Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

How to remove Win32/Olmarik.TDL4 trojan horse [Solved]

Started by sa6370 , Jul 17 2012 01:59 PM

This topic is locked

#1
sa6370

Posted 17 July 2012 - 01:59 PM

Member

Member
18 posts

Hi everyone, today I infected my PC with Win32/Olmarik.TDL4 trojan, my NOD32 found it immediately, but cant delete it, i tried with TDSSKiller but there was no result (i dont delete it). Im worried about all my information in the computer like photos, music, etc..

#2
Essexboy

Posted 17 July 2012 - 02:17 PM

GeekU Moderator

Retired Staff
69,964 posts

Hi could you post the TDSSKiller log please and run the following

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Select All Users
Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache /s
CREATERESTOREPOINT
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Post both logs

THEN

Download aswMBR.exe ( 4.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

#3
sa6370

Posted 17 July 2012 - 02:38 PM

Member

Topic Starter
Member
18 posts

OTL.txt

OTL logfile created on: 17.7.2012 г. 23:25:35 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Hristo\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000402 | Country: Bulgaria | Language: BGR | Date Format: d.M.yyyy 'г.'

2,97 Gb Total Physical Memory | 1,92 Gb Available Physical Memory | 64,59% Memory free
6,14 Gb Paging File | 5,20 Gb Available in Paging File | 84,64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 58,59 Gb Total Space | 2,06 Gb Free Space | 3,51% Space Free | Partition Type: NTFS
Drive D: | 174,29 Gb Total Space | 37,29 Gb Free Space | 21,40% Space Free | Partition Type: NTFS

Computer Name: SA6370 | User Name: Hristo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.07.17 23:24:48 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Hristo\Desktop\OTL.exe
PRC - [2012.03.07 15:40:34 | 000,913,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2012.03.07 15:40:28 | 003,117,344 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2012.02.23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012.01.03 16:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.05.17 10:45:20 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\nlssrv32.exe
PRC - [2009.10.26 16:46:54 | 001,458,176 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
PRC - [2009.04.11 09:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.10.07 19:31:46 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files\CyberLink\Shared Files\brs.exe
PRC - [2008.03.20 20:23:22 | 000,083,240 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2008.01.21 05:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007.02.15 12:07:16 | 004,390,912 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006.12.10 19:31:14 | 000,024,576 | ---- | M] (Syntek America Inc.) -- C:\Windows\System32\StkCSrv.exe
PRC - [2006.11.02 10:27:32 | 000,061,440 | ---- | M] (ASUSTeK Computer INC.) -- C:\Program Files\ASUS\ATK Media\DMedia.exe
PRC - [2006.09.11 13:31:36 | 000,208,896 | ---- | M] (ALPS) -- C:\Program Files\Apoint2K\Apvfb.exe
PRC - [2006.09.08 10:10:22 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\hidfind.exe

========== Modules (No Company Name) ==========

MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2011.02.20 15:20:15 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2010.10.20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2012.07.12 17:54:12 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.06.18 13:45:59 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.03.07 15:40:34 | 000,913,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2012.02.29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.01.03 16:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.06.12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011.05.17 10:45:20 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\nlssrv32.exe -- (nlsX86cc)
SRV - [2008.01.21 05:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006.12.10 19:31:14 | 000,024,576 | ---- | M] (Syntek America Inc.) [Auto | Running] -- C:\Windows\System32\StkCSrv.exe -- (StkSSrv)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\mdmuwm.sys -- (MdmUWm)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\ASUS\ASUS Live Update\SYS64\lvupdtio.sys -- (lvupdtio)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\GdmFilt.sys -- (GdmFilt)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\ArcSec.sys -- (ArcSec)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Hristo\AppData\Local\Temp\ALSysIO.sys -- (ALSysIO)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\CyberLink\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054})
DRV - [2012.03.14 08:40:02 | 000,169,080 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
DRV - [2012.03.14 08:40:02 | 000,120,152 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2012.03.14 08:40:02 | 000,103,112 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV - [2012.02.23 22:55:03 | 000,012,800 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\anodlwf.sys -- (anodlwf)
DRV - [2011.07.27 21:15:18 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011.05.10 08:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2011.03.18 14:46:26 | 000,061,704 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2011.03.18 14:46:10 | 000,073,096 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2010.11.22 07:36:50 | 001,085,280 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Dnetr28u.sys -- (netr28u)
DRV - [2010.02.05 06:16:10 | 000,028,048 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BthAvrcp.sys -- (BthAvrcp)
DRV - [2009.10.26 17:09:06 | 001,095,936 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2009.09.05 16:25:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007.08.09 20:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007.01.19 18:19:12 | 001,324,544 | ---- | M] (Syntek) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\StkCMini.sys -- (StkCMini)
DRV - [2007.01.19 09:19:00 | 004,453,536 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007.01.16 04:35:18 | 001,032,104 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2006.12.14 10:11:58 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006.11.14 19:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006.11.14 14:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006.08.30 04:35:58 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2005.07.28 09:18:40 | 000,685,056 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (Hardlock)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2405}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2405}: "URL" = http://dts.search-re...q={searchTerms}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3667473730-442675740-1800506625-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.bg/
IE - HKU\S-1-5-21-3667473730-442675740-1800506625-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3667473730-442675740-1800506625-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = bg
IE - HKU\S-1-5-21-3667473730-442675740-1800506625-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 30 A9 86 42 C0 82 CC 01 [binary data]
IE - HKU\S-1-5-21-3667473730-442675740-1800506625-1000\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
IE - HKU\S-1-5-21-3667473730-442675740-1800506625-1000\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
IE - HKU\S-1-5-21-3667473730-442675740-1800506625-1000\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2405}
IE - HKU\S-1-5-21-3667473730-442675740-1800506625-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-3667473730-442675740-1800506625-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2405}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKU\S-1-5-21-3667473730-442675740-1800506625-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3667473730-442675740-1800506625-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-3667473730-442675740-1800506625-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 78.90.223.31:8088

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "http://www.google.bg/"
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:3.3.3.2
FF - prefs.js..keyword.URL: "http://search.condui...rchSource=2&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Hristo\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.18 13:46:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.13 10:44:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012.07.17 19:11:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.18 13:46:00 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.13 10:44:07 | 000,000,000 | ---D | M]

[2011.12.16 12:47:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hristo\AppData\Roaming\mozilla\Extensions
[2012.07.13 12:18:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hristo\AppData\Roaming\mozilla\Firefox\Profiles\6342o989.default\extensions
[2011.04.22 23:25:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Hristo\AppData\Roaming\mozilla\Firefox\Profiles\6342o989.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.12.15 22:06:04 | 000,002,497 | ---- | M] () -- C:\Users\Hristo\AppData\Roaming\Mozilla\Firefox\Profiles\6342o989.default\searchplugins\SearchResults.xml
[2012.06.14 11:12:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.06.18 13:46:00 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.03.08 13:46:03 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.06.18 13:45:55 | 000,001,083 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\911bg.xml
[2012.06.18 13:45:55 | 000,002,442 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\diribg.xml
[2012.06.18 13:45:55 | 000,001,515 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pe-bg.xml
[2012.06.18 13:45:55 | 000,001,857 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\portalbgdict.xml
[2011.12.15 22:06:04 | 000,002,497 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml
[2012.06.18 13:45:55 | 000,001,220 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-bg.xml

O1 HOSTS File: ([2006.09.19 00:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUSTeK Computer INC.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BDRegion] C:\Program Files\CyberLink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe" File not found
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3667473730-442675740-1800506625-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-3667473730-442675740-1800506625-1000..\Run: [Facebook Update] C:\Users\Hristo\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-3667473730-442675740-1800506625-1000..\Run: [JDKAIWSysNyuNTd.exe] C:\ProgramData\JDKAIWSysNyuNTd.exe File not found
O4 - HKU\S-1-5-21-3667473730-442675740-1800506625-1000..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-3667473730-442675740-1800506625-1000..\Run: [QW6lqgoEcI76Mv] C:\ProgramData\QW6lqgoEcI76Mv.exe File not found
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-3667473730-442675740-1800506625-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{00B54056-5327-46A9-A6ED-3E259FB9C2E0}: DhcpNameServer = 10.250.238.3 10.250.238.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1E213194-BB30-4E0E-BB8C-DAEAD29EDC51}: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AA1233FB-4667-4026-9322-62B76DCE6D6A}: DhcpNameServer = 10.0.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Hristo\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Hristo\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.19 00:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{35763b20-a3fe-11e0-b451-001bfc13e40f}\Shell - "" = AutoRun
O33 - MountPoints2\{35763b20-a3fe-11e0-b451-001bfc13e40f}\Shell\AutoRun\command - "" = E:\autorun.exe
O33 - MountPoints2\{f84e14ef-c5aa-11e1-9728-001bfc13e40f}\Shell\AutoRun\command - "" = E:\Setup.exe
O33 - MountPoints2\{f84e14ef-c5aa-11e1-9728-001bfc13e40f}\Shell\WiMAX\command - "" = E:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012.07.17 23:24:33 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Hristo\Desktop\OTL.exe
[2012.07.17 22:07:30 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012.07.17 21:59:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\MpEngineStore
[2012.07.17 19:16:44 | 000,000,000 | ---D | C] -- C:\Users\Hristo\Desktop\New Folder
[2012.07.17 19:11:25 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2012.07.17 19:11:25 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.07.17 14:16:51 | 000,000,000 | ---D | C] -- C:\Users\Hristo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Recovery
[2012.07.12 13:15:32 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.07.12 13:12:02 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.07.12 13:12:00 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.07.12 13:11:59 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.07.12 13:11:58 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.07.12 13:11:58 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.07.12 13:11:57 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.07.12 13:11:56 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.07.11 17:06:07 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012.07.04 10:53:53 | 000,000,000 | ---D | C] -- C:\Users\Hristo\AppData\Roaming\MODACOM
[2012.06.23 21:57:41 | 000,000,000 | ---D | C] -- C:\Users\Hristo\Desktop\drehi
[2012.06.22 15:41:48 | 000,000,000 | -H-D | C] -- C:\Users\Hristo\AppData\Local\Macromedia
[2012.06.19 11:10:34 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012.06.19 11:10:33 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012.06.19 11:09:47 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012.06.19 11:09:47 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012.06.19 11:09:47 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012.06.19 11:09:36 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012.06.19 11:09:36 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012.06.18 14:33:51 | 000,000,000 | -H-D | C] -- C:\Users\Hristo\AppData\Local\CRE
[2012.06.18 14:33:25 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2012.06.18 14:32:27 | 000,000,000 | ---D | C] -- C:\Users\Hristo\AppData\Roaming\uTorrent

========== Files - Modified Within 30 Days ==========

[2012.07.17 23:31:05 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.17 23:24:48 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Hristo\Desktop\OTL.exe
[2012.07.17 22:54:16 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.17 22:50:12 | 000,013,072 | ---- | M] () -- C:\Users\Hristo\AppData\Roaming\nvModes.001
[2012.07.17 22:49:12 | 000,013,072 | ---- | M] () -- C:\Users\Hristo\AppData\Roaming\nvModes.dat
[2012.07.17 22:48:56 | 008,405,015 | ---- | M] () -- C:\Windows\TempFile
[2012.07.17 22:48:54 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.17 22:48:47 | 000,005,280 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.17 22:48:47 | 000,005,280 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.17 22:48:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.17 22:48:36 | 3186,876,416 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.17 22:47:27 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.07.17 21:25:14 | 368,868,488 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.07.17 20:51:06 | 000,001,086 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3667473730-442675740-1800506625-1000UA.job
[2012.07.17 19:14:28 | 000,186,880 | -H-- | M] () -- C:\Users\Hristo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.17 18:53:53 | 000,009,203 | -HS- | M] () -- C:\Users\Hristo\Desktop\Folder.jpg
[2012.07.17 18:53:53 | 000,002,382 | -HS- | M] () -- C:\Users\Hristo\Desktop\AlbumArtSmall.jpg
[2012.07.17 18:14:29 | 000,008,591 | -HS- | M] () -- C:\Users\Hristo\Desktop\AlbumArt_{52DBFBAF-5FBF-4147-8261-5D414BA93077}_Large.jpg
[2012.07.17 18:14:29 | 000,002,412 | -HS- | M] () -- C:\Users\Hristo\Desktop\AlbumArt_{52DBFBAF-5FBF-4147-8261-5D414BA93077}_Small.jpg
[2012.07.17 14:24:17 | 000,001,356 | ---- | M] () -- C:\Users\Hristo\AppData\Local\d3d9caps.dat
[2012.07.16 23:51:01 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3667473730-442675740-1800506625-1000Core.job
[2012.07.13 12:09:53 | 001,710,680 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.07.12 17:54:11 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.07.12 17:54:11 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.07.04 15:26:44 | 000,596,168 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.04 15:26:44 | 000,104,242 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.01 13:04:53 | 000,008,370 | -HS- | M] () -- C:\Users\Hristo\Desktop\AlbumArt_{3AF1FFF9-359D-492B-868B-223EADA566ED}_Large.jpg
[2012.07.01 13:04:53 | 000,002,262 | -HS- | M] () -- C:\Users\Hristo\Desktop\AlbumArt_{3AF1FFF9-359D-492B-868B-223EADA566ED}_Small.jpg
[2012.07.01 13:04:28 | 000,012,522 | -HS- | M] () -- C:\Users\Hristo\Desktop\AlbumArt_{04CF88A7-A66E-4252-B50F-4B3A7248EC6E}_Large.jpg
[2012.07.01 13:04:28 | 000,002,903 | -HS- | M] () -- C:\Users\Hristo\Desktop\AlbumArt_{04CF88A7-A66E-4252-B50F-4B3A7248EC6E}_Small.jpg
[2012.07.01 13:01:40 | 000,008,015 | -HS- | M] () -- C:\Users\Hristo\Desktop\AlbumArt_{64D6AE71-708B-48E5-87FB-DEFC1F7D793E}_Large.jpg
[2012.07.01 13:01:21 | 000,002,342 | -HS- | M] () -- C:\Users\Hristo\Desktop\AlbumArt_{64D6AE71-708B-48E5-87FB-DEFC1F7D793E}_Small.jpg

========== Files Created - No Company Name ==========

[2012.07.17 23:06:52 | 000,164,570 | ---- | C] () -- C:\Users\Hristo\Desktop\m3 wide.jpg
[2012.07.17 23:06:52 | 000,071,247 | ---- | C] () -- C:\Users\Hristo\Desktop\introduction.jpg
[2012.07.17 21:54:50 | 3186,876,416 | -HS- | C] () -- C:\hiberfil.sys
[2012.07.17 21:25:14 | 368,868,488 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.07.17 18:03:34 | 000,008,591 | -HS- | C] () -- C:\Users\Hristo\Desktop\AlbumArt_{52DBFBAF-5FBF-4147-8261-5D414BA93077}_Large.jpg
[2012.07.17 18:03:34 | 000,002,412 | -HS- | C] () -- C:\Users\Hristo\Desktop\AlbumArt_{52DBFBAF-5FBF-4147-8261-5D414BA93077}_Small.jpg
[2012.07.17 17:28:24 | 000,001,974 | ---- | C] () -- C:\Users\Hristo\Desktop\Lightroom.lnk
[2012.07.01 13:04:53 | 000,008,370 | -HS- | C] () -- C:\Users\Hristo\Desktop\AlbumArt_{3AF1FFF9-359D-492B-868B-223EADA566ED}_Large.jpg
[2012.07.01 13:04:53 | 000,002,262 | -HS- | C] () -- C:\Users\Hristo\Desktop\AlbumArt_{3AF1FFF9-359D-492B-868B-223EADA566ED}_Small.jpg
[2012.07.01 13:04:28 | 000,012,522 | -HS- | C] () -- C:\Users\Hristo\Desktop\AlbumArt_{04CF88A7-A66E-4252-B50F-4B3A7248EC6E}_Large.jpg
[2012.07.01 13:04:28 | 000,002,903 | -HS- | C] () -- C:\Users\Hristo\Desktop\AlbumArt_{04CF88A7-A66E-4252-B50F-4B3A7248EC6E}_Small.jpg
[2012.07.01 13:02:16 | 000,008,015 | -HS- | C] () -- C:\Users\Hristo\Desktop\AlbumArt_{64D6AE71-708B-48E5-87FB-DEFC1F7D793E}_Large.jpg
[2012.07.01 13:02:16 | 000,002,342 | -HS- | C] () -- C:\Users\Hristo\Desktop\AlbumArt_{64D6AE71-708B-48E5-87FB-DEFC1F7D793E}_Small.jpg
[2012.06.24 01:01:48 | 000,001,086 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3667473730-442675740-1800506625-1000UA.job
[2012.06.24 01:01:48 | 000,001,064 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3667473730-442675740-1800506625-1000Core.job
[2012.02.23 22:55:12 | 000,014,051 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
[2012.02.23 22:55:03 | 000,012,800 | ---- | C] () -- C:\Windows\System32\drivers\anodlwf.sys
[2011.07.27 21:17:39 | 000,468,084 | ---- | C] () -- C:\Windows\cluninst.exe
[2011.07.27 21:16:46 | 000,000,021 | ---- | C] () -- C:\Windows\etkinst.ini
[2011.04.15 18:08:23 | 000,462,848 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2011.04.15 18:02:54 | 000,006,592 | ---- | C] () -- C:\Windows\gwpreset.ini
[2011.04.15 18:02:54 | 000,000,978 | ---- | C] () -- C:\Windows\goldwave.ini
[2011.02.20 21:44:38 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011.02.20 21:31:38 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011.02.20 21:31:37 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011.02.20 21:31:24 | 000,810,496 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011.02.20 21:31:23 | 000,183,808 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011.02.20 21:31:22 | 000,080,896 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011.02.20 21:05:46 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.02.20 20:40:59 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.02.20 20:20:32 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2011.02.20 16:13:12 | 000,186,880 | -H-- | C] () -- C:\Users\Hristo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.02.04 18:06:04 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.02.04 18:03:13 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.02.04 16:48:54 | 000,013,072 | ---- | C] () -- C:\Users\Hristo\AppData\Roaming\nvModes.001
[2011.02.04 16:48:51 | 000,013,072 | ---- | C] () -- C:\Users\Hristo\AppData\Roaming\nvModes.dat
[2011.02.04 14:58:15 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011.02.04 10:46:58 | 000,061,440 | ---- | C] () -- C:\Windows\StkUnist.exe
[2011.02.04 10:28:10 | 000,001,356 | ---- | C] () -- C:\Users\Hristo\AppData\Local\d3d9caps.dat

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008.10.29 09:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 09:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 06:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.11 09:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 09:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 05:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 05:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SERVICES >
[2006.09.19 00:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\System32\drivers\etc\services
[2006.09.19 00:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\services

< MD5 for: SERVICES.CFG >
[2012.04.04 08:53:54 | 000,585,987 | ---- | M] () MD5=7BAB089A4F862C6BC86E0201D5BF1779 -- C:\Program Files\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011.06.06 13:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg

< MD5 for: SERVICES.EXE >
[2008.01.21 05:24:48 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2009.04.11 09:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\System32\services.exe
[2009.04.11 09:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2006.11.02 15:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\System32\en-US\services.exe.mui
[2006.11.02 15:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_67c6851b290a1ced\services.exe.mui

< MD5 for: SERVICES.LNK >
[2008.01.21 05:42:58 | 000,001,688 | ---- | M] () MD5=C50AE46E57C3F3FB61A3B3A1E5D9C412 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008.01.21 05:42:58 | 000,001,688 | ---- | M] () MD5=C50AE46E57C3F3FB61A3B3A1E5D9C412 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2006.09.19 00:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2006.09.19 00:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.mof
[2006.09.19 00:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.mof

< MD5 for: SERVICES.MSC >
[2006.11.02 15:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2006.09.19 00:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2006.11.02 15:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_a2085506ff73b6e0\services.msc
[2006.09.19 00:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6001.18000_none_cf63e2a445bae4e3\services.msc

< MD5 for: SVCHOST.EXE >
[2008.01.21 05:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008.01.21 05:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USERINIT.EXE >
[2008.01.21 05:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 05:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009.04.11 09:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 09:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 05:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache /s >
[HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache\LAN]
"AutodiscoveryFlags" = -2147483648
"DetectedInterfaceIpCount" = 4
"LastDetectHighDateTime" = 0
"LastDetectLowDateTime" = 0
"LastDetectTime" = 01/01/1601, 00:00:00 UTC
"DetectedInterfaceIps" = fe80::35d2:aa75:5727:6871%11;fe80::2c03:12af:f5ff:fffd%12;10.0.0.2;2001:0:4137:9e76:2c03:12af:f5ff:fffd;
"LastDetectUrl" =

< End of report >

#4
sa6370

Posted 17 July 2012 - 02:39 PM

Member

Topic Starter
Member
18 posts

Extras.txt

OTL Extras logfile created on: 17.7.2012 г. 23:25:35 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Hristo\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000402 | Country: Bulgaria | Language: BGR | Date Format: d.M.yyyy 'г.'

2,97 Gb Total Physical Memory | 1,92 Gb Available Physical Memory | 64,59% Memory free
6,14 Gb Paging File | 5,20 Gb Available in Paging File | 84,64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 58,59 Gb Total Space | 2,06 Gb Free Space | 3,51% Space Free | Partition Type: NTFS
Drive D: | 174,29 Gb Total Space | 37,29 Gb Free Space | 21,40% Space Free | Partition Type: NTFS

Computer Name: SA6370 | User Name: Hristo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-3667473730-442675740-1800506625-1000\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1494F5E0-17E9-40CA-8D87-1B49E13B4859}" = lport=138 | protocol=17 | dir=in | app=system |
"{2D0E6B18-485A-4B09-99A5-D3FE1F8E8C09}" = lport=137 | protocol=17 | dir=in | app=system |
"{52D9EA56-7C79-4DF2-B82A-EE938FCDB461}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{57B6AF00-D943-46C6-A170-D6CCEDF5AAA1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6ABB5D8E-2513-4242-8794-4587C23CF1AA}" = lport=445 | protocol=6 | dir=in | app=system |
"{714E97FF-9A90-410C-A7AE-077297CD4DF9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{746C9695-3320-42FA-8343-52456668ECF0}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{74A29759-5B8F-48B6-9FD6-B7FD604E423B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{83D8F5F8-117C-4BA5-AF1E-BD33A882807F}" = rport=445 | protocol=6 | dir=out | app=system |
"{A32F5447-1249-4056-9C9B-CD70F997B67D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A7D63296-43FD-4FD6-BD05-F421060A28AB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A99448C0-BEDC-4B92-99D1-1C4E1B6A3AB1}" = rport=137 | protocol=17 | dir=out | app=system |
"{B119A833-AABE-4233-BCB1-0AAB054E2119}" = rport=10243 | protocol=6 | dir=out | app=system |
"{B568B916-C85C-4C73-9550-7065BFE0B756}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C7BD4E12-2A1A-4722-91A1-4BE0748C6726}" = lport=139 | protocol=6 | dir=in | app=system |
"{CD3B0027-881D-4ED1-9277-14E72DCAC0C9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DDD07AF9-AEAB-452E-ABAD-B8A0918610A6}" = rport=138 | protocol=17 | dir=out | app=system |
"{E061A532-4437-4176-B7B1-0595C7FA6FFB}" = rport=139 | protocol=6 | dir=out | app=system |
"{F225BF59-62D1-466D-AF92-85F7366BBCCC}" = lport=10243 | protocol=6 | dir=in | app=system |
"{FBB77855-5690-46C5-B89C-E0447A42DF01}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07A71C6D-F93F-4370-A083-2EAE74FFCFFD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{08742637-A916-4B58-B175-5CA74DEBF83F}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{096CE7A7-F066-4E68-82C4-D04123A4C017}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1969C843-A81C-4BAA-972C-CCA86FF88714}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{1B62DE93-257E-4BB1-86A7-2F8ADCD60765}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1DABE410-7242-4CC2-B146-1E6E1BD2214A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{23C619BE-4936-4355-8391-772C12608A89}" = protocol=58 | dir=in | [email protected],-28545 |
"{2BBA678B-65BF-4F11-A88C-B8C226EEDA95}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{3336E14D-4DF8-4B08-A187-6F890CC21DF7}" = protocol=6 | dir=out | app=system |
"{3FE25298-A9BB-4D41-9380-15A0F09D1672}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{53146722-495B-4D3C-B635-5C01BC69ADF9}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{56179134-D371-4C10-94DA-870B9FA7B3BF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5947DACB-38A5-4383-8DD2-F30D00DE79AC}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5E0E0CDD-6B23-4088-9B91-3D19C47FBCC8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5E88EFBD-BE1F-4940-88FC-B163992F9E0A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{646E6529-9DDE-4382-9424-03B1344478D8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{64FE2DEC-4A6F-4455-A939-8A09996B40A2}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{665870FD-358D-4D9E-BFB7-18D768711198}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{8809E97B-F2F3-4A29-A6AB-34C3D4984117}" = protocol=58 | dir=out | [email protected],-28546 |
"{8C21F7CE-DCA2-494B-96AC-3FEB81DC59FB}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{8E1AB3AA-EBA1-480D-B24A-2CF79E3E5341}" = protocol=1 | dir=in | [email protected],-28543 |
"{91545B99-7BEA-4861-8407-87C7B154BCDC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9C18794B-EE26-4479-8135-0F00B6050970}" = dir=in | app=c:\users\hristo\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{A7CE1984-AA3B-459C-AE33-F56A9E55A165}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{A7CE7F3B-2324-4300-9679-39C3CEE8137A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A87E9C92-EB14-4FB4-A1EB-B2BBF5FF288B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B24B3AFE-1AF0-43E1-AA60-48111E8E9E4F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B9C92643-A3B3-4212-AE13-FEDA461A58B4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C224BDCE-91A2-4D84-9959-C812AD9DAA1E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C6DF6C49-AB62-4D84-941E-A0197DA305A6}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{D9815728-AC68-42B7-8BBD-97AF2D252D3B}" = protocol=1 | dir=out | [email protected],-28544 |
"{DDB35C21-FE53-4261-9C4F-79FC0FA3BE4D}" = dir=in | app=c:\program files\cyberlink\powerdvd8\powerdvd8.exe |
"TCP Query User{0B078C5F-7908-427B-A11B-9FBFEE83676C}D:\games\cs\hl.exe" = protocol=6 | dir=in | app=d:\games\cs\hl.exe |
"TCP Query User{18083D1B-17CA-43B2-8672-6324F671353F}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{23089037-A2FF-40A7-8679-FD49532F7A0D}C:\program files\air mouse\air mouse\mobile mouse service.exe" = protocol=6 | dir=in | app=c:\program files\air mouse\air mouse\mobile mouse service.exe |
"TCP Query User{232F9DDB-CA2D-4EBB-836E-53A717C50E6C}C:\program files\onone software\perfect layers\perfectlayers.exe" = protocol=6 | dir=in | app=c:\program files\onone software\perfect layers\perfectlayers.exe |
"TCP Query User{271C8B3E-9298-47F1-9097-C732B11F5FCE}D:\program files\bitcomet\bitcomet.exe" = protocol=6 | dir=in | app=d:\program files\bitcomet\bitcomet.exe |
"TCP Query User{33E9D662-8A93-4BC3-86AB-A0A466C79C00}C:\games\cs1.6v44\hl.exe" = protocol=6 | dir=in | app=c:\games\cs1.6v44\hl.exe |
"TCP Query User{394A6A3E-6575-4A72-9EAD-3537AC6697C2}C:\program files\air mouse\air mouse\air mouse.exe" = protocol=6 | dir=in | app=c:\program files\air mouse\air mouse\air mouse.exe |
"TCP Query User{3A1A936A-1298-4411-ABE6-B18EEAC89B5D}D:\games\live for speed s2\lfs.exe" = protocol=6 | dir=in | app=d:\games\live for speed s2\lfs.exe |
"TCP Query User{4CFDF91F-31A0-4D17-AD00-D7E5A95F2B39}C:\program files\onone software\dslr camera remote\dslrcameraremoteserver.exe" = protocol=6 | dir=in | app=c:\program files\onone software\dslr camera remote\dslrcameraremoteserver.exe |
"TCP Query User{75B82ADD-0BF1-4A67-BF25-894FEC1C159F}C:\program files\air mouse\air mouse\mobile mouse service.exe" = protocol=6 | dir=in | app=c:\program files\air mouse\air mouse\mobile mouse service.exe |
"TCP Query User{9B553257-7ED5-4E83-811E-65EA1DD7E8F6}D:\games\cs\hlds.exe" = protocol=6 | dir=in | app=d:\games\cs\hlds.exe |
"TCP Query User{ACEA81F2-3869-4D2A-AF37-E124EFC9FABA}C:\program files\arcsoft\totalmedia theatre 5\totalmedia server\tm server.exe" = protocol=6 | dir=in | app=c:\program files\arcsoft\totalmedia theatre 5\totalmedia server\tm server.exe |
"TCP Query User{B195FC67-9A09-4327-98CB-9705BF3086F8}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{BA8CB2A8-8332-4EEB-86E2-CE2BC0F40C7F}C:\program files\air mouse\air mouse\air mouse.exe" = protocol=6 | dir=in | app=c:\program files\air mouse\air mouse\air mouse.exe |
"TCP Query User{BBB5B8BF-40F6-41BC-83F3-BF0B1A4CC7E4}D:\games\cs\cstrike.exe" = protocol=6 | dir=in | app=d:\games\cs\cstrike.exe |
"TCP Query User{CC3EECAD-2B8E-4F16-9F2D-31BE4C5B8FA2}C:\games\cs1.6v44\hlds.exe" = protocol=6 | dir=in | app=c:\games\cs1.6v44\hlds.exe |
"TCP Query User{CE56AF41-E1EB-491F-826E-D57935ED7252}D:\program files\bitcomet\bitcomet.exe" = protocol=6 | dir=in | app=d:\program files\bitcomet\bitcomet.exe |
"TCP Query User{D89344BA-530E-4C60-9E72-D4866604436F}C:\program files\arcsoft\totalmedia theatre 5\totalmedia server\tm server.exe" = protocol=6 | dir=in | app=c:\program files\arcsoft\totalmedia theatre 5\totalmedia server\tm server.exe |
"TCP Query User{F34E9947-D068-42FD-9FEE-356CB52BD253}D:\games\cs\cstrike.exe" = protocol=6 | dir=in | app=d:\games\cs\cstrike.exe |
"TCP Query User{FA4E84EE-EA1A-46FD-82C7-8D56B8A09945}D:\games\cs\hlds.exe" = protocol=6 | dir=in | app=d:\games\cs\hlds.exe |
"UDP Query User{119B77EE-2F43-4E41-A7C4-BAE9FF83A0C3}D:\games\cs\hlds.exe" = protocol=17 | dir=in | app=d:\games\cs\hlds.exe |
"UDP Query User{1425D6F8-7368-4A06-BA64-F52AB6038F5B}C:\program files\arcsoft\totalmedia theatre 5\totalmedia server\tm server.exe" = protocol=17 | dir=in | app=c:\program files\arcsoft\totalmedia theatre 5\totalmedia server\tm server.exe |
"UDP Query User{171E2856-DB71-4420-B038-4BDB84A18F13}C:\program files\air mouse\air mouse\mobile mouse service.exe" = protocol=17 | dir=in | app=c:\program files\air mouse\air mouse\mobile mouse service.exe |
"UDP Query User{2EC9948B-00F6-463D-91C4-E8840BCFF639}D:\program files\bitcomet\bitcomet.exe" = protocol=17 | dir=in | app=d:\program files\bitcomet\bitcomet.exe |
"UDP Query User{37DDF07F-AAF8-4D3A-90D9-3EEBB3E19D53}C:\games\cs1.6v44\hlds.exe" = protocol=17 | dir=in | app=c:\games\cs1.6v44\hlds.exe |
"UDP Query User{453DE5CF-C110-4A46-B706-EF78DD117A4F}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{5B900037-BAD3-4C19-8DD8-F2B1C2E6C8B3}C:\games\cs1.6v44\hl.exe" = protocol=17 | dir=in | app=c:\games\cs1.6v44\hl.exe |
"UDP Query User{685C28F8-BB43-4237-AE58-FF8B6E4BE1D2}D:\program files\bitcomet\bitcomet.exe" = protocol=17 | dir=in | app=d:\program files\bitcomet\bitcomet.exe |
"UDP Query User{7446016B-E496-402D-9D6D-6EB7C460CCF5}C:\program files\arcsoft\totalmedia theatre 5\totalmedia server\tm server.exe" = protocol=17 | dir=in | app=c:\program files\arcsoft\totalmedia theatre 5\totalmedia server\tm server.exe |
"UDP Query User{7E141E33-0FC4-46E5-AA55-3E7483C7DE74}C:\program files\onone software\dslr camera remote\dslrcameraremoteserver.exe" = protocol=17 | dir=in | app=c:\program files\onone software\dslr camera remote\dslrcameraremoteserver.exe |
"UDP Query User{925D83E9-10F5-41E9-88EE-AF20DE2452E9}C:\program files\air mouse\air mouse\air mouse.exe" = protocol=17 | dir=in | app=c:\program files\air mouse\air mouse\air mouse.exe |
"UDP Query User{9D240E9F-22AD-40D6-A7BC-CFEFBF581738}D:\games\live for speed s2\lfs.exe" = protocol=17 | dir=in | app=d:\games\live for speed s2\lfs.exe |
"UDP Query User{B0826C55-D9AA-466D-A765-F2B8B5DC86E0}C:\program files\onone software\perfect layers\perfectlayers.exe" = protocol=17 | dir=in | app=c:\program files\onone software\perfect layers\perfectlayers.exe |
"UDP Query User{C11C1B84-F05E-47B9-92FF-8F2431D170F0}D:\games\cs\cstrike.exe" = protocol=17 | dir=in | app=d:\games\cs\cstrike.exe |
"UDP Query User{C249DD75-A748-4DE8-8031-E216AC48D83D}D:\games\cs\cstrike.exe" = protocol=17 | dir=in | app=d:\games\cs\cstrike.exe |
"UDP Query User{C7F203C9-E48F-4797-A7B3-32A3F6EF8BB9}C:\program files\air mouse\air mouse\air mouse.exe" = protocol=17 | dir=in | app=c:\program files\air mouse\air mouse\air mouse.exe |
"UDP Query User{D2B712CB-29CC-488E-9C41-BB417E107B51}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{E7298FAE-60C2-4921-A87F-C4B9E9C065F7}D:\games\cs\hlds.exe" = protocol=17 | dir=in | app=d:\games\cs\hlds.exe |
"UDP Query User{EC544FD2-C199-4DA9-976B-A0FCDB870896}D:\games\cs\hl.exe" = protocol=17 | dir=in | app=d:\games\cs\hl.exe |
"UDP Query User{FD653A65-4D08-4F8E-ABB9-45D8DF559A8B}C:\program files\air mouse\air mouse\mobile mouse service.exe" = protocol=17 | dir=in | app=c:\program files\air mouse\air mouse\mobile mouse service.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp version 0.99.8
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{12DC97BF-4D60-4C97-9A10-762F8D710695}" = PhotoTune 3.0.7
"{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}" = ATK Media
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{46C5F1B3-4E49-46F4-8D45-19B04F4396ED}" = ESET NOD32 Antivirus
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{8C1D4735-84E4-41E2-A1DB-70EADE27633C}" = Adobe Photoshop Lightroom 3.3
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}" = Counter-Strike 1.6
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"BSPlayerf" = BS.Player FREE
"DAEMON Tools Lite" = DAEMON Tools Lite
"DiskCleaner" = Disk Cleaner (remove only)
"GoldWave v4.26" = GoldWave v4.26
"Image: Fix and Enhance_is1" = Image: Fix and Enhance
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.9.0 (Full)
"Live for Speed S2" = Live for Speed S2 0.5Q
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Monopoly by Parker Brothers" = Monopoly by Parker Brothers
"Mozilla Firefox 13.0.1 (x86 bg)" = Mozilla Firefox 13.0.1 (x86 bg)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PhotomatixPro41x32_is1" = Photomatix Pro version 4.1.2
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"USB2.0 1.3M WebCam" = USB2.0 1.3M WebCam
"uTorrent" = µTorrent
"WinAVI All in One Converter" = WinAVI All in One Converter
"WinRAR archiver" = WinRAR 4.00 Бета 7 (32-битова версия)

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 17.7.2012 г. 11:23:35 | Computer Name = sa6370 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1159509

Error - 17.7.2012 г. 11:23:36 | Computer Name = sa6370 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 17.7.2012 г. 11:23:36 | Computer Name = sa6370 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1160523

Error - 17.7.2012 г. 11:23:36 | Computer Name = sa6370 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1160523

Error - 17.7.2012 г. 11:23:37 | Computer Name = sa6370 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 17.7.2012 г. 11:23:37 | Computer Name = sa6370 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1161521

Error - 17.7.2012 г. 11:23:37 | Computer Name = sa6370 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1161521

Error - 17.7.2012 г. 11:23:38 | Computer Name = sa6370 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 17.7.2012 г. 11:23:38 | Computer Name = sa6370 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1162520

Error - 17.7.2012 г. 11:23:38 | Computer Name = sa6370 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1162520

Error - 17.7.2012 г. 11:23:39 | Computer Name = sa6370 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 17.7.2012 г. 11:23:39 | Computer Name = sa6370 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1163534

Error - 17.7.2012 г. 11:23:39 | Computer Name = sa6370 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1163534

[ System Events ]
Error - 17.7.2012 г. 15:30:25 | Computer Name = sa6370 | Source = Service Control Manager | ID = 7000
Description =

Error - 17.7.2012 г. 15:30:25 | Computer Name = sa6370 | Source = Service Control Manager | ID = 7026
Description =

Error - 17.7.2012 г. 15:31:41 | Computer Name = sa6370 | Source = WMPNetworkSvc | ID = 866312
Description =

Error - 17.7.2012 г. 15:31:41 | Computer Name = sa6370 | Source = WMPNetworkSvc | ID = 866312
Description =

Error - 17.7.2012 г. 15:48:21 | Computer Name = sa6370 | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description =

Error - 17.7.2012 г. 15:50:11 | Computer Name = sa6370 | Source = Service Control Manager | ID = 7000
Description =

Error - 17.7.2012 г. 15:50:11 | Computer Name = sa6370 | Source = Service Control Manager | ID = 7000
Description =

Error - 17.7.2012 г. 15:50:11 | Computer Name = sa6370 | Source = Service Control Manager | ID = 7026
Description =

Error - 17.7.2012 г. 15:51:20 | Computer Name = sa6370 | Source = WMPNetworkSvc | ID = 866312
Description =

Error - 17.7.2012 г. 15:51:21 | Computer Name = sa6370 | Source = WMPNetworkSvc | ID = 866312
Description =

< End of report >

#5
sa6370

Posted 17 July 2012 - 02:42 PM

Member

Topic Starter
Member
18 posts

Im starting aswMBR but there is no result, nothing happends, the computet doesnt open the program

#6
Essexboy

Posted 17 July 2012 - 02:51 PM

GeekU Moderator

Retired Staff
69,964 posts

OK lets check it out next

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
IE - HKU\S-1-5-21-3667473730-442675740-1800506625-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 78.90.223.31:8088
O4 - HKU\S-1-5-21-3667473730-442675740-1800506625-1000..\Run: [JDKAIWSysNyuNTd.exe] C:\ProgramData\JDKAIWSysNyuNTd.exe File not found
O4 - HKU\S-1-5-21-3667473730-442675740-1800506625-1000..\Run: [QW6lqgoEcI76Mv] C:\ProgramData\QW6lqgoEcI76Mv.exe File not found
[2012.07.17 14:16:51 | 000,000,000 | ---D | C] -- C:\Users\Hristo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Recovery

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download RogueKiller and save it on your desktop.
Quit all programs
Start RogueKiller.exe.
Wait until Prescan has finished ...
Click on Scan

Wait for the end of the scan.
The report has been created on the desktop.
Click on the Delete button.

The report has been created on the desktop.

Next click on the ShortcutsFix
The report has been created on the desktop.

Please post: All RKreport.txt text files located on your desktop.

#7
sa6370

Posted 17 July 2012 - 03:07 PM

Member

Topic Starter
Member
18 posts

OTL.exe (now im starting the other program)

OTL logfile created on: 18.7.2012 г. 00:00:51 - Run 2
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Hristo\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000402 | Country: Bulgaria | Language: BGR | Date Format: d.M.yyyy 'г.'

2,97 Gb Total Physical Memory | 2,03 Gb Available Physical Memory | 68,57% Memory free
6,14 Gb Paging File | 5,28 Gb Available in Paging File | 85,97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 58,59 Gb Total Space | 2,03 Gb Free Space | 3,47% Space Free | Partition Type: NTFS
Drive D: | 174,29 Gb Total Space | 37,29 Gb Free Space | 21,40% Space Free | Partition Type: NTFS

Computer Name: SA6370 | User Name: Hristo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.07.17 23:24:48 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Hristo\Desktop\OTL.exe
PRC - [2012.03.07 15:40:34 | 000,913,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2012.03.07 15:40:28 | 003,117,344 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2012.02.23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012.01.03 16:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.05.17 10:45:20 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\nlssrv32.exe
PRC - [2009.10.26 16:46:54 | 001,458,176 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
PRC - [2009.04.11 09:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.10.07 19:31:46 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files\CyberLink\Shared Files\brs.exe
PRC - [2008.03.20 20:23:22 | 000,083,240 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2008.01.21 05:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007.02.15 12:07:16 | 004,390,912 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006.12.10 19:31:14 | 000,024,576 | ---- | M] (Syntek America Inc.) -- C:\Windows\System32\StkCSrv.exe
PRC - [2006.11.02 10:27:32 | 000,061,440 | ---- | M] (ASUSTeK Computer INC.) -- C:\Program Files\ASUS\ATK Media\DMedia.exe
PRC - [2006.09.11 13:31:36 | 000,208,896 | ---- | M] (ALPS) -- C:\Program Files\Apoint2K\Apvfb.exe
PRC - [2006.09.08 10:10:22 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\hidfind.exe

========== Modules (No Company Name) ==========

MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2011.02.20 15:20:15 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2010.10.20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2012.07.12 17:54:12 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.06.18 13:45:59 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.03.07 15:40:34 | 000,913,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2012.02.29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.01.03 16:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.06.12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011.05.17 10:45:20 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\nlssrv32.exe -- (nlsX86cc)
SRV - [2008.01.21 05:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006.12.10 19:31:14 | 000,024,576 | ---- | M] (Syntek America Inc.) [Auto | Running] -- C:\Windows\System32\StkCSrv.exe -- (StkSSrv)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\mdmuwm.sys -- (MdmUWm)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\ASUS\ASUS Live Update\SYS64\lvupdtio.sys -- (lvupdtio)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\GdmFilt.sys -- (GdmFilt)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\ArcSec.sys -- (ArcSec)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Hristo\AppData\Local\Temp\ALSysIO.sys -- (ALSysIO)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\CyberLink\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054})
DRV - [2012.03.14 08:40:02 | 000,169,080 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
DRV - [2012.03.14 08:40:02 | 000,120,152 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2012.03.14 08:40:02 | 000,103,112 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV - [2012.02.23 22:55:03 | 000,012,800 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\anodlwf.sys -- (anodlwf)
DRV - [2011.07.27 21:15:18 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011.05.10 08:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2011.03.18 14:46:26 | 000,061,704 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2011.03.18 14:46:10 | 000,073,096 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2010.11.22 07:36:50 | 001,085,280 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Dnetr28u.sys -- (netr28u)
DRV - [2010.02.05 06:16:10 | 000,028,048 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BthAvrcp.sys -- (BthAvrcp)
DRV - [2009.10.26 17:09:06 | 001,095,936 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2009.09.05 16:25:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007.08.09 20:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007.01.19 18:19:12 | 001,324,544 | ---- | M] (Syntek) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\StkCMini.sys -- (StkCMini)
DRV - [2007.01.19 09:19:00 | 004,453,536 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007.01.16 04:35:18 | 001,032,104 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2006.12.14 10:11:58 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006.11.14 19:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006.11.14 14:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006.08.30 04:35:58 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2005.07.28 09:18:40 | 000,685,056 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (Hardlock)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2405}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2405}: "URL" = http://dts.search-re...q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.bg/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = bg
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 30 A9 86 42 C0 82 CC 01 [binary data]
IE - HKCU\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2405}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2405}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "http://www.google.bg/"
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:3.3.3.2
FF - prefs.js..keyword.URL: "http://search.condui...rchSource=2&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Hristo\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.18 13:46:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.13 10:44:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012.07.17 19:11:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.18 13:46:00 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.13 10:44:07 | 000,000,000 | ---D | M]

[2011.12.16 12:47:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hristo\AppData\Roaming\mozilla\Extensions
[2012.07.13 12:18:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hristo\AppData\Roaming\mozilla\Firefox\Profiles\6342o989.default\extensions
[2011.04.22 23:25:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Hristo\AppData\Roaming\mozilla\Firefox\Profiles\6342o989.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.12.15 22:06:04 | 000,002,497 | ---- | M] () -- C:\Users\Hristo\AppData\Roaming\Mozilla\Firefox\Profiles\6342o989.default\searchplugins\SearchResults.xml
[2012.06.14 11:12:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.06.18 13:46:00 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.03.08 13:46:03 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.06.18 13:45:55 | 000,001,083 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\911bg.xml
[2012.06.18 13:45:55 | 000,002,442 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\diribg.xml
[2012.06.18 13:45:55 | 000,001,515 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pe-bg.xml
[2012.06.18 13:45:55 | 000,001,857 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\portalbgdict.xml
[2011.12.15 22:06:04 | 000,002,497 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml
[2012.06.18 13:45:55 | 000,001,220 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-bg.xml

O1 HOSTS File: ([2012.07.17 23:54:59 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUSTeK Computer INC.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BDRegion] C:\Program Files\CyberLink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe" File not found
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Hristo\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{00B54056-5327-46A9-A6ED-3E259FB9C2E0}: DhcpNameServer = 10.250.238.3 10.250.238.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1E213194-BB30-4E0E-BB8C-DAEAD29EDC51}: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AA1233FB-4667-4026-9322-62B76DCE6D6A}: DhcpNameServer = 10.0.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Hristo\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Hristo\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.19 00:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{35763b20-a3fe-11e0-b451-001bfc13e40f}\Shell - "" = AutoRun
O33 - MountPoints2\{35763b20-a3fe-11e0-b451-001bfc13e40f}\Shell\AutoRun\command - "" = E:\autorun.exe
O33 - MountPoints2\{f84e14ef-c5aa-11e1-9728-001bfc13e40f}\Shell\AutoRun\command - "" = E:\Setup.exe
O33 - MountPoints2\{f84e14ef-c5aa-11e1-9728-001bfc13e40f}\Shell\WiMAX\command - "" = E:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012.07.17 23:54:54 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.07.17 23:24:33 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Hristo\Desktop\OTL.exe
[2012.07.17 22:07:30 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012.07.17 21:59:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\MpEngineStore
[2012.07.17 19:16:44 | 000,000,000 | ---D | C] -- C:\Users\Hristo\Desktop\New Folder
[2012.07.17 19:11:25 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2012.07.17 19:11:25 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.07.12 13:15:32 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.07.12 13:12:02 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.07.12 13:12:00 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.07.12 13:11:59 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.07.12 13:11:58 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.07.12 13:11:58 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.07.12 13:11:57 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.07.12 13:11:56 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.07.11 17:06:07 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012.07.04 10:53:53 | 000,000,000 | ---D | C] -- C:\Users\Hristo\AppData\Roaming\MODACOM
[2012.06.23 21:57:41 | 000,000,000 | ---D | C] -- C:\Users\Hristo\Desktop\drehi
[2012.06.22 15:41:48 | 000,000,000 | -H-D | C] -- C:\Users\Hristo\AppData\Local\Macromedia
[2012.06.19 11:10:34 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012.06.19 11:10:33 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012.06.19 11:09:47 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012.06.19 11:09:47 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012.06.19 11:09:47 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012.06.19 11:09:36 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012.06.19 11:09:36 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012.06.18 14:33:51 | 000,000,000 | -H-D | C] -- C:\Users\Hristo\AppData\Local\CRE
[2012.06.18 14:33:25 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2012.06.18 14:32:27 | 000,000,000 | ---D | C] -- C:\Users\Hristo\AppData\Roaming\uTorrent

========== Files - Modified Within 30 Days ==========

[2012.07.17 23:58:04 | 000,013,072 | ---- | M] () -- C:\Users\Hristo\AppData\Roaming\nvModes.001
[2012.07.17 23:57:34 | 008,405,015 | ---- | M] () -- C:\Windows\TempFile
[2012.07.17 23:57:29 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.17 23:57:25 | 000,005,280 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.17 23:57:25 | 000,005,280 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.17 23:57:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.17 23:57:13 | 3186,876,416 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.17 23:55:58 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.07.17 23:54:59 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012.07.17 23:54:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.17 23:51:02 | 000,001,086 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3667473730-442675740-1800506625-1000UA.job
[2012.07.17 23:51:01 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3667473730-442675740-1800506625-1000Core.job
[2012.07.17 23:31:05 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.17 23:24:48 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Hristo\Desktop\OTL.exe
[2012.07.17 22:49:12 | 000,013,072 | ---- | M] () -- C:\Users\Hristo\AppData\Roaming\nvModes.dat
[2012.07.17 21:25:14 | 368,868,488 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.07.17 19:23:45 | 000,160,298 | ---- | M] () -- C:\Users\Hristo\Desktop\629443041_nL7c3-XL copy.jpg
[2012.07.17 19:14:28 | 000,186,880 | -H-- | M] () -- C:\Users\Hristo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.17 18:53:53 | 000,009,203 | -HS- | M] () -- C:\Users\Hristo\Desktop\Folder.jpg
[2012.07.17 18:53:53 | 000,002,382 | -HS- | M] () -- C:\Users\Hristo\Desktop\AlbumArtSmall.jpg
[2012.07.17 18:14:29 | 000,008,591 | -HS- | M] () -- C:\Users\Hristo\Desktop\AlbumArt_{52DBFBAF-5FBF-4147-8261-5D414BA93077}_Large.jpg
[2012.07.17 18:14:29 | 000,002,412 | -HS- | M] () -- C:\Users\Hristo\Desktop\AlbumArt_{52DBFBAF-5FBF-4147-8261-5D414BA93077}_Small.jpg
[2012.07.17 14:24:17 | 000,001,356 | ---- | M] () -- C:\Users\Hristo\AppData\Local\d3d9caps.dat
[2012.07.13 12:09:53 | 001,710,680 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.07.12 17:54:11 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.07.12 17:54:11 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.07.04 15:26:44 | 000,596,168 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.04 15:26:44 | 000,104,242 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.01 13:04:53 | 000,008,370 | -HS- | M] () -- C:\Users\Hristo\Desktop\AlbumArt_{3AF1FFF9-359D-492B-868B-223EADA566ED}_Large.jpg
[2012.07.01 13:04:53 | 000,002,262 | -HS- | M] () -- C:\Users\Hristo\Desktop\AlbumArt_{3AF1FFF9-359D-492B-868B-223EADA566ED}_Small.jpg
[2012.07.01 13:04:28 | 000,012,522 | -HS- | M] () -- C:\Users\Hristo\Desktop\AlbumArt_{04CF88A7-A66E-4252-B50F-4B3A7248EC6E}_Large.jpg
[2012.07.01 13:04:28 | 000,002,903 | -HS- | M] () -- C:\Users\Hristo\Desktop\AlbumArt_{04CF88A7-A66E-4252-B50F-4B3A7248EC6E}_Small.jpg
[2012.07.01 13:01:40 | 000,008,015 | -HS- | M] () -- C:\Users\Hristo\Desktop\AlbumArt_{64D6AE71-708B-48E5-87FB-DEFC1F7D793E}_Large.jpg
[2012.07.01 13:01:21 | 000,002,342 | -HS- | M] () -- C:\Users\Hristo\Desktop\AlbumArt_{64D6AE71-708B-48E5-87FB-DEFC1F7D793E}_Small.jpg

========== Files Created - No Company Name ==========

[2012.07.17 23:06:52 | 000,164,570 | ---- | C] () -- C:\Users\Hristo\Desktop\m3 wide.jpg
[2012.07.17 23:06:52 | 000,071,247 | ---- | C] () -- C:\Users\Hristo\Desktop\introduction.jpg
[2012.07.17 21:54:50 | 3186,876,416 | -HS- | C] () -- C:\hiberfil.sys
[2012.07.17 21:25:14 | 368,868,488 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.07.17 18:03:34 | 000,008,591 | -HS- | C] () -- C:\Users\Hristo\Desktop\AlbumArt_{52DBFBAF-5FBF-4147-8261-5D414BA93077}_Large.jpg
[2012.07.17 18:03:34 | 000,002,412 | -HS- | C] () -- C:\Users\Hristo\Desktop\AlbumArt_{52DBFBAF-5FBF-4147-8261-5D414BA93077}_Small.jpg
[2012.07.17 17:28:24 | 000,001,974 | ---- | C] () -- C:\Users\Hristo\Desktop\Lightroom.lnk
[2012.07.01 13:04:53 | 000,008,370 | -HS- | C] () -- C:\Users\Hristo\Desktop\AlbumArt_{3AF1FFF9-359D-492B-868B-223EADA566ED}_Large.jpg
[2012.07.01 13:04:53 | 000,002,262 | -HS- | C] () -- C:\Users\Hristo\Desktop\AlbumArt_{3AF1FFF9-359D-492B-868B-223EADA566ED}_Small.jpg
[2012.07.01 13:04:28 | 000,012,522 | -HS- | C] () -- C:\Users\Hristo\Desktop\AlbumArt_{04CF88A7-A66E-4252-B50F-4B3A7248EC6E}_Large.jpg
[2012.07.01 13:04:28 | 000,002,903 | -HS- | C] () -- C:\Users\Hristo\Desktop\AlbumArt_{04CF88A7-A66E-4252-B50F-4B3A7248EC6E}_Small.jpg
[2012.07.01 13:02:16 | 000,008,015 | -HS- | C] () -- C:\Users\Hristo\Desktop\AlbumArt_{64D6AE71-708B-48E5-87FB-DEFC1F7D793E}_Large.jpg
[2012.07.01 13:02:16 | 000,002,342 | -HS- | C] () -- C:\Users\Hristo\Desktop\AlbumArt_{64D6AE71-708B-48E5-87FB-DEFC1F7D793E}_Small.jpg
[2012.06.24 01:01:48 | 000,001,086 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3667473730-442675740-1800506625-1000UA.job
[2012.06.24 01:01:48 | 000,001,064 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3667473730-442675740-1800506625-1000Core.job
[2012.02.23 22:55:12 | 000,014,051 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
[2012.02.23 22:55:03 | 000,012,800 | ---- | C] () -- C:\Windows\System32\drivers\anodlwf.sys
[2011.07.27 21:17:39 | 000,468,084 | ---- | C] () -- C:\Windows\cluninst.exe
[2011.07.27 21:16:46 | 000,000,021 | ---- | C] () -- C:\Windows\etkinst.ini
[2011.04.15 18:08:23 | 000,462,848 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2011.04.15 18:02:54 | 000,006,592 | ---- | C] () -- C:\Windows\gwpreset.ini
[2011.04.15 18:02:54 | 000,000,978 | ---- | C] () -- C:\Windows\goldwave.ini
[2011.02.20 21:44:38 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011.02.20 21:31:38 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011.02.20 21:31:37 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011.02.20 21:31:24 | 000,810,496 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011.02.20 21:31:23 | 000,183,808 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011.02.20 21:31:22 | 000,080,896 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011.02.20 21:05:46 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.02.20 20:40:59 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.02.20 20:20:32 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2011.02.20 16:13:12 | 000,186,880 | -H-- | C] () -- C:\Users\Hristo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.02.04 18:06:04 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.02.04 18:03:13 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.02.04 16:48:54 | 000,013,072 | ---- | C] () -- C:\Users\Hristo\AppData\Roaming\nvModes.001
[2011.02.04 16:48:51 | 000,013,072 | ---- | C] () -- C:\Users\Hristo\AppData\Roaming\nvModes.dat
[2011.02.04 14:58:15 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011.02.04 10:46:58 | 000,061,440 | ---- | C] () -- C:\Windows\StkUnist.exe
[2011.02.04 10:28:10 | 000,001,356 | ---- | C] () -- C:\Users\Hristo\AppData\Local\d3d9caps.dat

< End of report >

#8
sa6370

Posted 17 July 2012 - 03:17 PM

Member

Topic Starter
Member
18 posts

RKreport[1]

RogueKiller V7.6.4 [07/17/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User: Hristo [Admin rights]
Mode: Scan -- Date: 07/18/2012 00:13:46

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 10 ¤¤¤
[HJ] HKCU\[...]\Advanced : Start_ShowSearch (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowRun (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
ÿþ1

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD25 00BPVT-22ZES SCSI Disk Device +++++
--- User ---
[MBR] 949f1e1c5ba770e858f8e8df1ac48007
[BSP] 50cb1ab1b253568f76a17bc724a76839 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 60000 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 122882048 | Size: 178473 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1].txt >>
RKreport[1].txt

#9
sa6370

Posted 17 July 2012 - 03:18 PM

Member

Topic Starter
Member
18 posts

RKreport[2]

RogueKiller V7.6.4 [07/17/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User: Hristo [Admin rights]
Mode: Remove -- Date: 07/18/2012 00:16:17

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 10 ¤¤¤
[HJ] HKCU\[...]\Advanced : Start_ShowSearch (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowRun (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_TrackProgs (0) -> REPLACED (1)
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
ÿþ1

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD25 00BPVT-22ZES SCSI Disk Device +++++
--- User ---
[MBR] 949f1e1c5ba770e858f8e8df1ac48007
[BSP] 50cb1ab1b253568f76a17bc724a76839 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 60000 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 122882048 | Size: 178473 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

#10
sa6370

Posted 17 July 2012 - 03:25 PM

Member

Topic Starter
Member
18 posts

NOD32 still finds it in my operating memory (RAM)

#11
Essexboy

Posted 17 July 2012 - 03:41 PM

GeekU Moderator

Retired Staff
69,964 posts

Do you have the TDSSKiller log ?

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks
When finished, it shall produce a log for you.
Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

#12
sa6370

Posted 17 July 2012 - 03:41 PM

Member

Topic Starter
Member
18 posts

I didnt use "aswMBR". Maybe this is the problem? But the computer doesent open it.

#13
sa6370

Posted 17 July 2012 - 03:42 PM

Member

Topic Starter
Member
18 posts

I can make TDSSKiller log now.

#14
Essexboy

Posted 17 July 2012 - 03:45 PM

GeekU Moderator

Retired Staff
69,964 posts

OK could you run that before combofix please do not delete or cure anything

#15
sa6370

Posted 17 July 2012 - 03:47 PM

Member

Topic Starter
Member
18 posts

I skipper the threat, the report is:

00:46:14.0677 3228 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
00:46:15.0098 3228 ============================================================
00:46:15.0098 3228 Current date / time: 2012/07/18 00:46:15.0098
00:46:15.0098 3228 SystemInfo:
00:46:15.0098 3228
00:46:15.0098 3228 OS Version: 6.0.6002 ServicePack: 2.0
00:46:15.0098 3228 Product type: Workstation
00:46:15.0098 3228 ComputerName: SA6370
00:46:15.0099 3228 UserName: Hristo
00:46:15.0099 3228 Windows directory: C:\Windows
00:46:15.0099 3228 System windows directory: C:\Windows
00:46:15.0099 3228 Processor architecture: Intel x86
00:46:15.0099 3228 Number of processors: 2
00:46:15.0099 3228 Page size: 0x1000
00:46:15.0099 3228 Boot type: Normal boot
00:46:15.0099 3228 ============================================================
00:46:15.0409 3228 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
00:46:15.0411 3228 ============================================================
00:46:15.0411 3228 \Device\Harddisk0\DR0:
00:46:15.0412 3228 MBR partitions:
00:46:15.0412 3228 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x7530000
00:46:15.0412 3228 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x7530800, BlocksNum 0x15C94800
00:46:15.0412 3228 ============================================================
00:46:15.0447 3228 C: <-> \Device\Harddisk0\DR0\Partition0
00:46:15.0496 3228 D: <-> \Device\Harddisk0\DR0\Partition1
00:46:15.0497 3228 ============================================================
00:46:15.0497 3228 Initialize success
00:46:15.0497 3228 ============================================================
00:46:19.0850 5652 ============================================================
00:46:19.0850 5652 Scan started
00:46:19.0850 5652 Mode: Manual; SigCheck; TDLFS;
00:46:19.0850 5652 ============================================================
00:46:20.0570 5652 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
00:46:20.0743 5652 ACPI - ok
00:46:20.0875 5652 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
00:46:20.0889 5652 AdobeARMservice - ok
00:46:20.0974 5652 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
00:46:20.0991 5652 AdobeFlashPlayerUpdateSvc - ok
00:46:21.0089 5652 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
00:46:21.0116 5652 adp94xx - ok
00:46:21.0192 5652 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
00:46:21.0213 5652 adpahci - ok
00:46:21.0270 5652 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
00:46:21.0287 5652 adpu160m - ok
00:46:21.0345 5652 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
00:46:21.0362 5652 adpu320 - ok
00:46:21.0496 5652 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
00:46:21.0521 5652 AeLookupSvc - ok
00:46:21.0595 5652 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
00:46:21.0627 5652 AFD - ok
00:46:21.0679 5652 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
00:46:21.0694 5652 agp440 - ok
00:46:21.0741 5652 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
00:46:21.0756 5652 aic78xx - ok
00:46:21.0810 5652 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
00:46:21.0840 5652 ALG - ok
00:46:21.0858 5652 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
00:46:21.0872 5652 aliide - ok
00:46:22.0135 5652 ALSysIO - ok
00:46:22.0188 5652 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
00:46:22.0204 5652 amdagp - ok
00:46:22.0246 5652 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
00:46:22.0261 5652 amdide - ok
00:46:22.0298 5652 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
00:46:22.0330 5652 AmdK7 - ok
00:46:22.0340 5652 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
00:46:22.0373 5652 AmdK8 - ok
00:46:22.0397 5652 anodlwf (48e008cf2edcf8fc91a9d3507865a51d) C:\Windows\system32\DRIVERS\anodlwf.sys
00:46:22.0415 5652 anodlwf - ok
00:46:22.0466 5652 ApfiltrService (7c2f57bce81fa74933f0e1c84a97c9db) C:\Windows\system32\DRIVERS\Apfiltr.sys
00:46:22.0485 5652 ApfiltrService - ok
00:46:22.0495 5652 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
00:46:22.0512 5652 Appinfo - ok
00:46:22.0664 5652 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
00:46:22.0677 5652 Apple Mobile Device - ok
00:46:22.0744 5652 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
00:46:22.0759 5652 arc - ok
00:46:22.0890 5652 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
00:46:22.0910 5652 arcsas - ok
00:46:22.0915 5652 ArcSec - ok
00:46:22.0995 5652 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
00:46:23.0034 5652 AsyncMac - ok
00:46:23.0096 5652 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
00:46:23.0112 5652 atapi - ok
00:46:23.0239 5652 athr (2846f5ee802889d500fcf5cc48b28381) C:\Windows\system32\DRIVERS\athr.sys
00:46:23.0280 5652 athr - ok
00:46:23.0408 5652 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
00:46:23.0438 5652 AudioEndpointBuilder - ok
00:46:23.0445 5652 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
00:46:23.0475 5652 Audiosrv - ok
00:46:23.0526 5652 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
00:46:23.0557 5652 Beep - ok
00:46:23.0614 5652 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
00:46:23.0646 5652 BFE - ok
00:46:23.0774 5652 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
00:46:23.0816 5652 BITS - ok
00:46:23.0837 5652 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
00:46:23.0868 5652 blbdrive - ok
00:46:23.0943 5652 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
00:46:23.0965 5652 Bonjour Service - ok
00:46:24.0048 5652 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
00:46:24.0064 5652 bowser - ok
00:46:24.0081 5652 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
00:46:24.0105 5652 BrFiltLo - ok
00:46:24.0136 5652 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
00:46:24.0163 5652 BrFiltUp - ok
00:46:24.0212 5652 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
00:46:24.0249 5652 Browser - ok
00:46:24.0276 5652 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
00:46:24.0338 5652 Brserid - ok
00:46:24.0358 5652 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
00:46:24.0415 5652 BrSerWdm - ok
00:46:24.0437 5652 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
00:46:24.0493 5652 BrUsbMdm - ok
00:46:24.0499 5652 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
00:46:24.0553 5652 BrUsbSer - ok
00:46:24.0588 5652 BthAvrcp (3472331b9d460212965b51a8d38e8bec) C:\Windows\system32\DRIVERS\BthAvrcp.sys
00:46:24.0600 5652 BthAvrcp - ok
00:46:24.0641 5652 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
00:46:24.0656 5652 BthEnum - ok
00:46:24.0706 5652 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
00:46:24.0730 5652 BTHMODEM - ok
00:46:24.0791 5652 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
00:46:24.0822 5652 BthPan - ok
00:46:24.0906 5652 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
00:46:24.0938 5652 BTHPORT - ok
00:46:25.0010 5652 BthServ (a4c8377fa4a994e07075107dbe2e3dce) C:\Windows\System32\bthserv.dll
00:46:25.0026 5652 BthServ - ok
00:46:25.0061 5652 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
00:46:25.0076 5652 BTHUSB - ok
00:46:25.0089 5652 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
00:46:25.0122 5652 cdfs - ok
00:46:25.0160 5652 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
00:46:25.0189 5652 cdrom - ok
00:46:25.0219 5652 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
00:46:25.0244 5652 CertPropSvc - ok
00:46:25.0293 5652 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
00:46:25.0326 5652 circlass - ok
00:46:25.0383 5652 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
00:46:25.0403 5652 CLFS - ok
00:46:25.0541 5652 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:46:25.0555 5652 clr_optimization_v2.0.50727_32 - ok
00:46:25.0653 5652 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:46:25.0669 5652 clr_optimization_v4.0.30319_32 - ok
00:46:25.0710 5652 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
00:46:25.0741 5652 CmBatt - ok
00:46:25.0796 5652 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
00:46:25.0810 5652 cmdide - ok
00:46:25.0818 5652 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
00:46:25.0833 5652 Compbatt - ok
00:46:25.0838 5652 COMSysApp - ok
00:46:25.0851 5652 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
00:46:25.0866 5652 crcdisk - ok
00:46:25.0907 5652 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
00:46:25.0939 5652 Crusoe - ok
00:46:25.0996 5652 CryptSvc (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
00:46:26.0019 5652 CryptSvc - ok
00:46:26.0124 5652 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
00:46:26.0166 5652 DcomLaunch - ok
00:46:26.0237 5652 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
00:46:26.0276 5652 DfsC - ok
00:46:26.0440 5652 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
00:46:26.0589 5652 DFSR - ok
00:46:26.0725 5652 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
00:46:26.0753 5652 Dhcp - ok
00:46:26.0899 5652 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
00:46:26.0915 5652 disk - ok
00:46:26.0984 5652 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
00:46:27.0000 5652 Dnscache - ok
00:46:27.0049 5652 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
00:46:27.0076 5652 dot3svc - ok
00:46:27.0124 5652 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
00:46:27.0159 5652 DPS - ok
00:46:27.0189 5652 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
00:46:27.0212 5652 drmkaud - ok
00:46:27.0258 5652 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
00:46:27.0280 5652 dtsoftbus01 - ok
00:46:27.0354 5652 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
00:46:27.0384 5652 DXGKrnl - ok
00:46:27.0418 5652 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
00:46:27.0452 5652 E1G60 - ok
00:46:27.0502 5652 eamonm (8a45015e85a4dce0086b9973f0fd9a20) C:\Windows\system32\DRIVERS\eamonm.sys
00:46:27.0518 5652 eamonm - ok
00:46:27.0556 5652 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
00:46:27.0581 5652 EapHost - ok
00:46:27.0613 5652 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
00:46:27.0631 5652 Ecache - ok
00:46:27.0734 5652 ehdrv (5412ed24fffca64e2f0168399b86c952) C:\Windows\system32\DRIVERS\ehdrv.sys
00:46:27.0749 5652 ehdrv - ok
00:46:27.0832 5652 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
00:46:27.0852 5652 ehRecvr - ok
00:46:27.0888 5652 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
00:46:27.0904 5652 ehSched - ok
00:46:27.0915 5652 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
00:46:27.0930 5652 ehstart - ok
00:46:28.0246 5652 ekrn (ad4faade819e0da9933bea7c01d2c763) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
00:46:28.0283 5652 ekrn - ok
00:46:28.0410 5652 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
00:46:28.0433 5652 elxstor - ok
00:46:28.0498 5652 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
00:46:28.0529 5652 EMDMgmt - ok
00:46:28.0555 5652 epfwwfpr (0a587bb99a22f8dc3597471425d43314) C:\Windows\system32\DRIVERS\epfwwfpr.sys
00:46:28.0568 5652 epfwwfpr - ok
00:46:28.0589 5652 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
00:46:28.0620 5652 ErrDev - ok
00:46:28.0711 5652 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
00:46:28.0741 5652 EventSystem - ok
00:46:28.0789 5652 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
00:46:28.0809 5652 exfat - ok
00:46:28.0874 5652 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
00:46:28.0901 5652 fastfat - ok
00:46:28.0953 5652 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
00:46:29.0004 5652 fdc - ok
00:46:29.0020 5652 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
00:46:29.0060 5652 fdPHost - ok
00:46:29.0067 5652 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
00:46:29.0213 5652 FDResPub - ok
00:46:29.0225 5652 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
00:46:29.0243 5652 FileInfo - ok
00:46:29.0304 5652 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
00:46:29.0338 5652 Filetrace - ok
00:46:29.0348 5652 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
00:46:29.0383 5652 flpydisk - ok
00:46:29.0399 5652 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
00:46:29.0423 5652 FltMgr - ok
00:46:29.0511 5652 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
00:46:29.0546 5652 FontCache - ok
00:46:29.0630 5652 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
00:46:29.0643 5652 FontCache3.0.0.0 - ok
00:46:29.0682 5652 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
00:46:29.0703 5652 Fs_Rec - ok
00:46:29.0736 5652 FTDIBUS (aae37f0f2f613218dce17b42a18c38db) C:\Windows\system32\drivers\ftdibus.sys
00:46:29.0749 5652 FTDIBUS - ok
00:46:29.0793 5652 FTSER2K (48bfd1ba45c9c9e7ab339e25abfba1d2) C:\Windows\system32\drivers\ftser2k.sys
00:46:29.0805 5652 FTSER2K - ok
00:46:29.0833 5652 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
00:46:29.0852 5652 gagp30kx - ok
00:46:29.0857 5652 GdmFilt - ok
00:46:29.0929 5652 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
00:46:29.0943 5652 GEARAspiWDM - ok
00:46:30.0031 5652 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
00:46:30.0107 5652 gpsvc - ok
00:46:30.0268 5652 gupdate (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files\Google\Update\GoogleUpdate.exe
00:46:30.0281 5652 gupdate - ok
00:46:30.0292 5652 gupdatem (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files\Google\Update\GoogleUpdate.exe
00:46:30.0310 5652 gupdatem - ok
00:46:30.0465 5652 Hardlock (c1cc0c9742b881c42f1cc628e6f9ebd1) C:\Windows\system32\drivers\hardlock.sys
00:46:30.0492 5652 Hardlock - ok
00:46:30.0708 5652 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
00:46:30.0841 5652 HdAudAddService - ok
00:46:31.0054 5652 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
00:46:31.0132 5652 HDAudBus - ok
00:46:31.0173 5652 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
00:46:31.0247 5652 HidBth - ok
00:46:31.0314 5652 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
00:46:31.0374 5652 HidIr - ok
00:46:31.0415 5652 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
00:46:31.0434 5652 hidserv - ok
00:46:31.0449 5652 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
00:46:31.0473 5652 HidUsb - ok
00:46:31.0533 5652 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
00:46:31.0572 5652 hkmsvc - ok
00:46:31.0592 5652 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
00:46:31.0609 5652 HpCISSs - ok
00:46:31.0648 5652 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
00:46:31.0851 5652 HTTP - ok
00:46:31.0892 5652 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
00:46:31.0913 5652 i2omp - ok
00:46:31.0951 5652 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
00:46:31.0977 5652 i8042prt - ok
00:46:32.0054 5652 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
00:46:32.0086 5652 iaStorV - ok
00:46:32.0329 5652 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
00:46:32.0375 5652 idsvc - ok
00:46:32.0395 5652 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
00:46:32.0409 5652 iirsp - ok
00:46:32.0499 5652 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
00:46:32.0548 5652 IKEEXT - ok
00:46:32.0702 5652 IntcAzAudAddService (aef2fa29204056b81bc4cbf30260dee1) C:\Windows\system32\drivers\RTKVHDA.sys
00:46:32.0808 5652 IntcAzAudAddService - ok
00:46:33.0081 5652 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
00:46:33.0097 5652 intelide - ok
00:46:33.0155 5652 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
00:46:33.0220 5652 intelppm - ok
00:46:33.0285 5652 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
00:46:33.0323 5652 IPBusEnum - ok
00:46:33.0366 5652 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:46:33.0398 5652 IpFilterDriver - ok
00:46:33.0618 5652 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
00:46:33.0637 5652 iphlpsvc - ok
00:46:33.0676 5652 IpInIp - ok
00:46:33.0702 5652 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
00:46:33.0735 5652 IPMIDRV - ok
00:46:33.0757 5652 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
00:46:33.0790 5652 IPNAT - ok
00:46:33.0943 5652 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
00:46:33.0975 5652 iPod Service - ok
00:46:34.0009 5652 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
00:46:34.0040 5652 IRENUM - ok
00:46:34.0079 5652 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
00:46:34.0096 5652 isapnp - ok
00:46:34.0278 5652 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
00:46:34.0300 5652 iScsiPrt - ok
00:46:34.0336 5652 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
00:46:34.0350 5652 iteatapi - ok
00:46:34.0372 5652 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
00:46:34.0387 5652 iteraid - ok
00:46:34.0427 5652 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
00:46:34.0445 5652 kbdclass - ok
00:46:34.0546 5652 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
00:46:34.0569 5652 kbdhid - ok
00:46:34.0620 5652 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
00:46:34.0637 5652 KeyIso - ok
00:46:34.0720 5652 KSecDD (4a1445efa932a3baf5bdb02d7131ee20) C:\Windows\system32\Drivers\ksecdd.sys
00:46:34.0746 5652 KSecDD - ok
00:46:34.0840 5652 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
00:46:34.0901 5652 KtmRm - ok
00:46:34.0939 5652 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
00:46:34.0971 5652 LanmanServer - ok
00:46:35.0024 5652 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
00:46:35.0045 5652 LanmanWorkstation - ok
00:46:35.0099 5652 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
00:46:35.0133 5652 lltdio - ok
00:46:35.0189 5652 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
00:46:35.0235 5652 lltdsvc - ok
00:46:35.0243 5652 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
00:46:35.0318 5652 lmhosts - ok
00:46:35.0348 5652 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
00:46:35.0379 5652 LSI_FC - ok
00:46:35.0401 5652 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
00:46:35.0423 5652 LSI_SAS - ok
00:46:35.0449 5652 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
00:46:35.0466 5652 LSI_SCSI - ok
00:46:35.0505 5652 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
00:46:35.0583 5652 luafv - ok
00:46:35.0606 5652 lvupdtio - ok
00:46:35.0646 5652 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
00:46:35.0663 5652 Mcx2Svc - ok
00:46:35.0851 5652 MdmUWm - ok
00:46:35.0915 5652 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
00:46:35.0933 5652 megasas - ok
00:46:35.0988 5652 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
00:46:36.0156 5652 MegaSR - ok
00:46:36.0272 5652 Microsoft SharePoint Workspace Audit Service - ok
00:46:36.0332 5652 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
00:46:36.0365 5652 MMCSS - ok
00:46:36.0393 5652 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
00:46:36.0427 5652 Modem - ok
00:46:36.0452 5652 MODEMCSA (cbb59c41f19efea1a000793e08070a62) C:\Windows\system32\drivers\MODEMCSA.sys
00:46:36.0486 5652 MODEMCSA - ok
00:46:36.0500 5652 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
00:46:36.0537 5652 monitor - ok
00:46:36.0544 5652 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
00:46:36.0561 5652 mouclass - ok
00:46:36.0605 5652 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
00:46:36.0638 5652 mouhid - ok
00:46:36.0647 5652 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
00:46:36.0665 5652 MountMgr - ok
00:46:36.0742 5652 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
00:46:36.0761 5652 MozillaMaintenance - ok
00:46:36.0813 5652 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
00:46:36.0833 5652 mpio - ok
00:46:36.0860 5652 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
00:46:36.0884 5652 mpsdrv - ok
00:46:36.0948 5652 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
00:46:36.0991 5652 MpsSvc - ok
00:46:37.0012 5652 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
00:46:37.0026 5652 Mraid35x - ok
00:46:37.0078 5652 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
00:46:37.0105 5652 MRxDAV - ok
00:46:37.0152 5652 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:46:37.0172 5652 mrxsmb - ok
00:46:37.0239 5652 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:46:37.0265 5652 mrxsmb10 - ok
00:46:37.0297 5652 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:46:37.0316 5652 mrxsmb20 - ok
00:46:37.0432 5652 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
00:46:37.0450 5652 msahci - ok
00:46:37.0466 5652 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
00:46:37.0501 5652 msdsm - ok
00:46:37.0550 5652 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
00:46:37.0633 5652 MSDTC - ok
00:46:37.0705 5652 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
00:46:37.0736 5652 Msfs - ok
00:46:37.0754 5652 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
00:46:37.0770 5652 msisadrv - ok
00:46:37.0802 5652 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
00:46:37.0854 5652 MSiSCSI - ok
00:46:37.0866 5652 msiserver - ok
00:46:37.0886 5652 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
00:46:37.0941 5652 MSKSSRV - ok
00:46:37.0965 5652 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
00:46:37.0996 5652 MSPCLOCK - ok
00:46:38.0014 5652 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
00:46:38.0077 5652 MSPQM - ok
00:46:38.0121 5652 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
00:46:38.0141 5652 MsRPC - ok
00:46:38.0161 5652 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
00:46:38.0176 5652 mssmbios - ok
00:46:38.0210 5652 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
00:46:38.0247 5652 MSTEE - ok
00:46:38.0268 5652 MTsensor (97affa9d95ffe20eee6229bc6be166cf) C:\Windows\system32\DRIVERS\ATKACPI.sys
00:46:38.0280 5652 MTsensor - ok
00:46:38.0296 5652 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
00:46:38.0314 5652 Mup - ok
00:46:38.0388 5652 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
00:46:38.0503 5652 napagent - ok
00:46:38.0550 5652 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
00:46:38.0568 5652 NativeWifiP - ok
00:46:38.0633 5652 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
00:46:38.0662 5652 NDIS - ok
00:46:38.0754 5652 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
00:46:38.0780 5652 NdisTapi - ok
00:46:38.0799 5652 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
00:46:38.0833 5652 Ndisuio - ok
00:46:38.0851 5652 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
00:46:38.0880 5652 NdisWan - ok
00:46:38.0888 5652 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
00:46:38.0913 5652 NDProxy - ok
00:46:38.0965 5652 Netaapl (1352e1648213551923a0a822e441553c) C:\Windows\system32\DRIVERS\netaapl.sys
00:46:38.0977 5652 Netaapl - ok
00:46:39.0002 5652 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
00:46:39.0037 5652 NetBIOS - ok
00:46:39.0069 5652 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
00:46:39.0099 5652 netbt - ok
00:46:39.0151 5652 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
00:46:39.0167 5652 Netlogon - ok
00:46:39.0237 5652 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
00:46:39.0444 5652 Netman - ok
00:46:39.0640 5652 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
00:46:39.0694 5652 netprofm - ok
00:46:39.0850 5652 netr28u (850620062400c2a67a58fd90455cc0da) C:\Windows\system32\DRIVERS\Dnetr28u.sys
00:46:39.0919 5652 netr28u - ok
00:46:39.0983 5652 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:46:39.0998 5652 NetTcpPortSharing - ok
00:46:40.0021 5652 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
00:46:40.0035 5652 nfrd960 - ok
00:46:40.0075 5652 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
00:46:40.0116 5652 NlaSvc - ok
00:46:40.0171 5652 nlsX86cc (b1ef4686961986dffb7fe8f18e6fcb5b) C:\Windows\system32\nlssrv32.exe
00:46:40.0185 5652 nlsX86cc - ok
00:46:40.0280 5652 NMIndexingService - ok
00:46:40.0290 5652 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
00:46:40.0315 5652 Npfs - ok
00:46:40.0349 5652 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
00:46:40.0409 5652 nsi - ok
00:46:40.0431 5652 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
00:46:40.0490 5652 nsiproxy - ok
00:46:40.0721 5652 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
00:46:40.0782 5652 Ntfs - ok
00:46:40.0835 5652 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
00:46:40.0922 5652 ntrigdigi - ok
00:46:40.0932 5652 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
00:46:40.0972 5652 Null - ok
00:46:41.0208 5652 NVENETFD (c7859d19648d45ee888666c044ecab23) C:\Windows\system32\DRIVERS\nvmfdx32.sys
00:46:41.0266 5652 NVENETFD - ok
00:46:41.0677 5652 nvlddmkm (214e7895a6dd70685e44d0df4fdf2dea) C:\Windows\system32\DRIVERS\nvlddmkm.sys
00:46:41.0826 5652 nvlddmkm - ok
00:46:41.0954 5652 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
00:46:41.0970 5652 nvraid - ok
00:46:41.0978 5652 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
00:46:41.0994 5652 nvstor - ok
00:46:42.0019 5652 nvstor32 (dc5f166422beebf195e3e4bb8ab4ee22) C:\Windows\system32\DRIVERS\nvstor32.sys
00:46:42.0034 5652 nvstor32 - ok
00:46:42.0067 5652 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
00:46:42.0084 5652 nv_agp - ok
00:46:42.0089 5652 NwlnkFlt - ok
00:46:42.0098 5652 NwlnkFwd - ok
00:46:42.0155 5652 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
00:46:42.0179 5652 ohci1394 - ok
00:46:42.0230 5652 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:46:42.0245 5652 ose - ok
00:46:42.0650 5652 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
00:46:42.0876 5652 osppsvc - ok
00:46:43.0060 5652 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
00:46:43.0092 5652 p2pimsvc - ok
00:46:43.0103 5652 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
00:46:43.0137 5652 p2psvc - ok
00:46:43.0167 5652 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
00:46:43.0223 5652 Parport - ok
00:46:43.0255 5652 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
00:46:43.0270 5652 partmgr - ok
00:46:43.0293 5652 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
00:46:43.0348 5652 Parvdm - ok
00:46:43.0393 5652 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
00:46:43.0411 5652 PcaSvc - ok
00:46:43.0437 5652 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
00:46:43.0455 5652 pci - ok
00:46:43.0466 5652 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
00:46:43.0480 5652 pciide - ok
00:46:43.0519 5652 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
00:46:43.0536 5652 pcmcia - ok
00:46:43.0609 5652 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
00:46:43.0684 5652 PEAUTH - ok
00:46:43.0826 5652 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
00:46:43.0911 5652 pla - ok
00:46:44.0033 5652 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
00:46:44.0062 5652 PlugPlay - ok
00:46:44.0126 5652 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
00:46:44.0156 5652 PNRPAutoReg - ok
00:46:44.0168 5652 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
00:46:44.0198 5652 PNRPsvc - ok
00:46:44.0250 5652 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
00:46:44.0282 5652 PolicyAgent - ok
00:46:44.0317 5652 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
00:46:44.0348 5652 PptpMiniport - ok
00:46:44.0367 5652 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
00:46:44.0398 5652 Processor - ok
00:46:44.0424 5652 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
00:46:44.0452 5652 ProfSvc - ok
00:46:44.0506 5652 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
00:46:44.0521 5652 ProtectedStorage - ok
00:46:44.0586 5652 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
00:46:44.0610 5652 PSched - ok
00:46:44.0661 5652 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
00:46:44.0673 5652 PxHelp20 - ok
00:46:44.0778 5652 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
00:46:44.0825 5652 ql2300 - ok
00:46:44.0853 5652 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
00:46:44.0869 5652 ql40xx - ok
00:46:44.0918 5652 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
00:46:44.0939 5652 QWAVE - ok
00:46:44.0961 5652 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
00:46:44.0977 5652 QWAVEdrv - ok
00:46:44.0983 5652 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
00:46:45.0014 5652 RasAcd - ok
00:46:45.0037 5652 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
00:46:45.0071 5652 RasAuto - ok
00:46:45.0090 5652 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
00:46:45.0125 5652 Rasl2tp - ok
00:46:45.0164 5652 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
00:46:45.0194 5652 RasMan - ok
00:46:45.0208 5652 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
00:46:45.0232 5652 RasPppoe - ok
00:46:45.0241 5652 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
00:46:45.0257 5652 RasSstp - ok
00:46:45.0293 5652 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
00:46:45.0319 5652 rdbss - ok
00:46:45.0332 5652 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:46:45.0362 5652 RDPCDD - ok
00:46:45.0398 5652 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
00:46:45.0433 5652 rdpdr - ok
00:46:45.0439 5652 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
00:46:45.0470 5652 RDPENCDD - ok
00:46:45.0529 5652 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
00:46:45.0546 5652 RDPWD - ok
00:46:45.0589 5652 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
00:46:45.0622 5652 RemoteAccess - ok
00:46:45.0646 5652 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
00:46:45.0673 5652 RemoteRegistry - ok
00:46:45.0718 5652 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
00:46:45.0744 5652 RFCOMM - ok
00:46:45.0780 5652 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\Windows\system32\DRIVERS\rimmptsk.sys
00:46:45.0792 5652 rimmptsk - ok
00:46:45.0822 5652 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\Windows\system32\DRIVERS\rimsptsk.sys
00:46:45.0835 5652 rimsptsk - ok
00:46:45.0861 5652 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
00:46:45.0877 5652 RpcLocator - ok
00:46:46.0002 5652 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
00:46:46.0037 5652 RpcSs - ok
00:46:46.0106 5652 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
00:46:46.0142 5652 rspndr - ok
00:46:46.0217 5652 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
00:46:46.0232 5652 SamSs - ok
00:46:46.0290 5652 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
00:46:46.0305 5652 sbp2port - ok
00:46:46.0345 5652 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
00:46:46.0371 5652 SCardSvr - ok
00:46:46.0448 5652 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
00:46:46.0478 5652 Schedule - ok
00:46:46.0513 5652 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
00:46:46.0536 5652 SCPolicySvc - ok
00:46:46.0589 5652 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
00:46:46.0613 5652 sdbus - ok
00:46:46.0659 5652 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
00:46:46.0678 5652 SDRSVC - ok
00:46:46.0685 5652 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
00:46:46.0740 5652 secdrv - ok
00:46:46.0757 5652 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
00:46:46.0789 5652 seclogon - ok
00:46:46.0810 5652 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
00:46:46.0845 5652 SENS - ok
00:46:46.0880 5652 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys
00:46:46.0962 5652 Serenum - ok
00:46:46.0993 5652 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
00:46:47.0088 5652 Serial - ok
00:46:47.0148 5652 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
00:46:47.0199 5652 sermouse - ok
00:46:47.0252 5652 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
00:46:47.0287 5652 SessionEnv - ok
00:46:47.0339 5652 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
00:46:47.0373 5652 sffdisk - ok
00:46:47.0387 5652 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
00:46:47.0430 5652 sffp_mmc - ok
00:46:47.0482 5652 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
00:46:47.0508 5652 sffp_sd - ok
00:46:47.0543 5652 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
00:46:47.0624 5652 sfloppy - ok
00:46:47.0720 5652 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
00:46:47.0757 5652 SharedAccess - ok
00:46:47.0849 5652 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
00:46:47.0870 5652 ShellHWDetection - ok
00:46:47.0892 5652 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
00:46:47.0907 5652 sisagp - ok
00:46:47.0928 5652 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
00:46:47.0943 5652 SiSRaid2 - ok
00:46:47.0963 5652 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
00:46:47.0979 5652 SiSRaid4 - ok
00:46:48.0144 5652 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files\Skype\Updater\Updater.exe
00:46:48.0158 5652 SkypeUpdate - ok
00:46:48.0519 5652 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
00:46:48.0704 5652 slsvc - ok
00:46:48.0918 5652 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
00:46:48.0945 5652 SLUINotify - ok
00:46:48.0984 5652 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
00:46:49.0008 5652 Smb - ok
00:46:49.0131 5652 smserial (859e3adc59d1c89a66aa6492c14d379e) C:\Windows\system32\DRIVERS\smserial.sys
00:46:49.0167 5652 smserial - ok
00:46:49.0244 5652 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
00:46:49.0261 5652 SNMPTRAP - ok
00:46:49.0277 5652 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
00:46:49.0292 5652 spldr - ok
00:46:49.0327 5652 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
00:46:49.0346 5652 Spooler - ok
00:46:49.0439 5652 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
00:46:49.0458 5652 srv - ok
00:46:49.0500 5652 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
00:46:49.0516 5652 srv2 - ok
00:46:49.0561 5652 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
00:46:49.0577 5652 srvnet - ok
00:46:49.0606 5652 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
00:46:49.0641 5652 SSDPSRV - ok
00:46:49.0666 5652 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
00:46:49.0686 5652 SstpSvc - ok
00:46:49.0738 5652 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
00:46:49.0767 5652 stisvc - ok
00:46:49.0877 5652 StkCMini (b14cbd454ea369692cee1810d0d27aa7) C:\Windows\system32\Drivers\StkCMini.sys
00:46:49.0918 5652 StkCMini - ok
00:46:49.0942 5652 StkSSrv (7f0abdf07c58c57918de14085dd36342) C:\Windows\System32\StkCSrv.exe
00:46:49.0957 5652 StkSSrv - ok
00:46:49.0970 5652 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
00:46:49.0986 5652 swenum - ok
00:46:50.0026 5652 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
00:46:50.0058 5652 swprv - ok
00:46:50.0087 5652 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
00:46:50.0104 5652 Symc8xx - ok
00:46:50.0129 5652 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
00:46:50.0144 5652 Sym_hi - ok
00:46:50.0159 5652 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
00:46:50.0173 5652 Sym_u3 - ok
00:46:50.0247 5652 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
00:46:50.0285 5652 SysMain - ok
00:46:50.0305 5652 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
00:46:50.0328 5652 TabletInputService - ok
00:46:50.0368 5652 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
00:46:50.0401 5652 TapiSrv - ok
00:46:50.0448 5652 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
00:46:50.0485 5652 TBS - ok
00:46:50.0585 5652 Tcpip (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
00:46:50.0623 5652 Tcpip - ok
00:46:50.0639 5652 Tcpip6 (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
00:46:50.0678 5652 Tcpip6 - ok
00:46:50.0735 5652 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
00:46:50.0751 5652 tcpipreg - ok
00:46:50.0777 5652 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
00:46:50.0807 5652 TDPIPE - ok
00:46:50.0823 5652 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
00:46:50.0855 5652 TDTCP - ok
00:46:50.0888 5652 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
00:46:50.0913 5652 tdx - ok
00:46:50.0949 5652 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
00:46:50.0965 5652 TermDD - ok
00:46:51.0058 5652 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
00:46:51.0096 5652 TermService - ok
00:46:51.0194 5652 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
00:46:51.0214 5652 Themes - ok
00:46:51.0254 5652 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
00:46:51.0287 5652 THREADORDER - ok
00:46:51.0305 5652 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
00:46:51.0340 5652 TrkWks - ok
00:46:51.0404 5652 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
00:46:51.0428 5652 TrustedInstaller - ok
00:46:51.0453 5652 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:46:51.0486 5652 tssecsrv - ok
00:46:51.0493 5652 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
00:46:51.0509 5652 tunmp - ok
00:46:51.0551 5652 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
00:46:51.0566 5652 tunnel - ok
00:46:51.0599 5652 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
00:46:51.0615 5652 uagp35 - ok
00:46:51.0666 5652 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
00:46:51.0693 5652 udfs - ok
00:46:51.0732 5652 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
00:46:51.0766 5652 UI0Detect - ok
00:46:51.0790 5652 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
00:46:51.0805 5652 uliagpkx - ok
00:46:51.0844 5652 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
00:46:51.0863 5652 uliahci - ok
00:46:51.0888 5652 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
00:46:51.0904 5652 UlSata - ok
00:46:51.0929 5652 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
00:46:51.0944 5652 ulsata2 - ok
00:46:51.0962 5652 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
00:46:51.0994 5652 umbus - ok
00:46:52.0025 5652 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
00:46:52.0062 5652 upnphost - ok
00:46:52.0096 5652 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
00:46:52.0111 5652 USBAAPL - ok
00:46:52.0212 5652 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
00:46:52.0239 5652 usbccgp - ok
00:46:52.0278 5652 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
00:46:52.0335 5652 usbcir - ok
00:46:52.0381 5652 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
00:46:52.0405 5652 usbehci - ok
00:46:52.0455 5652 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
00:46:52.0492 5652 usbhub - ok
00:46:52.0529 5652 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
00:46:52.0553 5652 usbohci - ok
00:46:52.0574 5652 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
00:46:52.0630 5652 usbprint - ok
00:46:52.0667 5652 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:46:52.0691 5652 USBSTOR - ok
00:46:52.0717 5652 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
00:46:52.0741 5652 usbuhci - ok
00:46:52.0775 5652 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
00:46:52.0801 5652 UxSms - ok
00:46:52.0846 5652 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
00:46:52.0880 5652 vds - ok
00:46:52.0896 5652 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
00:46:52.0928 5652 vga - ok
00:46:52.0934 5652 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
00:46:52.0966 5652 VgaSave - ok
00:46:53.0000 5652 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
00:46:53.0016 5652 viaagp - ok
00:46:53.0032 5652 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
00:46:53.0063 5652 ViaC7 - ok
00:46:53.0081 5652 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
00:46:53.0096 5652 viaide - ok
00:46:53.0122 5652 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
00:46:53.0137 5652 volmgr - ok
00:46:53.0197 5652 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
00:46:53.0218 5652 volmgrx - ok
00:46:53.0245 5652 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
00:46:53.0265 5652 volsnap - ok
00:46:53.0290 5652 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
00:46:53.0307 5652 vsmraid - ok
00:46:53.0405 5652 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
00:46:53.0483 5652 VSS - ok
00:46:53.0569 5652 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
00:46:53.0602 5652 W32Time - ok
00:46:53.0671 5652 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
00:46:53.0728 5652 WacomPen - ok
00:46:53.0751 5652 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
00:46:53.0775 5652 Wanarp - ok
00:46:53.0780 5652 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
00:46:53.0804 5652 Wanarpv6 - ok
00:46:53.0846 5652 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
00:46:53.0873 5652 wcncsvc - ok
00:46:53.0934 5652 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
00:46:53.0960 5652 WcsPlugInService - ok
00:46:53.0979 5652 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
00:46:53.0994 5652 Wd - ok
00:46:54.0078 5652 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
00:46:54.0115 5652 Wdf01000 - ok
00:46:54.0161 5652 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
00:46:54.0207 5652 WdiServiceHost - ok
00:46:54.0229 5652 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
00:46:54.0280 5652 WdiSystemHost - ok
00:46:54.0340 5652 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
00:46:54.0372 5652 WebClient - ok
00:46:54.0409 5652 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
00:46:54.0428 5652 Wecsvc - ok
00:46:54.0445 5652 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
00:46:54.0472 5652 wercplsupport - ok
00:46:54.0577 5652 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
00:46:54.0617 5652 WerSvc - ok
00:46:54.0726 5652 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
00:46:54.0751 5652 WinDefend - ok
00:46:54.0764 5652 WinHttpAutoProxySvc - ok
00:46:54.0835 5652 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
00:46:54.0873 5652 Winmgmt - ok
00:46:54.0998 5652 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
00:46:55.0043 5652 WinRM - ok
00:46:55.0138 5652 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
00:46:55.0166 5652 Wlansvc - ok
00:46:55.0200 5652 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
00:46:55.0224 5652 WmiAcpi - ok
00:46:55.0258 5652 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
00:46:55.0287 5652 wmiApSrv - ok
00:46:55.0375 5652 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
00:46:55.0418 5652 WMPNetworkSvc - ok
00:46:55.0486 5652 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
00:46:55.0515 5652 WPCSvc - ok
00:46:55.0563 5652 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
00:46:55.0593 5652 WPDBusEnum - ok
00:46:55.0650 5652 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
00:46:55.0668 5652 WpdUsb - ok
00:46:56.0016 5652 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
00:46:56.0087 5652 WPFFontCache_v0400 - ok
00:46:56.0221 5652 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
00:46:56.0253 5652 ws2ifsl - ok
00:46:56.0279 5652 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
00:46:56.0299 5652 wscsvc - ok
00:46:56.0304 5652 WSearch - ok
00:46:56.0574 5652 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
00:46:56.0648 5652 wuauserv - ok
00:46:56.0814 5652 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
00:46:56.0852 5652 WUDFRd - ok
00:46:56.0894 5652 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
00:46:56.0930 5652 wudfsvc - ok
00:46:57.0053 5652 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} - ok
00:46:57.0075 5652 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
00:46:57.0116 5652 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
00:46:57.0116 5652 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
00:46:57.0389 5652 Boot (0x1200) (639e4a7da814909876ff1a4b78bdb2b2) \Device\Harddisk0\DR0\Partition0
00:46:57.0401 5652 \Device\Harddisk0\DR0\Partition0 - ok
00:46:57.0444 5652 Boot (0x1200) (95f4c396111d6657ab60e815a3b70228) \Device\Harddisk0\DR0\Partition1
00:46:57.0474 5652 \Device\Harddisk0\DR0\Partition1 - ok
00:46:57.0475 5652 ============================================================
00:46:57.0475 5652 Scan finished
00:46:57.0475 5652 ============================================================
00:46:57.0499 3496 Detected object count: 1
00:46:57.0499 3496 Actual detected object count: 1
00:47:04.0307 3496 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - skipped by user
00:47:04.0307 3496 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Skip