King-Nothing Skrevet 5. mai 2012 Del Skrevet 5. mai 2012 (endret) Jeg er ganske forsiktig med hvor jeg ferdes på det store internettet, men klarte på en eller annen måte å få virus/malware her om dagen. Det som skjedde var at alle ikonene på skrivebordet forsvant, sammen med alt innholdet på startmenyen og bakgrunnsbildet. Samtidig startet det opp et diagnoseprogram for harddisken som fortalte meg at harddisken holdt på å ta kvelden, og at jeg måtte kjøpe lisens til 500,- NOK for å fikse dette. Dette så ganske troverdig ut, og sammen med 50-ish feilmeldinger som kom opp, er det fort gjort å bite på. Dette viruset heter Data Recovery Software og programvaren som starter, er selvfølgelig bare bløff. Jeg søkte en del på nett, har fulgt et par guider for å bli kvitt dette og tror jeg nå har fått fjernet dette, men pcen er merkbart tregere enn før dette skjedde. Før jeg fikk fjernet dette, startet diagnosen opp hver gang man restartet, men nå virker pcen normal igjen. Jeg har renset med AntiMalware og Spyware Doctor og ingen av disse finner noe galt nå. Har også kjørt HijackThis og legger ved log`en her: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:44:22, on 05.05.2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\PC Tools\PC Tools Security\pctsGui.exe C:\Program Files (x86)\TechSmith\Snagit 10\TSCHelp.exe C:\Program Files (x86)\TechSmith\Snagit 10\SnagPriv.exe C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe C:\Program Files (x86)\TechSmith\Snagit 10\snagiteditor.exe C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe C:\Program Files (x86)\Opera\opera.exe C:\Users\Laptop\Downloads\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = my.daemon-search.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Browser Guard BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office12\GR469A~1.DLL O2 - BHO: Påloggingshjelp for Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: ClueIEAddin - {c14aa221-bae1-45f6-b0b3-90c23f2daa7d} - C:\Clue\adxloader.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll O4 - HKLM\..\Run: [iSTray] "C:\Program Files (x86)\PC Tools\PC Tools Security\pctsGui.exe" /hideGUI O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun O4 - Startup: Dropbox.lnk = C:\Users\Laptop\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.co...sreqlab_nvd.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~3\Office12\GRA32A~1.DLL O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe O23 - Service: CleanMyPC Watcher (CleanMyPCService) - MacPaw Inc. - C:\Program Files\CleanMyPC\CleanMyPCService.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: jottaVSS - Unknown owner - C:\Program Files\Jotta\jottaVSS.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe O23 - Service: Sesam Control Service (SesamService) - Swisscom - C:\Program Files (x86)\Telenor\mobilt bredband\Sesam\BIN\SecMIPService.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe O23 - Service: ThreatFire - PC Tools - C:\Program Files (x86)\PC Tools\PC Tools Security\TFEngine\TFService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 10399 bytes Endret 5. mai 2012 av King-Nothing Lenke til kommentar
Dr.Geek Skrevet 5. mai 2012 Del Skrevet 5. mai 2012 (endret) Hai, post log av fullscan av disse programmer: http://support.kaspe.../?qid=208283363 (post loggen ikke fjerne noe enda) etter det: https://www.diskusjon.no/index.php?showtopic=691246 ! Combofix (deaktiver alle antivirus Guards før du utfører Combofix og avslutt alle programmer) Post log. Dette skal fikse startmeny: http://www.bleepingc...ti-virus/unhide http://www.bleepingc...opic405109.html Endret 5. mai 2012 av TheGenius Lenke til kommentar
King-Nothing Skrevet 5. mai 2012 Forfatter Del Skrevet 5. mai 2012 (endret) Kjører TDSSKiller nå, men tror du har linket til feil tråd. Startmenyen er i orden nå og alle ikonene er tilbake, så alt virker normalt, men pcen er betraktlig tregere enn før denne driten kom. Log TDSSSKiller: 11:47:40.0925 1004 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18 11:47:41.0190 1004 ============================================================ 11:47:41.0190 1004 Current date / time: 2012/05/05 11:47:41.0190 11:47:41.0190 1004 SystemInfo: 11:47:41.0190 1004 11:47:41.0190 1004 OS Version: 6.1.7601 ServicePack: 1.0 11:47:41.0190 1004 Product type: Workstation 11:47:41.0190 1004 ComputerName: LAPTOP-PC 11:47:41.0191 1004 UserName: Laptop 11:47:41.0191 1004 Windows directory: C:\Windows 11:47:41.0191 1004 System windows directory: C:\Windows 11:47:41.0191 1004 Running under WOW64 11:47:41.0191 1004 Processor architecture: Intel x64 11:47:41.0191 1004 Number of processors: 2 11:47:41.0191 1004 Page size: 0x1000 11:47:41.0191 1004 Boot type: Normal boot 11:47:41.0191 1004 ============================================================ 11:47:42.0231 1004 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 11:47:42.0240 1004 ============================================================ 11:47:42.0240 1004 \Device\Harddisk0\DR0: 11:47:42.0240 1004 MBR partitions: 11:47:42.0240 1004 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 11:47:42.0240 1004 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x124C6000 11:47:42.0240 1004 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x124F8800, BlocksNum 0x27E88830 11:47:42.0240 1004 ============================================================ 11:47:42.0262 1004 C: &--#60;-&--#62; \Device\Harddisk0\DR0\Partition1 11:47:42.0309 1004 D: &--#60;-&--#62; \Device\Harddisk0\DR0\Partition2 11:47:42.0309 1004 ============================================================ 11:47:42.0309 1004 Initialize success 11:47:42.0309 1004 ============================================================ 11:47:45.0458 4444 ============================================================ 11:47:45.0458 4444 Scan started 11:47:45.0458 4444 Mode: Manual; 11:47:45.0458 4444 ============================================================ 11:47:47.0206 4444 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 11:47:47.0219 4444 1394ohci - ok 11:47:47.0248 4444 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 11:47:47.0251 4444 ACPI - ok 11:47:47.0279 4444 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 11:47:47.0283 4444 AcpiPmi - ok 11:47:47.0553 4444 Adobe LM Service (4ae327c9c375d985ff2a2aab92765218) C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe 11:47:47.0556 4444 Adobe LM Service - ok 11:47:47.0648 4444 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 11:47:47.0651 4444 AdobeARMservice - ok 11:47:47.0763 4444 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 11:47:47.0765 4444 AdobeFlashPlayerUpdateSvc - ok 11:47:47.0826 4444 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 11:47:47.0840 4444 adp94xx - ok 11:47:47.0878 4444 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 11:47:47.0893 4444 adpahci - ok 11:47:47.0910 4444 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 11:47:47.0915 4444 adpu320 - ok 11:47:47.0941 4444 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 11:47:47.0941 4444 AeLookupSvc - ok 11:47:48.0006 4444 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys 11:47:48.0012 4444 AFD - ok 11:47:48.0079 4444 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\Windows\system32\DRIVERS\agrsm64.sys 11:47:48.0091 4444 AgereSoftModem - ok 11:47:48.0128 4444 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 11:47:48.0131 4444 agp440 - ok 11:47:48.0148 4444 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 11:47:48.0152 4444 ALG - ok 11:47:48.0175 4444 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 11:47:48.0177 4444 aliide - ok 11:47:48.0187 4444 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 11:47:48.0190 4444 amdide - ok 11:47:48.0216 4444 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 11:47:48.0220 4444 AmdK8 - ok 11:47:48.0230 4444 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 11:47:48.0233 4444 AmdPPM - ok 11:47:48.0277 4444 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 11:47:48.0281 4444 amdsata - ok 11:47:48.0301 4444 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 11:47:48.0313 4444 amdsbs - ok 11:47:48.0324 4444 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 11:47:48.0325 4444 amdxata - ok 11:47:48.0355 4444 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 11:47:48.0359 4444 AppID - ok 11:47:48.0365 4444 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 11:47:48.0367 4444 AppIDSvc - ok 11:47:48.0395 4444 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll 11:47:48.0397 4444 Appinfo - ok 11:47:48.0488 4444 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 11:47:48.0491 4444 Apple Mobile Device - ok 11:47:48.0534 4444 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll 11:47:48.0539 4444 AppMgmt - ok 11:47:48.0575 4444 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 11:47:48.0579 4444 arc - ok 11:47:48.0594 4444 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 11:47:48.0597 4444 arcsas - ok 11:47:48.0615 4444 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 11:47:48.0618 4444 AsyncMac - ok 11:47:48.0643 4444 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 11:47:48.0644 4444 atapi - ok 11:47:48.0706 4444 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 11:47:48.0721 4444 AudioEndpointBuilder - ok 11:47:48.0730 4444 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 11:47:48.0734 4444 AudioSrv - ok 11:47:48.0772 4444 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll 11:47:48.0776 4444 AxInstSV - ok 11:47:48.0813 4444 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 11:47:48.0828 4444 b06bdrv - ok 11:47:48.0864 4444 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 11:47:48.0880 4444 b57nd60a - ok 11:47:48.0904 4444 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 11:47:48.0908 4444 BDESVC - ok 11:47:48.0916 4444 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 11:47:48.0917 4444 Beep - ok 11:47:48.0986 4444 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll 11:47:49.0009 4444 BFE - ok 11:47:49.0053 4444 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll 11:47:49.0071 4444 BITS - ok 11:47:49.0106 4444 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 11:47:49.0108 4444 blbdrive - ok 11:47:49.0189 4444 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe 11:47:49.0203 4444 Bonjour Service - ok 11:47:49.0241 4444 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 11:47:49.0243 4444 bowser - ok 11:47:49.0254 4444 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 11:47:49.0257 4444 BrFiltLo - ok 11:47:49.0267 4444 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 11:47:49.0269 4444 BrFiltUp - ok 11:47:49.0295 4444 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys 11:47:49.0299 4444 BridgeMP - ok 11:47:49.0328 4444 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll 11:47:49.0329 4444 Browser - ok 11:47:49.0447 4444 Browser Defender Update Service (9d5fd177db76a7f5d6b8678870820d3c) C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe 11:47:49.0465 4444 Browser Defender Update Service - ok 11:47:49.0487 4444 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 11:47:49.0504 4444 Brserid - ok 11:47:49.0520 4444 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 11:47:49.0524 4444 BrSerWdm - ok 11:47:49.0533 4444 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 11:47:49.0535 4444 BrUsbMdm - ok 11:47:49.0540 4444 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 11:47:49.0542 4444 BrUsbSer - ok 11:47:49.0585 4444 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys 11:47:49.0589 4444 BthEnum - ok 11:47:49.0602 4444 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 11:47:49.0605 4444 BTHMODEM - ok 11:47:49.0630 4444 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys 11:47:49.0634 4444 BthPan - ok 11:47:49.0856 4444 BTHPORT (0d25b6d300ba26a5f2c3b2a8e96b158b) C:\Windows\System32\Drivers\BTHport.sys 11:47:49.0879 4444 BTHPORT - ok 11:47:49.0904 4444 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 11:47:49.0907 4444 bthserv - ok 11:47:49.0929 4444 BTHUSB (1f9912f8ec5bfa53432e71e150636a8a) C:\Windows\System32\Drivers\BTHUSB.sys 11:47:49.0932 4444 BTHUSB - ok 11:47:49.0959 4444 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 11:47:49.0961 4444 cdfs - ok 11:47:50.0000 4444 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys 11:47:50.0002 4444 cdrom - ok 11:47:50.0043 4444 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 11:47:50.0044 4444 CertPropSvc - ok 11:47:50.0058 4444 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 11:47:50.0061 4444 circlass - ok 11:47:50.0156 4444 CleanMyPCService (8b4cb7724070b1ac19afb4c572ddf112) C:\Program Files\CleanMyPC\CleanMyPCService.exe 11:47:50.0157 4444 CleanMyPCService - ok 11:47:50.0196 4444 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 11:47:50.0198 4444 CLFS - ok 11:47:50.0255 4444 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 11:47:50.0258 4444 clr_optimization_v2.0.50727_32 - ok 11:47:50.0295 4444 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 11:47:50.0298 4444 clr_optimization_v2.0.50727_64 - ok 11:47:50.0350 4444 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 11:47:50.0351 4444 CmBatt - ok 11:47:50.0382 4444 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 11:47:50.0384 4444 cmdide - ok 11:47:50.0426 4444 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys 11:47:50.0431 4444 CNG - ok 11:47:50.0449 4444 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 11:47:50.0450 4444 Compbatt - ok 11:47:50.0462 4444 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 11:47:50.0463 4444 CompositeBus - ok 11:47:50.0467 4444 COMSysApp - ok 11:47:50.0478 4444 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 11:47:50.0480 4444 crcdisk - ok 11:47:50.0716 4444 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll 11:47:50.0717 4444 CryptSvc - ok 11:47:50.0747 4444 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys 11:47:50.0752 4444 CSC - ok 11:47:50.0813 4444 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll 11:47:50.0828 4444 CscService - ok 11:47:50.0858 4444 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 11:47:50.0863 4444 DcomLaunch - ok 11:47:50.0903 4444 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 11:47:50.0908 4444 defragsvc - ok 11:47:50.0965 4444 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 11:47:50.0966 4444 DfsC - ok 11:47:51.0007 4444 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll 11:47:51.0009 4444 Dhcp - ok 11:47:51.0030 4444 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 11:47:51.0031 4444 discache - ok 11:47:51.0050 4444 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 11:47:51.0051 4444 Disk - ok 11:47:51.0081 4444 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll 11:47:51.0082 4444 Dnscache - ok 11:47:51.0119 4444 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll 11:47:51.0129 4444 dot3svc - ok 11:47:51.0160 4444 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll 11:47:51.0162 4444 DPS - ok 11:47:51.0185 4444 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 11:47:51.0187 4444 drmkaud - ok 11:47:51.0227 4444 dtsoftbus01 (fb9bef3401ee5ecc2603311b9c64f44a) C:\Windows\system32\DRIVERS\dtsoftbus01.sys 11:47:51.0229 4444 dtsoftbus01 - ok 11:47:51.0281 4444 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 11:47:51.0290 4444 DXGKrnl - ok 11:47:51.0340 4444 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 11:47:51.0342 4444 EapHost - ok 11:47:51.0556 4444 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 11:47:51.0626 4444 ebdrv - ok 11:47:51.0689 4444 EFS (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\System32\lsass.exe 11:47:51.0692 4444 EFS - ok 11:47:51.0746 4444 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe 11:47:51.0772 4444 ehRecvr - ok 11:47:51.0789 4444 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 11:47:51.0792 4444 ehSched - ok 11:47:51.0832 4444 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 11:47:51.0849 4444 elxstor - ok 11:47:51.0881 4444 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 11:47:51.0883 4444 ErrDev - ok 11:47:51.0943 4444 esgiguard - ok 11:47:51.0991 4444 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 11:47:51.0994 4444 EventSystem - ok 11:47:52.0031 4444 ewusbnet (6bb25543428878bafbc2f8446343b160) C:\Windows\system32\DRIVERS\ewusbnet.sys 11:47:52.0036 4444 ewusbnet - ok 11:47:52.0059 4444 ew_hwusbdev (e2cbb821c7cae0ef8b56de28ed85c740) C:\Windows\system32\DRIVERS\ew_hwusbdev.sys 11:47:52.0063 4444 ew_hwusbdev - ok 11:47:52.0081 4444 ew_usbenumfilter (55e0eda185869f7ea67ea97fd0655b39) C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys 11:47:52.0084 4444 ew_usbenumfilter - ok 11:47:52.0101 4444 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 11:47:52.0106 4444 exfat - ok 11:47:52.0123 4444 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 11:47:52.0127 4444 fastfat - ok 11:47:52.0179 4444 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe 11:47:52.0199 4444 Fax - ok 11:47:52.0212 4444 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 11:47:52.0215 4444 fdc - ok 11:47:52.0226 4444 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 11:47:52.0227 4444 fdPHost - ok 11:47:52.0238 4444 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 11:47:52.0240 4444 FDResPub - ok 11:47:52.0252 4444 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 11:47:52.0253 4444 FileInfo - ok 11:47:52.0269 4444 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 11:47:52.0272 4444 Filetrace - ok 11:47:52.0281 4444 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 11:47:52.0284 4444 flpydisk - ok 11:47:52.0303 4444 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 11:47:52.0306 4444 FltMgr - ok 11:47:52.0369 4444 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll 11:47:52.0395 4444 FontCache - ok 11:47:52.0474 4444 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 11:47:52.0475 4444 FontCache3.0.0.0 - ok 11:47:52.0512 4444 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 11:47:52.0515 4444 FsDepends - ok 11:47:52.0527 4444 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys 11:47:52.0528 4444 Fs_Rec - ok 11:47:52.0575 4444 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 11:47:52.0578 4444 fvevol - ok 11:47:52.0593 4444 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 11:47:52.0596 4444 gagp30kx - ok 11:47:52.0624 4444 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 11:47:52.0625 4444 GEARAspiWDM - ok 11:47:52.0686 4444 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll 11:47:52.0705 4444 gpsvc - ok 11:47:52.0716 4444 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 11:47:52.0718 4444 hcw85cir - ok 11:47:52.0766 4444 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys 11:47:52.0770 4444 HdAudAddService - ok 11:47:52.0794 4444 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys 11:47:52.0796 4444 HDAudBus - ok 11:47:52.0802 4444 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 11:47:52.0804 4444 HidBatt - ok 11:47:52.0818 4444 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 11:47:52.0822 4444 HidBth - ok 11:47:52.0832 4444 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 11:47:52.0835 4444 HidIr - ok 11:47:52.0851 4444 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll 11:47:52.0853 4444 hidserv - ok 11:47:52.0876 4444 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys 11:47:52.0877 4444 HidUsb - ok 11:47:52.0914 4444 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll 11:47:52.0917 4444 hkmsvc - ok 11:47:52.0954 4444 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll 11:47:52.0966 4444 HomeGroupListener - ok 11:47:52.0998 4444 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll 11:47:53.0001 4444 HomeGroupProvider - ok 11:47:53.0031 4444 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 11:47:53.0034 4444 HpSAMD - ok 11:47:53.0088 4444 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 11:47:53.0095 4444 HTTP - ok 11:47:53.0143 4444 hwdatacard (6e05228393cd614b983568ec40c262c3) C:\Windows\system32\DRIVERS\ewusbmdm.sys 11:47:53.0152 4444 hwdatacard - ok 11:47:53.0181 4444 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 11:47:53.0182 4444 hwpolicy - ok 11:47:53.0214 4444 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys 11:47:53.0215 4444 i8042prt - ok 11:47:53.0255 4444 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 11:47:53.0271 4444 iaStorV - ok 11:47:53.0392 4444 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 11:47:53.0416 4444 idsvc - ok 11:47:53.0440 4444 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 11:47:53.0444 4444 iirsp - ok 11:47:53.0509 4444 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll 11:47:53.0535 4444 IKEEXT - ok 11:47:53.0558 4444 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 11:47:53.0561 4444 intelide - ok 11:47:53.0581 4444 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 11:47:53.0582 4444 intelppm - ok 11:47:53.0604 4444 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll 11:47:53.0607 4444 IPBusEnum - ok 11:47:53.0638 4444 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 11:47:53.0641 4444 IpFilterDriver - ok 11:47:53.0884 4444 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll 11:47:53.0888 4444 iphlpsvc - ok 11:47:53.0900 4444 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 11:47:53.0904 4444 IPMIDRV - ok 11:47:53.0923 4444 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 11:47:53.0927 4444 IPNAT - ok 11:47:54.0005 4444 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe 11:47:54.0034 4444 iPod Service - ok 11:47:54.0055 4444 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 11:47:54.0058 4444 IRENUM - ok 11:47:54.0069 4444 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 11:47:54.0071 4444 isapnp - ok 11:47:54.0094 4444 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 11:47:54.0104 4444 iScsiPrt - ok 11:47:54.0165 4444 jottaVSS (4181f43513d30bdd8a44a564c3c8e314) C:\Program Files\Jotta\jottaVSS.exe 11:47:54.0167 4444 jottaVSS - ok 11:47:54.0186 4444 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys 11:47:54.0187 4444 kbdclass - ok 11:47:54.0210 4444 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys 11:47:54.0213 4444 kbdhid - ok 11:47:54.0231 4444 KeyIso (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe 11:47:54.0232 4444 KeyIso - ok 11:47:54.0256 4444 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys 11:47:54.0257 4444 KSecDD - ok 11:47:54.0293 4444 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys 11:47:54.0295 4444 KSecPkg - ok 11:47:54.0317 4444 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 11:47:54.0318 4444 ksthunk - ok 11:47:54.0341 4444 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 11:47:54.0359 4444 KtmRm - ok 11:47:54.0394 4444 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll 11:47:54.0397 4444 LanmanServer - ok 11:47:54.0416 4444 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll 11:47:54.0419 4444 LanmanWorkstation - ok 11:47:54.0464 4444 libusb0 (285954c6c6ef43b78ab84034750fac6a) C:\Windows\system32\drivers\libusb0.sys 11:47:54.0466 4444 libusb0 - ok 11:47:54.0490 4444 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 11:47:54.0491 4444 lltdio - ok 11:47:54.0511 4444 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 11:47:54.0527 4444 lltdsvc - ok 11:47:54.0537 4444 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 11:47:54.0538 4444 lmhosts - ok 11:47:54.0577 4444 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 11:47:54.0581 4444 LSI_FC - ok 11:47:54.0593 4444 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 11:47:54.0596 4444 LSI_SAS - ok 11:47:54.0606 4444 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 11:47:54.0609 4444 LSI_SAS2 - ok 11:47:54.0625 4444 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 11:47:54.0629 4444 LSI_SCSI - ok 11:47:54.0646 4444 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 11:47:54.0648 4444 luafv - ok 11:47:54.0660 4444 MBAMProtector - ok 11:47:54.0759 4444 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 11:47:54.0787 4444 MBAMService - ok 11:47:54.0827 4444 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll 11:47:54.0831 4444 Mcx2Svc - ok 11:47:54.0842 4444 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 11:47:54.0844 4444 megasas - ok 11:47:55.0055 4444 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 11:47:55.0071 4444 MegaSR - ok 11:47:55.0144 4444 Microsoft Office Groove Audit Service (fafe367d032ed82e9332b4c741a20216) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe 11:47:55.0147 4444 Microsoft Office Groove Audit Service - ok 11:47:55.0175 4444 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 11:47:55.0177 4444 MMCSS - ok 11:47:55.0186 4444 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 11:47:55.0187 4444 Modem - ok 11:47:55.0213 4444 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 11:47:55.0214 4444 monitor - ok 11:47:55.0263 4444 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 11:47:55.0265 4444 mouclass - ok 11:47:55.0294 4444 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 11:47:55.0295 4444 mouhid - ok 11:47:55.0338 4444 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 11:47:55.0340 4444 mountmgr - ok 11:47:55.0361 4444 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 11:47:55.0365 4444 mpio - ok 11:47:55.0380 4444 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 11:47:55.0381 4444 mpsdrv - ok 11:47:55.0448 4444 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll 11:47:55.0476 4444 MpsSvc - ok 11:47:55.0491 4444 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 11:47:55.0495 4444 MRxDAV - ok 11:47:55.0524 4444 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 11:47:55.0526 4444 mrxsmb - ok 11:47:55.0551 4444 mrxsmb10 (2086d463bd371d8a37d153897430916d) C:\Windows\system32\DRIVERS\mrxsmb10.sys 11:47:55.0554 4444 mrxsmb10 - ok 11:47:55.0573 4444 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 11:47:55.0574 4444 mrxsmb20 - ok 11:47:55.0585 4444 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 11:47:55.0586 4444 msahci - ok 11:47:55.0601 4444 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 11:47:55.0606 4444 msdsm - ok 11:47:55.0634 4444 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 11:47:55.0638 4444 MSDTC - ok 11:47:55.0665 4444 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 11:47:55.0666 4444 Msfs - ok 11:47:55.0680 4444 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 11:47:55.0684 4444 mshidkmdf - ok 11:47:55.0694 4444 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 11:47:55.0695 4444 msisadrv - ok 11:47:55.0720 4444 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 11:47:55.0726 4444 MSiSCSI - ok 11:47:55.0731 4444 msiserver - ok 11:47:55.0755 4444 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 11:47:55.0758 4444 MSKSSRV - ok 11:47:55.0774 4444 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 11:47:55.0776 4444 MSPCLOCK - ok 11:47:55.0785 4444 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 11:47:55.0787 4444 MSPQM - ok 11:47:55.0829 4444 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 11:47:55.0833 4444 MsRPC - ok 11:47:55.0848 4444 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 11:47:55.0848 4444 mssmbios - ok 11:47:55.0864 4444 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 11:47:55.0867 4444 MSTEE - ok 11:47:55.0875 4444 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 11:47:55.0877 4444 MTConfig - ok 11:47:55.0892 4444 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 11:47:55.0894 4444 Mup - ok 11:47:55.0929 4444 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll 11:47:55.0946 4444 napagent - ok 11:47:55.0985 4444 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 11:47:55.0989 4444 NativeWifiP - ok 11:47:56.0037 4444 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 11:47:56.0043 4444 NDIS - ok 11:47:56.0080 4444 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 11:47:56.0083 4444 NdisCap - ok 11:47:56.0109 4444 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 11:47:56.0110 4444 NdisTapi - ok 11:47:56.0151 4444 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 11:47:56.0152 4444 Ndisuio - ok 11:47:56.0198 4444 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 11:47:56.0200 4444 NdisWan - ok 11:47:56.0210 4444 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 11:47:56.0211 4444 NDProxy - ok 11:47:56.0225 4444 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 11:47:56.0227 4444 NetBIOS - ok 11:47:56.0256 4444 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 11:47:56.0259 4444 NetBT - ok 11:47:56.0278 4444 Netlogon (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe 11:47:56.0279 4444 Netlogon - ok 11:47:56.0322 4444 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll 11:47:56.0326 4444 Netman - ok 11:47:56.0347 4444 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll 11:47:56.0352 4444 netprofm - ok 11:47:56.0436 4444 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 11:47:56.0440 4444 NetTcpPortSharing - ok 11:47:56.0738 4444 NETw5s64 (4d85a450edef10c38882182753a49aae) C:\Windows\system32\DRIVERS\NETw5s64.sys 11:47:56.0862 4444 NETw5s64 - ok 11:47:57.0253 4444 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys 11:47:57.0346 4444 netw5v64 - ok 11:47:57.0401 4444 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 11:47:57.0404 4444 nfrd960 - ok 11:47:57.0463 4444 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll 11:47:57.0466 4444 NlaSvc - ok 11:47:57.0481 4444 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 11:47:57.0483 4444 Npfs - ok 11:47:57.0511 4444 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 11:47:57.0512 4444 nsi - ok 11:47:57.0527 4444 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 11:47:57.0528 4444 nsiproxy - ok 11:47:57.0618 4444 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 11:47:57.0635 4444 Ntfs - ok 11:47:57.0695 4444 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 11:47:57.0695 4444 Null - ok 11:47:57.0732 4444 NVHDA (857fb74754ebff94ee3ad40788740916) C:\Windows\system32\drivers\nvhda64v.sys 11:47:57.0734 4444 NVHDA - ok 11:47:58.0239 4444 nvlddmkm (f12c5f17d48d9f5c70e4408b3ccb5443) C:\Windows\system32\DRIVERS\nvlddmkm.sys 11:47:58.0472 4444 nvlddmkm - ok 11:47:58.0544 4444 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 11:47:58.0548 4444 nvraid - ok 11:47:58.0581 4444 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 11:47:58.0585 4444 nvstor - ok 11:47:58.0649 4444 NVSvc (8a55543c379b0582f0c33db447d1c892) C:\Windows\system32\nvvsvc.exe 11:47:58.0676 4444 NVSvc - ok 11:47:58.0695 4444 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 11:47:58.0699 4444 nv_agp - ok 11:47:58.0775 4444 odserv (84de1dd996b48b05ace31ad015fa108a) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 11:47:58.0790 4444 odserv - ok 11:47:58.0814 4444 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 11:47:58.0817 4444 ohci1394 - ok 11:47:58.0851 4444 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 11:47:58.0855 4444 ose - ok 11:47:58.0888 4444 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 11:47:58.0905 4444 p2pimsvc - ok 11:47:58.0935 4444 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 11:47:58.0950 4444 p2psvc - ok 11:47:58.0975 4444 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 11:47:58.0979 4444 Parport - ok 11:47:59.0012 4444 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys 11:47:59.0014 4444 partmgr - ok 11:47:59.0028 4444 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll 11:47:59.0031 4444 PcaSvc - ok 11:47:59.0049 4444 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 11:47:59.0051 4444 pci - ok 11:47:59.0067 4444 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 11:47:59.0070 4444 pciide - ok 11:47:59.0087 4444 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 11:47:59.0092 4444 pcmcia - ok 11:47:59.0121 4444 PCTBD (99a3a277a99c437283324067970e1d37) C:\Windows\system32\Drivers\PCTBD64.sys 11:47:59.0124 4444 PCTBD - ok 11:47:59.0176 4444 PCTCore (dbb55b4da79a6f59b63e233907ba6bae) C:\Windows\system32\drivers\PCTCore64.sys 11:47:59.0179 4444 PCTCore - ok 11:47:59.0230 4444 pctDS (ba1f42a42f405f62ceff6b69a2797f7c) C:\Windows\system32\drivers\pctDS64.sys 11:47:59.0248 4444 pctDS - ok 11:47:59.0299 4444 pctEFA (146cc91c93ced13e7fe40e8d8615be39) C:\Windows\system32\drivers\pctEFA64.sys 11:47:59.0326 4444 pctEFA - ok 11:47:59.0386 4444 PCTFW-PacketFilter (f48e1ee1e1819e6d3641b676848d4130) C:\Windows\system32\drivers\pctNdis-PacketFilter64.sys 11:47:59.0390 4444 PCTFW-PacketFilter - ok 11:47:59.0451 4444 pctgntdi (5b4b9d0e748aa06a8887fe79351c91f3) C:\Windows\System32\drivers\pctgntdi64.sys 11:47:59.0454 4444 pctgntdi - ok 11:47:59.0488 4444 pctNdisLW64 (2cd661d05c2049fb1264e70b2226a845) C:\Windows\system32\DRIVERS\pctNdisLW64.sys 11:47:59.0490 4444 pctNdisLW64 - ok 11:47:59.0525 4444 pctplfw (60aaf5f37104d77e328b96eea4cf0a01) C:\Windows\System32\drivers\pctplfw64.sys 11:47:59.0530 4444 pctplfw - ok 11:47:59.0569 4444 pctplsg (db1f94051396af34fe521bfeececdb53) C:\Windows\System32\drivers\pctplsg64.sys 11:47:59.0571 4444 pctplsg - ok 11:47:59.0605 4444 PCTSD (afa19eff0197c474379ed904e25a995d) C:\Windows\system32\Drivers\PCTSD64.sys 11:47:59.0608 4444 PCTSD - ok 11:47:59.0630 4444 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 11:47:59.0631 4444 pcw - ok 11:47:59.0670 4444 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 11:47:59.0677 4444 PEAUTH - ok 11:47:59.0758 4444 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll 11:47:59.0799 4444 PeerDistSvc - ok 11:47:59.0869 4444 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 11:47:59.0872 4444 PerfHost - ok 11:48:00.0545 4444 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll 11:48:00.0587 4444 pla - ok 11:48:00.0631 4444 PlugPlay (b806e50427511bcf4ad8e8239c3e25fa) C:\Windows\system32\umpnpmgr.dll 11:48:00.0635 4444 PlugPlay - ok 11:48:00.0653 4444 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 11:48:00.0657 4444 PNRPAutoReg - ok 11:48:00.0685 4444 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 11:48:00.0688 4444 PNRPsvc - ok 11:48:00.0718 4444 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll 11:48:00.0722 4444 PolicyAgent - ok 11:48:00.0754 4444 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll 11:48:00.0757 4444 Power - ok 11:48:00.0836 4444 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 11:48:00.0838 4444 PptpMiniport - ok 11:48:00.0865 4444 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 11:48:00.0868 4444 Processor - ok 11:48:00.0895 4444 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll 11:48:00.0898 4444 ProfSvc - ok 11:48:00.0922 4444 ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe 11:48:00.0924 4444 ProtectedStorage - ok 11:48:00.0958 4444 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 11:48:00.0959 4444 Psched - ok 11:48:01.0034 4444 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 11:48:01.0068 4444 ql2300 - ok 11:48:01.0145 4444 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 11:48:01.0149 4444 ql40xx - ok 11:48:01.0178 4444 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll 11:48:01.0189 4444 QWAVE - ok 11:48:01.0208 4444 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 11:48:01.0211 4444 QWAVEdrv - ok 11:48:01.0227 4444 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 11:48:01.0229 4444 RasAcd - ok 11:48:01.0268 4444 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 11:48:01.0270 4444 RasAgileVpn - ok 11:48:01.0308 4444 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 11:48:01.0313 4444 RasAuto - ok 11:48:01.0348 4444 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 11:48:01.0350 4444 Rasl2tp - ok 11:48:01.0393 4444 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll 11:48:01.0397 4444 RasMan - ok 11:48:01.0421 4444 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 11:48:01.0423 4444 RasPppoe - ok 11:48:01.0441 4444 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 11:48:01.0443 4444 RasSstp - ok 11:48:01.0482 4444 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 11:48:01.0485 4444 rdbss - ok 11:48:01.0497 4444 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 11:48:01.0499 4444 rdpbus - ok 11:48:01.0508 4444 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 11:48:01.0509 4444 RDPCDD - ok 11:48:01.0551 4444 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys 11:48:01.0556 4444 RDPDR - ok 11:48:01.0579 4444 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 11:48:01.0580 4444 RDPENCDD - ok 11:48:01.0598 4444 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 11:48:01.0599 4444 RDPREFMP - ok 11:48:01.0633 4444 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys 11:48:01.0636 4444 RdpVideoMiniport - ok 11:48:01.0654 4444 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys 11:48:01.0661 4444 RDPWD - ok 11:48:01.0689 4444 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 11:48:01.0692 4444 rdyboost - ok 11:48:01.0713 4444 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll 11:48:01.0717 4444 RemoteAccess - ok 11:48:01.0735 4444 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 11:48:01.0740 4444 RemoteRegistry - ok 11:48:01.0763 4444 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys 11:48:01.0767 4444 RFCOMM - ok 11:48:01.0794 4444 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 11:48:01.0795 4444 RpcEptMapper - ok 11:48:01.0820 4444 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 11:48:01.0823 4444 RpcLocator - ok 11:48:01.0855 4444 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 11:48:01.0860 4444 RpcSs - ok 11:48:01.0887 4444 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 11:48:01.0888 4444 rspndr - ok 11:48:01.0920 4444 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys 11:48:01.0922 4444 s3cap - ok 11:48:01.0937 4444 SamSs (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe 11:48:01.0938 4444 SamSs - ok 11:48:01.0973 4444 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 11:48:01.0977 4444 sbp2port - ok 11:48:01.0998 4444 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 11:48:02.0001 4444 SCardSvr - ok 11:48:02.0036 4444 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 11:48:02.0039 4444 scfilter - ok 11:48:02.0103 4444 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll 11:48:02.0139 4444 Schedule - ok 11:48:02.0180 4444 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 11:48:02.0181 4444 SCPolicySvc - ok 11:48:02.0264 4444 sdAuxService (17d6a03103586d7954ba74c2219ce1bb) C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe 11:48:02.0266 4444 sdAuxService - ok 11:48:02.0321 4444 sdCoreService (697e0a2a300ee8719cafae55b4771053) C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe 11:48:02.0328 4444 sdCoreService - ok 11:48:02.0400 4444 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll 11:48:02.0406 4444 SDRSVC - ok 11:48:02.0461 4444 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 11:48:02.0462 4444 secdrv - ok 11:48:02.0499 4444 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll 11:48:02.0501 4444 seclogon - ok 11:48:02.0519 4444 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll 11:48:02.0521 4444 SENS - ok 11:48:02.0532 4444 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll 11:48:02.0537 4444 SensrSvc - ok 11:48:02.0548 4444 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 11:48:02.0551 4444 Serenum - ok 11:48:02.0564 4444 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 11:48:02.0567 4444 Serial - ok 11:48:02.0603 4444 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 11:48:02.0606 4444 sermouse - ok 11:48:02.0774 4444 SesamService (ac105dbbb2506a8c7285b628c2b0a3a1) C:\Program Files (x86)\Telenor\mobilt bredband\Sesam\BIN\SecMIPService.exe 11:48:02.0811 4444 SesamService - ok 11:48:02.0842 4444 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll 11:48:02.0846 4444 SessionEnv - ok 11:48:02.0891 4444 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 11:48:02.0893 4444 sffdisk - ok 11:48:02.0908 4444 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 11:48:02.0911 4444 sffp_mmc - ok 11:48:02.0926 4444 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 11:48:02.0928 4444 sffp_sd - ok 11:48:02.0946 4444 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 11:48:02.0949 4444 sfloppy - ok 11:48:02.0984 4444 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll 11:48:03.0001 4444 SharedAccess - ok 11:48:03.0026 4444 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll 11:48:03.0031 4444 ShellHWDetection - ok 11:48:03.0049 4444 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 11:48:03.0052 4444 SiSRaid2 - ok 11:48:03.0069 4444 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 11:48:03.0072 4444 SiSRaid4 - ok 11:48:03.0103 4444 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 11:48:03.0107 4444 Smb - ok 11:48:03.0142 4444 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 11:48:03.0145 4444 SNMPTRAP - ok 11:48:03.0430 4444 speedfan (12583af6cbe0050651eaf2723b3ad7b3) C:\Windows\syswow64\speedfan.sys 11:48:03.0433 4444 speedfan - ok 11:48:03.0443 4444 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 11:48:03.0444 4444 spldr - ok 11:48:03.0477 4444 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe 11:48:03.0497 4444 Spooler - ok 11:48:03.0652 4444 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe 11:48:03.0696 4444 sppsvc - ok 11:48:03.0777 4444 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll 11:48:03.0782 4444 sppuinotify - ok 11:48:03.0829 4444 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 11:48:03.0833 4444 srv - ok 11:48:03.0871 4444 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 11:48:03.0876 4444 srv2 - ok 11:48:03.0905 4444 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 11:48:03.0908 4444 srvnet - ok 11:48:03.0935 4444 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 11:48:03.0938 4444 SSDPSRV - ok 11:48:03.0952 4444 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 11:48:03.0955 4444 SstpSvc - ok 11:48:03.0983 4444 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 11:48:03.0986 4444 stexstor - ok 11:48:04.0040 4444 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll 11:48:04.0045 4444 stisvc - ok 11:48:04.0073 4444 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys 11:48:04.0074 4444 storflt - ok 11:48:04.0090 4444 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys 11:48:04.0094 4444 storvsc - ok 11:48:04.0110 4444 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 11:48:04.0111 4444 swenum - ok 11:48:04.0203 4444 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe 11:48:04.0218 4444 SwitchBoard - ok 11:48:04.0254 4444 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 11:48:04.0273 4444 swprv - ok 11:48:04.0289 4444 Synth3dVsc - ok 11:48:04.0383 4444 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll 11:48:04.0421 4444 SysMain - ok 11:48:04.0515 4444 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll 11:48:04.0519 4444 TabletInputService - ok 11:48:04.0563 4444 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll 11:48:04.0567 4444 TapiSrv - ok 11:48:04.0583 4444 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 11:48:04.0587 4444 TBS - ok 11:48:04.0692 4444 Tcpip (92ce29d95ac9dd2d0ee9061d551ba250) C:\Windows\system32\drivers\tcpip.sys 11:48:04.0703 4444 Tcpip - ok 11:48:04.0832 4444 TCPIP6 (92ce29d95ac9dd2d0ee9061d551ba250) C:\Windows\system32\DRIVERS\tcpip.sys 11:48:04.0844 4444 TCPIP6 - ok 11:48:04.0924 4444 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 11:48:04.0925 4444 tcpipreg - ok 11:48:04.0951 4444 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 11:48:04.0954 4444 TDPIPE - ok 11:48:04.0959 4444 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys 11:48:04.0962 4444 TDTCP - ok 11:48:04.0999 4444 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 11:48:05.0001 4444 tdx - ok 11:48:05.0165 4444 TeamViewer6 (7c2f4d20af8267605607b483d88c8302) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe 11:48:05.0219 4444 TeamViewer6 - ok 11:48:05.0415 4444 TeamViewer7 (33966a658ff37e0c65d46e59f37e2380) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe 11:48:05.0482 4444 TeamViewer7 - ok 11:48:05.0594 4444 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 11:48:05.0595 4444 TermDD - ok 11:48:05.0643 4444 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll 11:48:05.0660 4444 TermService - ok 11:48:05.0703 4444 TfFsMon (9cd5c339754e2310790ca27dbbd31f88) C:\Windows\system32\drivers\TfFsMon.sys 11:48:05.0704 4444 TfFsMon - ok 11:48:05.0723 4444 TfNetMon (00809507fafa1be93dbbace5029f27bb) C:\Windows\system32\drivers\TfNetMon.sys 11:48:05.0724 4444 TfNetMon - ok 11:48:05.0777 4444 TFSysMon (3593a7b1264fba24fe9e097a99b3e848) C:\Windows\system32\drivers\TfSysMon.sys 11:48:05.0781 4444 TFSysMon - ok 11:48:05.0809 4444 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll 11:48:05.0811 4444 Themes - ok 11:48:05.0833 4444 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 11:48:05.0835 4444 THREADORDER - ok 11:48:05.0904 4444 ThreatFire - ok 11:48:05.0930 4444 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 11:48:05.0933 4444 TrkWks - ok 11:48:05.0977 4444 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe 11:48:05.0980 4444 TrustedInstaller - ok 11:48:06.0014 4444 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 11:48:06.0017 4444 tssecsrv - ok 11:48:06.0045 4444 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 11:48:06.0049 4444 TsUsbFlt - ok 11:48:06.0053 4444 tsusbhub - ok 11:48:06.0092 4444 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 11:48:06.0095 4444 tunnel - ok 11:48:06.0115 4444 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 11:48:06.0118 4444 uagp35 - ok 11:48:06.0156 4444 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 11:48:06.0172 4444 udfs - ok 11:48:06.0196 4444 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 11:48:06.0200 4444 UI0Detect - ok 11:48:06.0232 4444 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 11:48:06.0235 4444 uliagpkx - ok 11:48:06.0270 4444 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys 11:48:06.0271 4444 umbus - ok 11:48:06.0288 4444 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 11:48:06.0291 4444 UmPass - ok 11:48:06.0322 4444 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll 11:48:06.0333 4444 UmRdpService - ok 11:48:06.0357 4444 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll 11:48:06.0374 4444 upnphost - ok 11:48:06.0611 4444 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys 11:48:06.0616 4444 USBAAPL64 - ok 11:48:06.0649 4444 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\DRIVERS\usbccgp.sys 11:48:06.0651 4444 usbccgp - ok 11:48:06.0703 4444 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 11:48:06.0707 4444 usbcir - ok 11:48:06.0733 4444 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys 11:48:06.0734 4444 usbehci - ok 11:48:06.0769 4444 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys 11:48:06.0773 4444 usbhub - ok 11:48:06.0797 4444 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys 11:48:06.0800 4444 usbohci - ok 11:48:06.0813 4444 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 11:48:06.0816 4444 usbprint - ok 11:48:06.0835 4444 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS 11:48:06.0839 4444 USBSTOR - ok 11:48:06.0857 4444 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys 11:48:06.0858 4444 usbuhci - ok 11:48:06.0889 4444 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys 11:48:06.0892 4444 usbvideo - ok 11:48:06.0916 4444 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 11:48:06.0918 4444 UxSms - ok 11:48:06.0937 4444 VaultSvc (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe 11:48:06.0938 4444 VaultSvc - ok 11:48:06.0961 4444 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 11:48:06.0962 4444 vdrvroot - ok 11:48:07.0000 4444 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe 11:48:07.0017 4444 vds - ok 11:48:07.0033 4444 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 11:48:07.0036 4444 vga - ok 11:48:07.0049 4444 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 11:48:07.0050 4444 VgaSave - ok 11:48:07.0062 4444 VGPU - ok 11:48:07.0087 4444 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 11:48:07.0093 4444 vhdmp - ok 11:48:07.0110 4444 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 11:48:07.0113 4444 viaide - ok 11:48:07.0135 4444 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys 11:48:07.0138 4444 vmbus - ok 11:48:07.0156 4444 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys 11:48:07.0160 4444 VMBusHID - ok 11:48:07.0180 4444 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 11:48:07.0182 4444 volmgr - ok 11:48:07.0224 4444 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 11:48:07.0228 4444 volmgrx - ok 11:48:07.0271 4444 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 11:48:07.0274 4444 volsnap - ok 11:48:07.0296 4444 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 11:48:07.0301 4444 vsmraid - ok 11:48:07.0385 4444 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe 11:48:07.0420 4444 VSS - ok 11:48:07.0494 4444 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys 11:48:07.0495 4444 vwifibus - ok 11:48:07.0511 4444 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 11:48:07.0512 4444 vwififlt - ok 11:48:07.0560 4444 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 11:48:07.0579 4444 W32Time - ok 11:48:07.0596 4444 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 11:48:07.0599 4444 WacomPen - ok 11:48:07.0640 4444 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 11:48:07.0641 4444 WANARP - ok 11:48:07.0645 4444 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 11:48:07.0646 4444 Wanarpv6 - ok 11:48:07.0722 4444 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe 11:48:07.0759 4444 WatAdminSvc - ok 11:48:07.0836 4444 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe 11:48:07.0872 4444 wbengine - ok 11:48:07.0949 4444 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 11:48:07.0956 4444 WbioSrvc - ok 11:48:07.0985 4444 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll 11:48:08.0004 4444 wcncsvc - ok 11:48:08.0027 4444 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 11:48:08.0032 4444 WcsPlugInService - ok 11:48:08.0054 4444 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 11:48:08.0057 4444 Wd - ok 11:48:08.0095 4444 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 11:48:08.0102 4444 Wdf01000 - ok 11:48:08.0154 4444 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 11:48:08.0157 4444 WdiServiceHost - ok 11:48:08.0167 4444 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 11:48:08.0169 4444 WdiSystemHost - ok 11:48:08.0215 4444 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll 11:48:08.0232 4444 WebClient - ok 11:48:08.0258 4444 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 11:48:08.0269 4444 Wecsvc - ok 11:48:08.0288 4444 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 11:48:08.0291 4444 wercplsupport - ok 11:48:08.0311 4444 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 11:48:08.0314 4444 WerSvc - ok 11:48:08.0334 4444 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 11:48:08.0335 4444 WfpLwf - ok 11:48:08.0349 4444 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 11:48:08.0352 4444 WIMMount - ok 11:48:08.0373 4444 WinDefend - ok 11:48:08.0388 4444 WinHttpAutoProxySvc - ok 11:48:08.0440 4444 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 11:48:08.0443 4444 Winmgmt - ok 11:48:08.0549 4444 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll 11:48:08.0606 4444 WinRM - ok 11:48:08.0736 4444 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys 11:48:08.0739 4444 WinUsb - ok 11:48:08.0795 4444 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 11:48:08.0829 4444 Wlansvc - ok 11:48:08.0972 4444 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 11:48:09.0034 4444 wlidsvc - ok 11:48:09.0077 4444 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 11:48:09.0079 4444 WmiAcpi - ok 11:48:09.0132 4444 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 11:48:09.0137 4444 wmiApSrv - ok 11:48:09.0157 4444 WMPNetworkSvc - ok 11:48:09.0185 4444 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 11:48:09.0189 4444 WPCSvc - ok 11:48:09.0215 4444 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll 11:48:09.0220 4444 WPDBusEnum - ok 11:48:09.0236 4444 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 11:48:09.0238 4444 ws2ifsl - ok 11:48:09.0255 4444 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll 11:48:09.0257 4444 wscsvc - ok 11:48:09.0261 4444 WSearch - ok 11:48:09.0302 4444 wtsmpadap (15e19ca129f1df640bebdebf71b34faf) C:\Windows\system32\DRIVERS\wtsmpadap.sys 11:48:09.0304 4444 wtsmpadap - ok 11:48:09.0362 4444 WtSmpFlt (abc42ff9e22a38ef12d69e18774ad5e2) C:\Windows\system32\DRIVERS\wtsmpflt.sys 11:48:09.0366 4444 WtSmpFlt - ok 11:48:09.0485 4444 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll 11:48:09.0541 4444 wuauserv - ok 11:48:09.0884 4444 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 11:48:09.0885 4444 WudfPf - ok 11:48:09.0918 4444 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 11:48:09.0924 4444 WUDFRd - ok 11:48:09.0960 4444 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll 11:48:09.0963 4444 wudfsvc - ok 11:48:09.0995 4444 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll 11:48:10.0007 4444 WwanSvc - ok 11:48:10.0062 4444 yukonw7 (64f88af327aa74e03658ae32b48ccb8b) C:\Windows\system32\DRIVERS\yk62x64.sys 11:48:10.0065 4444 yukonw7 - ok 11:48:10.0125 4444 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 11:48:10.0199 4444 \Device\Harddisk0\DR0 - ok 11:48:10.0207 4444 Boot (0x1200) (77cc36da26401847b5e571cebe105c83) \Device\Harddisk0\DR0\Partition0 11:48:10.0210 4444 \Device\Harddisk0\DR0\Partition0 - ok 11:48:10.0222 4444 Boot (0x1200) (476258172112364159a54c64c73f5a4f) \Device\Harddisk0\DR0\Partition1 11:48:10.0225 4444 \Device\Harddisk0\DR0\Partition1 - ok 11:48:10.0244 4444 Boot (0x1200) (34cc3622699f64ebcff9ef6585174c13) \Device\Harddisk0\DR0\Partition2 11:48:10.0247 4444 \Device\Harddisk0\DR0\Partition2 - ok 11:48:10.0247 4444 ============================================================ 11:48:10.0247 4444 Scan finished 11:48:10.0247 4444 ============================================================ 11:48:10.0261 3456 Detected object count: 0 11:48:10.0261 3456 Actual detected object count: 0 Endret 5. mai 2012 av King-Nothing Lenke til kommentar
Dr.Geek Skrevet 5. mai 2012 Del Skrevet 5. mai 2012 (endret) Neida, har ikke det. Linken er til combofix bruksanvisning. den tenkte jeg er det: http://www.diskusjon...howtopic=691246 TDSS Killer er ok. Fortsett med Combofix. Post loggen i Spoiler, takk Hai! bruk: "Spesiell BB Kode" velg "Spoiler". Endret 5. mai 2012 av TheGenius Lenke til kommentar
King-Nothing Skrevet 5. mai 2012 Forfatter Del Skrevet 5. mai 2012 Vel, du linket faktisk til en diskusjon om kabinett, sjekk linken selv. Her er log fra ComboFix: ComboFix 12-05-05.05 - Laptop 05.05.2012 12:27:53.5.2 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.47.1044.18.4091.2391 [GMT 2:00] Kjører fra: c:\users\Laptop\Downloads\ComboFix.exe AV: PC Tools Internet Security Anti-Virus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2} FW: PC Tools Internet Security Firewall *Disabled* {175D0B73-9F8F-2CA9-8BF1-62277A276DC9} SP: PC Tools Internet Security Anti-Spyware *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Forrige skanning ------- . c:\programdata\Local c:\programdata\xsivsBNQ9ebjPf . . ((((((((((((((((((((((((((( Filer Opprettet Fra 2012-04-05 til 2012-05-05 ))))))))))))))))))))))))))))))))) . . 2012-05-05 10:33 . 2012-05-05 10:33 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-05-05 09:09 . 2012-05-05 09:09 -------- d-----w- c:\users\Laptop\DoctorWeb 2012-05-05 08:11 . 2012-05-05 08:11 -------- d-----w- c:\users\Laptop\AppData\Roaming\CleanMyPC 2012-05-04 18:41 . 2012-03-20 09:11 706776 --s---w- c:\windows\system32\drivers\TfSysMon.sys 2012-05-04 18:41 . 2012-03-20 09:11 65664 --s---w- c:\windows\system32\drivers\TfFsMon.sys 2012-05-04 18:41 . 2012-03-20 09:11 41968 --s---w- c:\windows\system32\drivers\TfNetMon.sys 2012-05-03 17:14 . 2012-05-03 17:14 -------- d-----w- c:\windows\system32\appmgmt 2012-05-03 17:07 . 2012-05-03 17:07 -------- d-----w- c:\users\Laptop\AppData\Roaming\PC Tools 2012-05-03 17:07 . 2012-05-03 17:07 -------- d-----w- c:\users\Laptop\AppData\Roaming\Spam Monitor 2012-05-03 17:00 . 2012-05-03 17:00 181512 ----a-w- c:\windows\system32\drivers\pctplfw64.sys 2012-05-03 17:00 . 2012-05-03 17:00 77976 ----a-w- c:\windows\system32\drivers\pctNdisLW64.sys 2012-05-03 17:00 . 2012-05-03 17:00 122784 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter64.sys 2012-05-03 06:15 . 2012-05-03 17:13 -------- d-----w- C:\sh4ldr 2012-05-03 06:15 . 2012-05-03 06:15 -------- d-----w- c:\program files\Enigma Software Group 2012-05-03 06:14 . 2012-05-03 17:13 -------- d-----w- c:\windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP 2012-05-02 17:16 . 2012-05-02 17:16 -------- d-----w- c:\users\Laptop\AppData\Roaming\Malwarebytes 2012-05-02 17:16 . 2012-05-02 17:16 -------- d-----w- c:\programdata\Malwarebytes 2012-05-02 17:16 . 2012-05-02 17:16 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-05-02 17:12 . 2012-03-20 10:21 85192 ----a-w- c:\windows\system32\drivers\PCTBD64.sys 2012-05-02 17:12 . 2012-03-20 10:20 767928 ----a-w- c:\windows\BDTSupport.dll 2012-05-02 17:12 . 2012-03-20 10:21 149432 ----a-w- c:\windows\SGDetectionTool.dll 2012-05-02 17:12 . 2012-03-20 10:21 2271160 ----a-w- c:\windows\PCTBDCore.dll 2012-05-02 17:12 . 2012-03-20 10:21 1681336 ----a-w- c:\windows\PCTBDRes.dll 2012-05-02 17:11 . 2012-03-20 11:43 145432 ----a-w- c:\windows\system32\drivers\pctwfpfilter64.sys 2012-05-02 17:11 . 2012-03-20 11:43 339608 ----a-w- c:\windows\system32\drivers\pctgntdi64.sys 2012-05-02 17:10 . 2012-03-20 11:49 14776 ----a-w- c:\windows\system32\drivers\pctBTFix64.sys 2012-05-02 17:10 . 2012-03-20 11:50 92896 ----a-w- c:\windows\system32\drivers\pctplsg64.sys 2012-05-02 17:09 . 2012-05-02 17:09 -------- d-----w- c:\program files (x86)\PC Tools 2012-05-02 17:08 . 2012-02-28 09:43 1096176 ----a-w- c:\windows\system32\drivers\pctEFA64.sys 2012-05-02 17:08 . 2012-02-28 09:43 453896 ----a-w- c:\windows\system32\drivers\pctDS64.sys 2012-05-02 17:08 . 2012-03-16 10:15 426104 ----a-w- c:\windows\system32\drivers\PCTCore64.sys 2012-05-02 17:08 . 2012-03-20 11:50 251528 ----a-w- c:\windows\system32\drivers\PCTSD64.sys 2012-05-02 17:07 . 2012-05-03 17:00 -------- d-----w- c:\program files (x86)\Common Files\PC Tools 2012-05-02 17:07 . 2012-05-04 18:41 -------- d-----w- c:\programdata\PC Tools 2012-05-02 17:07 . 2012-05-02 17:07 -------- d-----w- c:\users\Laptop\AppData\Roaming\TestApp 2012-04-29 14:57 . 2004-03-29 14:23 90112 ----a-w- c:\windows\unvise32.exe 2012-04-29 14:55 . 2012-04-29 14:57 -------- d-----w- c:\program files (x86)\Josefine 2012-04-22 09:23 . 2012-04-22 09:23 -------- d-----w- c:\program files (x86)\MSECache 2012-04-19 05:17 . 2012-04-19 05:17 -------- d-----w- c:\program files\Windows Live 2012-04-15 17:17 . 2012-04-15 17:17 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-04-11 20:47 . 2012-04-11 20:48 -------- d-----w- c:\users\Laptop\AppData\Local\Facebook . . . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-04-15 17:17 . 2011-06-05 07:48 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-03-20 09:39 . 2012-05-02 17:12 3488 ----a-w- c:\windows\UDB.zip 2012-03-20 09:39 . 2012-05-02 17:12 131 ----a-w- c:\windows\IDB.zip 2012-03-08 16:50 . 2012-03-08 16:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll 2012-02-15 09:01 . 2012-02-15 09:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys 2012-02-15 09:01 . 2012-02-15 09:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-05-03_22.10.51 ))))))))))))))))))))))))))))))))))))))))) . - 2009-07-14 04:54 . 2012-05-03 19:23 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:54 . 2012-05-05 09:30 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:54 . 2012-05-05 09:30 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-05-03 19:23 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-05-03 19:23 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2012-05-05 09:30 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-03-13 18:30 . 2012-05-04 19:05 39364 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-05-05 09:32 38272 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2011-03-05 18:44 . 2012-05-05 09:34 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2011-03-05 18:44 . 2012-05-03 17:20 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2011-03-05 18:44 . 2012-05-03 17:20 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2011-03-05 18:44 . 2012-05-05 09:34 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-05-03 17:20 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2012-05-05 09:34 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:46 . 2012-05-03 23:12 88128 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat + 2011-03-05 20:17 . 2012-05-04 19:05 8572 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1051396789-1699662356-3098169049-1000_UserData.bin + 2012-05-04 19:02 . 2012-05-05 09:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-05-03 17:40 . 2012-05-03 17:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-05-04 19:02 . 2012-05-05 09:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-05-03 17:40 . 2012-05-03 17:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2009-07-14 09:16 . 2012-05-05 09:34 891280 c:\windows\system32\perfc014.dat + 2009-07-14 02:36 . 2012-05-05 09:34 897894 c:\windows\system32\perfc009.dat + 2011-12-26 13:53 . 2012-05-04 19:01 931728 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat - 2011-12-26 13:53 . 2012-05-03 17:38 931728 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat - 2009-07-14 05:01 . 2012-05-03 17:38 509772 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2012-05-04 19:01 509772 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 09:16 . 2012-05-05 09:34 2798460 c:\windows\system32\perfh014.dat + 2009-07-14 02:36 . 2012-05-05 09:34 1440526 c:\windows\system32\perfh009.dat + 2011-03-15 09:15 . 2012-05-04 19:01 15843776 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1051396789-1699662356-3098169049-1000-12288.dat - 2011-03-15 09:15 . 2012-05-03 17:38 15843776 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1051396789-1699662356-3098169049-1000-12288.dat . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Laptop\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Laptop\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Laptop\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Laptop\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408] . c:\users\Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Laptop\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216] Stardock ObjectDock.lnk - c:\program files (x86)\Stardock\ObjectDockFree\ObjectDock.exe [2010-10-6 3768176] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 253088] R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x] R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x] R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [x] R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] R3 netw5v64;Intel® trådløs WiFi-kobling 5000-kortdriver for 64-biters Windows Vista;c:\windows\system32\DRIVERS\netw5v64.sys [x] R3 pctplfw;pctplfw;c:\windows\System32\drivers\pctplfw64.sys [x] R3 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg64.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x] R3 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [2012-03-20 402336] R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 ThreatFire;ThreatFire;c:\program files (x86)\PC Tools\PC Tools Security\TFEngine\TFService.exe service [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [x] S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [x] S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [x] S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x] S0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys [x] S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi64.sys [x] S1 pctNdisLW64;PC Tools NDIS 6 LightWeight filter;c:\windows\system32\DRIVERS\pctNdisLW64.sys [x] S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2012-03-20 571320] S2 CleanMyPCService;CleanMyPC Watcher;c:\program files\CleanMyPC\CleanMyPCService.exe [2012-04-12 87344] S2 jottaVSS;jottaVSS;c:\program files\Jotta\jottaVSS.exe [2011-12-01 53760] S2 SesamService;Sesam Control Service;c:\program files (x86)\Telenor\mobilt bredband\Sesam\BIN\SecMIPService.exe [2009-02-17 1237800] S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-03-18 2271608] S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-14 2984832] S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x] S3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.2.0;c:\windows\system32\drivers\libusb0.sys [2010-10-02 43456] S3 NETw5s64;Intel® Wireless WiFi Link-kortdriver for Windows 7 64-bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x] S3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD64.sys [x] S3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter64.sys [x] S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x] S3 wtsmpadap;Sesam Virtual Adapter;c:\windows\system32\DRIVERS\wtsmpadap.sys [x] S3 WtSmpFlt;Sesam Adapter;c:\windows\system32\DRIVERS\wtsmpflt.sys [x] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x] . . --- Andre tjenester/drivere lastet i minnet --- . *NewlyCreated* - 07868855 *Deregistered* - 07868855 *Deregistered* - PCTSDInjDriver64 . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) . 2012-05-05 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 17:17] . 2012-05-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1051396789-1699662356-3098169049-1000Core.job - c:\users\Laptop\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-11 20:47] . 2012-05-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1051396789-1699662356-3098169049-1000UA.job - c:\users\Laptop\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-11 20:47] . 2012-05-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1051396789-1699662356-3098169049-1000Core.job - c:\users\Laptop\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-14 19:29] . 2012-05-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1051396789-1699662356-3098169049-1000UA.job - c:\users\Laptop\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-14 19:29] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\Laptop\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\Laptop\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\Laptop\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\Laptop\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . ------- Tilleggsskanning ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = my.daemon-search.com mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&ksporter til Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000 LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\txv6mpnk.default\ FF - prefs.js: browser.search.selectedEngine - hxxp://no.woofi.info/ FF - prefs.js: browser.startup.homepage - hxxp://no.woofi.info/ . - - - - TOMME PEKERE FJERNET - - - - . WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file) . . . --------------------- LÅSTE REGISTERNØKLER --------------------- . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.032" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.abr" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.amr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.amr" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.ani" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.arw" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.bay" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.bmp" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.bw" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bwf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.bwf" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.cr2" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.crw" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.cs1" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.cur" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.dcr" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.dcx" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.dib" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.djv" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.djvu" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.dng" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.emf" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice] @Denied: (2) (S-1-5-21-1051396789-1699662356-3098169049-1000) @Denied: (2) (LocalSystem) "Progid"="Applications\\Illustrator.exe" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.erf" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.fff" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.flc" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fli\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.fli" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.fpx" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.gif" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.hdr" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.icl" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.icn" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.iff" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.ilbm" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.int" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.inta" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.iw4" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.j2c" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.j2k" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.jbr" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.jfif" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.jif" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.jp2" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.jpc" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.jpe" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.jpeg" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.jpg" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.jpk" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.jpx" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kar\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.kar" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.kdc" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.lbm" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m15\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.m15" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1a\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.m1a" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2a\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.m2a" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m75\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.m75" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.mef" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.mos" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.mpv" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.mrw" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.nef" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.orf" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.pbm" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.pbr" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.pcd" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.pct" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.pcx" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.pef" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.pgm" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.pic" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pics\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.pics" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.pict" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.pix" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-1051396789-1699662356-3098169049-1000) "Progid"="ACDSee Pro 2.5.png" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.ppm" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.psd" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.psp" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.pspbrush" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.pspimage" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qcp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.qcp" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qtpf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.qtpf" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.raf" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.ras" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.raw" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.rgb" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.rgba" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.rle" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.rsb" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.rw2" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sdv\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.sdv" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sfil\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.sfil" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.sgi" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.smf" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smi\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.smi" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smil\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.smil" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.sml" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.sr2" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.srf" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.swa\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.swa" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.tga" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.thm" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.tif" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.tiff" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.ttc" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.ttf" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ulw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.ulw" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v25po\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.v25po" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v25pp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.v25pp" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v25ppf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.v25ppf" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vfw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.vfw" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.wbm" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.wbmp" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.wmf" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.xbm" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.xif" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.xmp" . [HKEY_USERS\S-1-5-21-1051396789-1699662356-3098169049-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 2.5.xpm" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Tidspunkt ferdig: 2012-05-05 12:36:45 ComboFix-quarantined-files.txt 2012-05-05 10:36 ComboFix2.txt 2012-05-03 22:35 . Pre-Run: 105 865 854 976 byte ledig Post-Run: 105 674 280 960 byte ledig . - - End Of File - - AA4BA0D43D49C8F2FD1924BD8207BC55 Lenke til kommentar
Dr.Geek Skrevet 5. mai 2012 Del Skrevet 5. mai 2012 (endret) Ok. Post meg en OTL.log. Vi vil renske PCen med den og sjekke for "malware leftovers". Dette skal gjøre PCen raskere igjen. http://www.geekstogo.com/1888/otl-by-oldtimer-a-modern-replacement-for-hijackthis/ (bare otl.txt!) Endret 5. mai 2012 av TheGenius Lenke til kommentar
King-Nothing Skrevet 5. mai 2012 Forfatter Del Skrevet 5. mai 2012 Otl.txt: OTL logfile created on: 05.05.2012 13:05:50 - Run 1 OTL by OldTimer - Version 3.2.42.1 Folder = C:\Users\Laptop\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000414 | Country: Norge | Language: NOR | Date Format: dd.MM.yyyy 3,99 Gb Total Physical Memory | 1,81 Gb Available Physical Memory | 45,20% Memory free 7,99 Gb Paging File | 5,78 Gb Available in Paging File | 72,40% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 146,39 Gb Total Space | 98,49 Gb Free Space | 67,28% Space Free | Partition Type: NTFS Drive D: | 319,27 Gb Total Space | 283,62 Gb Free Space | 88,84% Space Free | Partition Type: NTFS Drive E: | 699,59 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: LAPTOP-PC | User Name: Laptop | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.05.05 13:05:10 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Laptop\Desktop\OTL.exe PRC - [2012.03.31 17:37:33 | 000,949,104 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.exe PRC - [2012.03.20 12:20:52 | 000,571,320 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.12.14 13:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe PRC - [2011.03.18 17:50:58 | 002,271,608 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe PRC - [2011.01.29 00:17:28 | 001,523,712 | ---- | M] (Don HO [email protected]) -- C:\Program Files (x86)\Notepad++\notepad++.exe PRC - [2010.10.06 22:28:12 | 003,768,176 | ---- | M] (Stardock) -- C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe PRC - [2009.02.17 11:27:30 | 001,237,800 | ---- | M] (Swisscom) -- C:\Program Files (x86)\Telenor\mobilt bredband\Sesam\BIN\SecMIPService.exe ========== Modules (No Company Name) ========== MOD - [2012.04.15 19:17:19 | 008,797,344 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll MOD - [2012.04.10 22:04:39 | 001,673,728 | ---- | M] () -- C:\Program Files (x86)\Notepad++\plugins\NppFTP.dll MOD - [2012.03.31 17:38:09 | 000,276,480 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstwebmdec.dll MOD - [2012.03.31 17:38:09 | 000,078,336 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstwavparse.dll MOD - [2012.03.31 17:38:09 | 000,064,000 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstautodetect.dll MOD - [2012.03.31 17:38:09 | 000,046,592 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstwaveform.dll MOD - [2012.03.31 17:38:09 | 000,045,568 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gsttypefindfunctions.dll MOD - [2012.03.31 17:38:08 | 000,316,928 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstoggdec.dll MOD - [2012.03.31 17:38:07 | 000,168,448 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstffmpegcolorspace.dll MOD - [2012.03.31 17:38:07 | 000,076,800 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstdirectsound.dll MOD - [2012.03.31 17:38:06 | 000,783,360 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\gstreamer.dll MOD - [2012.03.31 17:38:06 | 000,099,840 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstcoreplugins.dll MOD - [2012.03.31 17:38:06 | 000,098,816 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioresample.dll MOD - [2012.03.31 17:38:06 | 000,098,816 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioconvert.dll MOD - [2012.03.31 17:38:06 | 000,068,608 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstdecodebin2.dll MOD - [2010.10.04 19:54:31 | 000,053,760 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDockFree\zlib.dll MOD - [2010.10.04 19:54:29 | 000,807,936 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDockFree\CrashRpt.dll MOD - [2010.10.04 19:54:29 | 000,675,840 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDockFree\DockShellHook.dll MOD - [2010.08.15 20:34:24 | 000,204,800 | ---- | M] () -- C:\Program Files (x86)\Notepad++\plugins\ComparePlugin.dll MOD - [2008.09.06 14:51:16 | 000,014,336 | ---- | M] () -- C:\Program Files (x86)\Notepad++\plugins\NppExport.dll MOD - [2007.08.05 03:10:52 | 000,250,368 | ---- | M] () -- C:\Program Files (x86)\Notepad++\plugins\Config\tidy\libTidy.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2012.04.12 17:28:06 | 000,087,344 | ---- | M] (MacPaw Inc.) [Auto | Running] -- C:\Program Files\CleanMyPC\CleanMyPCService.exe -- (CleanMyPCService) SRV:64bit: - [2011.12.01 12:19:46 | 000,053,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Jotta\jottaVSS.exe -- (jottaVSS) SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.04.15 19:17:20 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.03.20 13:49:22 | 001,118,648 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe -- (sdCoreService) SRV - [2012.03.20 12:20:52 | 000,571,320 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service) SRV - [2012.03.20 11:11:50 | 000,402,336 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe -- (sdAuxService) SRV - [2012.03.20 11:11:46 | 000,071,008 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Tools\PC Tools Security\TFEngine\TFService.exe -- (ThreatFire) SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.12.14 13:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2011.03.18 17:50:58 | 002,271,608 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6) SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.02.17 11:27:30 | 001,237,800 | ---- | M] (Swisscom) [Auto | Running] -- C:\Program Files (x86)\Telenor\mobilt bredband\Sesam\BIN\SecMIPService.exe -- (SesamService) ========== Driver Services (SafeList) ========== DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard) DRV:64bit: - [2012.05.03 19:00:29 | 000,181,512 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pctplfw64.sys -- (pctplfw) DRV:64bit: - [2012.05.03 19:00:28 | 000,077,976 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\pctNdisLW64.sys -- (pctNdisLW64) DRV:64bit: - [2012.05.03 19:00:26 | 000,122,784 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pctNdis-PacketFilter64.sys -- (PCTFW-PacketFilter) DRV:64bit: - [2012.03.20 13:50:48 | 000,092,896 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pctplsg64.sys -- (pctplsg) DRV:64bit: - [2012.03.20 13:50:18 | 000,251,528 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\PCTSD64.sys -- (PCTSD) DRV:64bit: - [2012.03.20 13:43:36 | 000,339,608 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\pctgntdi64.sys -- (pctgntdi) DRV:64bit: - [2012.03.20 12:21:14 | 000,085,192 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PCTBD64.sys -- (PCTBD) DRV:64bit: - [2012.03.20 11:11:48 | 000,706,776 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TfSysMon.sys -- (TFSysMon) DRV:64bit: - [2012.03.20 11:11:46 | 000,065,664 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TfFsMon.sys -- (TfFsMon) DRV:64bit: - [2012.03.20 11:11:46 | 000,041,968 | --S- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TfNetMon.sys -- (TfNetMon) DRV:64bit: - [2012.03.16 12:15:42 | 000,426,104 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PCTCore64.sys -- (PCTCore) DRV:64bit: - [2012.02.28 11:43:18 | 001,096,176 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pctEFA64.sys -- (pctEFA) DRV:64bit: - [2012.02.28 11:43:12 | 000,453,896 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pctDS64.sys -- (pctDS) DRV:64bit: - [2012.02.15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.03.15 12:46:36 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010.11.12 01:10:49 | 000,155,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2010.10.02 10:08:56 | 000,043,456 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\libusb0.sys -- (libusb0) DRV:64bit: - [2010.08.27 13:54:02 | 000,138,752 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet) DRV:64bit: - [2010.08.07 17:49:04 | 000,121,600 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard) DRV:64bit: - [2010.03.20 12:06:58 | 000,013,952 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter) DRV:64bit: - [2010.03.20 10:56:56 | 000,114,560 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev) DRV:64bit: - [2009.09.28 09:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009.09.15 19:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel® DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 23:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem) DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel® DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009.01.31 00:30:52 | 000,383,784 | ---- | M] (Swisscom) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wtsmpflt.sys -- (WtSmpFlt) DRV:64bit: - [2009.01.31 00:30:52 | 000,056,104 | ---- | M] (Swisscom) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wtsmpadap.sys -- (wtsmpadap) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009.07.07 19:53:02 | 000,028,160 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\libusb0.sys -- (libusb0) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = my.daemon-search.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = no IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 28 7A A4 6C D4 8C CB 01 [binary data] IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search/web?q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "http://no.woofi.info/" FF - prefs.js..browser.startup.homepage: "http://no.woofi.info/" FF - prefs.js..extensions.enabledItems: [email protected]:1.6.2 FF - prefs.js..extensions.enabledItems: {75CEEE46-9B64-46f8-94BF-54012DE155F0}:0.4.8 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.2.0.7165 FF - prefs.js..extensions.enabledItems: [email protected]:0.9.7 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Laptop\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Laptop\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Laptop\AppData\Local\Facebook\Messenger\2.0.4478.0\npFbDesktopPlugin.dll (Facebook, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\Firefox\ [2012.05.02 19:13:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.23 21:57:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.11 15:14:00 | 000,000,000 | ---D | M] [2011.03.14 23:33:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Laptop\AppData\Roaming\Mozilla\Extensions [2012.04.29 15:58:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\txv6mpnk.default\extensions [2012.03.23 21:59:16 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\txv6mpnk.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2011.03.15 12:46:10 | 000,002,059 | ---- | M] () -- C:\Users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\txv6mpnk.default\searchplugins\daemon-search.xml [2012.03.23 21:57:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions () (No name found) -- C:\USERS\LAPTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TXV6MPNK.DEFAULT\EXTENSIONS\{75CEEE46-9B64-46F8-94BF-54012DE155F0}.XPI () (No name found) -- C:\USERS\LAPTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TXV6MPNK.DEFAULT\EXTENSIONS\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}.XPI () (No name found) -- C:\USERS\LAPTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TXV6MPNK.DEFAULT\EXTENSIONS\[email protected] () (No name found) -- C:\USERS\LAPTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TXV6MPNK.DEFAULT\EXTENSIONS\[email protected] () (No name found) -- C:\USERS\LAPTOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TXV6MPNK.DEFAULT\EXTENSIONS\[email protected] [2012.03.23 21:57:25 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012.03.23 21:57:22 | 000,001,525 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml [2012.03.23 21:57:22 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.03.23 21:57:22 | 000,001,218 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bok-NO.xml [2012.03.23 21:57:22 | 000,000,968 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\qxl-NO.xml [2012.03.23 21:57:22 | 000,001,203 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\telefonkatalogen-NO.xml [2012.03.23 21:57:22 | 000,001,176 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-NO.xml [2012.03.23 21:57:22 | 000,001,192 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-NO.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Laptop\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Laptop\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Laptop\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Facebook Desktop (Enabled) = C:\Users\Laptop\AppData\Local\Facebook\Messenger\2.0.4478.0\npFbDesktopPlugin.dll CHR - plugin: Google Update (Enabled) = C:\Users\Laptop\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll O1 HOSTS File: ([2012.05.05 12:14:50 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll (TechSmith Corporation) O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation) O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (ClueIEAddin) - {c14aa221-bae1-45f6-b0b3-90c23f2daa7d} - C:\Clue\adxloader.dll (Add-in Express Ltd) O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation) O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found. O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - Startup: C:\Users\Laptop\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\Startup\Dropbox.lnk = C:\Users\Laptop\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Laptop\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\Startup\Stardock ObjectDock.lnk = C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe (Stardock) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000018 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{09082641-F8F3-4877-A085-99AAB573CF9A}: DhcpNameServer = 193.213.112.4 130.67.15.198 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C218959D-3D1A-45E5-B2DA-4B1A2A5A94C5}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.03.24 12:11:04 | 000,000,053 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.05.05 13:05:10 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Laptop\Desktop\OTL.exe [2012.05.05 12:36:47 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012.05.05 11:47:35 | 000,000,000 | ---D | C] -- C:\Users\Laptop\Desktop\tdsskiller [2012.05.05 11:32:57 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{80450B2C-3422-4C5B-9AA7-1262653B77F0} [2012.05.05 11:32:12 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{A35F2DDA-0494-4858-9ACB-7B7EAF25F03B} [2012.05.05 11:09:20 | 000,000,000 | ---D | C] -- C:\Users\Laptop\DoctorWeb [2012.05.05 10:55:45 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{2DEB05AB-3A09-4908-96BF-9300F79E4AFD} [2012.05.05 10:25:05 | 000,000,000 | ---D | C] -- C:\Windows\pss [2012.05.05 10:11:48 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Roaming\CleanMyPC [2012.05.04 21:06:24 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{A2729AEF-B1D5-4BDC-B21E-8F2274739C3B} [2012.05.04 21:05:41 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{26F97EC1-B30F-4428-B70B-AED52ADD3FBA} [2012.05.04 20:41:39 | 000,706,776 | --S- | C] (PC Tools) -- C:\Windows\SysNative\drivers\TfSysMon.sys [2012.05.04 20:41:39 | 000,065,664 | --S- | C] (PC Tools) -- C:\Windows\SysNative\drivers\TfFsMon.sys [2012.05.04 20:41:39 | 000,041,968 | --S- | C] (PC Tools) -- C:\Windows\SysNative\drivers\TfNetMon.sys [2012.05.04 01:07:22 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.05.03 19:14:01 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt [2012.05.03 19:07:21 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Roaming\PC Tools [2012.05.03 19:07:20 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Roaming\Spam Monitor [2012.05.03 19:00:29 | 000,181,512 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctplfw64.sys [2012.05.03 19:00:28 | 000,077,976 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctNdisLW64.sys [2012.05.03 19:00:26 | 000,122,784 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctNdis-PacketFilter64.sys [2012.05.03 09:43:12 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{E76F55BF-5304-44E5-B3C8-1463B3570868} [2012.05.03 09:42:31 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{31FD9E45-606D-4A73-92DE-F7E80A9C9E3D} [2012.05.03 08:15:51 | 000,000,000 | ---D | C] -- C:\sh4ldr [2012.05.03 08:15:51 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2012.05.02 19:16:47 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Roaming\Malwarebytes [2012.05.02 19:16:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.05.02 19:16:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.05.02 19:16:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.05.02 19:15:15 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.05.02 19:15:15 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.05.02 19:15:15 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.05.02 19:13:45 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2012.05.02 19:12:54 | 000,085,192 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTBD64.sys [2012.05.02 19:12:51 | 000,149,432 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll [2012.05.02 19:12:49 | 002,271,160 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll [2012.05.02 19:12:48 | 001,681,336 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll [2012.05.02 19:11:22 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.05.02 19:11:09 | 000,339,608 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctgntdi64.sys [2012.05.02 19:11:09 | 000,145,432 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctwfpfilter64.sys [2012.05.02 19:10:56 | 000,014,776 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctBTFix64.sys [2012.05.02 19:10:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security [2012.05.02 19:10:43 | 000,092,896 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctplsg64.sys [2012.05.02 19:09:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools [2012.05.02 19:08:15 | 001,096,176 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctEFA64.sys [2012.05.02 19:08:15 | 000,453,896 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctDS64.sys [2012.05.02 19:08:07 | 000,426,104 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTCore64.sys [2012.05.02 19:08:02 | 000,251,528 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys [2012.05.02 19:07:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools [2012.05.02 19:07:32 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2012.05.02 19:07:23 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools [2012.05.02 19:07:21 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Roaming\TestApp [2012.05.02 18:45:19 | 000,000,000 | ---D | C] -- C:\USERS\LAPTOP\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\Data Recovery [2012.05.02 17:05:35 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{A03C80F8-7578-49E6-BEB1-096595523F05} [2012.05.02 17:04:55 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{4D2A7420-C2DF-417F-A89D-CD3D2AC8030B} [2012.05.02 05:04:01 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{CBF387F5-45D7-45D6-959A-E7E99850FDCB} [2012.05.02 05:03:21 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{782DC2C1-6AC5-4C7D-B21C-1B83A1FB0AD0} [2012.05.01 17:02:27 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{163F6D07-167F-4842-B644-3BC644AE9220} [2012.05.01 17:01:47 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{D5E5227D-F6EB-4CA2-B309-B7235D2501C1} [2012.04.30 23:04:00 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{A5961688-843E-46EF-9817-F4F7DE3ECA97} [2012.04.30 23:03:20 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{C47856CF-8A0D-4241-8034-585AF923B485} [2012.04.30 11:02:24 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{9A64F6FC-CCA3-499D-87E5-45F18B6A6A0A} [2012.04.30 11:01:44 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{D4DD0248-1167-4389-B777-66921483345B} [2012.04.29 23:01:01 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{6A6C4D5C-78BA-426E-93B5-E3B0DA040F56} [2012.04.29 23:00:21 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{A15F43C1-B271-40A6-B432-10EDA87A5D2E} [2012.04.29 16:58:50 | 000,000,000 | ---D | C] -- C:\Users\Laptop\Documents\Josefine [2012.04.29 16:57:25 | 000,090,112 | ---- | C] (MindVision Software) -- C:\Windows\unvise32.exe [2012.04.29 16:55:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Josefine [2012.04.29 16:55:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Josefine [2012.04.29 10:59:39 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{33B1AD16-7A34-4B72-B7CA-F80DC97495B5} [2012.04.29 10:58:59 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{A1952A4B-9617-4EAF-A921-DF10E0EDD9F8} [2012.04.28 22:58:17 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{80AB3DC3-F369-4ED6-9218-D549DB3D304D} [2012.04.28 22:57:37 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{B72E74B0-5CE6-474F-AA13-BD135FFA8D17} [2012.04.28 10:56:54 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{E8CC4CD8-C320-43A1-800B-C147B70245CE} [2012.04.28 10:56:15 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{158E8810-A634-4640-9BB3-E9C8A6493FAA} [2012.04.27 16:05:16 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{963E5C9D-85AB-42FE-AC4A-3B0EA7C6F133} [2012.04.27 16:04:37 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{1E969B5D-D8F9-48C5-AD16-116601E08B97} [2012.04.27 16:03:57 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{0A6AB7E6-B23B-4DE2-8075-52CFA700E426} [2012.04.27 16:03:18 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{39D7125B-0D27-4CCE-BC01-726C299189AC} [2012.04.26 14:25:16 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{58DA51F7-8508-4FD8-B6CB-EEBBFF69973D} [2012.04.26 14:24:36 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{7F67F20A-7A9A-4C79-BF94-C167344880D6} [2012.04.26 02:23:52 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{B5B01041-8933-4408-BF91-A36BDF6F60AA} [2012.04.26 02:23:12 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{4F4B804E-7257-433A-AE00-78A757AEB561} [2012.04.25 14:22:31 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{047C35C6-478C-42DC-A6A1-7D319622F44A} [2012.04.25 14:21:52 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{000B4989-6C30-48B0-AD80-17394D489C1E} [2012.04.25 14:21:12 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{A7496789-8AFF-48C9-8153-8828A70856B4} [2012.04.25 14:20:33 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{A3B44EDF-72E2-4D88-B866-404CD4D938F0} [2012.04.24 14:27:33 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{1BFA9AD5-7726-4571-8E16-625BF9562D45} [2012.04.24 14:26:54 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{BDE94828-FE9B-4152-91FB-1E7A604573E5} [2012.04.24 14:26:15 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{519AC19F-3A54-42A3-B950-21442FB47801} [2012.04.24 14:25:36 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{71051F96-B08B-4319-9ACD-1752F6FB7EE3} [2012.04.24 02:24:55 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{1DCCDFBD-02CD-4A1C-A532-A245A3898B3B} [2012.04.24 02:24:16 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{6F7E2E3B-0D92-43BD-B058-BD0B3FB8EC3E} [2012.04.24 02:23:36 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{D96794CE-C1D9-41F9-ADD0-ED2CD34A1F7F} [2012.04.24 02:22:57 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{CEA10573-9DCE-48D7-8F89-D0A10FCFB5CA} [2012.04.23 14:22:15 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{83C3864A-6DC2-4F3D-B464-0684867EB0F6} [2012.04.23 14:21:34 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{803133FE-BF43-41B4-BEB8-5C83581B2502} [2012.04.22 11:23:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache [2012.04.22 10:25:12 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{D42ED5A1-7E4A-4246-841D-889FC1C22E85} [2012.04.21 21:57:41 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{27B4C794-EB3E-4CB9-89C2-E88E3A294CFE} [2012.04.21 21:57:02 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{53F95BCE-ECCB-42D4-B9D0-0F5CB8BBC536} [2012.04.21 21:56:23 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{CD2B9236-4826-48C9-A311-0D1139C7DE85} [2012.04.21 21:55:44 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{34D842E0-5090-4531-8796-51F7BD6E446C} [2012.04.21 09:54:48 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{306FEFCA-EF6B-411F-BBD1-F2DA1E893124} [2012.04.21 09:54:08 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{CE251F2D-99DC-427F-AFC0-D331F6CA72E0} [2012.04.21 09:53:48 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{3CAFB1DE-5DC0-4351-B2E4-A84865307857} [2012.04.20 19:12:01 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{32FA2382-57E7-457B-B82B-BC01D2B2D453} [2012.04.20 19:11:22 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{59B65628-DB65-43D5-978F-F564C0CF14AA} [2012.04.20 19:10:41 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{7479100E-32A8-499D-B5AC-9C35B4AD08B8} [2012.04.20 19:10:02 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{E1449031-3C91-4397-86F5-A7A8B6FB208D} [2012.04.19 19:23:41 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{6315524D-2ED0-4872-ACC9-F2F343976693} [2012.04.19 19:23:01 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{9B11B4A6-C865-4C4C-BB06-B7C054E3D387} [2012.04.19 19:22:22 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{BDA74F8E-0E30-47B8-8B09-DA295F2C6531} [2012.04.19 19:21:43 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{A7F0B463-B7B3-4CF6-8746-FE8A3C02007C} [2012.04.19 07:21:01 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{47B1D19B-5B31-4269-8100-AEF348BF4C07} [2012.04.19 07:20:42 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{1C58B21B-6811-439A-864B-D8EA5D737463} [2012.04.19 07:20:03 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{BB5A41A5-3813-4BFB-B002-A66A4F3EC49E} [2012.04.19 07:17:48 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live [2012.04.18 22:13:17 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{CF4B2DA1-D0A2-4976-9668-68053684006E} [2012.04.18 22:12:38 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{CAE73196-1419-4E14-B7D9-B0844EC037B9} [2012.04.18 15:56:18 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{519BC042-4D5F-4930-918C-8CEAC4DDFA29} [2012.04.18 15:55:39 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{5AA87E87-83CA-4B03-B909-DACA5C4C65C1} [2012.04.18 14:19:07 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{FA166906-056A-473B-9EAD-2958F90CF964} [2012.04.18 14:18:27 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{92686BA0-1A6E-40FD-86C1-3DA9BF560FF4} [2012.04.18 13:36:27 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{1ADBA1C4-3B72-413B-B433-E210CC14501C} [2012.04.18 13:35:47 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{FAC5099E-3B7E-449B-A215-AE53FC64BD4A} [2012.04.18 13:33:17 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{75134DC1-B2EA-404C-9411-1F894BDE90D1} [2012.04.18 13:28:01 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{B20BC6F7-C1F5-423A-9922-2FEA6BEFBFF2} [2012.04.18 13:27:21 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{EC1A7845-62DB-4BB5-94FC-9BC13EAE639C} [2012.04.18 09:59:22 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{ED279A21-5209-435F-B06B-2A32351E538B} [2012.04.18 09:58:43 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{A185E36A-58D1-48E1-9DD2-27DB13B5410C} [2012.04.17 23:51:21 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{66C74371-5E0B-45C3-BEAB-5A4EBF96F4F2} [2012.04.17 23:50:40 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{DF7879E1-E186-4C26-9BBA-D579584F2524} [2012.04.17 22:57:57 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{3A2A520F-C434-40E4-9B52-8B58BA25008D} [2012.04.17 22:57:16 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{96915DD3-2478-4B8F-839C-ED88EA06BE45} [2012.04.17 12:36:16 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{9C72C47B-14D1-406F-BAA1-2150A000D42D} [2012.04.17 12:35:37 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{8B7B57E8-47D7-4BE3-B1E7-0D3906A1AF76} [2012.04.17 12:30:08 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{14F720F7-3264-4C2F-9BA1-41065E41D733} [2012.04.17 12:24:03 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{273B457A-1EB8-4071-9389-087FD28E0786} [2012.04.17 11:26:51 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{67B6C5E5-146F-4057-9581-D0DECB94EFFA} [2012.04.17 11:26:12 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{DBB3099E-9595-40B8-98A3-2A88CD6DAFE2} [2012.04.17 10:43:13 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{E6C95607-845F-4C2A-A90F-138D90E2FADB} [2012.04.17 10:42:34 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{106F0B84-F4D1-4F02-A938-BD8B629768F0} [2012.04.17 10:39:36 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{763A12FF-B3B2-49BF-84C3-F7F14167AE79} [2012.04.17 07:36:31 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{4E487997-4F45-40D9-8255-97DCD2C2BBD8} [2012.04.17 07:35:52 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{25676CDB-4056-437A-82BF-7ECB57DD6374} [2012.04.17 00:19:37 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{E37CA754-D343-4E84-9C9F-78748E48BF85} [2012.04.17 00:18:58 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{8B9F6375-910C-45AC-BF09-C620908E155A} [2012.04.16 23:45:37 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{053283B6-01E7-4C90-A148-8211FD75252F} [2012.04.16 23:44:58 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{2AA4D95C-CF9F-4AD5-9EEC-A1A0805B2CC0} [2012.04.16 13:56:46 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{08F737B3-DCF1-49B0-8247-9F5F26AD3597} [2012.04.16 13:56:07 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{6A395DB8-ABC1-44C1-9880-BB19096CDF70} [2012.04.16 11:08:03 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{8FC1B109-BE2C-4F27-A145-2F628C497F89} [2012.04.16 11:07:24 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{0E863BDF-06D8-4378-98AD-42EBAB599761} [2012.04.16 10:07:22 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{683FE1E4-9970-4401-9150-3F8C380F6546} [2012.04.16 10:06:43 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{B3E1180A-C07A-4846-8FF1-09056723FEAF} [2012.04.16 09:45:03 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{D1B1FD10-E050-4560-AEA5-69CA1E9731FD} [2012.04.16 09:44:22 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{13B2866A-79C8-4BFD-9476-ADA2BC81D46B} [2012.04.16 07:48:19 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{B647EEAC-FF4A-4B9E-8E10-F2BC22AFA4D9} [2012.04.15 23:13:20 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{BD19DA5A-8018-4F26-9BF7-7336E6C2DA0C} [2012.04.15 23:12:39 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{F0BB1EA1-933A-4D84-8180-956A746D1499} [2012.04.15 19:19:10 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{4BB1ECB2-F507-4178-BF12-E24B007921CD} [2012.04.15 19:18:29 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{CE7F20E9-DC50-482F-A1FA-6652C19142F3} [2012.04.15 19:17:47 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{3B945E3E-F09D-4D15-8C62-B4920CE26BB3} [2012.04.15 19:17:02 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{91DF9219-A2A1-4CDA-9336-85BB2DFE34D4} [2012.04.14 23:13:47 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{70A0A2FE-81D7-4D20-8398-4319249BA822} [2012.04.13 22:53:24 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{A94BEE6D-4C00-41F9-90BC-9CCA09B45E9F} [2012.04.13 22:19:09 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{FDA6E48D-FCB8-4763-9484-B41FB3C711E8} [2012.04.13 22:18:29 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{E2A78A62-6FFD-44CA-8042-9F7AFA9C7DA6} [2012.04.13 21:16:12 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{466B0F5D-966F-4C0E-85BE-029B98435BC9} [2012.04.13 21:15:32 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{3E8B4E59-4D5E-4E2C-A989-566D68487977} [2012.04.13 20:16:14 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{61A8ED8B-BAB4-43B9-B646-E8385EF86CF3} [2012.04.12 19:49:47 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{92963F40-9CD5-4E6C-BA5C-E96629AEA165} [2012.04.12 19:49:07 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{10ABE373-D5BA-4E81-B9B7-6A83F377D381} [2012.04.12 07:48:27 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{20552589-101C-408C-B2CC-57EEE0925D8B} [2012.04.11 22:48:12 | 000,000,000 | ---D | C] -- C:\USERS\LAPTOP\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\Facebook [2012.04.11 22:47:52 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\Facebook [2012.04.11 19:07:47 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{9C0E3A41-9BCC-4E9B-B211-F4648688B5F0} [2012.04.11 07:06:54 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{BC8F905C-C4DA-40D1-85CE-B25DF28BAEE9} [2012.04.10 18:58:20 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{F7B34465-DFF0-49B2-84EB-F2FD36ADC2A3} [2012.04.10 06:57:39 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{4787CB10-F564-4772-9745-E8240238A8C2} [2012.04.09 13:02:41 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{BFFF6A91-1784-4B2E-80F9-4F7572AB6CA6} [2012.04.09 10:49:59 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{8F78EA1D-5C9F-4075-AD03-44AF3C4BB156} [2012.04.08 14:56:05 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{FD89B733-CF2B-47E1-A439-C9272A886F66} [2012.04.07 09:35:58 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{F0DBFB22-982B-4479-82C7-B0385DF89780} [2012.04.06 21:35:16 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{4DFA9229-33E5-44C9-9043-A44FC7D8D18E} [2012.04.06 09:34:10 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\{8AB9D9D5-1699-47E6-BBFD-A0FDA9E3255F} [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.05.05 13:05:10 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Laptop\Desktop\OTL.exe [2012.05.05 12:48:00 | 000,001,006 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1051396789-1699662356-3098169049-1000UA.job [2012.05.05 12:26:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.05.05 12:14:50 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012.05.05 11:47:23 | 002,055,783 | ---- | M] () -- C:\Users\Laptop\Desktop\tdsskiller.zip [2012.05.05 11:38:04 | 000,014,192 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.05.05 11:38:04 | 000,014,192 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.05.05 11:34:41 | 002,798,460 | ---- | M] () -- C:\Windows\SysNative\perfh014.dat [2012.05.05 11:34:41 | 001,440,526 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.05.05 11:34:41 | 000,897,894 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.05.05 11:34:41 | 000,891,280 | ---- | M] () -- C:\Windows\SysNative\perfc014.dat [2012.05.05 11:34:41 | 000,004,974 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.05.05 11:31:45 | 001,433,571 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB [2012.05.05 11:30:01 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat [2012.05.05 11:08:42 | 084,638,576 | ---- | M] () -- C:\Users\Laptop\Desktop\9nm435bk.exe [2012.05.05 10:52:02 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1051396789-1699662356-3098169049-1000UA.job [2012.05.04 22:52:01 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1051396789-1699662356-3098169049-1000Core.job [2012.05.04 17:48:01 | 000,000,954 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1051396789-1699662356-3098169049-1000Core.job [2012.05.04 01:08:25 | 000,000,184 | ---- | M] () -- C:\ProgramData\-xsivsBNQ9ebjPfr [2012.05.04 01:08:25 | 000,000,000 | ---- | M] () -- C:\ProgramData\-xsivsBNQ9ebjPf [2012.05.03 19:00:29 | 000,181,512 | ---- | M] (PC Tools) -- C:\Windows\SysNative\drivers\pctplfw64.sys [2012.05.03 19:00:28 | 000,077,976 | ---- | M] (PC Tools) -- C:\Windows\SysNative\drivers\pctNdisLW64.sys [2012.05.03 19:00:26 | 000,122,784 | ---- | M] (PC Tools) -- C:\Windows\SysNative\drivers\pctNdis-PacketFilter64.sys [2012.05.02 18:49:42 | 005,143,472 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.04.30 18:55:00 | 000,001,456 | ---- | M] () -- C:\Users\Laptop\AppData\Local\Adobe Save for Web 12.0 Prefs [2012.04.21 22:52:44 | 000,004,096 | ---- | M] () -- C:\Users\Laptop\AppData\Local\keyfile3.drm [2012.04.08 19:26:09 | 000,147,904 | ---- | M] () -- C:\Windows\SysWow64\mlfcache.dat [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.05.05 11:47:22 | 002,055,783 | ---- | C] () -- C:\Users\Laptop\Desktop\tdsskiller.zip [2012.05.05 11:08:02 | 084,638,576 | ---- | C] () -- C:\Users\Laptop\Desktop\9nm435bk.exe [2012.05.04 20:53:22 | 000,002,503 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk [2012.05.04 20:53:22 | 000,002,496 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk [2012.05.04 20:53:22 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk [2012.05.04 20:53:22 | 000,001,452 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk [2012.05.04 20:53:22 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk [2012.05.04 20:53:22 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk [2012.05.04 20:53:22 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk [2012.05.04 20:53:22 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk [2012.05.04 20:53:22 | 000,001,184 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk [2012.05.04 20:53:22 | 000,001,108 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 6.lnk [2012.05.04 20:53:21 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2012.05.04 20:53:21 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2012.05.04 20:53:21 | 000,002,047 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Audition 3.0.lnk [2012.05.04 20:53:21 | 000,001,903 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk [2012.05.04 20:53:21 | 000,001,851 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk [2012.05.04 20:53:21 | 000,001,529 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk [2012.05.04 20:53:21 | 000,001,363 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.lnk [2012.05.04 20:53:21 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk [2012.05.04 20:53:21 | 000,001,272 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.lnk [2012.05.04 20:53:21 | 000,001,217 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.lnk [2012.05.04 20:53:21 | 000,001,179 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.lnk [2012.05.04 20:53:21 | 000,001,160 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012.05.04 20:53:21 | 000,001,081 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5 (64 Bit).lnk [2012.05.04 20:53:21 | 000,001,003 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk [2012.05.02 19:15:15 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.05.02 19:15:15 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.05.02 19:15:15 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.05.02 19:15:15 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.05.02 19:15:15 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.05.02 19:12:52 | 000,767,928 | ---- | C] () -- C:\Windows\BDTSupport.dll [2012.05.02 19:12:51 | 000,003,488 | ---- | C] () -- C:\Windows\UDB.zip [2012.05.02 19:12:51 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml [2012.05.02 19:12:51 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml [2012.05.02 19:12:51 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip [2012.05.02 19:08:16 | 001,433,571 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB [2012.05.02 18:45:19 | 000,000,184 | ---- | C] () -- C:\ProgramData\-xsivsBNQ9ebjPfr [2012.05.02 18:45:19 | 000,000,000 | ---- | C] () -- C:\ProgramData\-xsivsBNQ9ebjPf [2012.04.21 22:52:44 | 000,004,096 | ---- | C] () -- C:\Users\Laptop\AppData\Local\keyfile3.drm [2012.04.15 19:17:49 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.04.11 22:47:57 | 000,000,932 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1051396789-1699662356-3098169049-1000UA.job [2012.04.11 22:47:54 | 000,000,910 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1051396789-1699662356-3098169049-1000Core.job [2011.06.01 21:35:34 | 000,147,904 | ---- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2011.05.12 20:17:27 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011.03.27 16:46:52 | 001,250,322 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.03.17 00:04:24 | 000,001,456 | ---- | C] () -- C:\Users\Laptop\AppData\Local\Adobe Save for Web 12.0 Prefs [2011.03.15 13:58:10 | 000,000,056 | ---- | C] () -- C:\Windows\SysWow64\ezsidmv.dat ========== LOP Check ========== [2011.04.01 22:21:07 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\ACD Systems [2011.05.05 00:17:53 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2012.05.05 10:11:59 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\CleanMyPC [2011.03.15 10:50:09 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\Clue [2011.03.15 12:53:28 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\DAEMON Tools Lite [2012.05.03 16:22:25 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\Dropbox [2012.05.02 15:55:51 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\FileZilla [2011.05.08 10:58:09 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\LPC [2012.05.05 10:11:19 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\Notepad++ [2011.12.19 17:12:56 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\Obsidium [2011.06.27 13:05:01 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\Opera [2011.06.27 13:08:14 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\Option [2011.07.08 23:39:49 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\PacificPoker [2012.05.03 19:07:20 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\Spam Monitor [2012.04.29 18:37:58 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\Spotify [2011.03.15 13:43:37 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2011.03.13 20:40:30 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\Stardock [2011.03.17 23:16:32 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\Steinberg [2011.03.17 18:56:15 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\SWiSH Max4 [2012.05.04 21:37:50 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\TeamViewer [2012.05.02 19:07:21 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\TestApp [2011.03.15 21:15:10 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\Thinstall [2012.05.04 21:37:50 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\uTorrent [2011.03.14 23:41:56 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\Windows Live Writer [2012.05.04 22:52:01 | 000,000,910 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1051396789-1699662356-3098169049-1000Core.job [2012.05.05 10:52:02 | 000,000,932 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1051396789-1699662356-3098169049-1000UA.job [2009.07.14 07:08:49 | 000,020,952 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 195 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84 < End of report > Lenke til kommentar
Dr.Geek Skrevet 5. mai 2012 Del Skrevet 5. mai 2012 Otl.txt: OTL Fix. Avslutt alle aktive programer og deaktiver alle Antivirus Guards. åpne OTL.exe som Administrator. Kopier og lim in følgende text in i den hvite textboksen til OTL. :OTL DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard) IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = my.daemon-search.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = no IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 28 7A A4 6C D4 8C CB 01 [binary data] IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-se...q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local FF - prefs.js..browser.search.selectedEngine: "http://no.woofi.info/" FF - prefs.js..browser.startup.homepage: "http://no.woofi.info/" O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found. O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 [2012.05.03 08:15:51 | 000,000,000 | ---D | C] -- C:\sh4ldr [2012.05.04 01:08:25 | 000,000,184 | ---- | M] () -- C:\ProgramData\-xsivsBNQ9ebjPfr [2012.05.04 01:08:25 | 000,000,000 | ---- | M] () -- C:\ProgramData\-xsivsBNQ9ebjPf [2012.04.21 22:52:44 | 000,004,096 | ---- | M] () -- C:\Users\Laptop\AppData\Local\keyfile3.drm @Alternate Data Stream - 195 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84 :Commands [purity] [emptytemp] [emtyflash] [resethosts] Klick deretter: FIX PC vil restarte og det kommer opp et log. Post det. Lenke til kommentar
King-Nothing Skrevet 5. mai 2012 Forfatter Del Skrevet 5. mai 2012 Har gjort det du sa, men fikk ikke opp noen log når maskinen restartet... Lenke til kommentar
Dr.Geek Skrevet 5. mai 2012 Del Skrevet 5. mai 2012 Joda. PCen skal restarte automatisk og etter restarten kommer det opp en log. Log blir lagret i samme mappe som OTL ble lagret i. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå