

    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions (if present).
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

    =============================

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    ============================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

    13. Please, let me know, how your computer is doing.
  21. vlac112

    vlac112 Newcomer, in training Topic Starter

    Hi Broni,

    thank you very much for your help and the good hints, how to avoid it from happening again.

    I've done the fix and the cleanup (the log was unfortunatelly deleted by the cleanup), and everything was all right.

    Thanks again,
    vlac112
  22. Broni

    Broni Malware Annihilator Posts: 46,373   +252

    Way to go!! [​IMG]
    Good luck and stay safe :)


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.