Bundespolizei Malware, Österreich

Dieses Thema enthält 14 Antworten und 2 Teilnehmer. Es wurde zuletzt aktualisiert von  Jintan 29. September 2012 at 23:49.

Ansicht von 15 Beiträgen - 1 bis 15 (von insgesamt 15)
  • Autor
    Beiträge
  • #39212

    Hello.

    It’s easier to explain things in English, if you don’t mind. I understand German very good, but to write things down would be an incomprehensible thing.

    So, what happened:

    I opened a website, using internet explorer and immediately i got a notification “Bundespolizei”, asking me to transfer money, which of course I did not. The notification blocked my screen and I could not close it. I could Alt+Tab my open windows, but could not access them. After restarting the computer, the notification was still there. I restarted again with my internet cable unplugged. Now I had the windows screen without the police notification. I could access my files without any problems. I plugged in the network cable while computer was running and received the police notification immediately. I unplugged the cable again and started the computer again. Again no notification. Now I run a whole computer scan with the AVG, but it did not find anything. However, during the scan I opened my Task Manager (Ctrl+Shift+Esc) and before opening it, AVG blocked the file and moved it to the vault. The file was named “MOLBCRY.EXE” and was located in “appdataLocalTemp”. After that I restarted my computer without the internet and then again with the internet connection and no notification appeared in any of the cases. This was last week. Until then I tried restarting the computer several times and there was no “bundespolizei” notification. I have all the files backed up. Today I ran the OTL scan (after reading this forum) and received the following log:
    OTL.Txt

    OTL logfile created on: 8/31/2012 9:28:27 AM – Run 2
    OTL by OldTimer – Version 3.2.59.1     Folder = C:UsersMatejaDesktop
     Professional  (Version = 6.1.7600) – Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: Slovenija | Language: SLV | Date Format: d.M.yyyy
     
    2.94 Gb Total Physical Memory | 2.20 Gb Available Physical Memory | 74.84% Memory free
    5.87 Gb Paging File | 5.15 Gb Available in Paging File | 87.76% Paging File free
    Paging file location(s): ?:pagefile.sys [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:Windows | %ProgramFiles% = C:Program Files
    Drive C: | 454.82 Gb Total Space | 168.63 Gb Free Space | 37.08% Space Free | Partition Type: NTFS
    Drive Q: | 9.77 Gb Total Space | 2.88 Gb Free Space | 29.45% Space Free | Partition Type: NTFS
     
    Computer Name: CRNI | User Name: Mateja | Logged in as Administrator.
    Boot Mode: SafeMode | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
     
    [color color='#E56717']========== Processes (SafeList) ==========[/color]
     
    PRC – C:UsersMatejaDesktopOTL.exe (OldTimer Tools)
    PRC – C:Windowsexplorer.exe (Microsoft Corporation)
     
     
    [color color='#E56717']========== Modules (No Company Name) ==========[/color]
     
    MOD – C:Program FilesWinRARrarext.dll ()
     
     
    [color color='#E56717']========== Services (SafeList) ==========[/color]
     
    SRV – (SkypeUpdate) — C:Program FilesSkypeUpdaterUpdater.exe (Skype Technologies)
    SRV – (vToolbarUpdater11.2.0) — C:Program FilesCommon FilesAVG Secure SearchvToolbarUpdater11.2.0ToolbarUpdater.exe ()
    SRV – (Akamai) — c:program filescommon filesakamai/netsession_win_4f7fccd.dll ()
    SRV – (TeamViewer6) — C:Program FilesTeamViewerVersion6TeamViewer_Service.exe (TeamViewer GmbH)
    SRV – (AVGIDSAgent) — C:Program FilesAVGAVG10Identity ProtectionAgentBinAVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
    SRV – (AVG Security Toolbar Service) — C:Program FilesAVGAVG10ToolbarToolbarBroker.exe ()
    SRV – (SUService) — C:Program FilesLenovoSystem UpdateSUService.exe (Lenovo Group Limited)
    SRV – (avgwd) — C:Program FilesAVGAVG10avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
    SRV – (WatAdminSvc) — C:WindowsSystem32WatWatAdminSvc.exe (Microsoft Corporation)
    SRV – (ServiceLayer) — C:Program FilesPC Connectivity SolutionServiceLayer.exe (Nokia)
    SRV – (FLEXnet Licensing Service) — C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe (Acresso Software Inc.)
    SRV – (UNS) — C:Program FilesIntelIntel(R) Management Engine ComponentsUNSUNS.exe (Intel Corporation)
    SRV – (LMS) — C:Program FilesIntelIntel(R) Management Engine ComponentsLMSLMS.exe (Intel Corporation)
    SRV – (Power Manager DBC Service) — C:Program FilesThinkPadUtilitiesPWMDBSVC.EXE (Lenovo)
    SRV – (ThinkVantage Registry Monitor Service) — C:Program FilesCommon FilesLenovotvt_reg_monitor_svc.exe (Lenovo Group Limited)
    SRV – (LBTServ) — C:Program FilesCommon FileslogishrdBluetoothLBTServ.exe (Logitech, Inc.)
    SRV – (StorSvc) — C:WindowsSystem32StorSvc.dll (Microsoft Corporation)
    SRV – (SensrSvc) — C:WindowsSystem32sensrsvc.dll (Microsoft Corporation)
    SRV – (PeerDistSvc) — C:WindowsSystem32PeerDistSvc.dll (Microsoft Corporation)
    SRV – (WinDefend) — C:Program FilesWindows Defendermpsvc.dll (Microsoft Corporation)
     
     
    [color color='#E56717']========== Driver Services (SafeList) ==========[/color]
     
    DRV – (Lavasoft Kernexplorer) — C:Program FilesLavasoftAd-AwareKernExplorer.sys File not found
    DRV – (AVGIDSDriver) — C:WindowsSystem32driversAVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
    DRV – (Avgtdix) — C:WindowsSystem32driversavgtdix.sys (AVG Technologies CZ, s.r.o.)
    DRV – (Avgrkx86) — C:WindowsSystem32driversavgrkx86.sys (AVG Technologies CZ, s.r.o.)
    DRV – (Avgmfx86) — C:WindowsSystem32driversavgmfx86.sys (AVG Technologies CZ, s.r.o.)
    DRV – (AVGIDSEH) — C:WindowsSystem32driversAVGIDSEH.sys (AVG Technologies CZ, s.r.o. )
    DRV – (AVGIDSShim) — C:WindowsSystem32driversAVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
    DRV – (AVGIDSFilter) — C:WindowsSystem32driversAVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
    DRV – (Avgldx86) — C:WindowsSystem32driversavgldx86.sys (AVG Technologies CZ, s.r.o.)
    DRV – (UsbserFilt) — C:WindowsSystem32driversusbser_lowerfltj.sys (Nokia)
    DRV – (upperdev) — C:WindowsSystem32driversusbser_lowerflt.sys (Nokia)
    DRV – (nmwcdc) — C:WindowsSystem32driversccdcmbo.sys (Nokia)
    DRV – (nmwcd) — C:WindowsSystem32driversccdcmb.sys (Nokia)
    DRV – (nmwcdnsu) — C:WindowsSystem32driversnmwcdnsu.sys (Nokia)
    DRV – (nmwcdnsuc) — C:WindowsSystem32driversnmwcdnsuc.sys (Nokia)
    DRV – (RTL8192su) — C:WindowsSystem32driversRTL8192su.sys (Realtek Semiconductor Corporation                           )
    DRV – (sptd) — C:WindowsSystem32driverssptd.sys (Duplex Secure Ltd.)
    DRV – (vpcvmm) — C:WindowsSystem32driversvpcvmm.sys (Microsoft Corporation)
    DRV – (vpcbus) — C:WindowsSystem32driversvpchbus.sys (Microsoft Corporation)
    DRV – (vpcusb) — C:WindowsSystem32driversvpcusb.sys (Microsoft Corporation)
    DRV – (vpcnfltr) — C:WindowsSystem32driversvpcnfltr.sys (Microsoft Corporation)
    DRV – (pelusblf) — C:WindowsSystem32driversPELUSBLF.SYS (TPMX Electronics Ltd.)
    DRV – (pelmouse) — C:WindowsSystem32driversPELMOUSE.SYS (TPMX Electronics Ltd.)
    DRV – (TVTI2C) — C:WindowsSystem32driverstvti2c.sys (Lenovo (United States) Inc.)
    DRV – (e1kexpress) — C:WindowsSystem32driverse1k6232.sys (Intel Corporation)
    DRV – (nvlddmkm) — C:WindowsSystem32driversnvlddmkm.sys (NVIDIA Corporation)
    DRV – (HECI) — C:WindowsSystem32driversHECI.sys (Intel Corporation)
    DRV – (NVHDA) — C:WindowsSystem32driversnvhda32v.sys (NVIDIA Corporation)
    DRV – (vmbus) — C:WindowsSystem32driversvmbus.sys (Microsoft Corporation)
    DRV – (storflt) — C:WindowsSystem32driversvmstorfl.sys (Microsoft Corporation)
    DRV – (storvsc) — C:WindowsSystem32driversstorvsc.sys (Microsoft Corporation)
    DRV – (vwifimp) — C:WindowsSystem32driversvwifimp.sys (Microsoft Corporation)
    DRV – (WinUsb) — C:WindowsSystem32driverswinusb.sys (Microsoft Corporation)
    DRV – (s3cap) — C:WindowsSystem32driversvms3cap.sys (Microsoft Corporation)
    DRV – (VMBusHID) — C:WindowsSystem32driversVMBusHID.sys (Microsoft Corporation)
    DRV – (TPM) — C:WindowsSystem32driverstpm.sys (Microsoft Corporation)
    DRV – (netw5v32) — C:WindowsSystem32driversnetw5v32.sys (Intel Corporation)
    DRV – (psadd) — C:WindowsSystem32driverspsadd.sys (Lenovo (United States) Inc.)
    DRV – (LUsbFilt) — C:WindowsSystem32driversLUsbFilt.sys (Logitech, Inc.)
    DRV – (LMouFilt) — C:WindowsSystem32driversLMouFilt.Sys (Logitech, Inc.)
    DRV – (LHidFilt) — C:WindowsSystem32driversLHidFilt.Sys (Logitech, Inc.)
    DRV – (pccsmcfd) — C:WindowsSystem32driverspccsmcfd.sys (Nokia)
    DRV – (LVUSBSta) — C:WindowsSystem32driversLVUSBSta.sys (Logitech Inc.)
    DRV – (PID_PEPI) — C:WindowsSystem32driversLV302V32.SYS (Logitech Inc.)
    DRV – (LVRS) — C:WindowsSystem32driverslvrs.sys (Logitech Inc.)
    DRV – (pepifilter) — C:WindowsSystem32driverslv302af.sys (Logitech Inc.)
    DRV – (athrusb) — C:WindowsSystem32driversathrusb.sys (Atheros Communications, Inc.)
     
     
    [color color='#E56717']========== Standard Registry (SafeList) ==========[/color]
     
     
    [color color='#E56717']========== Internet Explorer ==========[/color]
     
    IE – HKLM..SearchScopes,DefaultScope = {B33C4B21-55F4-4CDD-A33F-EFC7F27934A2}
    IE – HKLM..SearchScopes{B33C4B21-55F4-4CDD-A33F-EFC7F27934A2}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox;
     
     
    IE – HKU.DEFAULT..URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} – No CLSID value found
    IE – HKU.DEFAULTSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0
    IE – HKU.DEFAULTSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyOverride" = 
     
    IE – HKUS-1-5-18..URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} – No CLSID value found
    IE – HKUS-1-5-18SoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0
    IE – HKUS-1-5-18SoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyOverride" = 
     
    IE – HKUS-1-5-19SoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0
     
     
    IE – HKUS-1-5-21-1043056270-1798009061-3640862498-1004SOFTWAREMicrosoftInternet ExplorerMain,Default_Page_URL = http://lenovo.msn.com
    IE – HKUS-1-5-21-1043056270-1798009061-3640862498-1004SOFTWAREMicrosoftInternet ExplorerMain,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkcentre [binary data]
    IE – HKUS-1-5-21-1043056270-1798009061-3640862498-1004SOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://www.google.si/
    IE – HKUS-1-5-21-1043056270-1798009061-3640862498-1004..SearchScopes,DefaultScope = {1291DCB8-B322-4588-93A8-7892589628F4}
    IE – HKUS-1-5-21-1043056270-1798009061-3640862498-1004..SearchScopes{1291DCB8-B322-4588-93A8-7892589628F4}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
    IE – HKUS-1-5-21-1043056270-1798009061-3640862498-1004..SearchScopes{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={41D2705F-F133-416F-B5C8-039E30057B76}&mid=827c94f3b953c2161707c680c17db71e-1fd6ce85b3ccfa0cc5a4b477c3b5ffcb610695e7&lang=us&ds=AVG&pr=fr&d=2011-12-08 11:24:48&v=9.0.0.18&sap=dsp&q={searchTerms}
    IE – HKUS-1-5-21-1043056270-1798009061-3640862498-1004SoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0
    IE – HKUS-1-5-21-1043056270-1798009061-3640862498-1004SoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;
     
    [color color='#E56717']========== FireFox ==========[/color]
     
    FF – prefs.js..browser.search.defaultenginename: "AVG Secure Search"
    FF – prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.51
    FF – prefs.js..extensions.enabledItems: {12B5FEAA-16C9-4DE9-98A0-83D6FE5B1316}:2.0.54.0
    FF – prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.9.0.9216
    FF – prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
    FF – prefs.js..extensions.enabledItems: avg@toolbar:11.1.0.7
    FF – prefs.js..keyword.URL: "http://isearch.avg.com/search?cid=%7Ba09b7265-a9b3-4f3d-80d6-6389feff1f5b%7D&mid=827c94f3b953c2161707c680c17db71e-1fd6ce85b3ccfa0cc5a4b477c3b5ffcb610695e7&ds=AVG&v=11.1.0.7&lang=us&pr=fr&d=2011-12-08%2011%3A24%3A48&sap=ku&q="
    FF – user.js – File not found
     
    FF – HKLMSoftwareMozillaPlugins@adobe.com/FlashPlayer: C:Windowssystem32MacromedFlashNPSWF32.dll ()
    FF – HKLMSoftwareMozillaPlugins@Apple.com/iTunes,version=:  File not found
    FF – HKLMSoftwareMozillaPlugins@Apple.com/iTunes,version=1.0: C:Program FilesiTunesMozilla Pluginsnpitunes.dll ()
    FF – HKLMSoftwareMozillaPlugins@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:Program FilesCommon FilesAVG Secure SearchSiteSafetyInstaller11.2.0\npsitesafety.dll ()
    FF – HKLMSoftwareMozillaPlugins@garmin.com/GpsControl: C:Program FilesGarmin GPS PluginnpGarmin.dll (GARMIN Corp.)
    FF – HKLMSoftwareMozillaPlugins@java.com/JavaPlugin: C:Program FilesJavajre6binnew_pluginnpjp2.dll (Sun Microsystems, Inc.)
    FF – HKLMSoftwareMozillaPlugins@microsoft.com/GENUINE: disabled File not found
    FF – HKLMSoftwareMozillaPlugins@Microsoft.com/NpCtrl,version=1.0: c:Program FilesMicrosoft Silverlight4.1.10111.0npctrl.dll ( Microsoft Corporation)
    FF – HKCUSoftwareMozillaPlugins@tools.google.com/Google Update;version=3: C:UsersMatejaAppDataLocalGoogleUpdate1.3.21.115npGoogleUpdate3.dll (Google Inc.)
    FF – HKCUSoftwareMozillaPlugins@tools.google.com/Google Update;version=9: C:UsersMatejaAppDataLocalGoogleUpdate1.3.21.115npGoogleUpdate3.dll (Google Inc.)
     
    FF – HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:Program FilesNokiaNokia Ovi SuiteConnectorsBookmarks ConnectorFirefoxExtension [2011/02/11 15:06:39 | 000,000,000 | —D | M]
    FF – HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:Program FilesAVGAVG10Firefox4 [2012/02/02 19:23:27 | 000,000,000 | —D | M]
    FF – HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions\avg@toolbar: C:ProgramDataAVG Secure Search11.1.0.12 [2012/07/12 19:32:49 | 000,000,000 | —D | M]
    FF – HKEY_LOCAL_MACHINEsoftwaremozillaMozilla Firefox 3.6.25extensions\Components: C:Program FilesMozilla Firefoxcomponents [2012/02/19 14:05:29 | 000,000,000 | —D | M]
    FF – HKEY_LOCAL_MACHINEsoftwaremozillaMozilla Firefox 3.6.25extensions\Plugins: C:Program FilesMozilla Firefoxplugins [2012/02/19 14:05:29 | 000,000,000 | —D | M]
    FF – HKEY_LOCAL_MACHINEsoftwaremozillaThunderbirdExtensions\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:Program FilesNokiaNokia Ovi SuiteConnectorsThunderbird ConnectorThunderbirdExtension [2011/02/11 15:06:39 | 000,000,000 | —D | M]
     
    [2010/06/23 14:47:56 | 000,000,000 | —D | M] (No name found) — C:UsersMatejaAppDataRoamingmozillaExtensions
    [2012/01/22 21:37:00 | 000,000,000 | —D | M] (No name found) — C:UsersMatejaAppDataRoamingmozillaFirefoxProfilesrfmwrfe8.defaultextensions
    [2011/02/15 12:32:31 | 000,000,000 | —D | M] (Hermes SoftLab DigSigSDK) — C:UsersMatejaAppDataRoamingmozillaFirefoxProfilesrfmwrfe8.defaultextensions{12B5FEAA-16C9-4DE9-98A0-83D6FE5B1316}
    [2011/11/24 20:07:29 | 000,000,000 | —D | M] (No name found) — C:Program Filesmozilla firefoxextensions
    [2012/03/09 21:30:19 | 000,000,000 | —D | M] (Skype Click to Call) — C:Program Filesmozilla firefoxextensions{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2011/11/24 20:07:29 | 000,000,000 | —D | M] (Java Console) — C:Program Filesmozilla firefoxextensions{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
    [2011/02/11 15:06:39 | 000,000,000 | —D | M] (Firefox Synchronisation Extension) — C:PROGRAM FILESNOKIANOKIA OVI SUITECONNECTORSBOOKMARKS CONNECTORFIREFOXEXTENSION
    [2012/06/16 11:12:57 | 000,000,000 | —D | M] (AVG Security Toolbar) — C:PROGRAMDATAAVG SECURE SEARCH11.1.0.7
    [2011/10/03 06:06:04 | 000,476,904 | —- | M] (Sun Microsystems, Inc.) — C:Program Filesmozilla firefoxpluginsnpdeployJava1.dll
    [2011/10/26 20:49:56 | 000,012,800 | —- | M] (Nullsoft, Inc.) — C:Program Filesmozilla firefoxpluginsnpwachk.dll
    [2012/07/12 19:32:37 | 000,003,767 | —- | M] () — C:Program Filesmozilla firefoxsearchpluginsavg-secure-search.xml
    [2012/02/19 14:05:27 | 000,010,799 | —- | M] () — C:Program Filesmozilla firefoxsearchpluginsceneji.xml
    [2012/02/19 14:05:27 | 000,003,584 | —- | M] () — C:Program Filesmozilla firefoxsearchpluginsodpiralni.xml
    [2012/02/19 14:05:27 | 000,006,155 | —- | M] () — C:Program Filesmozilla firefoxsearchpluginstwitter.xml
    [2012/02/19 14:05:27 | 000,001,328 | —- | M] () — C:Program Filesmozilla firefoxsearchpluginswikipedia-sl.xml
     
    O1 HOSTS File: ([2010/03/29 13:54:11 | 000,001,276 | —- | M]) – C:WindowsSystem32driversetchosts
    O1 – Hosts: 127.0.0.1  practivate.adobe.com
    O1 – Hosts: 127.0.0.1  ereg.adobe.com
    O1 – Hosts: 127.0.0.1  activate.wip3.adobe.com
    O1 – Hosts: 127.0.0.1  wip3.adobe.com
    O1 – Hosts: 127.0.0.1  3dns-3.adobe.com
    O1 – Hosts: 127.0.0.1  3dns-2.adobe.com
    O1 – Hosts: 127.0.0.1  adobe-dns.adobe.com
    O1 – Hosts: 127.0.0.1  adobe-dns-2.adobe.com
    O1 – Hosts: 127.0.0.1  adobe-dns-3.adobe.com
    O1 – Hosts: 127.0.0.1  ereg.wip3.adobe.com
    O1 – Hosts: 127.0.0.1  activate-sea.adobe.com
    O1 – Hosts: 127.0.0.1  wwis-dubc1-vip60.adobe.com
    O1 – Hosts: 127.0.0.1  activate-sjc0.adobe.com
    O1 – Hosts: 127.0.0.1  activate.adobe.com
    O2 – BHO: (AVG Safe Search) – {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} – C:Program FilesAVGAVG10avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 – BHO: (AVG Security Toolbar) – {95B7759C-8C7F-4BF1-B163-73684A933233} – C:Program FilesAVG Secure Search11.1.0.12AVG Secure Search_toolbar.dll ()
    O2 – BHO: (Adobe PDF Conversion Toolbar Helper) – {AE7CD045-E861-484f-8273-0445EE161910} – C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 – BHO: (Skype Browser Helper) – {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} – C:Program FilesSkypeToolbarsInternet Explorerskypeieplugin.dll (Skype Technologies S.A.)
    O2 – BHO: (SmartSelect Class) – {F4971EE7-DAA0-4053-9964-665D8EE6A077} – C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 – HKLM..Toolbar: (Adobe PDF) – {47833539-D0C5-4125-9FA8-0819E2EAAC93} – C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 – HKLM..Toolbar: (AVG Security Toolbar) – {95B7759C-8C7F-4BF1-B163-73684A933233} – C:Program FilesAVG Secure Search11.1.0.12AVG Secure Search_toolbar.dll ()
    O3 – HKLM..Toolbar: (no name) – {CCC7A320-B3CA-4199-B1A6-9F516DD69829} – No CLSID value found.
    O3 – HKLM..Toolbar: (no name) – Locked – No CLSID value found.
    O3 – HKUS-1-5-21-1043056270-1798009061-3640862498-1004..ToolbarWebBrowser: (no name) – {21FA44EF-376D-4D53-9B0F-8A89D3229068} – No CLSID value found.
    O3 – HKUS-1-5-21-1043056270-1798009061-3640862498-1004..ToolbarWebBrowser: (Adobe PDF) – {47833539-D0C5-4125-9FA8-0819E2EAAC93} – C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll (Adobe Systems Incorporated)
    O4 – HKLM..Run: []  File not found
    O4 – HKLM..Run: [AutoEJCD_0ACE20FF] C:Program FilesAutoInstallZD1211B_Auto_Install_CD_Only_Gen_0ACE20FFAutoEJCD.EXE ()
    O4 – HKLM..Run: [AVG_TRAY] C:Program FilesAVGAVG10avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 – HKLM..Run: [IMSS] C:Program FilesIntelIntel(R) Management Engine ComponentsIMSSPIconStartup.exe ()
    O4 – HKLM..Run: [Kernel and Hardware Abstraction Layer] C:WindowsKHALMNPR.Exe (Logitech, Inc.)
    O4 – HKLM..Run: [Launch Backup Service Once] C:Program FilesLenovoRescue and Recoveryrrstrigger.exe ()
    O4 – HKLM..Run: [Message Center Plus] C:Program FilesLENOVOMessage Center PlusMCPLaunch.exe ()
    O4 – HKLM..Run: [Mouse Suite 98 Daemon] C:Program FilesLenovoMouse SuiteICO.EXE (Primax Electronics Ltd.)
    O4 – HKLM..Run: [Power Manager Power Agenda] C:PROGRA~1ThinkPadUTILIT~1DPMHost.exe ()
    O4 – HKLM..Run: [PWMTRV] rundll32 C:PROGRA~1ThinkPadUTILIT~1PWMTR32V.DLL,PwrMgrBkGndMonitor File not found
    O4 – HKLM..Run: [ROC_roc_dec12] C:Program FilesAVG Secure SearchROC_roc_dec12.exe ()
    O4 – HKLM..Run: [vProt] C:Program FilesAVG Secure Searchvprot.exe ()
    O4 – HKUS-1-5-21-1043056270-1798009061-3640862498-1004..Run: [Akamai NetSession Interface] C:UsersMatejaAppDataLocalAkamainetsession_win.exe (Akamai Technologies, Inc.)
    O4 – HKUS-1-5-19..RunOnce: [mctadmin] C:WindowsSystem32mctadmin.exe (Microsoft Corporation)
    O4 – HKUS-1-5-20..RunOnce: [mctadmin] C:WindowsSystem32mctadmin.exe (Microsoft Corporation)
    O6 – HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorAdmin = 5
    O6 – HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorUser = 3
    O7 – HKUS-1-5-21-1043056270-1798009061-3640862498-1004SOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 0
    O8 – Extra context menu item: Append Link Target to Existing PDF – C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 – Extra context menu item: Append to Existing PDF – C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 – Extra context menu item: Convert Link Target to Adobe PDF – C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 – Extra context menu item: Convert to Adobe PDF – C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 – Extra context menu item: E&xport to Microsoft Excel – res://C:PROGRA~1MICROS~1Office12EXCEL.EXE/3000 File not found
    O9 – Extra Button: Pošlji v OneNote – {2670000A-7350-4f3c-8081-5663EE0C6C49} – Reg Error: Value error. File not found
    O9 – Extra 'Tools' menuitem : P&ošlji v OneNote – {2670000A-7350-4f3c-8081-5663EE0C6C49} – Reg Error: Value error. File not found
    O9 – Extra Button: Skype Click to Call – {898EA8C8-E7FF-479B-8935-AEC46303B9E5} – C:Program FilesSkypeToolbarsInternet Explorerskypeieplugin.dll (Skype Technologies S.A.)
    O9 – Extra 'Tools' menuitem : Skype Click to Call – {898EA8C8-E7FF-479B-8935-AEC46303B9E5} – C:Program FilesSkypeToolbarsInternet Explorerskypeieplugin.dll (Skype Technologies S.A.)
    O9 – Extra Button: Research – {92780B25-18CC-41C8-B9BE-3C9C571A8263} – C:PROGRA~1MICROS~1Office12REFIEBAR.DLL (Microsoft Corporation)
    O10 – NameSpace_Catalog5Catalog_Entries00000000008 [] – C:Program FilesBonjourmdnsNSP.dll (Apple Inc.)
    O13 – gopher Prefix: missing
    O16 – DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
    O16 – DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 – DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
    O16 – DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 – DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 – DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.1.1 192.168.1.1
    O17 – HKLMSystemCCSServicesTcpipParametersInterfaces{14A0D4F0-850B-487A-B7B4-8E93FD231341}: DhcpNameServer = 192.168.1.1 192.168.1.1
    O17 – HKLMSystemCCSServicesTcpipParametersInterfaces{855473E8-93B9-43B6-9FAC-A0960DFCD68C}: DhcpNameServer = 195.34.133.21 195.34.133.22
    O17 – HKLMSystemCCSServicesTcpipParametersInterfaces{8662691B-B9BB-4C7C-B0F1-3740E3A0FF48}: DhcpNameServer = 192.168.1.1 192.168.1.1
    O18 – ProtocolHandlerlinkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} – C:Program FilesAVGAVG10avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 – ProtocolHandlerskype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} – C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL (Skype Technologies)
    O18 – ProtocolHandlerskype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} – C:Program FilesSkypeToolbarsInternet Explorerskypeieplugin.dll (Skype Technologies S.A.)
    O18 – ProtocolHandlerviprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} – C:Program FilesCommon FilesAVG Secure SearchViProtocolInstaller11.2.0ViProtocol.dll ()
    O18 – ProtocolFiltertext/xml {807563E5-5146-11D5-A672-00B0D022E945} – C:PROGRA~1COMMON~1MICROS~1OFFICE12MSOXMLMF.DLL (Microsoft Corporation)
    O20 – AppInit_DLLs: (acaptuser32.dll) – C:WindowsSystem32acaptuser32.dll (Adobe Systems, Inc.)
    O20 – HKLM Winlogon: Shell – (explorer.exe) – C:Windowsexplorer.exe (Microsoft Corporation)
    O20 – HKLM Winlogon: UserInit – (C:Windowssystem32userinit.exe) – C:WindowsSystem32userinit.exe (Microsoft Corporation)
    O20 – HKLM Winlogon: VMApplet – (SystemPropertiesPerformance.exe) – C:WindowsSystem32SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 – HKLM Winlogon: VMApplet – (/pagefile) –  File not found
    O20 – WinlogonNotifyLBTWlgn: DllName – (c:program filescommon fileslogishrdbluetoothLBTWlgn.dll) – c:program filescommon fileslogishrdbluetoothLBTWlgn.dll (Logitech, Inc.)
    O21 – SSODL: WebCheck – {E6FB5E20-DE35-11CF-9C87-00AA005127ED} – No CLSID value found.
    O32 – HKLM CDRom: AutoRun – 1
    O32 – AutoRun File – [2009/06/10 23:42:20 | 000,000,024 | —- | M] () – C:autoexec.bat — [ NTFS ]
    O32 – AutoRun File – [2008/06/10 18:32:46 | 000,000,049 | -HS- | M] () – Q:AUTORUN.INF — [ NTFS ]
    O33 – MountPoints2{00d3d9ab-3b48-11df-9fae-002186fa0f16}Shell – "" = AutoRun
    O33 – MountPoints2{00d3d9ab-3b48-11df-9fae-002186fa0f16}ShellAutoRuncommand – "" = G:autorun.exe
    O33 – MountPoints2{1d1d34ca-22f7-11df-80dc-806e6f6e6963}Shell – "" = AutoRun
    O33 – MountPoints2{1d1d34ca-22f7-11df-80dc-806e6f6e6963}ShellAutoRuncommand – "" = Q:LenovoQDrive.exe — [2009/08/10 23:01:24 | 000,267,576 | -HS- | M] (Lenovo Group Limited)
    O33 – MountPoints2{535f5dd4-ba9f-11e0-ab68-002186fa0f16}Shell – "" = AutoRun
    O33 – MountPoints2{535f5dd4-ba9f-11e0-ab68-002186fa0f16}ShellAutoRuncommand – "" = D:Setup.exe
    O34 – HKLM BootExecute: (autocheck autochk *)
    O34 – HKLM BootExecute: (C:PROGRA~1AVGAVG10avgchsvx.exe /sync)
    O34 – HKLM BootExecute: (C:PROGRA~1AVGAVG10avgrsx.exe /sync /restart)
    O35 – HKLM..comfile [open] — "%1" %*
    O35 – HKLM..exefile [open] — "%1" %*
    O37 – HKLM…com [@ = comfile] — "%1" %*
    O37 – HKLM…exe [@ = exefile] — "%1" %*
    O38 – SubSystems\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 – SubSystems\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 – SubSystems\Windows: (ServerDll=sxssrv,4)
     
    [color color='#E56717']========== Files/Folders – Created Within 30 Days ==========[/color]
     
    [2012/08/29 16:28:11 | 000,598,528 | —- | C] (OldTimer Tools) — C:UsersMatejaDesktopOTL.exe
    [2012/08/29 13:44:23 | 000,000,000 | —D | C] — C:_SMA
     
    [color color='#E56717']========== Files – Modified Within 30 Days ==========[/color]
     
    [2012/08/31 09:26:59 | 000,067,584 | –S- | M] () — C:Windowsbootstat.dat
    [2012/08/31 09:26:54 | 2364,297,216 | -HS- | M] () — C:hiberfil.sys
    [2012/08/31 08:30:01 | 000,001,070 | —- | M] () — C:WindowstasksGoogleUpdateTaskUserS-1-5-21-1043056270-1798009061-3640862498-1004UA.job
    [2012/08/30 22:00:00 | 000,000,340 | —- | M] () — C:WindowstasksSystemToolsDailyTest.job
    [2012/08/30 17:06:56 | 105,340,250 | —- | M] () — C:WindowsSystem32driversAVGincavi.avm
    [2012/08/30 17:06:16 | 000,513,995 | —- | M] () — C:WindowsSystem32driversAVGiavichjg.avm
    [2012/08/30 16:30:00 | 000,001,018 | —- | M] () — C:WindowstasksGoogleUpdateTaskUserS-1-5-21-1043056270-1798009061-3640862498-1004Core.job
    [2012/08/29 20:59:00 | 000,016,976 | -H– | M] () — C:WindowsSystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/08/29 20:59:00 | 000,016,976 | -H– | M] () — C:WindowsSystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/08/29 20:56:38 | 000,607,530 | —- | M] () — C:WindowsSystem32perfh009.dat
    [2012/08/29 20:56:38 | 000,103,908 | —- | M] () — C:WindowsSystem32perfc009.dat
    [2012/08/27 21:58:32 | 000,598,528 | —- | M] (OldTimer Tools) — C:UsersMatejaDesktopOTL.exe
    [2012/08/18 18:09:28 | 000,002,020 | —- | M] () — C:UsersMatejaDesktopMouse and Keyboard Settings.lnk
    [2012/08/17 22:35:50 | 003,989,507 | —- | M] () — C:UsersMatejaDesktopStAnton.pdf
     
    [color color='#E56717']========== Files Created – No Company Name ==========[/color]
     
    [2012/08/18 18:09:28 | 000,002,020 | —- | C] () — C:UsersMatejaDesktopMouse and Keyboard Settings.lnk
    [2012/08/17 22:35:50 | 003,989,507 | —- | C] () — C:UsersMatejaDesktopStAnton.pdf
    [2012/05/27 14:16:00 | 000,001,087 | —- | C] () — C:UsersMatejaSlike – Bližnjica.lnk
    [2012/04/17 23:37:33 | 000,684,513 | —- | C] () — C:UsersMatejaPhoto0068.jpg
    [2012/04/17 23:37:33 | 000,660,236 | —- | C] () — C:UsersMatejaPhoto0069.jpg
    [2011/02/15 12:29:40 | 000,004,387 | —- | C] () — C:UsersMatejaVarnostna_kop_cert.p12
    [2010/11/08 15:17:20 | 000,005,632 | —- | C] () — C:UsersMatejaAppDataLocalDCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/05/28 11:57:58 | 000,004,096 | -H– | C] () — C:UsersMatejaAppDataLocalkeyfile3.drm
    [2010/04/18 13:03:32 | 000,022,328 | —- | C] () — C:UsersMatejaAppDataRoamingPnkBstrK.sys
     
    [color color='#E56717']========== LOP Check ==========[/color]
     
    [2010/11/29 13:57:27 | 000,000,000 | —D | M] — C:UsersMatejaAppDataRoamingAVG10
    [2010/05/27 22:25:36 | 000,000,000 | —D | M] — C:UsersMatejaAppDataRoamingBlackBean
    [2010/03/29 17:39:30 | 000,000,000 | —D | M] — C:UsersMatejaAppDataRoamingDAEMON Tools Lite
    [2010/03/23 21:39:54 | 000,000,000 | —D | M] — C:UsersMatejaAppDataRoamingDesktopPwrMgr
    [2011/06/22 22:20:33 | 000,000,000 | —D | M] — C:UsersMatejaAppDataRoamingGARMIN
    [2010/04/14 14:38:27 | 000,000,000 | —D | M] — C:UsersMatejaAppDataRoamingGo-Go Gourmet Chef of the Year
    [2011/03/28 19:49:02 | 000,000,000 | —D | M] — C:UsersMatejaAppDataRoamingLeadertech
    [2010/11/08 15:11:06 | 000,000,000 | —D | M] — C:UsersMatejaAppDataRoamingNokia
    [2010/11/08 15:11:07 | 000,000,000 | —D | M] — C:UsersMatejaAppDataRoamingNokia Ovi Suite
    [2010/11/08 13:54:25 | 000,000,000 | —D | M] — C:UsersMatejaAppDataRoamingPC Suite
    [2010/07/31 19:14:47 | 000,000,000 | —D | M] — C:UsersMatejaAppDataRoamingPlayFirst
    [2012/03/09 19:32:50 | 000,000,000 | —D | M] — C:UsersMatejaAppDataRoamingTagScanner
    [2012/04/10 22:42:19 | 000,000,000 | —D | M] — C:UsersMatejaAppDataRoamingTeamViewer
    [2012/08/31 09:24:40 | 000,000,000 | —D | M] — C:UsersMatejaAppDataRoaminguTorrent
    [2010/12/04 16:09:06 | 000,000,370 | —- | M] () — C:WindowsTasksAd-Aware Update (Weekly).job
    [2011/12/14 10:00:00 | 000,000,528 | —- | M] () — C:WindowsTasksPCDoctorBackgroundMonitorTask.job
    [2012/06/24 08:15:36 | 000,032,646 | —- | M] () — C:WindowsTasksSCHEDLGU.TXT
    [2012/08/30 22:00:00 | 000,000,340 | —- | M] () — C:WindowsTasksSystemToolsDailyTest.job
     
    [color color='#E56717']========== Purity Check ==========[/color]
     
     
    
    
    

    Extras.Txt

    OTL Extras logfile created on: 8/31/2012 9:28:27 AM – Run 2
    OTL by OldTimer – Version 3.2.59.1     Folder = C:UsersMatejaDesktop
     Professional  (Version = 6.1.7600) – Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: Slovenija | Language: SLV | Date Format: d.M.yyyy
     
    2.94 Gb Total Physical Memory | 2.20 Gb Available Physical Memory | 74.84% Memory free
    5.87 Gb Paging File | 5.15 Gb Available in Paging File | 87.76% Paging File free
    Paging file location(s): ?:pagefile.sys [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:Windows | %ProgramFiles% = C:Program Files
    Drive C: | 454.82 Gb Total Space | 168.63 Gb Free Space | 37.08% Space Free | Partition Type: NTFS
    Drive Q: | 9.77 Gb Total Space | 2.88 Gb Free Space | 29.45% Space Free | Partition Type: NTFS
     
    Computer Name: CRNI | User Name: Mateja | Logged in as Administrator.
    Boot Mode: SafeMode | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
     
    [color color='#E56717']========== Extra Registry (SafeList) ==========[/color]
     
     
    [color color='#E56717']========== File Associations ==========[/color]
     
    [HKEY_LOCAL_MACHINESOFTWAREClasses]
    .cpl [@ = cplfile] — C:WindowsSystem32control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] — C:Windowswinhlp32.exe (Microsoft Corporation)
     
    [color color='#E56717']========== Shell Spawning ==========[/color]
     
    [HKEY_LOCAL_MACHINESOFTWAREClassesshell[command]command]
    batfile [open] — "%1" %*
    cmdfile [open] — "%1" %*
    comfile [open] — "%1" %*
    cplfile [cplopen] — %SystemRoot%System32control.exe "%1",%* (Microsoft Corporation)
    exefile [open] — "%1" %*
    helpfile [open] — Reg Error: Key error.
    hlpfile [open] — %SystemRoot%winhlp32.exe %1 (Microsoft Corporation)
    inffile [install] — %SystemRoot%System32InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] — "%1" %*
    regfile [merge] — Reg Error: Key error.
    scrfile [config] — "%1"
    scrfile [install] — rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] — "%1" /S
    txtfile [edit] — Reg Error: Key error.
    Unknown [openas] — %SystemRoot%system32rundll32.exe %SystemRoot%system32shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] — "C:Program FilesVideoLANVLCvlc.exe" –started-from-file –playlist-enqueue "%1" ()
    Directory [BILLA Fotoshop] — "C:Program FilesBILLABILLA FotoshopBILLA Fotoshop.exe" "%1" ()
    Directory [CEWE FOTOSCHAU] — "C:Program FilesBILLABILLA FotoshopCEWE FOTOSCHAU.exe" -d "%1" ()
    Directory [cmd] — cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] — %SystemRoot%Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] — "C:Program FilesVideoLANVLCvlc.exe" –started-from-file –no-playlist-enqueue "%1" ()
    Directory [Winamp.Bookmark] — "C:Program FilesWinampwinamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
    Directory [Winamp.Enqueue] — "C:Program FilesWinampwinamp.exe" /ADD "%1" (Nullsoft, Inc.)
    Directory [Winamp.Play] — "C:Program FilesWinampwinamp.exe" "%1" (Nullsoft, Inc.)
    Folder [open] — %SystemRoot%Explorer.exe (Microsoft Corporation)
    Folder [explore] — Reg Error: Value error.
    Drive [find] — %SystemRoot%Explorer.exe (Microsoft Corporation)
     
    [color color='#E56717']========== Security Center Settings ==========[/color]
     
    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center]
    "cval" = 0
     
    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoring]
     
    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterSvc]
    "VistaSp1" = Reg Error: Unknown registry data type — File not found
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
     
    [color color='#E56717']========== Firewall Settings ==========[/color]
     
    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
     
    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
     
    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyPublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
     
    [color color='#E56717']========== Authorized Applications List ==========[/color]
     
     
    [color color='#E56717']========== Vista Active Open Ports Exception List ==========[/color]
     
    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyFirewallRules]
    "{08707EFF-F7F7-41FD-8A7C-2A33F379F173}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 | 
    "{333EAEED-38CC-473F-A57C-5B5A63B00248}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%system32spoolsv.exe | 
    "{468130D8-6C36-4842-ACDD-B2064F61DC93}" = rport=137 | protocol=17 | dir=out | app=system | 
    "{5A37B177-C577-4920-86AD-B075B1AA4DE9}" = lport=6004 | protocol=17 | dir=in | app=c:program filesmicrosoft officeoffice12outlook.exe | 
    "{729B445F-3EB6-4CA5-AC8A-EDAF2AE5E2EE}" = rport=139 | protocol=6 | dir=out | app=system | 
    "{952806DA-FCF8-44E5-A5C8-7518336657F0}" = lport=137 | protocol=17 | dir=in | app=system | 
    "{BEF6D7B7-AC76-4E7E-B464-DFC02E998D2A}" = rport=445 | protocol=6 | dir=out | app=system | 
    "{C364EBB0-7EC6-4F64-B834-7F05E4264250}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
    "{C4EBB297-479B-4D8E-947A-7EB25B48132D}" = rport=138 | protocol=17 | dir=out | app=system | 
    "{DDC074D6-27AD-452F-9EC5-1F64C61841D2}" = lport=445 | protocol=6 | dir=in | app=system | 
    "{E0613A1A-CFAC-4A88-81F9-016C3B1CC1E6}" = lport=138 | protocol=17 | dir=in | app=system | 
    "{E4953274-9106-488C-93A1-FF7F5DB70909}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%system32svchost.exe | 
    "{F609C9EB-CB6F-4F6A-AA11-CAD9FF014D47}" = lport=139 | protocol=6 | dir=in | app=system | 
    "{FA17BC34-E1A2-444C-A651-2A12385360E6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%system32svchost.exe | 
     
    [color color='#E56717']========== Vista Active Application Exception List ==========[/color]
     
    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyFirewallRules]
    "{01C15D8F-7291-473D-AEDF-9CAE42484533}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
    "{02D4E20D-345F-4EA4-B4D8-6164DDB5569D}" = protocol=17 | dir=in | app=c:program filesavgavg10avgnsx.exe | 
    "{09B78E16-4437-4439-97C7-FCBF262DFD3C}" = protocol=17 | dir=in | app=c:program filesavgavg10avgemcx.exe | 
    "{0DA1F044-7397-4147-8B7C-D8325E5B7314}" = dir=in | app=c:program filesskypephoneskype.exe | 
    "{116C8602-268A-4F5B-98BC-C2540A1C9DD9}" = protocol=17 | dir=in | app=%programfiles%windows media playerwmplayer.exe | 
    "{1A4E2860-8948-4F3F-B4B1-0399ACA51F25}" = protocol=17 | dir=out | app=%programfiles%windows media playerwmplayer.exe | 
    "{3789B5C3-54F3-4C74-A35F-49B3BC968AD1}" = dir=in | app=c:program filesnokianokia ovi suitenokiaovisuite.exe | 
    "{39C70184-59E7-454A-B5DE-6054234B7D42}" = protocol=17 | dir=in | app=c:program fileselectronic artsbattlefield bad company 2bfbc2updater.exe | 
    "{3DA2E7F1-B74D-4981-8B20-6EC6D4B6502D}" = protocol=6 | dir=in | app=c:program filesavgavg10avgnsx.exe | 
    "{43E8376A-5738-4A36-8998-1E91D2AD8795}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
    "{460C10B2-D3AC-4287-A9ED-670B95B5BF1F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
    "{474D98FA-344E-4EE5-9605-893F0AF29287}" = protocol=6 | dir=in | app=c:program filesavgavg10avgmfapx.exe | 
    "{4F3C5C4A-755A-43C4-B9CD-B4ED7D9519B9}" = protocol=6 | dir=in | app=c:program filesavgavg10avgemcx.exe | 
    "{5C4216F5-14F9-4DF8-88DE-C5FBE0F9097F}" = protocol=17 | dir=in | app=c:windowssystem32pnkbstra.exe | 
    "{5DBC9756-960D-4322-B09C-EE0F928B7939}" = protocol=6 | dir=in | app=c:program filescommon filesadobecs4servicemanagercs4servicemanager.exe | 
    "{6C3B04F5-E882-46A7-8CCF-6E762263BC99}" = protocol=6 | dir=in | app=c:program fileselectronic artsbattlefield bad company 2bfbc2updater.exe | 
    "{6DE9BA40-20E9-4DDA-84E4-C4ABF3C4E797}" = protocol=6 | dir=in | app=c:windowssystem32pnkbstrb.exe | 
    "{7DB2EC20-722B-4749-8924-0BBAD40AFBEE}" = protocol=6 | dir=in | app=c:program fileslenovosystem updateuncserver.exe | 
    "{83294C1F-F4BA-41B9-8C5C-FEABB7C54CF0}" = protocol=17 | dir=in | app=c:program filesbonjourmdnsresponder.exe | 
    "{85B776EB-E0E5-463C-A0AE-5109506F4E98}" = protocol=6 | dir=in | app=c:program filesbonjourmdnsresponder.exe | 
    "{8E64FB90-6578-44F4-AE8A-9FB639118C41}" = protocol=6 | dir=in | app=c:program filesavgavg10avgnsx.exe | 
    "{99CD7EDC-1DB8-4EE1-A038-81CD0998ABE6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
    "{A1B9E271-F9E9-45DF-B0EC-429EF6DD58DB}" = protocol=17 | dir=in | app=c:usersmatejaappdatalocalakamainetsession_win.exe | 
    "{A202F250-6270-4DDD-B25D-B84C5503BECB}" = protocol=6 | dir=in | app=c:program filesavgavg10avgemcx.exe | 
    "{A7FBB667-5619-469C-8BA2-B64C7C2AD6EA}" = protocol=6 | dir=in | app=c:program filesavgavg10avgmfapx.exe | 
    "{B2449CAD-522A-4A0F-ACAA-323E1752A32B}" = protocol=6 | dir=in | app=c:program filesteamviewerversion6teamviewer.exe | 
    "{B2B57C50-0A69-4F99-A21D-1924841651FA}" = protocol=6 | dir=in | app=c:usersmatejaappdatalocalakamainetsession_win.exe | 
    "{B2E2EB96-B023-4457-864B-913EC8292A5E}" = protocol=17 | dir=in | app=c:program filesavgavg10avgemcx.exe | 
    "{B60E7015-6035-41CB-9665-43B78E051361}" = dir=in | app=c:program filescommon filesnokiaservice layeransl_host_process.exe | 
    "{B94FC9E9-DD07-4824-86CF-9D2907A7B81D}" = protocol=6 | dir=out | app=%programfiles%windows media playerwmplayer.exe | 
    "{BC67B913-85B1-44E4-A533-ED7E1FD66422}" = protocol=6 | dir=in | app=c:program filesavgavg10avgdiagex.exe | 
    "{BEC04389-443D-4A26-AFB8-3D597A398547}" = dir=in | app=c:program filesitunesitunes.exe | 
    "{D2ADEE22-0271-47E0-982D-B5C4BC27043A}" = protocol=17 | dir=in | app=c:windowssystem32pnkbstrb.exe | 
    "{E19E3549-9946-4648-B09B-751154003477}" = protocol=17 | dir=in | app=c:program filesavgavg10avgdiagex.exe | 
    "{E31585D8-8300-415A-9B91-7958812DDEE0}" = protocol=17 | dir=in | app=c:program filesavgavg10avgnsx.exe | 
    "{E473A1EA-837E-47BE-A6FA-F3B319E04957}" = protocol=17 | dir=in | app=c:program filesteamviewerversion6teamviewer.exe | 
    "{EBF4781E-CCE6-4375-A56F-FA0591398C39}" = protocol=17 | dir=in | app=c:program filesteamviewerversion6teamviewer_service.exe | 
    "{EE7531C5-0C6C-41FB-9B70-A4B18E9BEE6F}" = protocol=6 | dir=in | app=c:program filesteamviewerversion6teamviewer_service.exe | 
    "{F26FBF49-6DF7-452F-92A0-429897669D58}" = protocol=17 | dir=in | app=c:program filesbonjourmdnsresponder.exe | 
    "{F522D64D-0BBF-492D-A0C9-F32271967452}" = protocol=17 | dir=in | app=c:program filesavgavg10avgmfapx.exe | 
    "{F81765D4-79D1-4969-8B95-E011D5447931}" = protocol=6 | dir=in | app=c:program filesbonjourmdnsresponder.exe | 
    "{F87EA6FC-06F4-4C4B-A507-FCFF3C4EDA82}" = protocol=17 | dir=in | app=c:program fileslenovosystem updateuncserver.exe | 
    "{F8995668-FC4A-4DFD-8D82-E2CF77CD5FE3}" = protocol=17 | dir=in | app=c:program filesavgavg10avgmfapx.exe | 
    "{F89EC113-B7F6-41B5-AA80-03F009FD6772}" = dir=in | app=c:program filesnokianokia ovi suitenokiaovisuite.exe | 
    "{F9AA3E56-CE23-480B-B227-81BE32FD52F8}" = protocol=6 | dir=in | app=c:windowssystem32pnkbstra.exe | 
    "{FAFAEADD-0BE0-41A9-9AA9-B019219BA635}" = protocol=17 | dir=in | app=c:program filescommon filesadobecs4servicemanagercs4servicemanager.exe | 
    "{FB6D86DB-8F39-4EC7-A803-B4AE443DA77B}" = dir=in | app=c:program filescommon filesnokiaservice layeransl_host_process.exe | 
    "TCP Query User{0B639AAC-FE1F-4986-8278-4851FA172F8A}C:program filesutorrentutorrent.exe" = protocol=6 | dir=in | app=c:program filesutorrentutorrent.exe | 
    "TCP Query User{32DD3A1F-4271-4AD7-B554-A2762B2D757E}C:program filesvideolanvlcvlc.exe" = protocol=6 | dir=in | app=c:program filesvideolanvlcvlc.exe | 
    "TCP Query User{491F48F6-F213-40C5-9DD1-D8A1EF9625BF}C:program filesutorrentutorrent.exe" = protocol=6 | dir=in | app=c:program filesutorrentutorrent.exe | 
    "TCP Query User{6C79178B-EA0F-49E4-B087-95A542473162}C:usersmatejaappdatalocalgooglechromeapplicationchrome.exe" = protocol=6 | dir=in | app=c:usersmatejaappdatalocalgooglechromeapplicationchrome.exe | 
    "TCP Query User{790CCC12-83C4-426A-B7BF-C77C8DACE412}C:usersmatejadownloadscod1call of duty 1call of dutycall of duty 1codmp.exe" = protocol=6 | dir=in | app=c:usersmatejadownloadscod1call of duty 1call of dutycall of duty 1codmp.exe | 
    "TCP Query User{8F6BDDF7-4C5E-4331-9E02-F5E4E6748CE8}C:program fileswinampwinamp.exe" = protocol=6 | dir=in | app=c:program fileswinampwinamp.exe | 
    "TCP Query User{9B5FA1D7-5532-4D80-B809-D3D8A790538B}C:program filesinternet exploreriexplore.exe" = protocol=6 | dir=in | app=c:program filesinternet exploreriexplore.exe | 
    "TCP Query User{AEB29DD1-8738-4328-8A02-819537CF45F1}C:program filesinternet exploreriexplore.exe" = protocol=6 | dir=in | app=c:program filesinternet exploreriexplore.exe | 
    "TCP Query User{C4A004AF-2D55-4F70-92A1-F3480067C9B0}C:usersmatejaappdataroamingmacromediaflash playerwww.macromedia.combinoctoshapeoctoshape.exe" = protocol=6 | dir=in | app=c:usersmatejaappdataroamingmacromediaflash playerwww.macromedia.combinoctoshapeoctoshape.exe | 
    "UDP Query User{04A71F5E-3B46-415E-B26D-2F6C1C29DB89}C:program filesvideolanvlcvlc.exe" = protocol=17 | dir=in | app=c:program filesvideolanvlcvlc.exe | 
    "UDP Query User{1F7B3CCD-AA99-4545-A6E4-FEE579307379}C:program filesinternet exploreriexplore.exe" = protocol=17 | dir=in | app=c:program filesinternet exploreriexplore.exe | 
    "UDP Query User{3A2074F5-048A-4BDB-A771-9508CF14BEE2}C:program filesutorrentutorrent.exe" = protocol=17 | dir=in | app=c:program filesutorrentutorrent.exe | 
    "UDP Query User{691FDBDB-128A-4DF9-8D83-FB33427CDBAE}C:usersmatejaappdatalocalgooglechromeapplicationchrome.exe" = protocol=17 | dir=in | app=c:usersmatejaappdatalocalgooglechromeapplicationchrome.exe | 
    "UDP Query User{A47ECA15-934D-45DD-9237-08C1B3FD975C}C:usersmatejaappdataroamingmacromediaflash playerwww.macromedia.combinoctoshapeoctoshape.exe" = protocol=17 | dir=in | app=c:usersmatejaappdataroamingmacromediaflash playerwww.macromedia.combinoctoshapeoctoshape.exe | 
    "UDP Query User{B497EBB0-64AD-450B-B541-A9160047C807}C:program fileswinampwinamp.exe" = protocol=17 | dir=in | app=c:program fileswinampwinamp.exe | 
    "UDP Query User{C3B60592-6A88-4B79-AF35-022CBE0AB7D5}C:program filesutorrentutorrent.exe" = protocol=17 | dir=in | app=c:program filesutorrentutorrent.exe | 
    "UDP Query User{F0AD559E-664B-4F52-BD6A-C09FFAF23971}C:program filesinternet exploreriexplore.exe" = protocol=17 | dir=in | app=c:program filesinternet exploreriexplore.exe | 
    "UDP Query User{F1DF7A87-5245-4BB3-9F38-D00A98D4E815}C:usersmatejadownloadscod1call of duty 1call of dutycall of duty 1codmp.exe" = protocol=17 | dir=in | app=c:usersmatejadownloadscod1call of duty 1call of dutycall of duty 1codmp.exe | 
     
    [color color='#E56717']========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
     
    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstall]
    "{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
    "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
    "{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
    "{08600005-5228-4BF6-845E-E9A957AFDCB4}" = OviMPlatform
    "{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
    "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
    "{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
    "{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
    "{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
    "{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
    "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
    "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
    "{1C9FE8CC-2578-41E6-AB28-3B927B055224}" = Windows Live – Pomocnik za vpis
    "{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
    "{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable – x86 9.0.30729.4148
    "{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update
    "{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 29
    "{28191B83-1D60-44B6-9B08-E854EF6632D5}" = Ovi Desktop Sync Engine
    "{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
    "{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
    "{3553E875-F00E-4031-BDEC-75FB1DFEB093}" = Nokia Ovi Suite Software Updater
    "{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
    "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
    "{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color – Photoshop Specific CS4
    "{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
    "{3FC42713-B6E7-49AA-A553-A224FE9828A8}" = Nokia Ovi Suite
    "{4216D328-0FE8-48B8-85B8-BD300E6F080F}" = Nokia Connectivity Cable Driver
    "{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
    "{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}" = Create Recovery Media
    "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
    "{549CE1BD-88E4-4C5E-BF75-B155624714CC}" = Belkin USB Wireless Adaptor
    "{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
    "{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{5DB65884-C963-4454-AABA-4CA3089281FA}" = NVIDIA PhysX
    "{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
    "{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
    "{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable – x86 9.0.30729
    "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
    "{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
    "{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes
    "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
    "{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
    "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0424-0000-0000000FF1CE}" = Microsoft Office Access MUI (Slovenian) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0424-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Slovenian) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0424-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Slovenian) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0424-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Slovenian) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0424-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Slovenian) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0424-0000-0000000FF1CE}" = Microsoft Office Word MUI (Slovenian) 2007
    "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
    "{90120000-001F-041A-0000-0000000FF1CE}" = Microsoft Office Proof (Croatian) 2007
    "{90120000-001F-0424-0000-0000000FF1CE}" = Microsoft Office Proof (Slovenian) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-002C-0424-0000-0000000FF1CE}" = Microsoft Office Proofing (Slovenian) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0424-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Slovenian) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0424-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Slovenian) 2007
    "{90120000-00A1-0424-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Slovenian) 2007
    "{90120000-00BA-0424-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Slovenian) 2007
    "{90120000-0100-0424-0000-0000000FF1CE}" = Microsoft Office O MUI (Slovenian) 2007
    "{90120000-0101-0424-0000-0000000FF1CE}" = Microsoft Office X MUI (Slovenian) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{91C0B95B-B83A-4828-A775-BBE2DD421060}" = Nero 7 Ultra Edition
    "{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
    "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable – x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable – x86 9.0.30729.6161
    "{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
    "{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended – English, Français, Deutsch
    "{AC76BA86-1033-F400-7761-000000000004}_920" = Adobe Acrobat 9.2.0 – CPSID_50026
    "{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended – English, Français, Deutsch
    "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
    "{B1EE1CC5-6CED-4801-BFFF-8454F21A245A}" = Garmin Communicator Plugin
    "{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
    "{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
    "{B383F243-0ABC-4E56-AA30-923B8D85076E}" = Rescue and Recovery
    "{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
    "{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
    "{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
    "{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
    "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
    "{C8FC7066-4457-4365-9BDF-4E439BF703C8}" = AVG 2011
    "{CA1CA5F8-7500-45C5-9D4C-47D13FBC92D2}" = Adobe Setup
    "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
    "{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}" = PC Connectivity Solution
    "{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkVantage Power Manager
    "{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
    "{E533E637-FB3E-4F28-8B18-449CC9AB7235}" = AVG 2011
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
    "{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime – (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime – v9.0.30729.01
    "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
    "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
    "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
    "{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
    "{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus
    "0134DA19E49BF25E588E062BF3AF5B52A1FB0570" = Windows Driver Package – Intel System  (06/04/2009 9.1.1.1013)
    "0F85FF5427F83EBFD8D26A476513F129AA6A9BDE" = Windows Driver Package – Realtek Semiconductor Corp. HD Audio Driver (11/09/2009 6.0.1.5977)
    "1AE98C75AE2DD1284F66876FA76F46BFDF6B9D31" = Windows Driver Package – Intel hdc  (06/04/2009 7.0.0.1013)
    "30A4777E896192B8D398199AE1AB235B69BAB26D" = Windows Driver Package – Intel (HECI) System  (09/17/2009 6.0.0.1179)
    "4165529BF5F060D6DCE68D5EFB7C01F8C133A42B" = Windows Driver Package – Realtek Semiconductor Corp. HD Audio Driver (11/09/2009 6.0.1.5977)
    "49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package – Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0)
    "504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package – Nokia pccsmcfd  (08/22/2008 7.0.0.0)
    "563601B59417ECE6367FFC9E33EF23D1E64AA350" = Windows Driver Package – Intel System  (06/04/2009 9.1.1.1013)
    "746B3FA92A51BF163E30D6121404CCC057D4C12B" = Windows Driver Package – NVIDIA (nvlddmkm) Display  (09/22/2009 8.16.11.9070)
    "971CFAB99B2A1B969F4D55F9A2AAC330B2A2551C" = Windows Driver Package – Intel (e1kexpress) Net  (09/23/2009 11.2.19.0)
    "A7B0B8D913E4DC2FA0B31E392E1512A901CA66B9" = Windows Driver Package – Intel USB  (08/20/2009 9.1.1.1020)
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe_1710d324011afc3e7658e969025f4ba" = Adobe InDesign CS4
    "Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
    "Akamai" = Akamai NetSession Interface Service
    "AVG" = AVG 2011
    "BILLA Fotoshop" = BILLA Fotoshop
    "Chuzzle Deluxe" = Chuzzle Deluxe (remove only)
    "Cooking Academy 2" = Cooking Academy 2 (remove only)
    "Cooking Dash – DinerTown Studios" = Cooking Dash – DinerTown Studios (remove only)
    "D4577BB192DCD9AD7FB9C09EFCCBE8CC15ED70BF" = Windows Driver Package – NVIDIA Corporation (NVHDA) MEDIA  (08/11/2009 1.00.00.58)
    "Diner Dash Hometown Hero Gourmet" = Diner Dash Hometown Hero Gourmet (remove only)
    "E7B58217635B8F723D4744A328A4B3237DB35FA9" = Windows Driver Package – Intel System  (06/04/2009 1.0.0.0002)
    "F46B861A702511B4B61AA6F81D8899BEDFE22EDD" = Windows Driver Package – Intel (Serial) Ports  (09/17/2009 6.0.0.1179)
    "Go Go Gourmet – Chef of the Year" = Go Go Gourmet – Chef of the Year (remove only)
    "GTR Evolution_1.1.1.2_is1" = GTR Evolution
    "InstallShield_{549CE1BD-88E4-4C5E-BF75-B155624714CC}" = Belkin USB Wireless Adaptor
    "Lenovo Welcome_is1" = Lenovo Welcome
    "LUXOR Adventures Bundle" = LUXOR Adventures Bundle (remove only)
    "MouseSuite98" = Mouse Suite
    "Mozilla Firefox (3.6.25)" = Mozilla Firefox (3.6.25)
    "Nokia Ovi Suite" = Nokia Ovi Suite
    "NVIDIA Drivers" = NVIDIA Drivers
    "OMUI.sl-si" = Microsoft Office Language Pack 2007 – Slovenian/slovenš?ina
    "PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox
    "PROPLUS" = Microsoft Office Professional Plus 2007
    "PROSet" = Intel(R) Network Connections Drivers
    "SystemRequirementsLab" = System Requirements Lab
    "TagScanner_is1" = TagScanner 5.1.611
    "TeamViewer 6" = TeamViewer 6
    "uTorrent" = µTorrent
    "VLC media player" = VLC media player 2.0.2
    "Winamp" = Winamp
    "WinRAR archiver" = WinRAR arhiver
    "Zuma's Revenge – Adventure" = Zuma's Revenge – Adventure (remove only)
     
    [color color='#E56717']========== HKEY_USERS Uninstall List ==========[/color]
     
    [HKEY_USERSS-1-5-21-1043056270-1798009061-3640862498-1004SOFTWAREMicrosoftWindowsCurrentVersionUninstall]
    "Akamai" = Akamai NetSession Interface
    "Google Chrome" = Google Chrome
    "Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
    "Winamp Detect" = Winamp Detector Plug-in
     
    [color color='#E56717']========== Last 20 Event Log Errors ==========[/color]
     
    [ Application Events ]
    Error – 1/14/2012 6:43:51 AM | Computer Name = Crni | Source = Microsoft-Windows-LoadPerf | ID = 3006
    Description = Unable to read the performance counter strings defined for the 024
     language ID. The first DWORD in the Data section contains the Win32 error code.
     
    Error – 1/14/2012 6:43:51 AM | Computer Name = Crni | Source = Microsoft-Windows-LoadPerf | ID = 3006
    Description = Unable to read the performance counter strings defined for the 024
     language ID. The first DWORD in the Data section contains the Win32 error code.
     
    Error – 1/14/2012 9:34:21 AM | Computer Name = Crni | Source = Microsoft-Windows-LoadPerf | ID = 3006
    Description = Unable to read the performance counter strings defined for the 024
     language ID. The first DWORD in the Data section contains the Win32 error code.
     
    Error – 1/14/2012 9:34:21 AM | Computer Name = Crni | Source = Microsoft-Windows-LoadPerf | ID = 3006
    Description = Unable to read the performance counter strings defined for the 024
     language ID. The first DWORD in the Data section contains the Win32 error code.
     
    Error – 1/15/2012 8:04:06 AM | Computer Name = Crni | Source = Microsoft-Windows-LoadPerf | ID = 3006
    Description = Unable to read the performance counter strings defined for the 024
     language ID. The first DWORD in the Data section contains the Win32 error code.
     
    Error – 1/15/2012 8:04:06 AM | Computer Name = Crni | Source = Microsoft-Windows-LoadPerf | ID = 3006
    Description = Unable to read the performance counter strings defined for the 024
     language ID. The first DWORD in the Data section contains the Win32 error code.
     
    Error – 1/15/2012 8:47:39 AM | Computer Name = Crni | Source = SideBySide | ID = 16842827
    Description = Activation context generation failed for "C:Program FilesSkypeToolbarsInternet
     ExplorerSkypeIEPluginBroker.exe".Error in manifest or policy file "C:Program 
    FilesSkypeToolbarsInternet ExplorerSkypeIEPluginBroker.exe" on line 2.  Multiple
     requestedPrivileges elements are not allowed in manifest.
     
    Error – 1/15/2012 8:48:11 AM | Computer Name = Crni | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "c:Program FilesLenovoSystem
     UpdateInstaller64.exe".  Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
     could not be found.  Please use sxstrace.exe for detailed diagnosis.
     
    Error – 1/16/2012 1:08:38 PM | Computer Name = Crni | Source = Microsoft-Windows-LoadPerf | ID = 3006
    Description = Unable to read the performance counter strings defined for the 024
     language ID. The first DWORD in the Data section contains the Win32 error code.
     
    Error – 1/16/2012 1:08:38 PM | Computer Name = Crni | Source = Microsoft-Windows-LoadPerf | ID = 3006
    Description = Unable to read the performance counter strings defined for the 024
     language ID. The first DWORD in the Data section contains the Win32 error code.
     
    [ Lenovo-Message Center Plus/Admin Events ]
    Error – 11/9/2011 9:43:16 AM | Computer Name = Crni | Source = Lenovo-Message Center Plus/Admin | ID = 2
    Description = Object reference not set to an instance of an object. -> Exception
     message: Object reference not set to an instance of an object.
     
    [ OSession Events ]
    Error – 5/10/2010 9:41:05 AM | Computer Name = Crni | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
     12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 23488
     seconds with 1560 seconds of active time.  This session ended with a crash.
     
    Error – 6/15/2010 3:04:59 AM | Computer Name = Crni | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
     12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 5
     seconds with 0 seconds of active time.  This session ended with a crash.
     
    Error – 7/12/2010 9:09:04 AM | Computer Name = Crni | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
     12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 7034
     seconds with 3240 seconds of active time.  This session ended with a crash.
     
    Error – 11/15/2010 8:29:56 AM | Computer Name = Crni | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
     12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3604
     seconds with 1080 seconds of active time.  This session ended with a crash.
     
    Error – 11/29/2010 7:41:00 AM | Computer Name = Crni | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
     12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 317
     seconds with 240 seconds of active time.  This session ended with a crash.
     
    Error – 12/6/2010 12:58:16 PM | Computer Name = Crni | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
     12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 7499
     seconds with 1500 seconds of active time.  This session ended with a crash.
     
    Error – 4/12/2011 2:16:03 PM | Computer Name = Crni | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
     12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1167
     seconds with 300 seconds of active time.  This session ended with a crash.
     
    Error – 6/28/2011 5:00:52 PM | Computer Name = Crni | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
     12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 31
     seconds with 0 seconds of active time.  This session ended with a crash.
     
    [ System Events ]
    Error – 8/31/2012 3:27:18 AM | Computer Name = Crni | Source = DCOM | ID = 10005
    Description = 
     
    Error – 8/31/2012 3:27:18 AM | Computer Name = Crni | Source = DCOM | ID = 10005
    Description = 
     
    Error – 8/31/2012 3:27:18 AM | Computer Name = Crni | Source = Service Control Manager | ID = 7001
    Description = Storitev »Network List Service« je odvisna od storitve »Network Location
     Awareness«, ki se ni uspela zagnati zaradi te napake:   %%1068
     
    Error – 8/31/2012 3:27:18 AM | Computer Name = Crni | Source = Service Control Manager | ID = 7001
    Description = Storitev »Network List Service« je odvisna od storitve »Network Location
     Awareness«, ki se ni uspela zagnati zaradi te napake:   %%1068
     
    Error – 8/31/2012 3:27:18 AM | Computer Name = Crni | Source = Service Control Manager | ID = 7001
    Description = Storitev »Network List Service« je odvisna od storitve »Network Location
     Awareness«, ki se ni uspela zagnati zaradi te napake:   %%1068
     
    Error – 8/31/2012 3:27:18 AM | Computer Name = Crni | Source = Service Control Manager | ID = 7001
    Description = Storitev »Network List Service« je odvisna od storitve »Network Location
     Awareness«, ki se ni uspela zagnati zaradi te napake:   %%1068
     
    Error – 8/31/2012 3:27:18 AM | Computer Name = Crni | Source = Service Control Manager | ID = 7001
    Description = Storitev »Network List Service« je odvisna od storitve »Network Location
     Awareness«, ki se ni uspela zagnati zaradi te napake:   %%1068
     
    Error – 8/31/2012 3:27:18 AM | Computer Name = Crni | Source = Service Control Manager | ID = 7001
    Description = Storitev »Network List Service« je odvisna od storitve »Network Location
     Awareness«, ki se ni uspela zagnati zaradi te napake:   %%1068
     
    Error – 8/31/2012 3:27:18 AM | Computer Name = Crni | Source = Service Control Manager | ID = 7001
    Description = Storitev »Network List Service« je odvisna od storitve »Network Location
     Awareness«, ki se ni uspela zagnati zaradi te napake:   %%1068
     
    Error – 8/31/2012 3:27:18 AM | Computer Name = Crni | Source = Service Control Manager | ID = 7001
    Description = Storitev »Network List Service« je odvisna od storitve »Network Location
     Awareness«, ki se ni uspela zagnati zaradi te napake:   %%1068
     
     
    
    

    Now I see some of the Error messages are Slovenian. Here, a quick translation.
    Description = Storitev »Network List Service« je odvisna od storitve »Network Location Awareness«, ki se ni uspela zagnati zaradi te napake: %%1068
    Description = Service >>Network List Service<< depends on service »Network Location Awareness« which didn't start because of error: %%1068.

    Please, let me know how to proceed. The fact that the "Bundespolizei" screen doesn't pop-up any more doesn't make me feel secure about computer being clean.
    Thanks in advance,
    G

    #99506

    Welcome to Hilfe-Forum der Anti-Botnet-Experten GoGe,

    I will be glad to help you with any problems there, but first there is one other problem to be addressed. The logs show some entries that tell me this system has been used to install an illegal copy of Adobe CS. Our forum’s rules say that no help can be given unless all illegal software use is removed from the system. Please uninstall any Adobe CS programs, and any other programs that may not have been installed legitimately, then reboot, and we can move forward here.

    Then please do the following, which includes running OTL again.

    To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck “Hide Extensions for Known File Types”

    To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software’s Taskbar icons, or accessing each software through Start – Programs. Here are some antivirus disable tips if needed.

    ——-

    Click here and download OldTimer’s OTL to your desktop, then click that to open the scan display. At the top click “Scan All Users“, then click “Run Scan“. Make no other changes at this time.

    When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are also saved in the same location as OTL.exe. Post the contents of those back here please.

    ———–

    Click here and download the installer for Gmer to your desktop, then click that file to run Gmer.

    Once the opening scan finishes, click on Scan (again, before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan).

    When completed, click on the Copy button and rightclick on your Desktop, choose “New” > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.

    ———–

    Download aswMBR ( 511KB ) to your desktop.

      [*]Double click the aswMBR.exe icon to run it
      [*]If you can have an open Internet connection, and allow it to download the latest Avast engine detections.
      [*]If avast! antivirus is already installed, just do the next step.
      [*]Click the Scan button to start the scan
      [*]On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

    A lot, but comprehensive, and will make sure we get a good view of everything. Please just post logs without using the Code function.

    #99514

    Hi

    Thank you for your reply. It took a while, but finally I managed to do the things you asked. So, I ran the OTL again. I had some problems with disabling the anti-virus software, because it turning itself back on, but I think it worked then. I ran the scan once and it opened only the OTL.txt file. I checked the “Extra Registry” part and ran it again and then I got two sets of results. So:
    OTL.txt
    OTL logfile created on: 9/11/2012 6:44:15 PM – Run 4
    OTL by OldTimer – Version 3.2.59.1 Folder = C:UsersMatejaDesktop
    Professional (Version = 6.1.7600) – Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: Slovenija | Language: SLV | Date Format: d.M.yyyy

    2.94 Gb Total Physical Memory | 1.71 Gb Available Physical Memory | 58.08% Memory free
    5.87 Gb Paging File | 4.69 Gb Available in Paging File | 79.81% Paging File free
    Paging file location(s): ?:pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:Windows | %ProgramFiles% = C:Program Files
    Drive C: | 454.82 Gb Total Space | 181.98 Gb Free Space | 40.01% Space Free | Partition Type: NTFS
    Drive Q: | 9.77 Gb Total Space | 2.88 Gb Free Space | 29.45% Space Free | Partition Type: NTFS

    Computer Name: CRNI | User Name: Mateja | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC – C:UsersMatejaDesktopOTL.exe (OldTimer Tools)
    PRC – C:UsersMatejaAppDataLocalAkamainetsession_win.exe (Akamai Technologies, Inc.)
    PRC – C:Program FilesCommon FilesAVG Secure SearchvToolbarUpdater11.2.0ToolbarUpdater.exe ()
    PRC – C:Program FilesAVG Secure Searchvprot.exe ()
    PRC – C:Program FilesTeamViewerVersion6TeamViewer_Service.exe (TeamViewer GmbH)
    PRC – C:Program FilesAVGAVG10avgtray.exe (AVG Technologies CZ, s.r.o.)
    PRC – C:Program FilesAutoInstallZD1211B_Auto_Install_CD_Only_Gen_0ACE20FFAutoEJCD.EXE ()
    PRC – C:Program FilesLenovoSystem UpdateSUService.exe (Lenovo Group Limited)
    PRC – C:WindowsSystem32conhost.exe (Microsoft Corporation)
    PRC – C:Program FilesAVGAVG10avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
    PRC – C:Program FilesAVGAVG10Identity Protectionagentbinavgidsmonitor.exe ()
    PRC – C:Program FilesAVGAVG10avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
    PRC – C:Program FilesAVGAVG10avgscanx.exe (AVG Technologies CZ, s.r.o.)
    PRC – C:Program FilesIntelIntel(R) Management Engine ComponentsUNSUNS.exe (Intel Corporation)
    PRC – C:Program FilesIntelIntel(R) Management Engine ComponentsLMSLMS.exe (Intel Corporation)
    PRC – C:Program FilesLenovoMouse Suiteico.exe (Primax Electronics Ltd.)
    PRC – C:Windowsexplorer.exe (Microsoft Corporation)
    PRC – C:Program FilesThinkPadUtilitiesSCHTASK.EXE (Lenovo Group Limited)
    PRC – C:Program FilesThinkPadUtilitiesPWMDBSVC.EXE (Lenovo)
    PRC – C:Program FilesCommon FilesLogiShrdLVMVFMLVPrcSrv.exe (Logitech Inc.)
    PRC – C:Program FilesCommon FilesLenovotvt_reg_monitor_svc.exe (Lenovo Group Limited)
    PRC – C:WindowsSystem32taskhost.exe (Microsoft Corporation)
    PRC – C:Program FilesLenovoMessage Center PlusMCPLaunch.exe ()
    PRC – C:Program FilesLenovoMouse SuiteFSRremoS.EXE ()

    ========== Modules (No Company Name) ==========

    MOD – C:Program FilesCommon FilesAVG Secure SearchSiteSafetyInstaller11.2.0SiteSafety.dll ()
    MOD – C:Program FilesAVG Secure Searchvprot.exe ()
    MOD – C:Program FilesAutoInstallZD1211B_Auto_Install_CD_Only_Gen_0ACE20FFAutoEJCD.EXE ()
    MOD – C:Program FilesAVGAVG10Identity Protectionagentbinavgidsmonitor.exe ()
    MOD – C:PROGRA~1ThinkPadUTILIT~1USPWMRT32V.DLL ()
    MOD – C:Program FilesCommon FilesLenovoCDRecord.dll ()
    MOD – C:Program FilesLenovoMessage Center PlusMCPLaunch.exe ()
    MOD – C:Program FilesLenovoMouse SuiteFSRremoS.EXE ()

    ========== Services (SafeList) ==========

    SRV – (NMIndexingService) — C:Program FilesCommon FilesAheadLibNMIndexingService.exe File not found
    SRV – (Akamai) — c:program filescommon filesakamai/netsession_win_5891ae0.dll ()
    SRV – (SkypeUpdate) — C:Program FilesSkypeUpdaterUpdater.exe (Skype Technologies)
    SRV – (vToolbarUpdater11.2.0) — C:Program FilesCommon FilesAVG Secure SearchvToolbarUpdater11.2.0ToolbarUpdater.exe ()
    SRV – (TeamViewer6) — C:Program FilesTeamViewerVersion6TeamViewer_Service.exe (TeamViewer GmbH)
    SRV – (AVGIDSAgent) — C:Program FilesAVGAVG10Identity ProtectionAgentBinAVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
    SRV – (AVG Security Toolbar Service) — C:Program FilesAVGAVG10ToolbarToolbarBroker.exe ()
    SRV – (SUService) — C:Program FilesLenovoSystem UpdateSUService.exe (Lenovo Group Limited)
    SRV – (avgwd) — C:Program FilesAVGAVG10avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
    SRV – (WatAdminSvc) — C:WindowsSystem32WatWatAdminSvc.exe (Microsoft Corporation)
    SRV – (ServiceLayer) — C:Program FilesPC Connectivity SolutionServiceLayer.exe (Nokia)
    SRV – (UNS) — C:Program FilesIntelIntel(R) Management Engine ComponentsUNSUNS.exe (Intel Corporation)
    SRV – (LMS) — C:Program FilesIntelIntel(R) Management Engine ComponentsLMSLMS.exe (Intel Corporation)
    SRV – (Power Manager DBC Service) — C:Program FilesThinkPadUtilitiesPWMDBSVC.EXE (Lenovo)
    SRV – (LVPrcSrv) — C:Program FilesCommon FilesLogiShrdLVMVFMLVPrcSrv.exe (Logitech Inc.)
    SRV – (ThinkVantage Registry Monitor Service) — C:Program FilesCommon FilesLenovotvt_reg_monitor_svc.exe (Lenovo Group Limited)
    SRV – (LBTServ) — C:Program FilesCommon FileslogishrdBluetoothLBTServ.exe (Logitech, Inc.)
    SRV – (StorSvc) — C:WindowsSystem32StorSvc.dll (Microsoft Corporation)
    SRV – (SensrSvc) — C:WindowsSystem32sensrsvc.dll (Microsoft Corporation)
    SRV – (PeerDistSvc) — C:WindowsSystem32PeerDistSvc.dll (Microsoft Corporation)
    SRV – (WinDefend) — C:Program FilesWindows Defendermpsvc.dll (Microsoft Corporation)

    ========== Driver Services (SafeList) ==========

    DRV – (pgddqpod) — C:UsersMatejaAppDataLocalTemppgddqpod.sys File not found
    DRV – (Lavasoft Kernexplorer) — C:Program FilesLavasoftAd-AwareKernExplorer.sys File not found
    DRV – (a9dm9a8n) — File not found
    DRV – (AVGIDSDriver) — C:WindowsSystem32driversAVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
    DRV – (Avgtdix) — C:WindowsSystem32driversavgtdix.sys (AVG Technologies CZ, s.r.o.)
    DRV – (Avgrkx86) — C:WindowsSystem32driversavgrkx86.sys (AVG Technologies CZ, s.r.o.)
    DRV – (Avgmfx86) — C:WindowsSystem32driversavgmfx86.sys (AVG Technologies CZ, s.r.o.)
    DRV – (AVGIDSEH) — C:WindowsSystem32driversAVGIDSEH.sys (AVG Technologies CZ, s.r.o. )
    DRV – (AVGIDSShim) — C:WindowsSystem32driversAVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
    DRV – (AVGIDSFilter) — C:WindowsSystem32driversAVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
    DRV – (Avgldx86) — C:WindowsSystem32driversavgldx86.sys (AVG Technologies CZ, s.r.o.)
    DRV – (UsbserFilt) — C:WindowsSystem32driversusbser_lowerfltj.sys (Nokia)
    DRV – (upperdev) — C:WindowsSystem32driversusbser_lowerflt.sys (Nokia)
    DRV – (nmwcdc) — C:WindowsSystem32driversccdcmbo.sys (Nokia)
    DRV – (nmwcd) — C:WindowsSystem32driversccdcmb.sys (Nokia)
    DRV – (nmwcdnsu) — C:WindowsSystem32driversnmwcdnsu.sys (Nokia)
    DRV – (nmwcdnsuc) — C:WindowsSystem32driversnmwcdnsuc.sys (Nokia)
    DRV – (RTL8192su) — C:WindowsSystem32driversRTL8192su.sys (Realtek Semiconductor Corporation )
    DRV – (sptd) — C:WindowsSystem32driverssptd.sys ()
    DRV – (vpcvmm) — C:WindowsSystem32driversvpcvmm.sys (Microsoft Corporation)
    DRV – (vpcbus) — C:WindowsSystem32driversvpchbus.sys (Microsoft Corporation)
    DRV – (vpcusb) — C:WindowsSystem32driversvpcusb.sys (Microsoft Corporation)
    DRV – (vpcnfltr) — C:WindowsSystem32driversvpcnfltr.sys (Microsoft Corporation)
    DRV – (pelusblf) — C:WindowsSystem32driversPELUSBLF.SYS (TPMX Electronics Ltd.)
    DRV – (pelmouse) — C:WindowsSystem32driversPELMOUSE.SYS (TPMX Electronics Ltd.)
    DRV – (LVPr2Mon) — C:WindowsSystem32driversLVPr2Mon.sys ()
    DRV – (TVTI2C) — C:WindowsSystem32driverstvti2c.sys (Lenovo (United States) Inc.)
    DRV – (e1kexpress) — C:WindowsSystem32driverse1k6232.sys (Intel Corporation)
    DRV – (nvlddmkm) — C:WindowsSystem32driversnvlddmkm.sys (NVIDIA Corporation)
    DRV – (HECI) — C:WindowsSystem32driversHECI.sys (Intel Corporation)
    DRV – (NVHDA) — C:WindowsSystem32driversnvhda32v.sys (NVIDIA Corporation)
    DRV – (vmbus) — C:WindowsSystem32driversvmbus.sys (Microsoft Corporation)
    DRV – (storflt) — C:WindowsSystem32driversvmstorfl.sys (Microsoft Corporation)
    DRV – (storvsc) — C:WindowsSystem32driversstorvsc.sys (Microsoft Corporation)
    DRV – (vwifimp) — C:WindowsSystem32driversvwifimp.sys (Microsoft Corporation)
    DRV – (WinUsb) — C:WindowsSystem32driverswinusb.sys (Microsoft Corporation)
    DRV – (s3cap) — C:WindowsSystem32driversvms3cap.sys (Microsoft Corporation)
    DRV – (VMBusHID) — C:WindowsSystem32driversVMBusHID.sys (Microsoft Corporation)
    DRV – (TPM) — C:WindowsSystem32driverstpm.sys (Microsoft Corporation)
    DRV – (netw5v32) — C:WindowsSystem32driversnetw5v32.sys (Intel Corporation)
    DRV – (psadd) — C:WindowsSystem32driverspsadd.sys (Lenovo (United States) Inc.)
    DRV – (LUsbFilt) — C:WindowsSystem32driversLUsbFilt.sys (Logitech, Inc.)
    DRV – (LMouFilt) — C:WindowsSystem32driversLMouFilt.Sys (Logitech, Inc.)
    DRV – (LHidFilt) — C:WindowsSystem32driversLHidFilt.Sys (Logitech, Inc.)
    DRV – (pccsmcfd) — C:WindowsSystem32driverspccsmcfd.sys (Nokia)
    DRV – (LVUSBSta) — C:WindowsSystem32driversLVUSBSta.sys (Logitech Inc.)
    DRV – (PID_PEPI) — C:WindowsSystem32driversLV302V32.SYS (Logitech Inc.)
    DRV – (LVRS) — C:WindowsSystem32driverslvrs.sys (Logitech Inc.)
    DRV – (pepifilter) — C:WindowsSystem32driverslv302af.sys (Logitech Inc.)
    DRV – (athrusb) — C:WindowsSystem32driversathrusb.sys (Atheros Communications, Inc.)

    ========== Standard Registry (SafeList) ==========

    ========== Internet Explorer ==========

    IE – HKLM..SearchScopes,DefaultScope = {B33C4B21-55F4-4CDD-A33F-EFC7F27934A2}
    IE – HKLM..SearchScopes{B33C4B21-55F4-4CDD-A33F-EFC7F27934A2}: “URL” = http://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox;

    IE – HKU.DEFAULT..URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} – No CLSID value found
    IE – HKU.DEFAULTSoftwareMicrosoftWindowsCurrentVersionInternet Settings: “ProxyEnable” = 0
    IE – HKU.DEFAULTSoftwareMicrosoftWindowsCurrentVersionInternet Settings: “ProxyOverride” =

    IE – HKUS-1-5-18..URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} – No CLSID value found
    IE – HKUS-1-5-18SoftwareMicrosoftWindowsCurrentVersionInternet Settings: “ProxyEnable” = 0
    IE – HKUS-1-5-18SoftwareMicrosoftWindowsCurrentVersionInternet Settings: “ProxyOverride” =

    IE – HKUS-1-5-19SoftwareMicrosoftWindowsCurrentVersionInternet Settings: “ProxyEnable” = 0

    IE – HKUS-1-5-21-1043056270-1798009061-3640862498-1004SOFTWAREMicrosoftInternet ExplorerMain,Default_Page_URL = http://lenovo.msn.com
    IE – HKUS-1-5-21-1043056270-1798009061-3640862498-1004SOFTWAREMicrosoftInternet ExplorerMain,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkcentre [binary data]
    IE – HKUS-1-5-21-1043056270-1798009061-3640862498-1004SOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://www.google.si/
    IE – HKUS-1-5-21-1043056270-1798009061-3640862498-1004..SearchScopes,DefaultScope = {1291DCB8-B322-4588-93A8-7892589628F4}
    IE – HKUS-1-5-21-1043056270-1798009061-3640862498-1004..SearchScopes{1291DCB8-B322-4588-93A8-7892589628F4}: “URL” = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
    IE – HKUS-1-5-21-1043056270-1798009061-3640862498-1004..SearchScopes{95B7759C-8C7F-4BF1-B163-73684A933233}: “URL” = http://isearch.avg.com/search?cid={41D2705F-F133-416F-B5C8-039E30057B76}&mid=827c94f3b953c2161707c680c17db71e-1fd6ce85b3ccfa0cc5a4b477c3b5ffcb610695e7&lang=us&ds=AVG&pr=fr&d=2011-12-08 11:24:48&v=9.0.0.18&sap=dsp&q={searchTerms}
    IE – HKUS-1-5-21-1043056270-1798009061-3640862498-1004SoftwareMicrosoftWindowsCurrentVersionInternet Settings: “ProxyEnable” = 0
    IE – HKUS-1-5-21-1043056270-1798009061-3640862498-1004SoftwareMicrosoftWindowsCurrentVersionInternet Settings: “ProxyOverride” = *.local;127.0.0.1:9421;

    ========== FireFox ==========

    FF – prefs.js..browser.search.defaultenginename: “AVG Secure Search”
    FF – prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.51
    FF – prefs.js..extensions.enabledItems: {12B5FEAA-16C9-4DE9-98A0-83D6FE5B1316}:2.0.54.0
    FF – prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.9.0.9216
    FF – prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
    FF – prefs.js..extensions.enabledItems: avg@toolbar:11.1.0.12
    FF – prefs.js..keyword.URL: “http://isearch.avg.com/search?cid=%7Ba09b7265-a9b3-4f3d-80d6-6389feff1f5b%7D&mid=827c94f3b953c2161707c680c17db71e-1fd6ce85b3ccfa0cc5a4b477c3b5ffcb610695e7&ds=AVG&v=11.1.0.12&lang=us&pr=fr&d=2011-12-08%2011%3A24%3A48&sap=ku&q=”
    FF – user.js – File not found

    FF – HKLMSoftwareMozillaPlugins@adobe.com/FlashPlayer: C:Windowssystem32MacromedFlashNPSWF32.dll ()
    FF – HKLMSoftwareMozillaPlugins@Apple.com/iTunes,version=: File not found
    FF – HKLMSoftwareMozillaPlugins@Apple.com/iTunes,version=1.0: C:Program FilesiTunesMozilla Pluginsnpitunes.dll ()
    FF – HKLMSoftwareMozillaPlugins@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:Program FilesCommon FilesAVG Secure SearchSiteSafetyInstaller11.2.0\npsitesafety.dll ()
    FF – HKLMSoftwareMozillaPlugins@garmin.com/GpsControl: C:Program FilesGarmin GPS PluginnpGarmin.dll (GARMIN Corp.)
    FF – HKLMSoftwareMozillaPlugins@java.com/JavaPlugin: C:Program FilesJavajre6binnew_pluginnpjp2.dll (Sun Microsystems, Inc.)
    FF – HKLMSoftwareMozillaPlugins@microsoft.com/GENUINE: disabled File not found
    FF – HKLMSoftwareMozillaPlugins@Microsoft.com/NpCtrl,version=1.0: c:Program FilesMicrosoft Silverlight4.1.10111.0npctrl.dll ( Microsoft Corporation)
    FF – HKCUSoftwareMozillaPlugins@tools.google.com/Google Update;version=3: C:UsersMatejaAppDataLocalGoogleUpdate1.3.21.115npGoogleUpdate3.dll (Google Inc.)
    FF – HKCUSoftwareMozillaPlugins@tools.google.com/Google Update;version=9: C:UsersMatejaAppDataLocalGoogleUpdate1.3.21.115npGoogleUpdate3.dll (Google Inc.)

    FF – HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:Program FilesNokiaNokia Ovi SuiteConnectorsBookmarks ConnectorFirefoxExtension [2011/02/11 15:06:39 | 000,000,000 | —D | M]
    FF – HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:Program FilesAVGAVG10Firefox4 [2012/02/02 19:23:27 | 000,000,000 | —D | M]
    FF – HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions\avg@toolbar: C:ProgramDataAVG Secure Search11.1.0.12 [2012/07/12 19:32:49 | 000,000,000 | —D | M]
    FF – HKEY_LOCAL_MACHINEsoftwaremozillaMozilla Firefox 3.6.25extensions\Components: C:Program FilesMozilla Firefoxcomponents [2012/02/19 14:05:29 | 000,000,000 | —D | M]
    FF – HKEY_LOCAL_MACHINEsoftwaremozillaMozilla Firefox 3.6.25extensions\Plugins: C:Program FilesMozilla Firefoxplugins [2012/02/19 14:05:29 | 000,000,000 | —D | M]
    FF – HKEY_LOCAL_MACHINEsoftwaremozillaThunderbirdExtensions\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:Program FilesNokiaNokia Ovi SuiteConnectorsThunderbird ConnectorThunderbirdExtension [2011/02/11 15:06:39 | 000,000,000 | —D | M]

    [2010/06/23 14:47:56 | 000,000,000 | —D | M] (No name found) — C:UsersMatejaAppDataRoamingmozillaExtensions
    [2012/01/22 21:37:00 | 000,000,000 | —D | M] (No name found) — C:UsersMatejaAppDataRoamingmozillaFirefoxProfilesrfmwrfe8.defaultextensions
    [2011/02/15 12:32:31 | 000,000,000 | —D | M] (Hermes SoftLab DigSigSDK) — C:UsersMatejaAppDataRoamingmozillaFirefoxProfilesrfmwrfe8.defaultextensions{12B5FEAA-16C9-4DE9-98A0-83D6FE5B1316}
    [2011/11/24 20:07:29 | 000,000,000 | —D | M] (No name found) — C:Program Filesmozilla firefoxextensions
    [2012/03/09 21:30:19 | 000,000,000 | —D | M] (Skype Click to Call) — C:Program Filesmozilla firefoxextensions{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2011/11/24 20:07:29 | 000,000,000 | —D | M] (Java Console) — C:Program Filesmozilla firefoxextensions{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
    [2011/02/11 15:06:39 | 000,000,000 | —D | M] (Firefox Synchronisation Extension) — C:PROGRAM FILESNOKIANOKIA OVI SUITECONNECTORSBOOKMARKS CONNECTORFIREFOXEXTENSION
    [2012/07/12 19:32:49 | 000,000,000 | —D | M] (AVG Security Toolbar) — C:PROGRAMDATAAVG SECURE SEARCH11.1.0.12
    [2011/10/03 06:06:04 | 000,476,904 | —- | M] (Sun Microsystems, Inc.) — C:Program Filesmozilla firefoxpluginsnpdeployJava1.dll
    [2011/10/26 20:49:56 | 000,012,800 | —- | M] (Nullsoft, Inc.) — C:Program Filesmozilla firefoxpluginsnpwachk.dll
    [2012/07/12 19:32:37 | 000,003,767 | —- | M] () — C:Program Filesmozilla firefoxsearchpluginsavg-secure-search.xml
    [2012/02/19 14:05:27 | 000,010,799 | —- | M] () — C:Program Filesmozilla firefoxsearchpluginsceneji.xml
    [2012/02/19 14:05:27 | 000,003,584 | —- | M] () — C:Program Filesmozilla firefoxsearchpluginsodpiralni.xml
    [2012/02/19 14:05:27 | 000,006,155 | —- | M] () — C:Program Filesmozilla firefoxsearchpluginstwitter.xml
    [2012/02/19 14:05:27 | 000,001,328 | —- | M] () — C:Program Filesmozilla firefoxsearchpluginswikipedia-sl.xml

    O1 HOSTS File: ([2010/03/29 13:54:11 | 000,001,276 | —- | M]) – C:WindowsSystem32driversetchosts
    O1 – Hosts: 127.0.0.1 practivate.adobe.com
    O1 – Hosts: 127.0.0.1 ereg.adobe.com
    O1 – Hosts: 127.0.0.1 activate.wip3.adobe.com
    O1 – Hosts: 127.0.0.1 wip3.adobe.com
    O1 – Hosts: 127.0.0.1 3dns-3.adobe.com
    O1 – Hosts: 127.0.0.1 3dns-2.adobe.com
    O1 – Hosts: 127.0.0.1 adobe-dns.adobe.com
    O1 – Hosts: 127.0.0.1 adobe-dns-2.adobe.com
    O1 – Hosts: 127.0.0.1 adobe-dns-3.adobe.com
    O1 – Hosts: 127.0.0.1 ereg.wip3.adobe.com
    O1 – Hosts: 127.0.0.1 activate-sea.adobe.com
    O1 – Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
    O1 – Hosts: 127.0.0.1 activate-sjc0.adobe.com
    O1 – Hosts: 127.0.0.1 activate.adobe.com
    O2 – BHO: (AVG Safe Search) – {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} – C:Program FilesAVGAVG10avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 – BHO: (AVG Security Toolbar) – {95B7759C-8C7F-4BF1-B163-73684A933233} – C:Program FilesAVG Secure Search11.1.0.12AVG Secure Search_toolbar.dll ()
    O2 – BHO: (Skype Browser Helper) – {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} – C:Program FilesSkypeToolbarsInternet Explorerskypeieplugin.dll (Skype Technologies S.A.)
    O3 – HKLM..Toolbar: (AVG Security Toolbar) – {95B7759C-8C7F-4BF1-B163-73684A933233} – C:Program FilesAVG Secure Search11.1.0.12AVG Secure Search_toolbar.dll ()
    O3 – HKLM..Toolbar: (no name) – {CCC7A320-B3CA-4199-B1A6-9F516DD69829} – No CLSID value found.
    O3 – HKLM..Toolbar: (no name) – Locked – No CLSID value found.
    O3 – HKUS-1-5-21-1043056270-1798009061-3640862498-1004..ToolbarWebBrowser: (no name) – {21FA44EF-376D-4D53-9B0F-8A89D3229068} – No CLSID value found.
    O3 – HKUS-1-5-21-1043056270-1798009061-3640862498-1004..ToolbarWebBrowser: (no name) – {47833539-D0C5-4125-9FA8-0819E2EAAC93} – No CLSID value found.
    O3 – HKUS-1-5-21-1043056270-1798009061-3640862498-1004..ToolbarWebBrowser: (no name) – {CCC7A320-B3CA-4199-B1A6-9F516DD69829} – No CLSID value found.
    O3 – HKUS-1-5-21-1043056270-1798009061-3640862498-1004..ToolbarWebBrowser: (no name) – {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} – No CLSID value found.
    O4 – HKLM..Run: [AutoEJCD_0ACE20FF] C:Program FilesAutoInstallZD1211B_Auto_Install_CD_Only_Gen_0ACE20FFAutoEJCD.EXE ()
    O4 – HKLM..Run: [AVG_TRAY] C:Program FilesAVGAVG10avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 – HKLM..Run: [IMSS] C:Program FilesIntelIntel(R) Management Engine ComponentsIMSSPIconStartup.exe ()
    O4 – HKLM..Run: [Kernel and Hardware Abstraction Layer] C:WindowsKHALMNPR.Exe (Logitech, Inc.)
    O4 – HKLM..Run: [Launch Backup Service Once] C:Program FilesLenovoRescue and Recoveryrrstrigger.exe ()
    O4 – HKLM..Run: [LogitechQuickCamRibbon] C:Program FilesLogitechLogitech WebCam SoftwareLWS.exe ()
    O4 – HKLM..Run: [Message Center Plus] C:Program FilesLENOVOMessage Center PlusMCPLaunch.exe ()
    O4 – HKLM..Run: [Mouse Suite 98 Daemon] C:Program FilesLenovoMouse SuiteICO.EXE (Primax Electronics Ltd.)
    O4 – HKLM..Run: [Power Manager Power Agenda] C:PROGRA~1ThinkPadUTILIT~1DPMHost.exe ()
    O4 – HKLM..Run: [PWMTRV] rundll32 C:PROGRA~1ThinkPadUTILIT~1PWMTR32V.DLL,PwrMgrBkGndMonitor File not found
    O4 – HKLM..Run: [ROC_roc_dec12] C:Program FilesAVG Secure SearchROC_roc_dec12.exe ()
    O4 – HKLM..Run: [vProt] C:Program FilesAVG Secure Searchvprot.exe ()
    O4 – HKUS-1-5-21-1043056270-1798009061-3640862498-1004..Run: [Akamai NetSession Interface] C:UsersMatejaAppDataLocalAkamainetsession_win.exe (Akamai Technologies, Inc.)
    O4 – HKUS-1-5-21-1043056270-1798009061-3640862498-1004..Run: [Logitech Vid] C:Program FilesLogitechLogitech Vidvid.exe (Logitech Inc.)
    O4 – HKUS-1-5-19..RunOnce: [mctadmin] C:WindowsSystem32mctadmin.exe (Microsoft Corporation)
    O4 – HKUS-1-5-20..RunOnce: [mctadmin] C:WindowsSystem32mctadmin.exe (Microsoft Corporation)
    O6 – HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorAdmin = 5
    O6 – HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorUser = 3
    O7 – HKUS-1-5-21-1043056270-1798009061-3640862498-1004SOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 0
    O8 – Extra context menu item: Append Link Target to Existing PDF – res://C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
    O8 – Extra context menu item: E&xport to Microsoft Excel – res://C:PROGRA~1MICROS~1Office12EXCEL.EXE/3000 File not found
    O9 – Extra Button: Skype Click to Call – {898EA8C8-E7FF-479B-8935-AEC46303B9E5} – C:Program FilesSkypeToolbarsInternet Explorerskypeieplugin.dll (Skype Technologies S.A.)
    O9 – Extra ‘Tools’ menuitem : Skype Click to Call – {898EA8C8-E7FF-479B-8935-AEC46303B9E5} – C:Program FilesSkypeToolbarsInternet Explorerskypeieplugin.dll (Skype Technologies S.A.)
    O10 – NameSpace_Catalog5Catalog_Entries00000000008 [] – C:Program FilesBonjourmdnsNSP.dll (Apple Inc.)
    O13 – gopher Prefix: missing
    O16 – DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
    O16 – DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 – DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
    O16 – DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 – DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 – DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.1.1 192.168.1.1
    O17 – HKLMSystemCCSServicesTcpipParametersInterfaces{14A0D4F0-850B-487A-B7B4-8E93FD231341}: DhcpNameServer = 192.168.1.1 192.168.1.1
    O17 – HKLMSystemCCSServicesTcpipParametersInterfaces{855473E8-93B9-43B6-9FAC-A0960DFCD68C}: DhcpNameServer = 195.34.133.21 195.34.133.22
    O17 – HKLMSystemCCSServicesTcpipParametersInterfaces{8662691B-B9BB-4C7C-B0F1-3740E3A0FF48}: DhcpNameServer = 192.168.1.1 192.168.1.1
    O18 – ProtocolHandlerlinkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} – C:Program FilesAVGAVG10avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 – ProtocolHandlerskype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} – C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL (Skype Technologies)
    O18 – ProtocolHandlerskype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} – C:Program FilesSkypeToolbarsInternet Explorerskypeieplugin.dll (Skype Technologies S.A.)
    O18 – ProtocolHandlerviprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} – C:Program FilesCommon FilesAVG Secure SearchViProtocolInstaller11.2.0ViProtocol.dll ()
    O20 – HKLM Winlogon: Shell – (explorer.exe) – C:Windowsexplorer.exe (Microsoft Corporation)
    O20 – HKLM Winlogon: UserInit – (C:Windowssystem32userinit.exe) – C:WindowsSystem32userinit.exe (Microsoft Corporation)
    O20 – HKLM Winlogon: VMApplet – (SystemPropertiesPerformance.exe) – C:WindowsSystem32SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 – HKLM Winlogon: VMApplet – (/pagefile) – File not found
    O20 – WinlogonNotifyLBTWlgn: DllName – (c:program filescommon fileslogishrdbluetoothLBTWlgn.dll) – c:program filescommon fileslogishrdbluetoothLBTWlgn.dll (Logitech, Inc.)
    O21 – SSODL: WebCheck – {E6FB5E20-DE35-11CF-9C87-00AA005127ED} – No CLSID value found.
    O32 – HKLM CDRom: AutoRun – 1
    O32 – AutoRun File – [2009/06/10 23:42:20 | 000,000,024 | —- | M] () – C:autoexec.bat — [ NTFS ]
    O32 – AutoRun File – [2008/06/10 18:32:46 | 000,000,049 | -HS- | M] () – Q:AUTORUN.INF — [ NTFS ]
    O33 – MountPoints2{00d3d9ab-3b48-11df-9fae-002186fa0f16}Shell – “” = AutoRun
    O33 – MountPoints2{00d3d9ab-3b48-11df-9fae-002186fa0f16}ShellAutoRuncommand – “” = G:autorun.exe
    O33 – MountPoints2{1d1d34ca-22f7-11df-80dc-806e6f6e6963}Shell – “” = AutoRun
    O33 – MountPoints2{1d1d34ca-22f7-11df-80dc-806e6f6e6963}ShellAutoRuncommand – “” = Q:LenovoQDrive.exe — [2009/08/10 23:01:24 | 000,267,576 | -HS- | M] (Lenovo Group Limited)
    O33 – MountPoints2{535f5dd4-ba9f-11e0-ab68-002186fa0f16}Shell – “” = AutoRun
    O33 – MountPoints2{535f5dd4-ba9f-11e0-ab68-002186fa0f16}ShellAutoRuncommand – “” = D:Setup.exe
    O34 – HKLM BootExecute: (autocheck autochk *)
    O34 – HKLM BootExecute: (C:PROGRA~1AVGAVG10avgchsvx.exe /sync)
    O34 – HKLM BootExecute: (C:PROGRA~1AVGAVG10avgrsx.exe /sync /restart)
    O35 – HKLM..comfile [open] — “%1” %*
    O35 – HKLM..exefile [open] — “%1” %*
    O37 – HKLM…com [@ = comfile] — “%1” %*
    O37 – HKLM…exe [@ = exefile] — “%1” %*
    O38 – SubSystems\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 – SubSystems\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 – SubSystems\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders – Created Within 30 Days ==========

    [2012/09/09 14:59:53 | 000,000,000 | -HSD | C] — C:Config.Msi
    [2012/09/06 20:31:53 | 000,000,000 | —D | C] — C:UsersMatejaAppDataLocalLogiShrd
    [2012/08/29 16:28:11 | 000,598,528 | —- | C] (OldTimer Tools) — C:UsersMatejaDesktopOTL.exe
    [2012/08/29 13:44:23 | 000,000,000 | —D | C] — C:_SMA

    ========== Files – Modified Within 30 Days ==========

    [2012/09/11 18:30:05 | 000,001,070 | —- | M] () — C:WindowstasksGoogleUpdateTaskUserS-1-5-21-1043056270-1798009061-3640862498-1004UA.job
    [2012/09/11 18:20:40 | 000,016,976 | -H– | M] () — C:WindowsSystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/09/11 18:20:40 | 000,016,976 | -H– | M] () — C:WindowsSystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/09/11 18:19:31 | 000,607,530 | —- | M] () — C:WindowsSystem32perfh009.dat
    [2012/09/11 18:19:31 | 000,103,908 | —- | M] () — C:WindowsSystem32perfc009.dat
    [2012/09/11 18:18:22 | 094,530,750 | —- | M] () — C:WindowsSystem32driversAVGincavi.avm
    [2012/09/11 18:13:24 | 002,329,896 | —- | M] () — C:WindowsSystem32FNTCACHE.DAT
    [2012/09/11 18:13:17 | 000,067,584 | –S- | M] () — C:Windowsbootstat.dat
    [2012/09/11 18:13:08 | 2364,297,216 | -HS- | M] () — C:hiberfil.sys
    [2012/08/30 22:00:00 | 000,000,340 | —- | M] () — C:WindowstasksSystemToolsDailyTest.job
    [2012/08/30 17:06:16 | 000,513,995 | —- | M] () — C:WindowsSystem32driversAVGiavichjg.avm
    [2012/08/30 16:30:00 | 000,001,018 | —- | M] () — C:WindowstasksGoogleUpdateTaskUserS-1-5-21-1043056270-1798009061-3640862498-1004Core.job
    [2012/08/27 21:58:32 | 000,598,528 | —- | M] (OldTimer Tools) — C:UsersMatejaDesktopOTL.exe
    [2012/08/18 18:09:28 | 000,002,020 | —- | M] () — C:UsersMatejaDesktopMouse and Keyboard Settings.lnk

    ========== Files Created – No Company Name ==========

    [2012/08/18 18:09:28 | 000,002,020 | —- | C] () — C:UsersMatejaDesktopMouse and Keyboard Settings.lnk
    [2012/05/27 14:16:00 | 000,001,087 | —- | C] () — C:UsersMatejaSlike – Bližnjica.lnk
    [2012/04/17 23:37:33 | 000,684,513 | —- | C] () — C:UsersMatejaPhoto0068.jpg
    [2012/04/17 23:37:33 | 000,660,236 | —- | C] () — C:UsersMatejaPhoto0069.jpg
    [2011/02/15 12:29:40 | 000,004,387 | —- | C] () — C:UsersMatejaVarnostna_kop_cert.p12
    [2010/11/08 15:17:20 | 000,005,632 | —- | C] () — C:UsersMatejaAppDataLocalDCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/05/28 11:57:58 | 000,004,096 | -H– | C] () — C:UsersMatejaAppDataLocalkeyfile3.drm
    [2010/04/18 13:03:32 | 000,022,328 | —- | C] () — C:UsersMatejaAppDataRoamingPnkBstrK.sys

    Extras.txt

    OTL Extras logfile created on: 9/11/2012 6:44:15 PM – Run 4
    OTL by OldTimer – Version 3.2.59.1 Folder = C:UsersMatejaDesktop
    Professional (Version = 6.1.7600) – Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: Slovenija | Language: SLV | Date Format: d.M.yyyy

    2.94 Gb Total Physical Memory | 1.71 Gb Available Physical Memory | 58.08% Memory free
    5.87 Gb Paging File | 4.69 Gb Available in Paging File | 79.81% Paging File free
    Paging file location(s): ?:pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:Windows | %ProgramFiles% = C:Program Files
    Drive C: | 454.82 Gb Total Space | 181.98 Gb Free Space | 40.01% Space Free | Partition Type: NTFS
    Drive Q: | 9.77 Gb Total Space | 2.88 Gb Free Space | 29.45% Space Free | Partition Type: NTFS

    Computer Name: CRNI | User Name: Mateja | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========

    ========== File Associations ==========

    [HKEY_LOCAL_MACHINESOFTWAREClasses]
    .cpl [@ = cplfile] — C:WindowsSystem32control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] — C:Windowswinhlp32.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINESOFTWAREClassesshell[command]command]
    batfile [open] — “%1” %*
    cmdfile [open] — “%1” %*
    comfile [open] — “%1” %*
    cplfile [cplopen] — %SystemRoot%System32control.exe “%1”,%* (Microsoft Corporation)
    exefile [open] — “%1” %*
    helpfile [open] — Reg Error: Key error.
    hlpfile [open] — %SystemRoot%winhlp32.exe %1 (Microsoft Corporation)
    htmlfile [edit] — Reg Error: Key error.
    htmlfile [print] — rundll32.exe %windir%system32mshtml.dll,PrintHTML “%1”
    inffile [install] — %SystemRoot%System32InfDefaultInstall.exe “%1” (Microsoft Corporation)
    piffile [open] — “%1” %*
    regfile [merge] — Reg Error: Key error.
    scrfile [config] — “%1”
    scrfile [install] — rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] — “%1” /S
    txtfile [edit] — Reg Error: Key error.
    Unknown [openas] — %SystemRoot%system32rundll32.exe %SystemRoot%system32shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] — “C:Program FilesVideoLANVLCvlc.exe” –started-from-file –playlist-enqueue “%1” ()
    Directory [cmd] — cmd.exe /s /k pushd “%V” (Microsoft Corporation)
    Directory [find] — %SystemRoot%Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] — “C:Program FilesVideoLANVLCvlc.exe” –started-from-file –no-playlist-enqueue “%1” ()
    Directory [Winamp.Bookmark] — “C:Program FilesWinampwinamp.exe” /BOOKMARK “%1” (Nullsoft, Inc.)
    Directory [Winamp.Enqueue] — “C:Program FilesWinampwinamp.exe” /ADD “%1” (Nullsoft, Inc.)
    Directory [Winamp.Play] — “C:Program FilesWinampwinamp.exe” “%1” (Nullsoft, Inc.)
    Folder [open] — %SystemRoot%Explorer.exe (Microsoft Corporation)
    Folder [explore] — Reg Error: Value error.
    Drive [find] — %SystemRoot%Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center]
    “cval” = 1

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoring]

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterSvc]
    “VistaSp1” = Reg Error: Unknown registry data type — File not found
    “AntiVirusOverride” = 0
    “AntiSpywareOverride” = 0
    “FirewallOverride” = 0

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterSvcVol]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfile]
    “DisableNotifications” = 0
    “EnableFirewall” = 1

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfile]
    “DisableNotifications” = 0
    “EnableFirewall” = 1

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyPublicProfile]
    “DisableNotifications” = 0
    “EnableFirewall” = 1

    ========== Authorized Applications List ==========

    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyFirewallRules]
    “{333EAEED-38CC-473F-A57C-5B5A63B00248}” = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%system32spoolsv.exe |
    “{468130D8-6C36-4842-ACDD-B2064F61DC93}” = rport=137 | protocol=17 | dir=out | app=system |
    “{729B445F-3EB6-4CA5-AC8A-EDAF2AE5E2EE}” = rport=139 | protocol=6 | dir=out | app=system |
    “{952806DA-FCF8-44E5-A5C8-7518336657F0}” = lport=137 | protocol=17 | dir=in | app=system |
    “{BEF6D7B7-AC76-4E7E-B464-DFC02E998D2A}” = rport=445 | protocol=6 | dir=out | app=system |
    “{C364EBB0-7EC6-4F64-B834-7F05E4264250}” = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    “{C4EBB297-479B-4D8E-947A-7EB25B48132D}” = rport=138 | protocol=17 | dir=out | app=system |
    “{DDC074D6-27AD-452F-9EC5-1F64C61841D2}” = lport=445 | protocol=6 | dir=in | app=system |
    “{E0613A1A-CFAC-4A88-81F9-016C3B1CC1E6}” = lport=138 | protocol=17 | dir=in | app=system |
    “{E4953274-9106-488C-93A1-FF7F5DB70909}” = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%system32svchost.exe |
    “{F609C9EB-CB6F-4F6A-AA11-CAD9FF014D47}” = lport=139 | protocol=6 | dir=in | app=system |
    “{FA17BC34-E1A2-444C-A651-2A12385360E6}” = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%system32svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyFirewallRules]
    “{01C15D8F-7291-473D-AEDF-9CAE42484533}” = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    “{02D4E20D-345F-4EA4-B4D8-6164DDB5569D}” = protocol=17 | dir=in | app=c:program filesavgavg10avgnsx.exe |
    “{09B78E16-4437-4439-97C7-FCBF262DFD3C}” = protocol=17 | dir=in | app=c:program filesavgavg10avgemcx.exe |
    “{0DA1F044-7397-4147-8B7C-D8325E5B7314}” = dir=in | app=c:program filesskypephoneskype.exe |
    “{116C8602-268A-4F5B-98BC-C2540A1C9DD9}” = protocol=17 | dir=in | app=%programfiles%windows media playerwmplayer.exe |
    “{1A4E2860-8948-4F3F-B4B1-0399ACA51F25}” = protocol=17 | dir=out | app=%programfiles%windows media playerwmplayer.exe |
    “{3789B5C3-54F3-4C74-A35F-49B3BC968AD1}” = dir=in | app=c:program filesnokianokia ovi suitenokiaovisuite.exe |
    “{39C70184-59E7-454A-B5DE-6054234B7D42}” = protocol=17 | dir=in | app=c:program fileselectronic artsbattlefield bad company 2bfbc2updater.exe |
    “{3DA2E7F1-B74D-4981-8B20-6EC6D4B6502D}” = protocol=6 | dir=in | app=c:program filesavgavg10avgnsx.exe |
    “{43E8376A-5738-4A36-8998-1E91D2AD8795}” = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    “{460C10B2-D3AC-4287-A9ED-670B95B5BF1F}” = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    “{474D98FA-344E-4EE5-9605-893F0AF29287}” = protocol=6 | dir=in | app=c:program filesavgavg10avgmfapx.exe |
    “{4F3C5C4A-755A-43C4-B9CD-B4ED7D9519B9}” = protocol=6 | dir=in | app=c:program filesavgavg10avgemcx.exe |
    “{5C4216F5-14F9-4DF8-88DE-C5FBE0F9097F}” = protocol=17 | dir=in | app=c:windowssystem32pnkbstra.exe |
    “{6C3B04F5-E882-46A7-8CCF-6E762263BC99}” = protocol=6 | dir=in | app=c:program fileselectronic artsbattlefield bad company 2bfbc2updater.exe |
    “{6DE9BA40-20E9-4DDA-84E4-C4ABF3C4E797}” = protocol=6 | dir=in | app=c:windowssystem32pnkbstrb.exe |
    “{7DB2EC20-722B-4749-8924-0BBAD40AFBEE}” = protocol=6 | dir=in | app=c:program fileslenovosystem updateuncserver.exe |
    “{83294C1F-F4BA-41B9-8C5C-FEABB7C54CF0}” = protocol=17 | dir=in | app=c:program filesbonjourmdnsresponder.exe |
    “{85B776EB-E0E5-463C-A0AE-5109506F4E98}” = protocol=6 | dir=in | app=c:program filesbonjourmdnsresponder.exe |
    “{8E64FB90-6578-44F4-AE8A-9FB639118C41}” = protocol=6 | dir=in | app=c:program filesavgavg10avgnsx.exe |
    “{946900B6-5955-4B3A-B983-3B684B3DA699}” = protocol=6 | dir=in | app=c:program fileslogitechlogitech vidvid.exe |
    “{99CD7EDC-1DB8-4EE1-A038-81CD0998ABE6}” = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    “{9E83DD66-1472-4C2B-A471-D1D2B9F626B5}” = protocol=17 | dir=in | app=c:program fileslogitechlogitech vidvid.exe |
    “{A1B9E271-F9E9-45DF-B0EC-429EF6DD58DB}” = protocol=17 | dir=in | app=c:usersmatejaappdatalocalakamainetsession_win.exe |
    “{A202F250-6270-4DDD-B25D-B84C5503BECB}” = protocol=6 | dir=in | app=c:program filesavgavg10avgemcx.exe |
    “{A7FBB667-5619-469C-8BA2-B64C7C2AD6EA}” = protocol=6 | dir=in | app=c:program filesavgavg10avgmfapx.exe |
    “{B2449CAD-522A-4A0F-ACAA-323E1752A32B}” = protocol=6 | dir=in | app=c:program filesteamviewerversion6teamviewer.exe |
    “{B2B57C50-0A69-4F99-A21D-1924841651FA}” = protocol=6 | dir=in | app=c:usersmatejaappdatalocalakamainetsession_win.exe |
    “{B2E2EB96-B023-4457-864B-913EC8292A5E}” = protocol=17 | dir=in | app=c:program filesavgavg10avgemcx.exe |
    “{B60E7015-6035-41CB-9665-43B78E051361}” = dir=in | app=c:program filescommon filesnokiaservice layeransl_host_process.exe |
    “{B94FC9E9-DD07-4824-86CF-9D2907A7B81D}” = protocol=6 | dir=out | app=%programfiles%windows media playerwmplayer.exe |
    “{BC67B913-85B1-44E4-A533-ED7E1FD66422}” = protocol=6 | dir=in | app=c:program filesavgavg10avgdiagex.exe |
    “{BEC04389-443D-4A26-AFB8-3D597A398547}” = dir=in | app=c:program filesitunesitunes.exe |
    “{D2ADEE22-0271-47E0-982D-B5C4BC27043A}” = protocol=17 | dir=in | app=c:windowssystem32pnkbstrb.exe |
    “{E19E3549-9946-4648-B09B-751154003477}” = protocol=17 | dir=in | app=c:program filesavgavg10avgdiagex.exe |
    “{E31585D8-8300-415A-9B91-7958812DDEE0}” = protocol=17 | dir=in | app=c:program filesavgavg10avgnsx.exe |
    “{E473A1EA-837E-47BE-A6FA-F3B319E04957}” = protocol=17 | dir=in | app=c:program filesteamviewerversion6teamviewer.exe |
    “{EBF4781E-CCE6-4375-A56F-FA0591398C39}” = protocol=17 | dir=in | app=c:program filesteamviewerversion6teamviewer_service.exe |
    “{EE7531C5-0C6C-41FB-9B70-A4B18E9BEE6F}” = protocol=6 | dir=in | app=c:program filesteamviewerversion6teamviewer_service.exe |
    “{F26FBF49-6DF7-452F-92A0-429897669D58}” = protocol=17 | dir=in | app=c:program filesbonjourmdnsresponder.exe |
    “{F522D64D-0BBF-492D-A0C9-F32271967452}” = protocol=17 | dir=in | app=c:program filesavgavg10avgmfapx.exe |
    “{F81765D4-79D1-4969-8B95-E011D5447931}” = protocol=6 | dir=in | app=c:program filesbonjourmdnsresponder.exe |
    “{F87EA6FC-06F4-4C4B-A507-FCFF3C4EDA82}” = protocol=17 | dir=in | app=c:program fileslenovosystem updateuncserver.exe |
    “{F8995668-FC4A-4DFD-8D82-E2CF77CD5FE3}” = protocol=17 | dir=in | app=c:program filesavgavg10avgmfapx.exe |
    “{F89EC113-B7F6-41B5-AA80-03F009FD6772}” = dir=in | app=c:program filesnokianokia ovi suitenokiaovisuite.exe |
    “{F9AA3E56-CE23-480B-B227-81BE32FD52F8}” = protocol=6 | dir=in | app=c:windowssystem32pnkbstra.exe |
    “{FB6D86DB-8F39-4EC7-A803-B4AE443DA77B}” = dir=in | app=c:program filescommon filesnokiaservice layeransl_host_process.exe |
    “TCP Query User{0B639AAC-FE1F-4986-8278-4851FA172F8A}C:program filesutorrentutorrent.exe” = protocol=6 | dir=in | app=c:program filesutorrentutorrent.exe |
    “TCP Query User{32DD3A1F-4271-4AD7-B554-A2762B2D757E}C:program filesvideolanvlcvlc.exe” = protocol=6 | dir=in | app=c:program filesvideolanvlcvlc.exe |
    “TCP Query User{491F48F6-F213-40C5-9DD1-D8A1EF9625BF}C:program filesutorrentutorrent.exe” = protocol=6 | dir=in | app=c:program filesutorrentutorrent.exe |
    “TCP Query User{6C79178B-EA0F-49E4-B087-95A542473162}C:usersmatejaappdatalocalgooglechromeapplicationchrome.exe” = protocol=6 | dir=in | app=c:usersmatejaappdatalocalgooglechromeapplicationchrome.exe |
    “TCP Query User{790CCC12-83C4-426A-B7BF-C77C8DACE412}C:usersmatejadownloadscod1call of duty 1call of dutycall of duty 1codmp.exe” = protocol=6 | dir=in | app=c:usersmatejadownloadscod1call of duty 1call of dutycall of duty 1codmp.exe |
    “TCP Query User{8F6BDDF7-4C5E-4331-9E02-F5E4E6748CE8}C:program fileswinampwinamp.exe” = protocol=6 | dir=in | app=c:program fileswinampwinamp.exe |
    “TCP Query User{9B5FA1D7-5532-4D80-B809-D3D8A790538B}C:program filesinternet exploreriexplore.exe” = protocol=6 | dir=in | app=c:program filesinternet exploreriexplore.exe |
    “TCP Query User{AEB29DD1-8738-4328-8A02-819537CF45F1}C:program filesinternet exploreriexplore.exe” = protocol=6 | dir=in | app=c:program filesinternet exploreriexplore.exe |
    “TCP Query User{C4A004AF-2D55-4F70-92A1-F3480067C9B0}C:usersmatejaappdataroamingmacromediaflash playerwww.macromedia.combinoctoshapeoctoshape.exe” = protocol=6 | dir=in | app=c:usersmatejaappdataroamingmacromediaflash playerwww.macromedia.combinoctoshapeoctoshape.exe |
    “UDP Query User{04A71F5E-3B46-415E-B26D-2F6C1C29DB89}C:program filesvideolanvlcvlc.exe” = protocol=17 | dir=in | app=c:program filesvideolanvlcvlc.exe |
    “UDP Query User{1F7B3CCD-AA99-4545-A6E4-FEE579307379}C:program filesinternet exploreriexplore.exe” = protocol=17 | dir=in | app=c:program filesinternet exploreriexplore.exe |
    “UDP Query User{3A2074F5-048A-4BDB-A771-9508CF14BEE2}C:program filesutorrentutorrent.exe” = protocol=17 | dir=in | app=c:program filesutorrentutorrent.exe |
    “UDP Query User{691FDBDB-128A-4DF9-8D83-FB33427CDBAE}C:usersmatejaappdatalocalgooglechromeapplicationchrome.exe” = protocol=17 | dir=in | app=c:usersmatejaappdatalocalgooglechromeapplicationchrome.exe |
    “UDP Query User{A47ECA15-934D-45DD-9237-08C1B3FD975C}C:usersmatejaappdataroamingmacromediaflash playerwww.macromedia.combinoctoshapeoctoshape.exe” = protocol=17 | dir=in | app=c:usersmatejaappdataroamingmacromediaflash playerwww.macromedia.combinoctoshapeoctoshape.exe |
    “UDP Query User{B497EBB0-64AD-450B-B541-A9160047C807}C:program fileswinampwinamp.exe” = protocol=17 | dir=in | app=c:program fileswinampwinamp.exe |
    “UDP Query User{C3B60592-6A88-4B79-AF35-022CBE0AB7D5}C:program filesutorrentutorrent.exe” = protocol=17 | dir=in | app=c:program filesutorrentutorrent.exe |
    “UDP Query User{F0AD559E-664B-4F52-BD6A-C09FFAF23971}C:program filesinternet exploreriexplore.exe” = protocol=17 | dir=in | app=c:program filesinternet exploreriexplore.exe |
    “UDP Query User{F1DF7A87-5245-4BB3-9F38-D00A98D4E815}C:usersmatejadownloadscod1call of duty 1call of dutycall of duty 1codmp.exe” = protocol=17 | dir=in | app=c:usersmatejadownloadscod1call of duty 1call of dutycall of duty 1codmp.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstall]
    “{08600005-5228-4BF6-845E-E9A957AFDCB4}” = OviMPlatform
    “{0C826C5B-B131-423A-A229-C71B3CACCD6A}” = CDDRV_Installer
    “{1C9FE8CC-2578-41E6-AB28-3B927B055224}” = Windows Live – Pomocnik za vpis
    “{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}” = Microsoft Visual C++ 2008 Redistributable – x86 9.0.30729.4148
    “{25C64847-B900-48AD-A164-1B4F9B774650}” = System Update
    “{26A24AE4-039D-4CA4-87B4-2F83216017FF}” = Java(TM) 6 Update 29
    “{28191B83-1D60-44B6-9B08-E854EF6632D5}” = Ovi Desktop Sync Engine
    “{3101CB58-3482-4D21-AF1A-7057FC935355}” = KhalInstallWrapper
    “{3553E875-F00E-4031-BDEC-75FB1DFEB093}” = Nokia Ovi Suite Software Updater
    “{3FC42713-B6E7-49AA-A553-A224FE9828A8}” = Nokia Ovi Suite
    “{4216D328-0FE8-48B8-85B8-BD300E6F080F}” = Nokia Connectivity Cable Driver
    “{4A03706F-666A-4037-7777-5F2748764D10}” = Java Auto Updater
    “{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}” = Logitech Vid
    “{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}” = Create Recovery Media
    “{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}” = Microsoft SQL Server Setup Support Files (English)
    “{549CE1BD-88E4-4C5E-BF75-B155624714CC}” = Belkin USB Wireless Adaptor
    “{56B4002F-671C-49F4-984C-C760FE3806B5}” = Microsoft SQL Server VSS Writer
    “{56C049BE-79E9-4502-BEA7-9754A3E60F9B}” = neroxml
    “{57752979-A1C9-4C02-856B-FBB27AC4E02C}” = QuickTime
    “{5DB65884-C963-4454-AABA-4CA3089281FA}” = NVIDIA PhysX
    “{65153EA5-8B6E-43B6-857B-C6E4FC25798A}” = Intel(R) Management Engine Components
    “{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}” = Garmin USB Drivers
    “{6956856F-B6B3-4BE0-BA0B-8F495BE32033}” = Apple Software Update
    “{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}” = Windows Media Player Firefox Plugin
    “{6AFCA4E1-9B78-3640-8F72-A7BF33448200}” = Microsoft Visual C++ 2008 Redistributable – x86 9.0.30729
    “{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}” = MSVC80_x86_v2
    “{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}” = Microsoft Visual C++ 2005 Redistributable
    “{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}” = Norton Internet Security
    “{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}” = iTunes
    “{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}” = Microsoft Silverlight
    “{95120000-00B9-0409-0000-0000000FF1CE}” = Microsoft Application Error Reporting
    “{9A25302D-30C0-39D9-BD6F-21E6EC160475}” = Microsoft Visual C++ 2008 Redistributable – x86 9.0.30729.17
    “{9BE518E6-ECC6-35A9-88E4-87755C07200F}” = Microsoft Visual C++ 2008 Redistributable – x86 9.0.30729.6161
    “{A498D9EB-927B-459B-85D6-DD6EF8C2C564}” = erLT
    “{AF111648-99A1-453E-81DD-80DBBF6DAD0D}” = MSVC90_x86
    “{B1EE1CC5-6CED-4801-BFFF-8454F21A245A}” = Garmin Communicator Plugin
    “{B3575D00-27EF-49C2-B9E0-14B3D954E992}” = Apple Application Support
    “{B383F243-0ABC-4E56-AA30-923B8D85076E}” = Rescue and Recovery
    “{B6CF2967-C81E-40C0-9815-C05774FEF120}” = Skype Click to Call
    “{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}” = Microsoft SQL Server Native Client
    “{C23CD6DA-1958-43A5-ADD0-59396572E02E}” = Apple Mobile Device Support
    “{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}” = Logitech Webcam Software
    “{C2E4B5BD-32DB-4817-A060-341AB17C3F90}” = Bonjour
    “{C8FC7066-4457-4365-9BDF-4E439BF703C8}” = AVG 2011
    “{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}” = PC Connectivity Solution
    “{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}” = ThinkVantage Power Manager
    “{E533E637-FB3E-4F28-8B18-449CC9AB7235}” = AVG 2011
    “{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}” = Skype™ 5.10
    “{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}” = Realtek High Definition Audio Driver
    “{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}” = Logitech SetPoint
    “{F333A33D-125C-32A2-8DCE-5C5D14231E27}” = Visual C++ 2008 x86 Runtime – (v9.0.30729)
    “{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01” = Visual C++ 2008 x86 Runtime – v9.0.30729.01
    “{F8A9085D-4C7A-41a9-8A77-C8998A96C421}” = Intel(R) Control Center
    “{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}” = Message Center Plus
    “0134DA19E49BF25E588E062BF3AF5B52A1FB0570” = Windows Driver Package – Intel System (06/04/2009 9.1.1.1013)
    “0F85FF5427F83EBFD8D26A476513F129AA6A9BDE” = Windows Driver Package – Realtek Semiconductor Corp. HD Audio Driver (11/09/2009 6.0.1.5977)
    “1AE98C75AE2DD1284F66876FA76F46BFDF6B9D31” = Windows Driver Package – Intel hdc (06/04/2009 7.0.0.1013)
    “30A4777E896192B8D398199AE1AB235B69BAB26D” = Windows Driver Package – Intel (HECI) System (09/17/2009 6.0.0.1179)
    “4165529BF5F060D6DCE68D5EFB7C01F8C133A42B” = Windows Driver Package – Realtek Semiconductor Corp. HD Audio Driver (11/09/2009 6.0.1.5977)
    “49CF605F02C7954F4E139D18828DE298CD59217C” = Windows Driver Package – Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
    “504244733D18C8F63FF584AEB290E3904E791693” = Windows Driver Package – Nokia pccsmcfd (08/22/2008 7.0.0.0)
    “563601B59417ECE6367FFC9E33EF23D1E64AA350” = Windows Driver Package – Intel System (06/04/2009 9.1.1.1013)
    “746B3FA92A51BF163E30D6121404CCC057D4C12B” = Windows Driver Package – NVIDIA (nvlddmkm) Display (09/22/2009 8.16.11.9070)
    “971CFAB99B2A1B969F4D55F9A2AAC330B2A2551C” = Windows Driver Package – Intel (e1kexpress) Net (09/23/2009 11.2.19.0)
    “A7B0B8D913E4DC2FA0B31E392E1512A901CA66B9” = Windows Driver Package – Intel USB (08/20/2009 9.1.1.1020)
    “Adobe Flash Player ActiveX” = Adobe Flash Player 10 ActiveX
    “Adobe Flash Player Plugin” = Adobe Flash Player 10 Plugin
    “Akamai” = Akamai NetSession Interface Service
    “AVG” = AVG 2011
    “Chuzzle Deluxe” = Chuzzle Deluxe (remove only)
    “Cooking Academy 2” = Cooking Academy 2 (remove only)
    “Cooking Dash – DinerTown Studios” = Cooking Dash – DinerTown Studios (remove only)
    “D4577BB192DCD9AD7FB9C09EFCCBE8CC15ED70BF” = Windows Driver Package – NVIDIA Corporation (NVHDA) MEDIA (08/11/2009 1.00.00.58)
    “Diner Dash Hometown Hero Gourmet” = Diner Dash Hometown Hero Gourmet (remove only)
    “E7B58217635B8F723D4744A328A4B3237DB35FA9” = Windows Driver Package – Intel System (06/04/2009 1.0.0.0002)
    “F46B861A702511B4B61AA6F81D8899BEDFE22EDD” = Windows Driver Package – Intel (Serial) Ports (09/17/2009 6.0.0.1179)
    “Go Go Gourmet – Chef of the Year” = Go Go Gourmet – Chef of the Year (remove only)
    “GTR Evolution_1.1.1.2_is1” = GTR Evolution
    “InstallShield_{549CE1BD-88E4-4C5E-BF75-B155624714CC}” = Belkin USB Wireless Adaptor
    “Lenovo Welcome_is1” = Lenovo Welcome
    “LUXOR Adventures Bundle” = LUXOR Adventures Bundle (remove only)
    “MouseSuite98” = Mouse Suite
    “Mozilla Firefox (3.6.25)” = Mozilla Firefox (3.6.25)
    “Nokia Ovi Suite” = Nokia Ovi Suite
    “NVIDIA Drivers” = NVIDIA Drivers
    “PC-Doctor for Windows” = Lenovo ThinkVantage Toolbox
    “PROSet” = Intel(R) Network Connections Drivers
    “SystemRequirementsLab” = System Requirements Lab
    “TagScanner_is1” = TagScanner 5.1.611
    “TeamViewer 6” = TeamViewer 6
    “uTorrent” = µTorrent
    “VLC media player” = VLC media player 2.0.2
    “Winamp” = Winamp
    “Zuma’s Revenge – Adventure” = Zuma’s Revenge – Adventure (remove only)

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERSS-1-5-21-1043056270-1798009061-3640862498-1004SOFTWAREMicrosoftWindowsCurrentVersionUninstall]
    “Akamai” = Akamai NetSession Interface
    “Google Chrome” = Google Chrome
    “Octoshape add-in for Adobe Flash Player” = Octoshape add-in for Adobe Flash Player
    “Winamp Detect” = Winamp Detector Plug-in

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error – 1/15/2012 8:47:39 AM | Computer Name = Crni | Source = SideBySide | ID = 16842827
    Description = Activation context generation failed for “C:Program FilesSkypeToolbarsInternet
    ExplorerSkypeIEPluginBroker.exe”.Error in manifest or policy file “C:Program
    FilesSkypeToolbarsInternet ExplorerSkypeIEPluginBroker.exe” on line 2. Multiple
    requestedPrivileges elements are not allowed in manifest.

    Error – 1/15/2012 8:48:11 AM | Computer Name = Crni | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for “c:Program FilesLenovoSystem
    UpdateInstaller64.exe”. Dependent Assembly Microsoft.VC80.CRT,processorArchitecture=”amd64″,publicKeyToken=”1fc8b3b9a1e18e3b”,type=”win32″,version=”8.0.50608.0″
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error – 1/16/2012 1:08:38 PM | Computer Name = Crni | Source = Microsoft-Windows-LoadPerf | ID = 3006
    Description = Unable to read the performance counter strings defined for the 024
    language ID. The first DWORD in the Data section contains the Win32 error code.

    Error – 1/16/2012 1:08:38 PM | Computer Name = Crni | Source = Microsoft-Windows-LoadPerf | ID = 3006
    Description = Unable to read the performance counter strings defined for the 024
    language ID. The first DWORD in the Data section contains the Win32 error code.

    Error – 1/17/2012 2:34:27 PM | Computer Name = Crni | Source = Microsoft-Windows-LoadPerf | ID = 3006
    Description = Unable to read the performance counter strings defined for the 024
    language ID. The first DWORD in the Data section contains the Win32 error code.

    Error – 1/17/2012 2:34:27 PM | Computer Name = Crni | Source = Microsoft-Windows-LoadPerf | ID = 3006
    Description = Unable to read the performance counter strings defined for the 024
    language ID. The first DWORD in the Data section contains the Win32 error code.

    Error – 1/18/2012 1:06:35 PM | Computer Name = Crni | Source = Microsoft-Windows-LoadPerf | ID = 3006
    Description = Unable to read the performance counter strings defined for the 024
    language ID. The first DWORD in the Data section contains the Win32 error code.

    Error – 1/18/2012 1:06:35 PM | Computer Name = Crni | Source = Microsoft-Windows-LoadPerf | ID = 3006
    Description = Unable to read the performance counter strings defined for the 024
    language ID. The first DWORD in the Data section contains the Win32 error code.

    Error – 1/18/2012 1:24:26 PM | Computer Name = Crni | Source = SideBySide | ID = 16842827
    Description = Activation context generation failed for “C:Program FilesSkypeToolbarsInternet
    ExplorerSkypeIEPluginBroker.exe”.Error in manifest or policy file “C:Program
    FilesSkypeToolbarsInternet ExplorerSkypeIEPluginBroker.exe” on line 2. Multiple
    requestedPrivileges elements are not allowed in manifest.

    Error – 1/18/2012 1:24:53 PM | Computer Name = Crni | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for “c:Program FilesLenovoSystem
    UpdateInstaller64.exe”. Dependent Assembly Microsoft.VC80.CRT,processorArchitecture=”amd64″,publicKeyToken=”1fc8b3b9a1e18e3b”,type=”win32″,version=”8.0.50608.0″
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    [ Lenovo-Message Center Plus/Admin Events ]
    Error – 11/9/2011 9:43:16 AM | Computer Name = Crni | Source = Lenovo-Message Center Plus/Admin | ID = 2
    Description = Object reference not set to an instance of an object. -> Exception
    message: Object reference not set to an instance of an object.

    [ System Events ]
    Error – 8/31/2012 5:16:29 AM | Computer Name = Crni | Source = Service Control Manager | ID = 7011
    Description = Pri ?akanju na odziv transakcije storitve Power Manager DBC Service
    je bila dosežena ?asovna omejitev (30000 milisekund).

    Error – 9/6/2012 2:23:01 PM | Computer Name = Crni | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 11:16:49 on ?31.?8.?2012 was unexpected.

    Error – 9/6/2012 2:25:31 PM | Computer Name = Crni | Source = Service Control Manager | ID = 7034
    Description = Storitev »SQL Server VSS Writer« se je nepri?akovano prekinila. To
    je storila 1-krat.

    Error – 9/6/2012 2:33:06 PM | Computer Name = Crni | Source = Service Control Manager | ID = 7016
    Description = Storitev »NVIDIA Display Driver Service« je sporo?ila neveljavno trenutno
    stanje »32«.

    Error – 9/9/2012 8:16:30 AM | Computer Name = Crni | Source = Service Control Manager | ID = 7034
    Description = Storitev »SQL Server VSS Writer« se je nepri?akovano prekinila. To
    je storila 1-krat.

    Error – 9/9/2012 8:54:10 AM | Computer Name = Crni | Source = Service Control Manager | ID = 7016
    Description = Storitev »NVIDIA Display Driver Service« je sporo?ila neveljavno trenutno
    stanje »32«.

    Error – 9/9/2012 8:58:02 AM | Computer Name = Crni | Source = Service Control Manager | ID = 7034
    Description = Storitev »SQL Server VSS Writer« se je nepri?akovano prekinila. To
    je storila 1-krat.

    Error – 9/9/2012 9:05:17 AM | Computer Name = Crni | Source = Service Control Manager | ID = 7016
    Description = Storitev »NVIDIA Display Driver Service« je sporo?ila neveljavno trenutno
    stanje »32«.

    Error – 9/11/2012 12:15:38 PM | Computer Name = Crni | Source = Service Control Manager | ID = 7034
    Description = Storitev »SQL Server VSS Writer« se je nepri?akovano prekinila. To
    je storila 1-krat.

    Error – 9/11/2012 12:32:20 PM | Computer Name = Crni | Source = atapi | ID = 262155
    Description = The driver detected a controller error on DeviceIdeIdePort0.

    I also ran both additional scans (Gmer and asvMBR). for these two I am sure the anti-virus was off.

    Gmer:

    GMER 1.0.15.15641 – http://www.gmer.net
    Rootkit scan 2012-09-11 19:49:44
    Windows 6.1.7600 Harddisk0DR0 -> DeviceIdeIdeDeviceP0T0L0-0 ST3500418AS rev.CC66
    Running: u4o19d67.exe; Driver: C:UsersMatejaAppDataLocalTemppgddqpod.sys

    —- Kernel code sections – GMER 1.0.15 —-

    .text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 832955D9 1 Byte [06]
    .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 832BA092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, …] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
    ? System32Driversspyb.sys Navedene poti ni mogo?e najti. !
    PAGE ataport.SYS!DllUnload + 1 8B683AD7 4 Bytes JMP 8590E1D9
    .text USBPORT.SYS!DllUnload 919B2CA0 5 Bytes JMP 871B44E0
    .text a9dm9a8n.SYS 92C0C000 12 Bytes [44, 08, 22, 83, EE, 06, 22, …] {INC ESP; OR [EDX], AH; SUB ESI, 0x6; AND AL, [EBX-0x7cde1860]}
    .text a9dm9a8n.SYS 92C0C00D 9 Bytes [E7, 21, 83, 48, 0B, 22, 83, …] {OUT 0x21, EAX; OR DWORD [EAX+0xb], 0x22; ADD DWORD [EAX], 0x0}
    .text a9dm9a8n.SYS 92C0C017 20 Bytes [00, DE, D7, 5A, 8B, E6, D5, …]
    .text a9dm9a8n.SYS 92C0C02C 64 Bytes [00, 00, 00, 00, 00, 02, 29, …]
    .text a9dm9a8n.SYS 92C0C06D 84 Bytes [1B, 29, 83, 38, 8E, 2B, 83, …]
    .text …

    —- Kernel IAT/EAT – GMER 1.0.15 —-

    IAT SystemRootsystem32DRIVERSatapi.sys[ataport.SYS!AtaPortReadPortUchar] [8B4B1042] SystemRootSystem32Driversspyb.sys
    IAT SystemRootsystem32DRIVERSatapi.sys[ataport.SYS!AtaPortWritePortUchar] [8B4B16D6] SystemRootSystem32Driversspyb.sys
    IAT SystemRootsystem32DRIVERSatapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8B4B1800] SystemRootSystem32Driversspyb.sys
    IAT SystemRootsystem32DRIVERSatapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8B4B113E] SystemRootSystem32Driversspyb.sys
    IAT SystemRootSystem32Driversa9dm9a8n.SYS[ataport.SYS!AtaPortNotification] 00147880
    IAT SystemRootSystem32Driversa9dm9a8n.SYS[ataport.SYS!AtaPortQuerySystemTime] 78800C75
    IAT SystemRootSystem32Driversa9dm9a8n.SYS[ataport.SYS!AtaPortReadPortUchar] 06750015
    IAT SystemRootSystem32Driversa9dm9a8n.SYS[ataport.SYS!AtaPortStallExecution] C25DC033
    IAT SystemRootSystem32Driversa9dm9a8n.SYS[ataport.SYS!AtaPortWritePortUchar] 458B0008
    IAT SystemRootSystem32Driversa9dm9a8n.SYS[ataport.SYS!AtaPortWritePortUlong] 6A006A08
    IAT SystemRootSystem32Driversa9dm9a8n.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 50056A24
    IAT SystemRootSystem32Driversa9dm9a8n.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 005AB7E8
    IAT SystemRootSystem32Driversa9dm9a8n.SYS[ataport.SYS!AtaPortGetScatterGatherList] 0001B800
    IAT SystemRootSystem32Driversa9dm9a8n.SYS[ataport.SYS!AtaPortGetParentBusType] C25D0000
    IAT SystemRootSystem32Driversa9dm9a8n.SYS[ataport.SYS!AtaPortRequestCallback] CCCC0008
    IAT SystemRootSystem32Driversa9dm9a8n.SYS[ataport.SYS!AtaPortWritePortBufferUshort] CCCCCCCC
    IAT SystemRootSystem32Driversa9dm9a8n.SYS[ataport.SYS!AtaPortGetUnCachedExtension] CCCCCCCC
    IAT SystemRootSystem32Driversa9dm9a8n.SYS[ataport.SYS!AtaPortCompleteRequest] CCCCCCCC
    IAT SystemRootSystem32Driversa9dm9a8n.SYS[ataport.SYS!AtaPortCopyMemory] 53EC8B55
    IAT SystemRootSystem32Driversa9dm9a8n.SYS[ataport.SYS!AtaPortEtwTraceLog] 800C5D8B
    IAT SystemRootSystem32Driversa9dm9a8n.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 7500117B
    IAT SystemRootSystem32Driversa9dm9a8n.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 127B806A
    IAT SystemRootSystem32Driversa9dm9a8n.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 80647500
    IAT SystemRootSystem32Driversa9dm9a8n.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 7500137B
    IAT SystemRootSystem32Driversa9dm9a8n.SYS[ataport.SYS!AtaPortInitialize] 157B805E
    IAT SystemRootSystem32Driversa9dm9a8n.SYS[ataport.SYS!AtaPortGetDeviceBase] 56587500
    IAT SystemRootSystem32Driversa9dm9a8n.SYS[ataport.SYS!AtaPortDeviceStateChange] 8008758B

    —- User IAT/EAT – GMER 1.0.15 —-

    IAT C:WindowsSystem32rundll32.exe[3760] @ C:Windowssystem32USER32.dll [KERNEL32.dll!GetProcAddress] [74F75E25] C:Windowssystem32apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:WindowsSystem32rundll32.exe[3760] @ C:Windowssystem32GDI32.dll [KERNEL32.dll!GetProcAddress] [74F75E25] C:Windowssystem32apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:WindowsSystem32rundll32.exe[3760] @ C:Windowssystem32ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [74F75E25] C:Windowssystem32apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:WindowsSystem32rundll32.exe[3760] @ C:Windowssystem32SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [74F75E25] C:Windowssystem32apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:Program FilesLenovoMessage Center PlusMCPLaunch.exe[3784] @ C:Windowssystem32USER32.dll [KERNEL32.dll!GetProcAddress] [74F75E25] C:Windowssystem32apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:Program FilesLenovoMessage Center PlusMCPLaunch.exe[3784] @ C:Windowssystem32GDI32.dll [KERNEL32.dll!GetProcAddress] [74F75E25] C:Windowssystem32apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:Program FilesLenovoMessage Center PlusMCPLaunch.exe[3784] @ C:Windowssystem32ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [74F75E25] C:Windowssystem32apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:Program FilesLenovoMessage Center PlusMCPLaunch.exe[3784] @ C:Windowssystem32SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [74F75E25] C:Windowssystem32apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:Program FilesLenovoSystem UpdateSUService.exe[5028] @ C:Windowssystem32SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [74F75E25] C:Windowssystem32apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:Program FilesLenovoSystem UpdateSUService.exe[5028] @ C:Windowssystem32GDI32.dll [KERNEL32.dll!GetProcAddress] [74F75E25] C:Windowssystem32apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:Program FilesLenovoSystem UpdateSUService.exe[5028] @ C:Windowssystem32USER32.dll [KERNEL32.dll!GetProcAddress] [74F75E25] C:Windowssystem32apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:Program FilesLenovoSystem UpdateSUService.exe[5028] @ C:Windowssystem32ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [74F75E25] C:Windowssystem32apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:Program FilesLenovoSystem UpdateSUService.exe[5028] @ C:Windowssystem32WININET.dll [KERNEL32.dll!GetProcAddress] [74F75E25] C:Windowssystem32apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:Program FilesLenovoSystem UpdateSUService.exe[5028] @ C:Windowssystem32CRYPT32.dll [KERNEL32.dll!GetProcAddress] [74F75E25] C:Windowssystem32apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

    —- Devices – GMER 1.0.15 —-

    Device FileSystemNtfs Ntfs 859151F8
    Device Drivervolmgr DeviceVolMgrControl 859101F8
    Device Driversptd Device1248631298 spyb.sys
    Device Driverusbehci DeviceUSBPDO-0 86F5A500
    Device Driverusbehci DeviceUSBPDO-1 86F5A500
    Device DriverNetBT DeviceNetBT_Tcpip_{855473E8-93B9-43B6-9FAC-A0960DFCD68C} 86DEA1F8
    Device DriverACPI_HAL Device0000055 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
    Device DriverPCI_PNP9296 Device0000061 spyb.sys

    AttachedDevice Drivertdx DeviceTcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    Device Drivervolmgr DeviceHarddiskVolume1 859101F8

    AttachedDevice Drivervolmgr DeviceHarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

    Device Drivervolmgr DeviceHarddiskVolume2 859101F8

    AttachedDevice Drivervolmgr DeviceHarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

    Device Drivercdrom DeviceCdRom0 86D2D1F8
    Device Driveratapi DeviceIdeIdeDeviceP0T0L0-0 859121F8
    Device Driveratapi DeviceIdeIdePort0 859121F8
    Device Driveratapi DeviceIdeIdePort1 859121F8
    Device Driveratapi DeviceIdeIdePort2 859121F8
    Device Driveratapi DeviceIdeIdePort3 859121F8
    Device Driveratapi DeviceIdeIdePort4 859121F8
    Device Driveratapi DeviceIdeIdePort5 859121F8
    Device Driveratapi DeviceIdeIdeDeviceP1T0L0-1 859121F8
    Device Drivermsahci DeviceIdePciIde0Channel0 859131F8
    Device Drivermsahci DeviceIdePciIde0Channel1 859131F8
    Device Drivermsahci DeviceIdePciIde0Channel2 859131F8
    Device Drivermsahci DeviceIdePciIde0Channel3 859131F8
    Device Drivermsahci DeviceIdePciIde0Channel4 859131F8
    Device Drivermsahci DeviceIdePciIde0Channel5 859131F8
    Device Drivervolmgr DeviceHarddiskVolume3 859101F8

    AttachedDevice Drivervolmgr DeviceHarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

    Device DriverNetBT DeviceNetBt_Wins_Export 86DEA1F8
    Device DriverNetBT DeviceNetBT_Tcpip_{8662691B-B9BB-4C7C-B0F1-3740E3A0FF48} 86DEA1F8

    AttachedDevice Drivertdx DeviceUdp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice Drivertdx DeviceRawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    Device DriverNetBT DeviceNetBT_Tcpip_{DA9B9595-B03A-4992-A6B2-51820DAAA7E5} 86DEA1F8
    Device Driverusbehci DeviceUSBFDO-0 86F5A500
    Device Driverusbehci DeviceUSBFDO-1 86F5A500
    Device Drivera9dm9a8n DeviceScsia9dm9a8n1 87061500

    —- Registry – GMER 1.0.15 —-

    Reg HKLMSYSTEMCurrentControlSetservicesBTHPORTParametersKeys01f3ad3f68b
    Reg HKLMSYSTEMCurrentControlSetservicessptdCfg@s1 771343423
    Reg HKLMSYSTEMCurrentControlSetservicessptdCfg@s2 285507792
    Reg HKLMSYSTEMCurrentControlSetservicessptdCfg@h0 1
    Reg HKLMSYSTEMCurrentControlSetservicessptdCfg14919EA49A8F3B4AA3CF1058D9A64CEC
    Reg HKLMSYSTEMCurrentControlSetservicessptdCfg14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:Program FilesDAEMON Tools Lite
    Reg HKLMSYSTEMCurrentControlSetservicessptdCfg14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 …
    Reg HKLMSYSTEMCurrentControlSetservicessptdCfg14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLMSYSTEMCurrentControlSetservicessptdCfg14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD5 0xA2 0x37 0xF9 …
    Reg HKLMSYSTEMCurrentControlSetservicessptdCfg14919EA49A8F3B4AA3CF1058D9A64CEC0000001
    Reg HKLMSYSTEMCurrentControlSetservicessptdCfg14919EA49A8F3B4AA3CF1058D9A64CEC0000001@a0 0x20 0x01 0x00 0x00 …
    Reg HKLMSYSTEMCurrentControlSetservicessptdCfg14919EA49A8F3B4AA3CF1058D9A64CEC0000001@hdf12 0x25 0xE4 0x50 0xB2 …
    Reg HKLMSYSTEMCurrentControlSetservicessptdCfg14919EA49A8F3B4AA3CF1058D9A64CEC0000001gdq0
    Reg HKLMSYSTEMCurrentControlSetservicessptdCfg14919EA49A8F3B4AA3CF1058D9A64CEC0000001gdq0@hdf12 0x2E 0xB4 0x9B 0x43 …
    Reg HKLMSYSTEMCurrentControlSetservicessptdCfg14919EA49A8F3B4AA3CF1058D9A64CEC0000001gdq1
    Reg HKLMSYSTEMCurrentControlSetservicessptdCfg14919EA49A8F3B4AA3CF1058D9A64CEC0000001gdq1@hdf12 0xEE 0xB9 0x8E 0x98 …
    Reg HKLMSYSTEMControlSet002servicesBTHPORTParametersKeys01f3ad3f68b (not active ControlSet)
    Reg HKLMSYSTEMControlSet002servicessptdCfg14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLMSYSTEMControlSet002servicessptdCfg14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:Program FilesDAEMON Tools Lite
    Reg HKLMSYSTEMControlSet002servicessptdCfg14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 …
    Reg HKLMSYSTEMControlSet002servicessptdCfg14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLMSYSTEMControlSet002servicessptdCfg14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD5 0xA2 0x37 0xF9 …
    Reg HKLMSYSTEMControlSet002servicessptdCfg14919EA49A8F3B4AA3CF1058D9A64CEC0000001 (not active ControlSet)
    Reg HKLMSYSTEMControlSet002servicessptdCfg14919EA49A8F3B4AA3CF1058D9A64CEC0000001@a0 0x20 0x01 0x00 0x00 …
    Reg HKLMSYSTEMControlSet002servicessptdCfg14919EA49A8F3B4AA3CF1058D9A64CEC0000001@hdf12 0x25 0xE4 0x50 0xB2 …
    Reg HKLMSYSTEMControlSet002servicessptdCfg14919EA49A8F3B4AA3CF1058D9A64CEC0000001gdq0 (not active ControlSet)
    Reg HKLMSYSTEMControlSet002servicessptdCfg14919EA49A8F3B4AA3CF1058D9A64CEC0000001gdq0@hdf12 0x2E 0xB4 0x9B 0x43 …
    Reg HKLMSYSTEMControlSet002servicessptdCfg14919EA49A8F3B4AA3CF1058D9A64CEC0000001gdq1 (not active ControlSet)
    Reg HKLMSYSTEMControlSet002servicessptdCfg14919EA49A8F3B4AA3CF1058D9A64CEC0000001gdq1@hdf12 0xEE 0xB9 0x8E 0x98 …

    —- EOF – GMER 1.0.15 —-

    aswMBR:

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-09-11 19:50:22
    —————————–
    19:50:22.400 OS Version: Windows 6.1.7600
    19:50:22.400 Number of processors: 4 586 0x1E05
    19:50:22.400 ComputerName: CRNI UserName:
    19:50:24.490 Initialize success
    19:59:40.284 AVAST engine defs: 12091100
    20:00:43.371 Disk 0 (boot) DeviceHarddisk0DR0 -> DeviceIdeIdeDeviceP0T0L0-0
    20:00:43.371 Disk 0 Vendor: ST3500418AS CC66 Size: 476940MB BusType: 11
    20:00:43.449 Disk 0 MBR read successfully
    20:00:43.449 Disk 0 MBR scan
    20:00:43.464 Disk 0 unknown MBR code
    20:00:43.464 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1200 MB offset 2048
    20:00:43.558 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 465736 MB offset 2459648
    20:00:43.651 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 10006 MB offset 956291072
    20:00:43.683 Disk 0 scanning sectors +976784130
    20:00:44.073 Disk 0 scanning C:Windowssystem32drivers
    20:03:00.308 Service scanning
    20:03:12.413 Service sptd C:WindowsSystem32Driverssptd.sys **LOCKED** 32
    20:03:18.061 Modules scanning
    20:05:11.410 Disk 0 trace – called modules:
    20:05:11.457 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x859121f8]< DeviceHarddisk0DR0[0x86883030]
    20:05:11.473 3 CLASSPNP.SYS[8bc9759e] -> nt!IofCallDriver -> [0x86734c10]
    20:05:11.473 5 ACPI.sys[8b3ad3b2] -> nt!IofCallDriver -> DeviceIdeIdeDeviceP0T0L0-0[0x86681030]
    20:05:11.473 Driveratapi[0x8667b710] -> IRP_MJ_CREATE -> 0x859121f8
    20:05:13.220 AVAST engine scan C:Windows
    20:07:20.298 AVAST engine scan C:Windowssystem32
    20:12:53.156 AVAST engine scan C:Windowssystem32drivers
    20:13:15.089 AVAST engine scan C:UsersMateja
    21:15:38.019 Disk 0 MBR has been saved successfully to “C:UsersMatejaDesktopMBR.dat”
    21:15:38.019 The log file has been saved successfully to “C:UsersMatejaDesktopaswMBR.txt”
    21:51:41.475 AVAST engine scan C:ProgramData
    22:34:41.345 Scan finished successfully
    22:56:44.749 Disk 0 MBR has been saved successfully to “C:UsersMatejaDesktopMBR.dat”
    22:56:44.764 The log file has been saved successfully to “C:UsersMatejaDesktopaswMBR.txt”

    With these results onel line was coloured in yellow (20:03:12.413) and two in red (20:05:11.457 and 20:05:11.473 driver…).

    There may be some sentences in Slovenian as my OS is in that language. If you need a translation of anything, just let me know.
    So, that’s it. Thank you!

    G.

    #99507

    The system does look infected, but unfortunately for you, and I, the logs also show the entries that indicate this system has been used to run an illegal copy of Adobe CS software. As the Hilfe-Forum der Anti-Botnet-Experten rules state no assistance when illegal software use shows, I cannot assist you here. Best I might suggest is to reformat your drive and reinstall Windows to remove any malware. I will need to close this request at this time.

    #99508

    I have just become aware that the policy I am applying here is not “written in stone”. Which is good, as I am only here to enjoy helping others. If you get this new post via email notification, all I asked is that you uninstall any illegal software you have installed, reboot, and then I can help you make things right. Let me know if you would still like my assistance. Thanks.

    #99515

    Hi,
    Thanks for reopening the topic. As I wrote earlier, I already uninstalled the Adobe software, before running the second scan. I do not see it anymore in my Programs list. However, I just checked my Program Files and some folders are left there, but all of them are either empty or contain “desktop.ini” file. Maybe that shows in the logs? Is there really no difference between my first and my second scan (before and after the uninstall), that makes you see the software is uninstalled? Or do I need to run all the scans again?

    Please, let me know how to proceed.
    G.

    #99509

    I expect you have removed any illegal software you are aware of, so the emphasis now is on malware removal. But some changes to be made before that. You have Daemon Tools installed, which are those references you mentioned in the aswMBR log, but you also have two antivirus programs installed, which will have damaged each other, and system functions.

    Be sure to continue to temporarily disable any protective software when running the scan tools we use here.

    Download DeFogger to your desktop.

    Double click DeFogger to run the tool.

    Click the Disable button to disable your CD Emulation drivers, then click Yes to continue.

    When the ‘Finished!’ message appears just click OK.

    DeFogger will now ask to reboot the machine – click OK.

    DeFogger will create a defogger_disable log on your desktop – post this in your next reply please.

    Note: Do not re-enable these drivers until otherwise instructed.

    ——–

    Go to Start – Control Panel – Programs – Programs and Features/Uninstall, then click on each of the following programs, if they show there, and click “Uninstall/Change”.

    AVG 2011

    Bes ure to have it remove everything – it tries to get you to keep it’s search hijacker toolbar.

    ———–

    Reboot, then uninstall Norton Internet Security. Be sure to save any key/registration info so you can reinstall it, should you choose to.

    Reboot again.

    ———–

    Click here and download Kaspersky’s TDSSKiller to your desktop, but as you download it, rename it to larry.com then click that file to run TDSSKiller.

    In the display that opens click Start scan. Once that completes, follow any prompts to act on anything it located, including as reboot (Reboot Now) if requested.
    When the scan completes it will create a log file on your C drive.

    Similar in name to this:

    C:TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt

    Your copy will be different – some of those numbers will reflect the date/time it was just run by you there.

    Copy/paste those contents back here please. If it does locate malware, but does not prompt for a reboot, go ahead and do reboot.

    #99516

    The DeFogger log:
    defogger_disable by jpshortstuff (23.02.10.1)
    Log created at 19:57 on 26/09/2012 (Mateja)

    Checking for autostart values…
    HKCU~Run values retrieved.
    HKLM~Run values retrieved.

    Checking for services/drivers…
    Unable to read sptd.sys
    SPTD -> Disabled (Service running -> reboot required)

    -=E.O.F=-

    I uninstalled the AVG and rebooted the computer.

    I did not unistall Norton as it was not installed. I think there might be some files pre-installed on the computer when I purchased it already. I did however delete two Norton folders I found in Program Data.

    I run the TDSSKiller. It found one threat, but proposed toSkip it, so that is whaat I did. The log:
    20:13:48.0468 3936 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
    20:13:50.0470 3936 ============================================================
    20:13:50.0470 3936 Current date / time: 2012/09/26 20:13:50.0470
    20:13:50.0470 3936 SystemInfo:
    20:13:50.0470 3936
    20:13:50.0470 3936 OS Version: 6.1.7600 ServicePack: 0.0
    20:13:50.0470 3936 Product type: Workstation
    20:13:50.0470 3936 ComputerName: CRNI
    20:13:50.0470 3936 UserName: Mateja
    20:13:50.0470 3936 Windows directory: C:Windows
    20:13:50.0471 3936 System windows directory: C:Windows
    20:13:50.0471 3936 Processor architecture: Intel x86
    20:13:50.0471 3936 Number of processors: 4
    20:13:50.0471 3936 Page size: 0x1000
    20:13:50.0471 3936 Boot type: Normal boot
    20:13:50.0471 3936 ============================================================
    20:13:52.0715 3936 Drive DeviceHarddisk0DR0 – Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type ‘K0’, Flags 0x00000050
    20:13:52.0716 3936 ============================================================
    20:13:52.0716 3936 DeviceHarddisk0DR0:
    20:13:52.0716 3936 MBR partitions:
    20:13:52.0716 3936 DeviceHarddisk0DR0Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x258000
    20:13:52.0716 3936 DeviceHarddisk0DR0Partition2: MBR, Type 0x7, StartLBA 0x258800, BlocksNum 0x38DA453C
    20:13:52.0716 3936 DeviceHarddisk0DR0Partition3: MBR, Type 0x7, StartLBA 0x38FFD800, BlocksNum 0x138B302
    20:13:52.0716 3936 ============================================================
    20:13:52.0734 3936 C: DeviceHarddisk0DR0Partition2
    20:13:52.0772 3936 Q: DeviceHarddisk0DR0Partition3
    20:13:52.0772 3936 ============================================================
    20:13:52.0772 3936 Initialize success
    20:13:52.0772 3936 ============================================================
    20:15:34.0406 0400 ============================================================
    20:15:34.0406 0400 Scan started
    20:15:34.0406 0400 Mode: Manual;
    20:15:34.0406 0400 ============================================================
    20:15:36.0634 0400 ================ Scan system memory ========================
    20:15:36.0634 0400 System memory – ok
    20:15:36.0635 0400 ================ Scan services =============================
    20:15:36.0741 0400 [ 6D2ACA41739BFE8CB86EE8E85F29697D ] 1394ohci C:Windowssystem32DRIVERS1394ohci.sys
    20:15:36.0741 0400 1394ohci – ok
    20:15:36.0756 0400 [ F0E07D144C8685B8774BC32FC8DA4DF0 ] ACPI C:Windowssystem32DRIVERSACPI.sys
    20:15:36.0772 0400 ACPI – ok
    20:15:36.0790 0400 [ 98D81CA942D19F7D9153B095162AC013 ] AcpiPmi C:Windowssystem32DRIVERSacpipmi.sys
    20:15:36.0792 0400 AcpiPmi – ok
    20:15:36.0808 0400 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:Windowssystem32DRIVERSadp94xx.sys
    20:15:36.0817 0400 adp94xx – ok
    20:15:36.0830 0400 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:Windowssystem32DRIVERSadpahci.sys
    20:15:36.0835 0400 adpahci – ok
    20:15:36.0847 0400 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:Windowssystem32DRIVERSadpu320.sys
    20:15:36.0850 0400 adpu320 – ok
    20:15:36.0868 0400 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:WindowsSystem32aelupsvc.dll
    20:15:36.0869 0400 AeLookupSvc – ok
    20:15:36.0905 0400 [ 0DB7A48388D54D154EBEC120461A0FCD ] AFD C:Windowssystem32driversafd.sys
    20:15:36.0910 0400 AFD – ok
    20:15:36.0929 0400 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:Windowssystem32DRIVERSagp440.sys
    20:15:36.0931 0400 agp440 – ok
    20:15:36.0946 0400 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:Windowssystem32DRIVERSdjsvs.sys
    20:15:36.0948 0400 aic78xx – ok
    20:15:37.0112 0400 [ 0923671CF87CD511E46D4668B53F5E76 ] Akamai c:program filescommon filesakamai/netsession_win_5891ae0.dll
    20:15:37.0112 0400 Suspicious file (Hidden): c:program filescommon filesakamai/netsession_win_5891ae0.dll. md5: 0923671CF87CD511E46D4668B53F5E76
    20:15:37.0119 0400 Akamai ( HiddenFile.Multi.Generic ) – warning
    20:15:37.0119 0400 Akamai – detected HiddenFile.Multi.Generic (1)
    20:15:37.0155 0400 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:WindowsSystem32alg.exe
    20:15:37.0157 0400 ALG – ok
    20:15:37.0181 0400 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:Windowssystem32DRIVERSaliide.sys
    20:15:37.0183 0400 aliide – ok
    20:15:37.0212 0400 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:Windowssystem32DRIVERSamdagp.sys
    20:15:37.0214 0400 amdagp – ok
    20:15:37.0225 0400 [ CD5914170297126B6266860198D1D4F0 ] amdide C:Windowssystem32DRIVERSamdide.sys
    20:15:37.0227 0400 amdide – ok
    20:15:37.0242 0400 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:Windowssystem32DRIVERSamdk8.sys
    20:15:37.0244 0400 AmdK8 – ok
    20:15:37.0256 0400 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:Windowssystem32DRIVERSamdppm.sys
    20:15:37.0258 0400 AmdPPM – ok
    20:15:37.0274 0400 [ 2101A86C25C154F8314B24EF49D7FBC2 ] amdsata C:Windowssystem32DRIVERSamdsata.sys
    20:15:37.0276 0400 amdsata – ok
    20:15:37.0290 0400 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:Windowssystem32DRIVERSamdsbs.sys
    20:15:37.0293 0400 amdsbs – ok
    20:15:37.0305 0400 [ B81C2B5616F6420A9941EA093A92B150 ] amdxata C:Windowssystem32DRIVERSamdxata.sys
    20:15:37.0305 0400 amdxata – ok
    20:15:37.0312 0400 [ FEB834C02CE1E84B6A38F953CA067706 ] AppID C:Windowssystem32driversappid.sys
    20:15:37.0314 0400 AppID – ok
    20:15:37.0335 0400 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:WindowsSystem32appidsvc.dll
    20:15:37.0336 0400 AppIDSvc – ok
    20:15:37.0346 0400 [ 7DEAD9E3F65DCB2794F2711003BBF650 ] Appinfo C:WindowsSystem32appinfo.dll
    20:15:37.0348 0400 Appinfo – ok
    20:15:37.0431 0400 [ 20F6F19FE9E753F2780DC2FA083AD597 ] Apple Mobile Device C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe
    20:15:37.0434 0400 Apple Mobile Device – ok
    20:15:37.0457 0400 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:WindowsSystem32appmgmts.dll
    20:15:37.0460 0400 AppMgmt – ok
    20:15:37.0479 0400 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:Windowssystem32DRIVERSarc.sys
    20:15:37.0482 0400 arc – ok
    20:15:37.0495 0400 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:Windowssystem32DRIVERSarcsas.sys
    20:15:37.0498 0400 arcsas – ok
    20:15:37.0507 0400 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:Windowssystem32DRIVERSasyncmac.sys
    20:15:37.0508 0400 AsyncMac – ok
    20:15:37.0523 0400 [ 338C86357871C167A96AB976519BF59E ] atapi C:Windowssystem32DRIVERSatapi.sys
    20:15:37.0523 0400 atapi – ok
    20:15:37.0572 0400 [ 465293FD9F2E31A18C5B64A7A578D601 ] athrusb C:Windowssystem32DRIVERSathrusb.sys
    20:15:37.0587 0400 athrusb – ok
    20:15:37.0621 0400 [ 510C873BFA135AA829F4180352772734 ] AudioEndpointBuilder C:WindowsSystem32Audiosrv.dll
    20:15:37.0629 0400 AudioEndpointBuilder – ok
    20:15:37.0639 0400 [ 510C873BFA135AA829F4180352772734 ] Audiosrv C:WindowsSystem32Audiosrv.dll
    20:15:37.0644 0400 Audiosrv – ok
    20:15:37.0685 0400 AVG Security Toolbar Service – ok
    20:15:37.0704 0400 [ DD6A431B43E34B91A767D1CE33728175 ] AxInstSV C:WindowsSystem32AxInstSV.dll
    20:15:37.0706 0400 AxInstSV – ok
    20:15:37.0735 0400 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:Windowssystem32DRIVERSbxvbdx.sys
    20:15:37.0743 0400 b06bdrv – ok
    20:15:37.0768 0400 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:Windowssystem32DRIVERSb57nd60x.sys
    20:15:37.0772 0400 b57nd60x – ok
    20:15:37.0795 0400 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:WindowsSystem32bdesvc.dll
    20:15:37.0795 0400 BDESVC – ok
    20:15:37.0811 0400 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:Windowssystem32driversBeep.sys
    20:15:37.0811 0400 Beep – ok
    20:15:37.0826 0400 [ 85AC71C045CEB054ED48A7841AAE0C11 ] BFE C:WindowsSystem32bfe.dll
    20:15:37.0848 0400 BFE – ok
    20:15:37.0876 0400 [ 53F476476F55A27F580661BDE09C4EC4 ] BITS C:WindowsSystem32qmgr.dll
    20:15:37.0889 0400 BITS – ok
    20:15:37.0903 0400 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:Windowssystem32DRIVERSblbdrive.sys
    20:15:37.0905 0400 blbdrive – ok
    20:15:37.0981 0400 [ F2060A34C8A75BC24A9222EB4F8C07BD ] Bonjour Service C:Program FilesBonjourmDNSResponder.exe
    20:15:37.0986 0400 Bonjour Service – ok
    20:15:38.0027 0400 [ 9A5C671B7FBAE4865149BB11F59B91B2 ] bowser C:Windowssystem32DRIVERSbowser.sys
    20:15:38.0029 0400 bowser – ok
    20:15:38.0037 0400 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:Windowssystem32DRIVERSBrFiltLo.sys
    20:15:38.0038 0400 BrFiltLo – ok
    20:15:38.0047 0400 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:Windowssystem32DRIVERSBrFiltUp.sys
    20:15:38.0049 0400 BrFiltUp – ok
    20:15:38.0070 0400 [ 598E1280E7FF3744F4B8329366CC5635 ] Browser C:WindowsSystem32browser.dll
    20:15:38.0073 0400 Browser – ok
    20:15:38.0092 0400 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:WindowsSystem32DriversBrserid.sys
    20:15:38.0098 0400 Brserid – ok
    20:15:38.0110 0400 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:WindowsSystem32DriversBrSerWdm.sys
    20:15:38.0113 0400 BrSerWdm – ok
    20:15:38.0124 0400 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:WindowsSystem32DriversBrUsbMdm.sys
    20:15:38.0127 0400 BrUsbMdm – ok
    20:15:38.0137 0400 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:WindowsSystem32DriversBrUsbSer.sys
    20:15:38.0139 0400 BrUsbSer – ok
    20:15:38.0163 0400 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:Windowssystem32DRIVERSBthEnum.sys
    20:15:38.0165 0400 BthEnum – ok
    20:15:38.0179 0400 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:Windowssystem32DRIVERSbthmodem.sys
    20:15:38.0181 0400 BTHMODEM – ok
    20:15:38.0193 0400 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:Windowssystem32DRIVERSbthpan.sys
    20:15:38.0196 0400 BthPan – ok
    20:15:38.0210 0400 [ 4A34888E13224678DD062466AFEC4240 ] BTHPORT C:Windowssystem32DriversBTHport.sys
    20:15:38.0217 0400 BTHPORT – ok
    20:15:38.0247 0400 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:Windowssystem32bthserv.dll
    20:15:38.0249 0400 bthserv – ok
    20:15:38.0264 0400 [ FA04C63916FA221DBB91FCE153D07A55 ] BTHUSB C:Windowssystem32DriversBTHUSB.sys
    20:15:38.0267 0400 BTHUSB – ok
    20:15:38.0277 0400 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:Windowssystem32DRIVERScdfs.sys
    20:15:38.0279 0400 cdfs – ok
    20:15:38.0295 0400 [ BA6E70AA0E6091BC39DE29477D866A77 ] cdrom C:Windowssystem32DRIVERScdrom.sys
    20:15:38.0297 0400 cdrom – ok
    20:15:38.0310 0400 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] CertPropSvc C:WindowsSystem32certprop.dll
    20:15:38.0312 0400 CertPropSvc – ok
    20:15:38.0326 0400 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:Windowssystem32DRIVERScirclass.sys
    20:15:38.0328 0400 circlass – ok
    20:15:38.0343 0400 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:Windowssystem32CLFS.sys
    20:15:38.0347 0400 CLFS – ok
    20:15:38.0385 0400 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:WindowsMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe
    20:15:38.0388 0400 clr_optimization_v2.0.50727_32 – ok
    20:15:38.0402 0400 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:Windowssystem32DRIVERSCmBatt.sys
    20:15:38.0404 0400 CmBatt – ok
    20:15:38.0417 0400 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:Windowssystem32DRIVERScmdide.sys
    20:15:38.0419 0400 cmdide – ok
    20:15:38.0450 0400 [ 36C252E474B2FFA0F0FBBFF20D92A640 ] CNG C:Windowssystem32Driverscng.sys
    20:15:38.0455 0400 CNG – ok
    20:15:38.0469 0400 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:Windowssystem32DRIVERScompbatt.sys
    20:15:38.0470 0400 Compbatt – ok
    20:15:38.0494 0400 [ F1724BA27E97D627F808FB0BA77A28A6 ] CompositeBus C:Windowssystem32DRIVERSCompositeBus.sys
    20:15:38.0496 0400 CompositeBus – ok
    20:15:38.0500 0400 COMSysApp – ok
    20:15:38.0513 0400 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:Windowssystem32DRIVERScrcdisk.sys
    20:15:38.0514 0400 crcdisk – ok
    20:15:38.0548 0400 [ 9C231178CE4FB385F4B54B0A9080B8A4 ] CryptSvc C:Windowssystem32cryptsvc.dll
    20:15:38.0550 0400 CryptSvc – ok
    20:15:38.0567 0400 [ 27C9490BDD0AE48911AB8CF1932591ED ] CSC C:Windowssystem32driverscsc.sys
    20:15:38.0573 0400 CSC – ok
    20:15:38.0590 0400 [ 56FB5F222EA30D3D3FC459879772CB73 ] CscService C:WindowsSystem32cscsvc.dll
    20:15:38.0599 0400 CscService – ok
    20:15:38.0626 0400 [ B82CD39E336973359D7C9BF911E8E84F ] DcomLaunch C:Windowssystem32rpcss.dll
    20:15:38.0634 0400 DcomLaunch – ok
    20:15:38.0652 0400 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:WindowsSystem32defragsvc.dll
    20:15:38.0656 0400 defragsvc – ok
    20:15:38.0683 0400 [ 83D1ECEA8FAAE75604C0FA49AC7AD996 ] DfsC C:Windowssystem32Driversdfsc.sys
    20:15:38.0685 0400 DfsC – ok
    20:15:38.0715 0400 [ C56495FBD770712367CAD35E5DE72DA6 ] Dhcp C:Windowssystem32dhcpcore.dll
    20:15:38.0719 0400 Dhcp – ok
    20:15:38.0746 0400 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:Windowssystem32driversdiscache.sys
    20:15:38.0747 0400 discache – ok
    20:15:38.0769 0400 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:Windowssystem32DRIVERSdisk.sys
    20:15:38.0770 0400 Disk – ok
    20:15:38.0803 0400 [ B15BE77A2BACF9C3177D27518AFE26A9 ] Dnscache C:WindowsSystem32dnsrslvr.dll
    20:15:38.0806 0400 Dnscache – ok
    20:15:38.0816 0400 [ 4408C85C21EEA48EB0CE486BAEEF0502 ] dot3svc C:WindowsSystem32dot3svc.dll
    20:15:38.0820 0400 dot3svc – ok
    20:15:38.0834 0400 [ 7FA81C6E11CAA594ADB52084DA73A1E5 ] DPS C:Windowssystem32dps.dll
    20:15:38.0836 0400 DPS – ok
    20:15:38.0852 0400 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:Windowssystem32driversdrmkaud.sys
    20:15:38.0852 0400 drmkaud – ok
    20:15:38.0883 0400 [ 8B6C3464D7FAC176500061DBFFF42AD4 ] DXGKrnl C:WindowsSystem32driversdxgkrnl.sys
    20:15:38.0898 0400 DXGKrnl – ok
    20:15:38.0927 0400 [ BFD58DE8912EAB4F9995A8ADD08BC51C ] e1kexpress C:Windowssystem32DRIVERSe1k6232.sys
    20:15:38.0929 0400 e1kexpress – ok
    20:15:38.0948 0400 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:WindowsSystem32eapsvc.dll
    20:15:38.0952 0400 EapHost – ok
    20:15:39.0025 0400 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:Windowssystem32DRIVERSevbdx.sys
    20:15:39.0101 0400 ebdrv – ok
    20:15:39.0133 0400 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] EFS C:WindowsSystem32lsass.exe
    20:15:39.0135 0400 EFS – ok
    20:15:39.0182 0400 [ 3A74A6E33685662B125A3269B1F2114F ] ehRecvr C:WindowsehomeehRecvr.exe
    20:15:39.0191 0400 ehRecvr – ok
    20:15:39.0203 0400 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:Windowsehomeehsched.exe
    20:15:39.0205 0400 ehSched – ok
    20:15:39.0222 0400 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:Windowssystem32DRIVERSelxstor.sys
    20:15:39.0229 0400 elxstor – ok
    20:15:39.0236 0400 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:Windowssystem32DRIVERSerrdev.sys
    20:15:39.0237 0400 ErrDev – ok
    20:15:39.0258 0400 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:Windowssystem32es.dll
    20:15:39.0262 0400 EventSystem – ok
    20:15:39.0288 0400 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:Windowssystem32driversexfat.sys
    20:15:39.0290 0400 exfat – ok
    20:15:39.0312 0400 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:Windowssystem32driversfastfat.sys
    20:15:39.0314 0400 fastfat – ok
    20:15:39.0332 0400 [ F7EA23CC5E6BF2181F3F399D54F6EFC1 ] Fax C:Windowssystem32fxssvc.exe
    20:15:39.0339 0400 Fax – ok
    20:15:39.0349 0400 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:Windowssystem32DRIVERSfdc.sys
    20:15:39.0351 0400 fdc – ok
    20:15:39.0358 0400 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:Windowssystem32fdPHost.dll
    20:15:39.0360 0400 fdPHost – ok
    20:15:39.0372 0400 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:Windowssystem32fdrespub.dll
    20:15:39.0374 0400 FDResPub – ok
    20:15:39.0380 0400 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:Windowssystem32driversfileinfo.sys
    20:15:39.0380 0400 FileInfo – ok
    20:15:39.0390 0400 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:Windowssystem32driversfiletrace.sys
    20:15:39.0391 0400 Filetrace – ok
    20:15:39.0399 0400 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:Windowssystem32DRIVERSflpydisk.sys
    20:15:39.0401 0400 flpydisk – ok
    20:15:39.0414 0400 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:Windowssystem32driversfltmgr.sys
    20:15:39.0417 0400 FltMgr – ok
    20:15:39.0435 0400 [ B6512A85815FDC3D560C3705F5BDB93D ] FontCache C:Windowssystem32FntCache.dll
    20:15:39.0444 0400 FontCache – ok
    20:15:39.0478 0400 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:WindowsMicrosoft.NetFrameworkv3.0WPFPresentationFontCache.exe
    20:15:39.0480 0400 FontCache3.0.0.0 – ok
    20:15:39.0495 0400 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:Windowssystem32driversFsDepends.sys
    20:15:39.0496 0400 FsDepends – ok
    20:15:39.0533 0400 [ 500A9814FD9446A8126858A5A7F7D273 ] Fs_Rec C:Windowssystem32driversFs_Rec.sys
    20:15:39.0533 0400 Fs_Rec – ok
    20:15:39.0553 0400 [ 5592F5DBA26282D24D2B080EB438A4D7 ] fvevol C:Windowssystem32DRIVERSfvevol.sys
    20:15:39.0557 0400 fvevol – ok
    20:15:39.0569 0400 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:Windowssystem32DRIVERSgagp30kx.sys
    20:15:39.0571 0400 gagp30kx – ok
    20:15:39.0604 0400 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:Windowssystem32DRIVERSGEARAspiWDM.sys
    20:15:39.0605 0400 GEARAspiWDM – ok
    20:15:39.0634 0400 [ 8BA3C04702BF8F927AB36AE8313CA4EE ] gpsvc C:WindowsSystem32gpsvc.dll
    20:15:39.0642 0400 gpsvc – ok
    20:15:39.0653 0400 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:Windowssystem32drivershcw85cir.sys
    20:15:39.0655 0400 hcw85cir – ok
    20:15:39.0679 0400 [ 3530CAD25DEBA7DC7DE8BB51632CBC5F ] HdAudAddService C:Windowssystem32driversHdAudio.sys
    20:15:39.0682 0400 HdAudAddService – ok
    20:15:39.0694 0400 [ 717A2207FD6F13AD3E664C7D5A43C7BF ] HDAudBus C:Windowssystem32DRIVERSHDAudBus.sys
    20:15:39.0695 0400 HDAudBus – ok
    20:15:39.0705 0400 [ A88485DC6A7136C10D9A6C7E38FDFE3C ] HECI C:Windowssystem32DRIVERSHECI.sys
    20:15:39.0706 0400 HECI – ok
    20:15:39.0718 0400 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:Windowssystem32DRIVERSHidBatt.sys
    20:15:39.0720 0400 HidBatt – ok
    20:15:39.0731 0400 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:Windowssystem32DRIVERShidbth.sys
    20:15:39.0733 0400 HidBth – ok
    20:15:39.0740 0400 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:Windowssystem32DRIVERShidir.sys
    20:15:39.0742 0400 HidIr – ok
    20:15:39.0751 0400 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:Windowssystem32hidserv.dll
    20:15:39.0753 0400 hidserv – ok
    20:15:39.0760 0400 [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb C:Windowssystem32DRIVERShidusb.sys
    20:15:39.0761 0400 HidUsb – ok
    20:15:39.0780 0400 [ 741C2A45CA8407E374AABA3E330B7872 ] hkmsvc C:Windowssystem32kmsvc.dll
    20:15:39.0782 0400 hkmsvc – ok
    20:15:39.0788 0400 [ A768CA158BB06782A2835B907F4873C3 ] HomeGroupListener C:Windowssystem32ListSvc.dll
    20:15:39.0791 0400 HomeGroupListener – ok
    20:15:39.0819 0400 [ FB08DEC5EF43D0C66D83B8E9694E7549 ] HomeGroupProvider C:Windowssystem32provsvc.dll
    20:15:39.0823 0400 HomeGroupProvider – ok
    20:15:39.0842 0400 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:Windowssystem32DRIVERSHpSAMD.sys
    20:15:39.0844 0400 HpSAMD – ok
    20:15:39.0868 0400 [ C531C7FD9E8B62021112787C4E2C5A5A ] HTTP C:Windowssystem32driversHTTP.sys
    20:15:39.0874 0400 HTTP – ok
    20:15:39.0885 0400 [ 8305F33CDE89AD6C7A0763ED0B5A8D42 ] hwpolicy C:Windowssystem32drivershwpolicy.sys
    20:15:39.0885 0400 hwpolicy – ok
    20:15:39.0907 0400 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:Windowssystem32DRIVERSi8042prt.sys
    20:15:39.0907 0400 i8042prt – ok
    20:15:39.0923 0400 [ 934AF4D7C5F457B9F0743F4299B77B67 ] iaStorV C:Windowssystem32DRIVERSiaStorV.sys
    20:15:39.0923 0400 iaStorV – ok
    20:15:39.0968 0400 [ 5AF815EB5BC9802E5A064E2BA62BFC0C ] idsvc C:WindowsMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe
    20:15:39.0982 0400 idsvc – ok
    20:15:40.0070 0400 [ AD626F6964F4D364D226C39E06872DD3 ] igfx C:Windowssystem32DRIVERSigdkmd32.sys
    20:15:40.0163 0400 igfx – ok
    20:15:40.0175 0400 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:Windowssystem32DRIVERSiirsp.sys
    20:15:40.0177 0400 iirsp – ok
    20:15:40.0209 0400 [ FAC0EE6562B121B1399D6E855583F7A5 ] IKEEXT C:WindowsSystem32ikeext.dll
    20:15:40.0219 0400 IKEEXT – ok
    20:15:40.0300 0400 [ 64ED592EA429C24979C36CB0D42DD6C7 ] IntcAzAudAddService C:Windowssystem32driversRTKVHDA.sys
    20:15:40.0328 0400 IntcAzAudAddService – ok
    20:15:40.0352 0400 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:Windowssystem32DRIVERSintelide.sys
    20:15:40.0353 0400 intelide – ok
    20:15:40.0363 0400 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:Windowssystem32DRIVERSintelppm.sys
    20:15:40.0364 0400 intelppm – ok
    20:15:40.0369 0400 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:Windowssystem32ipbusenum.dll
    20:15:40.0370 0400 IPBusEnum – ok
    20:15:40.0383 0400 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:Windowssystem32DRIVERSipfltdrv.sys
    20:15:40.0385 0400 IpFilterDriver – ok
    20:15:40.0409 0400 [ 477397B432A256A50EE7E4339EB9EA14 ] iphlpsvc C:WindowsSystem32iphlpsvc.dll
    20:15:40.0413 0400 iphlpsvc – ok
    20:15:40.0422 0400 [ E4454B6C37D7FFD5649611F6496308A7 ] IPMIDRV C:Windowssystem32DRIVERSIPMIDrv.sys
    20:15:40.0424 0400 IPMIDRV – ok
    20:15:40.0431 0400 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:Windowssystem32driversipnat.sys
    20:15:40.0433 0400 IPNAT – ok
    20:15:40.0484 0400 [ B84A28B3984185EDA8867541AF14CDDB ] iPod Service C:Program FilesiPodbiniPodService.exe
    20:15:40.0496 0400 iPod Service – ok
    20:15:40.0519 0400 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:Windowssystem32driversirenum.sys
    20:15:40.0520 0400 IRENUM – ok
    20:15:40.0542 0400 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:Windowssystem32DRIVERSisapnp.sys
    20:15:40.0543 0400 isapnp – ok
    20:15:40.0559 0400 [ ED46C223AE46C6866AB77CDC41C404B7 ] iScsiPrt C:Windowssystem32DRIVERSmsiscsi.sys
    20:15:40.0562 0400 iScsiPrt – ok
    20:15:40.0571 0400 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:Windowssystem32DRIVERSkbdclass.sys
    20:15:40.0571 0400 kbdclass – ok
    20:15:40.0583 0400 [ 3D9F0EBF350EDCFD6498057301455964 ] kbdhid C:Windowssystem32DRIVERSkbdhid.sys
    20:15:40.0584 0400 kbdhid – ok
    20:15:40.0599 0400 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] KeyIso C:Windowssystem32lsass.exe
    20:15:40.0600 0400 KeyIso – ok
    20:15:40.0627 0400 [ 0263364ACB9C834ACE52FB85C2C064EC ] KSecDD C:Windowssystem32Driversksecdd.sys
    20:15:40.0628 0400 KSecDD – ok
    20:15:40.0637 0400 [ 27391DB553BE2A4E2B0ADEEA2873B2AF ] KSecPkg C:Windowssystem32Driversksecpkg.sys
    20:15:40.0640 0400 KSecPkg – ok
    20:15:40.0661 0400 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:Windowssystem32msdtckrm.dll
    20:15:40.0668 0400 KtmRm – ok
    20:15:40.0719 0400 [ 8F6BF790D3168224C16F2AF68A84438C ] LanmanServer C:Windowssystem32srvsvc.dll
    20:15:40.0724 0400 LanmanServer – ok
    20:15:40.0746 0400 [ B9891F885DCF1F0513A51CB58493CB1F ] LanmanWorkstation C:WindowsSystem32wkssvc.dll
    20:15:40.0749 0400 LanmanWorkstation – ok
    20:15:40.0775 0400 Lavasoft Kernexplorer – ok
    20:15:40.0840 0400 [ 3AF6B73A3AD1FC37C5933441F66CEB91 ] LBTServ C:Program FilesCommon FileslogishrdBluetoothLBTServ.exe
    20:15:40.0844 0400 LBTServ – ok
    20:15:40.0858 0400 [ 7F9C7B28CF1C859E1C42619EEA946DC8 ] LHidFilt C:Windowssystem32DRIVERSLHidFilt.Sys
    20:15:40.0860 0400 LHidFilt – ok
    20:15:40.0881 0400 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:Windowssystem32DRIVERSlltdio.sys
    20:15:40.0883 0400 lltdio – ok
    20:15:40.0906 0400 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:WindowsSystem32lltdsvc.dll
    20:15:40.0909 0400 lltdsvc – ok
    20:15:40.0921 0400 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:WindowsSystem32lmhsvc.dll
    20:15:40.0923 0400 lmhosts – ok
    20:15:40.0930 0400 [ AB33792A87285344F43B5CE23421BAB0 ] LMouFilt C:Windowssystem32DRIVERSLMouFilt.Sys
    20:15:40.0932 0400 LMouFilt – ok
    20:15:40.0978 0400 [ B10BA06B48A6B55EC395B5F9D80439B8 ] LMS C:Program FilesIntelIntel(R) Management Engine ComponentsLMSLMS.exe
    20:15:40.0978 0400 LMS – ok
    20:15:40.0994 0400 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:Windowssystem32DRIVERSlsi_fc.sys
    20:15:40.0994 0400 LSI_FC – ok
    20:15:41.0021 0400 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:Windowssystem32DRIVERSlsi_sas.sys
    20:15:41.0023 0400 LSI_SAS – ok
    20:15:41.0036 0400 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:Windowssystem32DRIVERSlsi_sas2.sys
    20:15:41.0038 0400 LSI_SAS2 – ok
    20:15:41.0052 0400 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:Windowssystem32DRIVERSlsi_scsi.sys
    20:15:41.0055 0400 LSI_SCSI – ok
    20:15:41.0074 0400 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:Windowssystem32driversluafv.sys
    20:15:41.0076 0400 luafv – ok
    20:15:41.0106 0400 [ 77030525CD86A93F1AF34FA9B96D33CE ] LUsbFilt C:Windowssystem32DriversLUsbFilt.Sys
    20:15:41.0108 0400 LUsbFilt – ok
    20:15:41.0160 0400 [ 1A7DB7A00A4B0D8DA24CD691A4547291 ] LVPr2Mon C:Windowssystem32DRIVERSLVPr2Mon.sys
    20:15:41.0161 0400 LVPr2Mon – ok
    20:15:41.0199 0400 [ 0DDFDCAA92C7F553328DB06BA599BEA9 ] LVPrcSrv C:Program FilesCommon FilesLogiShrdLVMVFMLVPrcSrv.exe
    20:15:41.0202 0400 LVPrcSrv – ok
    20:15:41.0237 0400 [ B895839B8743E400D7C7DAE156F74E7E ] LVRS C:Windowssystem32DRIVERSlvrs.sys
    20:15:41.0246 0400 LVRS – ok
    20:15:41.0272 0400 [ 23F8EF78BB9553E465A476F3CEE5CA18 ] LVUSBSta C:Windowssystem32driversLVUSBSta.sys
    20:15:41.0273 0400 LVUSBSta – ok
    20:15:41.0302 0400 [ E2B0887816ED336685954E3D8FDAA51D ] Mcx2Svc C:Windowssystem32Mcx2Svc.dll
    20:15:41.0306 0400 Mcx2Svc – ok
    20:15:41.0328 0400 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:Windowssystem32DRIVERSmegasas.sys
    20:15:41.0330 0400 megasas – ok
    20:15:41.0343 0400 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:Windowssystem32DRIVERSMegaSR.sys
    20:15:41.0347 0400 MegaSR – ok
    20:15:41.0356 0400 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:Windowssystem32mmcss.dll
    20:15:41.0359 0400 MMCSS – ok
    20:15:41.0368 0400 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:Windowssystem32driversmodem.sys
    20:15:41.0370 0400 Modem – ok
    20:15:41.0383 0400 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:Windowssystem32DRIVERSmonitor.sys
    20:15:41.0384 0400 monitor – ok
    20:15:41.0411 0400 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:Windowssystem32DRIVERSmouclass.sys
    20:15:41.0412 0400 mouclass – ok
    20:15:41.0417 0400 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:Windowssystem32DRIVERSmouhid.sys
    20:15:41.0418 0400 mouhid – ok
    20:15:41.0443 0400 [ 921C18727C5920D6C0300736646931C2 ] mountmgr C:Windowssystem32driversmountmgr.sys
    20:15:41.0444 0400 mountmgr – ok
    20:15:41.0461 0400 [ 2AF5997438C55FB79D33D015C30E1974 ] mpio C:Windowssystem32DRIVERSmpio.sys
    20:15:41.0464 0400 mpio – ok
    20:15:41.0479 0400 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:Windowssystem32driversmpsdrv.sys
    20:15:41.0481 0400 mpsdrv – ok
    20:15:41.0508 0400 [ 5CD996CECF45CBC3E8D109C86B82D69E ] MpsSvc C:Windowssystem32mpssvc.dll
    20:15:41.0517 0400 MpsSvc – ok
    20:15:41.0530 0400 [ B1BE47008D20E43DA3ADC37C24CDB89D ] MRxDAV C:Windowssystem32driversmrxdav.sys
    20:15:41.0533 0400 MRxDAV – ok
    20:15:41.0561 0400 [ CA7570E42522E24324A12161DB14EC02 ] mrxsmb C:Windowssystem32DRIVERSmrxsmb.sys
    20:15:41.0564 0400 mrxsmb – ok
    20:15:41.0580 0400 [ F965C3AB2B2AE5C378F4562486E35051 ] mrxsmb10 C:Windowssystem32DRIVERSmrxsmb10.sys
    20:15:41.0584 0400 mrxsmb10 – ok
    20:15:41.0596 0400 [ 25C38264A3C72594DD21D355D70D7A5D ] mrxsmb20 C:Windowssystem32DRIVERSmrxsmb20.sys
    20:15:41.0598 0400 mrxsmb20 – ok
    20:15:41.0604 0400 [ 4326D168944123F38DD3B2D9C37A0B12 ] msahci C:Windowssystem32DRIVERSmsahci.sys
    20:15:41.0605 0400 msahci – ok
    20:15:41.0617 0400 [ 455029C7174A2DBB03DBA8A0D8BDDD9A ] msdsm C:Windowssystem32DRIVERSmsdsm.sys
    20:15:41.0619 0400 msdsm – ok
    20:15:41.0634 0400 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:WindowsSystem32msdtc.exe
    20:15:41.0638 0400 MSDTC – ok
    20:15:41.0655 0400 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:Windowssystem32driversMsfs.sys
    20:15:41.0656 0400 Msfs – ok
    20:15:41.0661 0400 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:WindowsSystem32driversmshidkmdf.sys
    20:15:41.0662 0400 mshidkmdf – ok
    20:15:41.0667 0400 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:Windowssystem32DRIVERSmsisadrv.sys
    20:15:41.0667 0400 msisadrv – ok
    20:15:41.0687 0400 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:Windowssystem32iscsiexe.dll
    20:15:41.0691 0400 MSiSCSI – ok
    20:15:41.0696 0400 msiserver – ok
    20:15:41.0711 0400 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:Windowssystem32driversMSKSSRV.sys
    20:15:41.0713 0400 MSKSSRV – ok
    20:15:41.0724 0400 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:Windowssystem32driversMSPCLOCK.sys
    20:15:41.0726 0400 MSPCLOCK – ok
    20:15:41.0732 0400 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:Windowssystem32driversMSPQM.sys
    20:15:41.0734 0400 MSPQM – ok
    20:15:41.0749 0400 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:Windowssystem32driversMsRPC.sys
    20:15:41.0752 0400 MsRPC – ok
    20:15:41.0765 0400 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:Windowssystem32DRIVERSmssmbios.sys
    20:15:41.0766 0400 mssmbios – ok
    20:15:41.0782 0400 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:Windowssystem32driversMSTEE.sys
    20:15:41.0784 0400 MSTEE – ok
    20:15:41.0797 0400 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:Windowssystem32DRIVERSMTConfig.sys
    20:15:41.0799 0400 MTConfig – ok
    20:15:41.0811 0400 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:Windowssystem32Driversmup.sys
    20:15:41.0812 0400 Mup – ok
    20:15:41.0833 0400 [ 80284F1985C70C86F0B5F86DA2DFE1DF ] napagent C:Windowssystem32qagentRT.dll
    20:15:41.0840 0400 napagent – ok
    20:15:41.0857 0400 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:Windowssystem32DRIVERSnwifi.sys
    20:15:41.0861 0400 NativeWifiP – ok
    20:15:41.0881 0400 [ 23759D175A0A9BAAF04D05047BC135A8 ] NDIS C:Windowssystem32driversndis.sys
    20:15:41.0891 0400 NDIS – ok
    20:15:41.0909 0400 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:Windowssystem32DRIVERSndiscap.sys
    20:15:41.0912 0400 NdisCap – ok
    20:15:41.0932 0400 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:Windowssystem32DRIVERSndistapi.sys
    20:15:41.0933 0400 NdisTapi – ok
    20:15:41.0940 0400 [ B30AE7F2B6D7E343B0DF32E6C08FCE75 ] Ndisuio C:Windowssystem32DRIVERSndisuio.sys
    20:15:41.0942 0400 Ndisuio – ok
    20:15:41.0957 0400 [ 267C415EADCBE53C9CA873DEE39CF3A4 ] NdisWan C:Windowssystem32DRIVERSndiswan.sys
    20:15:41.0960 0400 NdisWan – ok
    20:15:41.0974 0400 [ AF7E7C63DCEF3F8772726F86039D6EB4 ] NDProxy C:Windowssystem32driversNDProxy.sys
    20:15:41.0976 0400 NDProxy – ok
    20:15:41.0981 0400 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:Windowssystem32DRIVERSnetbios.sys
    20:15:41.0982 0400 NetBIOS – ok
    20:15:41.0997 0400 [ DD52A733BF4CA5AF84562A5E2F963B91 ] NetBT C:Windowssystem32DRIVERSnetbt.sys
    20:15:42.0000 0400 NetBT – ok
    20:15:42.0001 0400 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] Netlogon C:Windowssystem32lsass.exe
    20:15:42.0001 0400 Netlogon – ok
    20:15:42.0048 0400 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:WindowsSystem32netman.dll
    20:15:42.0064 0400 Netman – ok
    20:15:42.0077 0400 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:WindowsSystem32netprofm.dll
    20:15:42.0083 0400 netprofm – ok
    20:15:42.0101 0400 [ FE2AA5A684B0DD9B1FAE57B7817C198B ] NetTcpPortSharing C:WindowsMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe
    20:15:42.0104 0400 NetTcpPortSharing – ok
    20:15:42.0201 0400 [ 58218EC6B61B1169CF54AAB0D00F5FE2 ] netw5v32 C:Windowssystem32DRIVERSnetw5v32.sys
    20:15:42.0283 0400 netw5v32 – ok
    20:15:42.0299 0400 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:Windowssystem32DRIVERSnfrd960.sys
    20:15:42.0300 0400 nfrd960 – ok
    20:15:42.0316 0400 [ 2226496E34BD40734946A054B1CD657F ] NlaSvc C:WindowsSystem32nlasvc.dll
    20:15:42.0319 0400 NlaSvc – ok
    20:15:42.0333 0400 NMIndexingService – ok
    20:15:42.0375 0400 [ 48FB907B069524F2DC7BA62A0762850C ] nmwcd C:Windowssystem32driversccdcmb.sys
    20:15:42.0377 0400 nmwcd – ok
    20:15:42.0403 0400 [ 2914CEB789964141AC6E22C6BC980C42 ] nmwcdc C:Windowssystem32driversccdcmbo.sys
    20:15:42.0405 0400 nmwcdc – ok
    20:15:42.0449 0400 [ 28D40797BCB050321FA6674B08A620C0 ] nmwcdnsu C:Windowssystem32driversnmwcdnsu.sys
    20:15:42.0452 0400 nmwcdnsu – ok
    20:15:42.0460 0400 [ 7804E9747BC27EDDC6A8382BBF35CF25 ] nmwcdnsuc C:Windowssystem32driversnmwcdnsuc.sys
    20:15:42.0462 0400 nmwcdnsuc – ok
    20:15:42.0472 0400 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:Windowssystem32driversNpfs.sys
    20:15:42.0473 0400 Npfs – ok
    20:15:42.0483 0400 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:Windowssystem32nsisvc.dll
    20:15:42.0486 0400 nsi – ok
    20:15:42.0506 0400 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:Windowssystem32driversnsiproxy.sys
    20:15:42.0508 0400 nsiproxy – ok
    20:15:42.0543 0400 [ 3795DCD21F740EE799FB7223234215AF ] Ntfs C:Windowssystem32driversNtfs.sys
    20:15:42.0569 0400 Ntfs – ok
    20:15:42.0581 0400 [ F9756A98D69098DCA8945D62858A812C ] Null C:Windowssystem32driversNull.sys
    20:15:42.0582 0400 Null – ok
    20:15:42.0603 0400 [ 70A7EA12501F003383578D6203FACEDD ] NVHDA C:Windowssystem32driversnvhda32v.sys
    20:15:42.0604 0400 NVHDA – ok
    20:15:42.0764 0400 [ DA01D176B25FF27BEEF20A0717350051 ] nvlddmkm C:Windowssystem32DRIVERSnvlddmkm.sys
    20:15:42.0798 0400 nvlddmkm – ok
    20:15:42.0828 0400 [ 3F3D04B1D08D43C16EA7963954EC768D ] nvraid C:Windowssystem32DRIVERSnvraid.sys
    20:15:42.0830 0400 nvraid – ok
    20:15:42.0847 0400 [ C99F251A5DE63C6F129CF71933ACED0F ] nvstor C:Windowssystem32DRIVERSnvstor.sys
    20:15:42.0851 0400 nvstor – ok
    20:15:42.0878 0400 [ 548A928C618D62640BB404C0C2CD8EE1 ] nvsvc C:Windowssystem32nvvsvc.exe
    20:15:42.0882 0400 nvsvc – ok
    20:15:42.0894 0400 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:Windowssystem32DRIVERSnv_agp.sys
    20:15:42.0896 0400 nv_agp – ok
    20:15:42.0910 0400 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:Windowssystem32DRIVERSohci1394.sys
    20:15:42.0912 0400 ohci1394 – ok
    20:15:42.0932 0400 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:Windowssystem32pnrpsvc.dll
    20:15:42.0937 0400 p2pimsvc – ok
    20:15:42.0946 0400 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:Windowssystem32p2psvc.dll
    20:15:42.0951 0400 p2psvc – ok
    20:15:42.0975 0400 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:Windowssystem32DRIVERSparport.sys
    20:15:42.0977 0400 Parport – ok
    20:15:42.0988 0400 [ FF4218952B51DE44FE910953A3E686B9 ] partmgr C:Windowssystem32driverspartmgr.sys
    20:15:42.0989 0400 partmgr – ok
    20:15:42.0998 0400 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:Windowssystem32DRIVERSparvdm.sys
    20:15:42.0999 0400 Parvdm – ok
    20:15:43.0014 0400 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:WindowsSystem32pcasvc.dll
    20:15:43.0018 0400 PcaSvc – ok
    20:15:43.0057 0400 [ FD2041E9BA03DB7764B2248F02475079 ] pccsmcfd C:Windowssystem32DRIVERSpccsmcfd.sys
    20:15:43.0057 0400 pccsmcfd – ok
    20:15:43.0072 0400 [ C858CB77C577780ECC456A892E7E7D0F ] pci C:Windowssystem32DRIVERSpci.sys
    20:15:43.0072 0400 pci – ok
    20:15:43.0104 0400 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:Windowssystem32DRIVERSpciide.sys
    20:15:43.0104 0400 pciide – ok
    20:15:43.0104 0400 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:Windowssystem32DRIVERSpcmcia.sys
    20:15:43.0120 0400 pcmcia – ok
    20:15:43.0125 0400 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:Windowssystem32driverspcw.sys
    20:15:43.0126 0400 pcw – ok
    20:15:43.0150 0400 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:Windowssystem32driverspeauth.sys
    20:15:43.0158 0400 PEAUTH – ok
    20:15:43.0190 0400 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:Windowssystem32peerdistsvc.dll
    20:15:43.0205 0400 PeerDistSvc – ok
    20:15:43.0222 0400 [ B4D92797D295807D6739637538D01CCB ] pelmouse C:Windowssystem32DRIVERSpelmouse.sys
    20:15:43.0223 0400 pelmouse – ok
    20:15:43.0234 0400 [ 55B3783EBB36B3A64D66279399A555ED ] pelusblf C:Windowssystem32DRIVERSpelusblf.sys
    20:15:43.0235 0400 pelusblf – ok
    20:15:43.0251 0400 [ A05F0D7419CF4680EEDD5736E6549E7B ] pepifilter C:Windowssystem32DRIVERSlv302af.sys
    20:15:43.0252 0400 pepifilter – ok
    20:15:43.0330 0400 [ 4BB5AC2DD485B8EEFCCB977EE66A68AD ] PID_PEPI C:Windowssystem32DRIVERSLV302V32.SYS
    20:15:43.0377 0400 PID_PEPI – ok
    20:15:43.0408 0400 [ 9C1BFF7910C89A1D12E57343475840CB ] pla C:Windowssystem32pla.dll
    20:15:43.0434 0400 pla – ok
    20:15:43.0474 0400 [ 71DEF5EC79774C798342D0EA16E41780 ] PlugPlay C:Windowssystem32umpnpmgr.dll
    20:15:43.0479 0400 PlugPlay – ok
    20:15:43.0488 0400 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:Windowssystem32pnrpauto.dll
    20:15:43.0491 0400 PNRPAutoReg – ok
    20:15:43.0507 0400 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:Windowssystem32pnrpsvc.dll
    20:15:43.0510 0400 PNRPsvc – ok
    20:15:43.0535 0400 [ 48E1B75C6DC0232FD92BAAE4BD344721 ] PolicyAgent C:WindowsSystem32ipsecsvc.dll
    20:15:43.0540 0400 PolicyAgent – ok
    20:15:43.0564 0400 [ DBFF83F709A91049621C1D35DD45C92C ] Power C:Windowssystem32umpo.dll
    20:15:43.0568 0400 Power – ok
    20:15:43.0595 0400 [ 2E069A57306B34C6354EE485CF49FEA9 ] Power Manager DBC Service C:Program FilesThinkPadUtilitiesPWMDBSVC.EXE
    20:15:43.0597 0400 Power Manager DBC Service – ok
    20:15:43.0626 0400 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:Windowssystem32DRIVERSraspptp.sys
    20:15:43.0630 0400 PptpMiniport – ok
    20:15:43.0668 0400 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:Windowssystem32DRIVERSprocessr.sys
    20:15:43.0669 0400 Processor – ok
    20:15:43.0682 0400 [ 630CF26F0227498B7D5A92B12548960F ] ProfSvc C:Windowssystem32profsvc.dll
    20:15:43.0684 0400 ProfSvc – ok
    20:15:43.0695 0400 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] ProtectedStorage C:Windowssystem32lsass.exe
    20:15:43.0696 0400 ProtectedStorage – ok
    20:15:43.0712 0400 [ 72DE205CD4006DC45B1401859C506679 ] psadd C:Windowssystem32DRIVERSpsadd.sys
    20:15:43.0712 0400 psadd – ok
    20:15:43.0721 0400 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:Windowssystem32DRIVERSpacer.sys
    20:15:43.0722 0400 Psched – ok
    20:15:43.0746 0400 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:Windowssystem32DRIVERSql2300.sys
    20:15:43.0764 0400 ql2300 – ok
    20:15:43.0782 0400 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:Windowssystem32DRIVERSql40xx.sys
    20:15:43.0784 0400 ql40xx – ok
    20:15:43.0801 0400 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:Windowssystem32qwave.dll
    20:15:43.0804 0400 QWAVE – ok
    20:15:43.0813 0400 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:Windowssystem32driversqwavedrv.sys
    20:15:43.0814 0400 QWAVEdrv – ok
    20:15:43.0825 0400 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:Windowssystem32DRIVERSrasacd.sys
    20:15:43.0826 0400 RasAcd – ok
    20:15:43.0832 0400 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:Windowssystem32DRIVERSAgileVpn.sys
    20:15:43.0834 0400 RasAgileVpn – ok
    20:15:43.0840 0400 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:WindowsSystem32rasauto.dll
    20:15:43.0843 0400 RasAuto – ok
    20:15:43.0850 0400 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:Windowssystem32DRIVERSrasl2tp.sys
    20:15:43.0851 0400 Rasl2tp – ok
    20:15:43.0863 0400 [ 0CE66EC736B7FC526D78F7624C7D2A94 ] RasMan C:WindowsSystem32rasmans.dll
    20:15:43.0867 0400 RasMan – ok
    20:15:43.0872 0400 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:Windowssystem32DRIVERSraspppoe.sys
    20:15:43.0873 0400 RasPppoe – ok
    20:15:43.0885 0400 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:Windowssystem32DRIVERSrassstp.sys
    20:15:43.0887 0400 RasSstp – ok
    20:15:43.0894 0400 [ 835D7E81BF517A3B72384BDCC85E1CE6 ] rdbss C:Windowssystem32DRIVERSrdbss.sys
    20:15:43.0897 0400 rdbss – ok
    20:15:43.0908 0400 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:Windowssystem32DRIVERSrdpbus.sys
    20:15:43.0909 0400 rdpbus – ok
    20:15:43.0922 0400 [ 1E016846895B15A99F9A176A05029075 ] RDPCDD C:Windowssystem32DRIVERSRDPCDD.sys
    20:15:43.0923 0400 RDPCDD – ok
    20:15:43.0938 0400 [ C5FF95883FFEF704D50C40D21CFB3AB5 ] RDPDR C:Windowssystem32driversrdpdr.sys
    20:15:43.0940 0400 RDPDR – ok
    20:15:43.0950 0400 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:Windowssystem32driversrdpencdd.sys
    20:15:43.0951 0400 RDPENCDD – ok
    20:15:43.0961 0400 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:Windowssystem32driversrdprefmp.sys
    20:15:43.0962 0400 RDPREFMP – ok
    20:15:44.0003 0400 [ 0399C725A9C95A6F1862B93F008DDF4A ] RDPWD C:Windowssystem32driversRDPWD.sys
    20:15:44.0007 0400 RDPWD – ok
    20:15:44.0024 0400 [ 4EA225BF1CF05E158853F30A99CA29A7 ] rdyboost C:Windowssystem32driversrdyboost.sys
    20:15:44.0027 0400 rdyboost – ok
    20:15:44.0052 0400 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:WindowsSystem32mprdim.dll
    20:15:44.0055 0400 RemoteAccess – ok
    20:15:44.0080 0400 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:Windowssystem32regsvc.dll
    20:15:44.0084 0400 RemoteRegistry – ok
    20:15:44.0107 0400 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:Windowssystem32DRIVERSrfcomm.sys
    20:15:44.0110 0400 RFCOMM – ok
    20:15:44.0111 0400 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:WindowsSystem32RpcEpMap.dll
    20:15:44.0127 0400 RpcEptMapper – ok
    20:15:44.0142 0400 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:Windowssystem32locator.exe
    20:15:44.0142 0400 RpcLocator – ok
    20:15:44.0158 0400 [ B82CD39E336973359D7C9BF911E8E84F ] RpcSs C:Windowssystem32rpcss.dll
    20:15:44.0158 0400 RpcSs – ok
    20:15:44.0197 0400 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:Windowssystem32DRIVERSrspndr.sys
    20:15:44.0198 0400 rspndr – ok
    20:15:44.0247 0400 [ 030129520D4C75CBA170E0F0C6040C68 ] RTL8192su C:Windowssystem32DRIVERSRTL8192su.sys
    20:15:44.0253 0400 RTL8192su – ok
    20:15:44.0265 0400 [ 5423D8437051E89DD34749F242C98648 ] s3cap C:Windowssystem32DRIVERSvms3cap.sys
    20:15:44.0267 0400 s3cap – ok
    20:15:44.0279 0400 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] SamSs C:Windowssystem32lsass.exe
    20:15:44.0281 0400 SamSs – ok
    20:15:44.0297 0400 [ 34EE0C44B724E3E4CE2EFF29126DE5B5 ] sbp2port C:Windowssystem32DRIVERSsbp2port.sys
    20:15:44.0300 0400 sbp2port – ok
    20:15:44.0323 0400 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:WindowsSystem32SCardSvr.dll
    20:15:44.0327 0400 SCardSvr – ok
    20:15:44.0339 0400 [ A95C54B2AC3CC9C73FCDF9E51A1D6B51 ] scfilter C:Windowssystem32DRIVERSscfilter.sys
    20:15:44.0340 0400 scfilter – ok
    20:15:44.0380 0400 [ DF1E5C82E4D09CF8105CC644980C4803 ] Schedule C:Windowssystem32schedsvc.dll
    20:15:44.0392 0400 Schedule – ok
    20:15:44.0402 0400 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] SCPolicySvc C:WindowsSystem32certprop.dll
    20:15:44.0403 0400 SCPolicySvc – ok
    20:15:44.0423 0400 [ 7B48CFF3A475FE849DEA65EC4D35C425 ] sdbus C:Windowssystem32DRIVERSsdbus.sys
    20:15:44.0425 0400 sdbus – ok
    20:15:44.0441 0400 [ 5FD90ABDBFAEE85986802622CBB03446 ] SDRSVC C:WindowsSystem32SDRSVC.dll
    20:15:44.0446 0400 SDRSVC – ok
    20:15:44.0468 0400 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:Windowssystem32driverssecdrv.sys
    20:15:44.0470 0400 secdrv – ok
    20:15:44.0484 0400 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:Windowssystem32seclogon.dll
    20:15:44.0488 0400 seclogon – ok
    20:15:44.0504 0400 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:WindowsSystem32sens.dll
    20:15:44.0508 0400 SENS – ok
    20:15:44.0513 0400 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:Windowssystem32sensrsvc.dll
    20:15:44.0516 0400 SensrSvc – ok
    20:15:44.0531 0400 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:Windowssystem32DRIVERSserenum.sys
    20:15:44.0532 0400 Serenum – ok
    20:15:44.0553 0400 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:Windowssystem32DRIVERSserial.sys
    20:15:44.0555 0400 Serial – ok
    20:15:44.0562 0400 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:Windowssystem32DRIVERSsermouse.sys
    20:15:44.0564 0400 sermouse – ok
    20:15:44.0624 0400 [ 7D3903AF48E6C1DC2704EAFCB608D031 ] ServiceLayer C:Program FilesPC Connectivity SolutionServiceLayer.exe
    20:15:44.0634 0400 ServiceLayer – ok
    20:15:44.0655 0400 [ 8F55CE568C543D5ADF45C409D16718FC ] SessionEnv C:Windowssystem32sessenv.dll
    20:15:44.0659 0400 SessionEnv – ok
    20:15:44.0666 0400 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:Windowssystem32DRIVERSsffdisk.sys
    20:15:44.0668 0400 sffdisk – ok
    20:15:44.0676 0400 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:Windowssystem32DRIVERSsffp_mmc.sys
    20:15:44.0678 0400 sffp_mmc – ok
    20:15:44.0685 0400 [ 4F1E5B0FE7C8050668DBFADE8999AEFB ] sffp_sd C:Windowssystem32DRIVERSsffp_sd.sys
    20:15:44.0687 0400 sffp_sd – ok
    20:15:44.0691 0400 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:Windowssystem32DRIVERSsfloppy.sys
    20:15:44.0692 0400 sfloppy – ok
    20:15:44.0706 0400 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:WindowsSystem32ipnathlp.dll
    20:15:44.0710 0400 SharedAccess – ok
    20:15:44.0728 0400 [ CD2E48FA5B29EE2B3B5858056D246EF2 ] ShellHWDetection C:WindowsSystem32shsvcs.dll
    20:15:44.0733 0400 ShellHWDetection – ok
    20:15:44.0749 0400 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:Windowssystem32DRIVERSsisagp.sys
    20:15:44.0751 0400 sisagp – ok
    20:15:44.0764 0400 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:Windowssystem32DRIVERSSiSRaid2.sys
    20:15:44.0766 0400 SiSRaid2 – ok
    20:15:44.0776 0400 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:Windowssystem32DRIVERSsisraid4.sys
    20:15:44.0778 0400 SiSRaid4 – ok
    20:15:44.0856 0400 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:Program FilesSkypeUpdaterUpdater.exe
    20:15:44.0859 0400 SkypeUpdate – ok
    20:15:44.0875 0400 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:Windowssystem32DRIVERSsmb.sys
    20:15:44.0878 0400 Smb – ok
    20:15:44.0902 0400 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:WindowsSystem32snmptrap.exe
    20:15:44.0905 0400 SNMPTRAP – ok
    20:15:44.0913 0400 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:Windowssystem32driversspldr.sys
    20:15:44.0914 0400 spldr – ok
    20:15:44.0957 0400 [ D1BB750EB51694DE183E08B9C33BE5B2 ] Spooler C:WindowsSystem32spoolsv.exe
    20:15:44.0963 0400 Spooler – ok
    20:15:45.0027 0400 [ 4C287F9069FEDBD791178876EE9DE536 ] sppsvc C:Windowssystem32sppsvc.exe
    20:15:45.0082 0400 sppsvc – ok
    20:15:45.0107 0400 [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7 ] sppuinotify C:Windowssystem32sppuinotify.dll
    20:15:45.0110 0400 sppuinotify – ok
    20:15:45.0147 0400 [ CDDDEC541BC3C96F91ECB48759673505 ] sptd C:WindowsSystem32Driverssptd.sys
    20:15:45.0157 0400 sptd – ok
    20:15:45.0183 0400 [ D2F4F32B59440011174B4F8137AF4E0C ] SQLWriter c:Program FilesMicrosoft SQL Server90Sharedsqlwriter.exe
    20:15:45.0183 0400 SQLWriter – ok
    20:15:45.0235 0400 [ C4A027B8C0BD3FC0699F41FA5E9E0C87 ] srv C:Windowssystem32DRIVERSsrv.sys
    20:15:45.0240 0400 srv – ok
    20:15:45.0253 0400 [ 414BB592CAD8A79649D01F9D94318FB3 ] srv2 C:Windowssystem32DRIVERSsrv2.sys
    20:15:45.0257 0400 srv2 – ok
    20:15:45.0282 0400 [ E00FDFAFF025E94F9821153750C35A6D ] SrvHsfHDA C:Windowssystem32DRIVERSVSTAZL3.SYS
    20:15:45.0286 0400 SrvHsfHDA – ok
    20:15:45.0309 0400 [ CEB4E3B6890E1E42DCA6694D9E59E1A0 ] SrvHsfV92 C:Windowssystem32DRIVERSVSTDPV3.SYS
    20:15:45.0325 0400 SrvHsfV92 – ok
    20:15:45.0349 0400 [ BC0C7EA89194C299F051C24119000E17 ] SrvHsfWinac C:Windowssystem32DRIVERSVSTCNXT3.SYS
    20:15:45.0359 0400 SrvHsfWinac – ok
    20:15:45.0389 0400 [ FF207D67700AA18242AAF985D3E7D8F4 ] srvnet C:Windowssystem32DRIVERSsrvnet.sys
    20:15:45.0392 0400 srvnet – ok
    20:15:45.0409 0400 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:WindowsSystem32ssdpsrv.dll
    20:15:45.0414 0400 SSDPSRV – ok
    20:15:45.0424 0400 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:Windowssystem32sstpsvc.dll
    20:15:45.0428 0400 SstpSvc – ok
    20:15:45.0441 0400 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:Windowssystem32DRIVERSstexstor.sys
    20:15:45.0443 0400 stexstor – ok
    20:15:45.0467 0400 [ A22825E7BB7018E8AF3E229A5AF17221 ] StiSvc C:WindowsSystem32wiaservc.dll
    20:15:45.0474 0400 StiSvc – ok
    20:15:45.0493 0400 [ 957E346CA948668F2496A6CCF6FF82CC ] storflt C:Windowssystem32DRIVERSvmstorfl.sys
    20:15:45.0494 0400 storflt – ok
    20:15:45.0501 0400 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:Windowssystem32storsvc.dll
    20:15:45.0504 0400 StorSvc – ok
    20:15:45.0517 0400 [ D5751969DC3E4B88BF482AC8EC9FE019 ] storvsc C:Windowssystem32DRIVERSstorvsc.sys
    20:15:45.0519 0400 storvsc – ok
    20:15:45.0565 0400 [ 6EA2F517373771CAC5188E82617C9C0B ] SUService C:Program FilesLenovoSystem UpdateSUService.exe
    20:15:45.0566 0400 SUService – ok
    20:15:45.0573 0400 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:Windowssystem32DRIVERSswenum.sys
    20:15:45.0574 0400 swenum – ok
    20:15:45.0588 0400 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:WindowsSystem32swprv.dll
    20:15:45.0594 0400 swprv – ok
    20:15:45.0625 0400 [ 04105C8DA62353589C29BDAEB8D88BD8 ] SysMain C:Windowssystem32sysmain.dll
    20:15:45.0651 0400 SysMain – ok
    20:15:45.0673 0400 [ FCFB6C552FBC0DA299799CBD50AD9FD4 ] TabletInputService C:WindowsSystem32TabSvc.dll
    20:15:45.0678 0400 TabletInputService – ok
    20:15:45.0689 0400 [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF ] TapiSrv C:WindowsSystem32tapisrv.dll
    20:15:45.0695 0400 TapiSrv – ok
    20:15:45.0710 0400 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:WindowsSystem32tbssvc.dll
    20:15:45.0714 0400 TBS – ok
    20:15:45.0763 0400 [ 56C198AC82EFA622DD93E9E43575F79C ] Tcpip C:Windowssystem32driverstcpip.sys
    20:15:45.0789 0400 Tcpip – ok
    20:15:45.0830 0400 [ 56C198AC82EFA622DD93E9E43575F79C ] TCPIP6 C:Windowssystem32DRIVERStcpip.sys
    20:15:45.0841 0400 TCPIP6 – ok
    20:15:45.0865 0400 [ E64444523ADD154F86567C469BC0B17F ] tcpipreg C:Windowssystem32driverstcpipreg.sys
    20:15:45.0867 0400 tcpipreg – ok
    20:15:45.0876 0400 [ 1875C1490D99E70E449E3AFAE9FCBADF ] TDPIPE C:Windowssystem32driverstdpipe.sys
    20:15:45.0877 0400 TDPIPE – ok
    20:15:45.0920 0400 [ 7156308896D34EA75A582F9A09E50C17 ] TDTCP C:Windowssystem32driverstdtcp.sys
    20:15:45.0922 0400 TDTCP – ok
    20:15:45.0934 0400 [ CB39E896A2A83702D1737BFD402B3542 ] tdx C:Windowssystem32DRIVERStdx.sys
    20:15:45.0936 0400 tdx – ok
    20:15:46.0019 0400 [ 0F0FEDEB1BEF118CF676B1E5BBB0FE9A ] TeamViewer6 C:Program FilesTeamViewerVersion6TeamViewer_Service.exe
    20:15:46.0038 0400 TeamViewer6 – ok
    20:15:46.0052 0400 [ C36F41EE20E6999DBF4B0425963268A5 ] TermDD C:Windowssystem32DRIVERStermdd.sys
    20:15:46.0053 0400 TermDD – ok
    20:15:46.0072 0400 [ A01E50A04D7B1960B33E92B9080E6A94 ] TermService C:WindowsSystem32termsrv.dll
    20:15:46.0080 0400 TermService – ok
    20:15:46.0087 0400 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:Windowssystem32themeservice.dll
    20:15:46.0090 0400 Themes – ok
    20:15:46.0146 0400 [ 39AC444E07FDBD8C2E8E291A65D515D3 ] ThinkVantage Registry Monitor Service C:Program FilesCommon FilesLenovotvt_reg_monitor_svc.exe
    20:15:46.0157 0400 ThinkVantage Registry Monitor Service – ok
    20:15:46.0168 0400 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:Windowssystem32mmcss.dll
    20:15:46.0169 0400 THREADORDER – ok
    20:15:46.0188 0400 [ 5AD05191DC8B444A7BA4D79B76C42A30 ] TPM C:Windowssystem32driverstpm.sys
    20:15:46.0189 0400 TPM – ok
    20:15:46.0195 0400 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:WindowsSystem32trkwks.dll
    20:15:46.0198 0400 TrkWks – ok
    20:15:46.0222 0400 [ 41A4C781D2286208D397D72099304133 ] TrustedInstaller C:WindowsservicingTrustedInstaller.exe
    20:15:46.0238 0400 TrustedInstaller – ok
    20:15:46.0238 0400 [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242 ] tssecsrv C:Windowssystem32DRIVERStssecsrv.sys
    20:15:46.0238 0400 tssecsrv – ok
    20:15:46.0253 0400 [ 3E461D890A97F9D4C168F5FDA36E1D00 ] tunnel C:Windowssystem32DRIVERStunnel.sys
    20:15:46.0253 0400 tunnel – ok
    20:15:46.0315 0400 [ B56DA1AA776C15043D10F82B32AA000D ] TVT Backup Service C:Program FilesLenovoRescue and Recoveryrrservice.exe
    20:15:46.0341 0400 TVT Backup Service – ok
    20:15:46.0368 0400 [ 3078906E991F29305E8066911153717E ] TVTI2C C:Windowssystem32DRIVERSTvti2c.sys
    20:15:46.0369 0400 TVTI2C – ok
    20:15:46.0384 0400 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:Windowssystem32DRIVERSuagp35.sys
    20:15:46.0387 0400 uagp35 – ok
    20:15:46.0399 0400 [ 09CC3E16F8E5EE7168E01CF8FCBE061A ] udfs C:Windowssystem32DRIVERSudfs.sys
    20:15:46.0403 0400 udfs – ok
    20:15:46.0421 0400 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:Windowssystem32UI0Detect.exe
    20:15:46.0423 0400 UI0Detect – ok
    20:15:46.0446 0400 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:Windowssystem32DRIVERSuliagpkx.sys
    20:15:46.0447 0400 uliagpkx – ok
    20:15:46.0454 0400 [ 049B3A50B3D646BAEEEE9EEC9B0668DC ] umbus C:Windowssystem32DRIVERSumbus.sys
    20:15:46.0455 0400 umbus – ok
    20:15:46.0465 0400 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:Windowssystem32DRIVERSumpass.sys
    20:15:46.0467 0400 UmPass – ok
    20:15:46.0481 0400 [ 8ECACA5454844F66386F7BE4AE0D7CD1 ] UmRdpService C:WindowsSystem32umrdp.dll
    20:15:46.0485 0400 UmRdpService – ok
    20:15:46.0533 0400 [ 40C7C20D2D1798EEB68EEFD606C20689 ] UNS C:Program FilesIntelIntel(R) Management Engine ComponentsUNSUNS.exe
    20:15:46.0568 0400 UNS – ok
    20:15:46.0580 0400 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:WindowsSystem32upnphost.dll
    20:15:46.0584 0400 upnphost – ok
    20:15:46.0619 0400 [ E526A166E6ACAFD0A9B3841D3941669E ] upperdev C:Windowssystem32DRIVERSusbser_lowerflt.sys
    20:15:46.0621 0400 upperdev – ok
    20:15:46.0636 0400 [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL C:Windowssystem32Driversusbaapl.sys
    20:15:46.0638 0400 USBAAPL – ok
    20:15:46.0665 0400 [ 2436A42AAB4AD48A9B714E5B0F344627 ] usbaudio C:Windowssystem32driversusbaudio.sys
    20:15:46.0667 0400 usbaudio – ok
    20:15:46.0691 0400 [ 8455C4ED038EFD09E99327F9D2D48FFA ] usbccgp C:Windowssystem32DRIVERSusbccgp.sys
    20:15:46.0693 0400 usbccgp – ok
    20:15:46.0712 0400 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:Windowssystem32DRIVERSusbcir.sys
    20:15:46.0714 0400 usbcir – ok
    20:15:46.0729 0400 [ 1C333BFD60F2FED2C7AD5DAF533CB742 ] usbehci C:Windowssystem32DRIVERSusbehci.sys
    20:15:46.0731 0400 usbehci – ok
    20:15:46.0741 0400 [ EE6EF93CCFA94FAE8C6AB298273D8AE2 ] usbhub C:Windowssystem32DRIVERSusbhub.sys
    20:15:46.0745 0400 usbhub – ok
    20:15:46.0753 0400 [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci C:Windowssystem32DRIVERSusbohci.sys
    20:15:46.0754 0400 usbohci – ok
    20:15:46.0772 0400 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:Windowssystem32DRIVERSusbprint.sys
    20:15:46.0773 0400 usbprint – ok
    20:15:46.0800 0400 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:Windowssystem32DRIVERSusbscan.sys
    20:15:46.0802 0400 usbscan – ok
    20:15:46.0842 0400 [ 88701ECA76145E2C011C0EEFF0F7B70E ] usbser C:Windowssystem32DRIVERSusbser.sys
    20:15:46.0844 0400 usbser – ok
    20:15:46.0861 0400 [ 6F3E3C6811B930D2414552A2E4A40F36 ] UsbserFilt C:Windowssystem32DRIVERSusbser_lowerfltj.sys
    20:15:46.0863 0400 UsbserFilt – ok
    20:15:46.0869 0400 [ D8889D56E0D27E57ED4591837FE71D27 ] USBSTOR C:Windowssystem32DRIVERSUSBSTOR.SYS
    20:15:46.0871 0400 USBSTOR – ok
    20:15:46.0881 0400 [ 78780C3EBCE17405B1CCD07A3A8A7D72 ] usbuhci C:Windowssystem32DRIVERSusbuhci.sys
    20:15:46.0883 0400 usbuhci – ok
    20:15:46.0897 0400 [ F642A7E4BF78CFA359CCA0A3557C28D7 ] usbvideo C:Windowssystem32Driversusbvideo.sys
    20:15:46.0899 0400 usbvideo – ok
    20:15:46.0922 0400 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:WindowsSystem32uxsms.dll
    20:15:46.0925 0400 UxSms – ok
    20:15:46.0934 0400 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] VaultSvc C:Windowssystem32lsass.exe
    20:15:46.0936 0400 VaultSvc – ok
    20:15:46.0951 0400 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:Windowssystem32DRIVERSvdrvroot.sys
    20:15:46.0952 0400 vdrvroot – ok
    20:15:46.0964 0400 [ 8C4E7C49D3641BC9E299E466A7F8867D ] vds C:WindowsSystem32vds.exe
    20:15:46.0971 0400 vds – ok
    20:15:46.0984 0400 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:Windowssystem32DRIVERSvgapnp.sys
    20:15:46.0986 0400 vga – ok
    20:15:46.0994 0400 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:WindowsSystem32driversvga.sys
    20:15:46.0995 0400 VgaSave – ok
    20:15:47.0008 0400 [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583 ] vhdmp C:Windowssystem32DRIVERSvhdmp.sys
    20:15:47.0011 0400 vhdmp – ok
    20:15:47.0036 0400 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:Windowssystem32DRIVERSviaagp.sys
    20:15:47.0039 0400 viaagp – ok
    20:15:47.0053 0400 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:Windowssystem32DRIVERSviac7.sys
    20:15:47.0055 0400 ViaC7 – ok
    20:15:47.0070 0400 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:Windowssystem32DRIVERSviaide.sys
    20:15:47.0071 0400 viaide – ok
    20:15:47.0080 0400 [ 379B349F65F453D2A6E75EA6B7448E49 ] vmbus C:Windowssystem32DRIVERSvmbus.sys
    20:15:47.0084 0400 vmbus – ok
    20:15:47.0095 0400 [ EC2BBAB4B84D0738C6C83D2234DC36FE ] VMBusHID C:Windowssystem32DRIVERSVMBusHID.sys
    20:15:47.0097 0400 VMBusHID – ok
    20:15:47.0109 0400 [ 384E5A2AA49934295171E499F86BA6F3 ] volmgr C:Windowssystem32DRIVERSvolmgr.sys
    20:15:47.0110 0400 volmgr – ok
    20:15:47.0117 0400 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:Windowssystem32driversvolmgrx.sys
    20:15:47.0120 0400 volmgrx – ok
    20:15:47.0126 0400 [ 58DF9D2481A56EDDE167E51B334D44FD ] volsnap C:Windowssystem32DRIVERSvolsnap.sys
    20:15:47.0129 0400 volsnap – ok
    20:15:47.0147 0400 [ 33E74DF34753FCAAB06F6F2BDC8CABF5 ] vpcbus C:Windowssystem32DRIVERSvpchbus.sys
    20:15:47.0149 0400 vpcbus – ok
    20:15:47.0171 0400 [ 5F04362CEB5FB5901037E9D9EADD3760 ] vpcnfltr C:Windowssystem32DRIVERSvpcnfltr.sys
    20:15:47.0172 0400 vpcnfltr – ok
    20:15:47.0192 0400 [ 625088D6EE9EDE977FD03CF18D1CD5C5 ] vpcusb C:Windowssystem32DRIVERSvpcusb.sys
    20:15:47.0194 0400 vpcusb – ok
    20:15:47.0212 0400 [ B21E23C100D6D5162B95CF6F05B4E035 ] vpcvmm C:Windowssystem32driversvpcvmm.sys
    20:15:47.0215 0400 vpcvmm – ok
    20:15:47.0238 0400 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:Windowssystem32DRIVERSvsmraid.sys
    20:15:47.0241 0400 vsmraid – ok
    20:15:47.0277 0400 [ 7EA2BCD94D9CFAF4C556F5CC94532A6C ] VSS C:Windowssystem32vssvc.exe
    20:15:47.0277 0400 VSS – ok
    20:15:47.0292 0400 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:Windowssystem32DRIVERSvwifibus.sys
    20:15:47.0292 0400 vwifibus – ok
    20:15:47.0323 0400 [ 7090D3436EEB4E7DA3373090A23448F7 ] VWiFiFlt C:Windowssystem32DRIVERSvwififlt.sys
    20:15:47.0323 0400 VWiFiFlt – ok
    20:15:47.0340 0400 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:Windowssystem32DRIVERSvwifimp.sys
    20:15:47.0341 0400 vwifimp – ok
    20:15:47.0365 0400 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:Windowssystem32w32time.dll
    20:15:47.0370 0400 W32Time – ok
    20:15:47.0385 0400 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:Windowssystem32DRIVERSwacompen.sys
    20:15:47.0387 0400 WacomPen – ok
    20:15:47.0407 0400 [ 692A712062146E96D28BA0B7D75DE31B ] WANARP C:Windowssystem32DRIVERSwanarp.sys
    20:15:47.0409 0400 WANARP – ok
    20:15:47.0412 0400 [ 692A712062146E96D28BA0B7D75DE31B ] Wanarpv6 C:Windowssystem32DRIVERSwanarp.sys
    20:15:47.0413 0400 Wanarpv6 – ok
    20:15:47.0477 0400 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:Windowssystem32WatWatAdminSvc.exe
    20:15:47.0501 0400 WatAdminSvc – ok
    20:15:47.0536 0400 [ 7790B77FE1E5EE47DCC66247095BB4C9 ] wbengine C:Windowssystem32wbengine.exe
    20:15:47.0562 0400 wbengine – ok
    20:15:47.0574 0400 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:WindowsSystem32wbiosrvc.dll
    20:15:47.0578 0400 WbioSrvc – ok
    20:15:47.0587 0400 [ D0F88AA11EE1A62BCC6D6A8A7783CA11 ] wcncsvc C:WindowsSystem32wcncsvc.dll
    20:15:47.0592 0400 wcncsvc – ok
    20:15:47.0600 0400 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:WindowsSystem32WcsPlugInService.dll
    20:15:47.0603 0400 WcsPlugInService – ok
    20:15:47.0622 0400 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:Windowssystem32DRIVERSwd.sys
    20:15:47.0624 0400 Wd – ok
    20:15:47.0644 0400 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:Windowssystem32driversWdf01000.sys
    20:15:47.0649 0400 Wdf01000 – ok
    20:15:47.0663 0400 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:Windowssystem32wdi.dll
    20:15:47.0667 0400 WdiServiceHost – ok
    20:15:47.0670 0400 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:Windowssystem32wdi.dll
    20:15:47.0672 0400 WdiSystemHost – ok
    20:15:47.0686 0400 [ D87C7D2C517F82A5AB7A73E203063D9E ] WebClient C:WindowsSystem32webclnt.dll
    20:15:47.0691 0400 WebClient – ok
    20:15:47.0697 0400 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:Windowssystem32wecsvc.dll
    20:15:47.0701 0400 Wecsvc – ok
    20:15:47.0705 0400 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:WindowsSystem32wercplsupport.dll
    20:15:47.0708 0400 wercplsupport – ok
    20:15:47.0723 0400 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:WindowsSystem32WerSvc.dll
    20:15:47.0726 0400 WerSvc – ok
    20:15:47.0743 0400 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:Windowssystem32DRIVERSwfplwf.sys
    20:15:47.0745 0400 WfpLwf – ok
    20:15:47.0752 0400 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:Windowssystem32driverswimmount.sys
    20:15:47.0753 0400 WIMMount – ok
    20:15:47.0808 0400 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:Program FilesWindows Defendermpsvc.dll
    20:15:47.0817 0400 WinDefend – ok
    20:15:47.0823 0400 WinHttpAutoProxySvc – ok
    20:15:47.0855 0400 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:Windowssystem32wbemWMIsvc.dll
    20:15:47.0858 0400 Winmgmt – ok
    20:15:47.0899 0400 [ C4F5D3901D1B41D602DDC196E0B95B51 ] WinRM C:Windowssystem32WsmSvc.dll
    20:15:47.0924 0400 WinRM – ok
    20:15:47.0978 0400 [ 30FC6E5448D0CBAAA95280EEEF7FEDAE ] WinUsb C:Windowssystem32DRIVERSWinUsb.sys
    20:15:47.0981 0400 WinUsb – ok
    20:15:48.0006 0400 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:WindowsSystem32wlansvc.dll
    20:15:48.0017 0400 Wlansvc – ok
    20:15:48.0037 0400 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:Windowssystem32DRIVERSwmiacpi.sys
    20:15:48.0038 0400 WmiAcpi – ok
    20:15:48.0052 0400 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:Windowssystem32wbemWmiApSrv.exe
    20:15:48.0054 0400 wmiApSrv – ok
    20:15:48.0100 0400 [ 77FBD400984CF72BA0FC4B3489D65F74 ] WMPNetworkSvc C:Program FilesWindows Media Playerwmpnetwk.exe
    20:15:48.0127 0400 WMPNetworkSvc – ok
    20:15:48.0132 0400 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:WindowsSystem32wpcsvc.dll
    20:15:48.0135 0400 WPCSvc – ok
    20:15:48.0148 0400 [ B7F658A2EBC07129538AD9AB35212637 ] WPDBusEnum C:Windowssystem32wpdbusenum.dll
    20:15:48.0152 0400 WPDBusEnum – ok
    20:15:48.0171 0400 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:Windowssystem32driversws2ifsl.sys
    20:15:48.0173 0400 ws2ifsl – ok
    20:15:48.0183 0400 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:WindowsSystem32wscsvc.dll
    20:15:48.0186 0400 wscsvc – ok
    20:15:48.0190 0400 WSearch – ok
    20:15:48.0247 0400 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:Windowssystem32wuaueng.dll
    20:15:48.0281 0400 wuauserv – ok
    20:15:48.0295 0400 [ 6F9B6C0C93232CFF47D0F72D6DB1D21E ] WudfPf C:Windowssystem32driversWudfPf.sys
    20:15:48.0297 0400 WudfPf – ok
    20:15:48.0314 0400 [ F91FF1E51FCA30B3C3981DB7D5924252 ] WUDFRd C:Windowssystem32DRIVERSWUDFRd.sys
    20:15:48.0316 0400 WUDFRd – ok
    20:15:48.0321 0400 [ DDEE3682FE97037C45F4D7AB467CB8B6 ] wudfsvc C:WindowsSystem32WUDFSvc.dll
    20:15:48.0324 0400 wudfsvc – ok
    20:15:48.0332 0400 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:WindowsSystem32wwansvc.dll
    20:15:48.0332 0400 WwanSvc – ok
    20:15:48.0348 0400 ================ Scan global ===============================
    20:15:48.0379 0400 [ 9A595DF601070DA78C40481120DD2C06 ] C:Windowssystem32basesrv.dll
    20:15:48.0411 0400 [ 008F51AE989C3DF1CBAF8B39DC423CCC ] C:Windowssystem32winsrv.dll
    20:15:48.0421 0400 [ 008F51AE989C3DF1CBAF8B39DC423CCC ] C:Windowssystem32winsrv.dll
    20:15:48.0444 0400 [ 364455805E64882844EE9ACB72522830 ] C:Windowssystem32sxssrv.dll
    20:15:48.0462 0400 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:Windowssystem32services.exe
    20:15:48.0467 0400 [Global] – ok
    20:15:48.0467 0400 ================ Scan MBR ==================================
    20:15:48.0478 0400 [ C3C1D61778E5FF92FA3C9EEFB5D5238C ] DeviceHarddisk0DR0
    20:15:48.0589 0400 DeviceHarddisk0DR0 – ok
    20:15:48.0590 0400 ================ Scan VBR ==================================
    20:15:48.0592 0400 [ CD8E851C16072BE46381D44FDA90A6C6 ] DeviceHarddisk0DR0Partition1
    20:15:48.0594 0400 DeviceHarddisk0DR0Partition1 – ok
    20:15:48.0617 0400 [ 57EFF0CFD5EC258F935C57EFD5D672B2 ] DeviceHarddisk0DR0Partition2
    20:15:48.0619 0400 DeviceHarddisk0DR0Partition2 – ok
    20:15:48.0646 0400 [ C0C976F124E439D3ECEE4F642A07DF5F ] DeviceHarddisk0DR0Partition3
    20:15:48.0649 0400 DeviceHarddisk0DR0Partition3 – ok
    20:15:48.0650 0400 ============================================================
    20:15:48.0650 0400 Scan finished
    20:15:48.0650 0400 ============================================================
    20:15:48.0661 3936 Detected object count: 1
    20:15:48.0661 3936 Actual detected object count: 1
    20:17:20.0863 3936 Akamai ( HiddenFile.Multi.Generic ) – skipped by user
    20:17:20.0863 3936 Akamai ( HiddenFile.Multi.Generic ) – User select action: Skip

    #99510

    Better to never delete folders/files until you are very sure the program is not still active – it may cripple things. We will deal with Norton as we go.

    20:17:20.0863 3936 Akamai ( HiddenFile.Multi.Generic ) – skipped by user
    20:17:20.0863 3936 Akamai ( HiddenFile.Multi.Generic ) – User select action: Skip

    Yes, that was a good choice you made. Let’s see what we have missed.

    Be sure to continue to temporarily disable any protective software when running the scan tools we use here.

    Download ComboFix.exe from here to your desktop, then click that to run that scan. Agree to any warnings you might receive.

    A caution – do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

    Allow the scan to run. When completed a text window will appear – please copy/paste the contents back here. This log can also be found at C:ComboFix.txt.

    #99517

    The ComboFix log:
    ComboFix 12-09-27.03 – Mateja 27.09.2012 18:12:55.1.4 – x86
    Microsoft Windows 7 Professional 6.1.7600.0.1250.386.1060.18.3006.1804 [GMT 2:00]
    Running from: c:usersMatejaDownloadsChromeComboFix.exe
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:windowssystem32Thumbs.db
    c:windowsTEMPlogishrdLVPrcInj01.dll
    Q:Autorun.inf
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-08-27 to 2012-09-27 )))))))))))))))))))))))))))))))
    .
    .
    2012-09-06 18:31 . 2012-09-06 18:31 ——– d—–w- c:usersMatejaAppDataLocalLogiShrd
    2012-08-29 11:44 . 2012-08-29 11:44 ——– d—–w- C:_SMA
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
    “Sidebar”=”c:program filesWindows Sidebarsidebar.exe” [2009-07-14 1173504]
    “Akamai NetSession Interface”=”c:usersMatejaAppDataLocalAkamainetsession_win.exe” [2012-08-10 4440896]
    “Skype”=”c:program filesSkypePhoneSkype.exe” [2012-07-13 17418928]
    .
    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
    “RtHDVCpl”=”c:program filesRealtekAudioHDARtHDVCpl.exe” [2009-11-09 7866912]
    “IMSS”=”c:program filesIntelIntel(R) Management Engine ComponentsIMSSPIconStartup.exe” [2009-12-09 111640]
    “Mouse Suite 98 Daemon”=”c:program filesLenovoMouse SuiteICO.EXE” [2009-11-04 98304]
    “PWMTRV”=”c:progra~1ThinkPadUTILIT~1PWMTR32V.DLL” [2009-09-21 622592]
    “Power Manager Power Agenda”=”c:progra~1ThinkPadUTILIT~1DPMHost.exe” [2009-10-16 72256]
    “Message Center Plus”=”c:program filesLENOVOMessage Center PlusMCPLaunch.exe” [2009-05-28 49976]
    “Kernel and Hardware Abstraction Layer”=”KHALMNPR.EXE” [2009-06-17 55824]
    “AutoEJCD_0ACE20FF”=”c:program filesAutoInstallZD1211B_Auto_Install_CD_Only_Gen_0ACE20FFAutoEJCD.EXE” [2011-07-30 40960]
    “LogitechQuickCamRibbon”=”c:program filesLogitechLogitech WebCam SoftwareLWS.exe” [2009-10-14 2793304]
    .
    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunOnce]
    “AvgUninstallURL”=”start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg&inst=NzctNjMxNDM2NDI3LVRCOSsyLUZMKzktRjEwTSs1LVgyMDEwKzItUUlYMSs0LUxJQys3Ny1TUDErMS1GTDEwKzEtVFVHKzMtU1AxUzIrMS1TVUQrMS1TMUkrMS1TVTMrMS1ERFQrMzM2MTItTFNEKzItREQxMEYrMS1TVDEwRkFQUCsxLUYxME0xMkROKzEtVEIrMS1VMTArMS1GMTBUQisyLVNUMTBUQkYrMS1GMTBNMTJUQSsxLVZJUDEyKzEtVEwrMS1GMTBNMTJSKzE&prod=90&ver=10.0.1427” [?]
    .
    [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
    “ConsentPromptBehaviorAdmin”= 5 (0x5)
    “ConsentPromptBehaviorUser”= 3 (0x3)
    “EnableUIADesktopToggle”= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyLBTWlgn]
    2009-07-20 10:28 72208 —-a-w- c:program filesCommon FileslogishrdBluetoothLBTWLgn.dll
    .
    [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNokiaMServer]
    c:program filesCommon FilesNokiaMPlatformNokiaMServer [X]
    .
    [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDAEMON Tools Lite]
    2009-10-30 11:57 369200 —-a-w- c:program filesDAEMON Tools LiteDTLite.exe
    .
    [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregGoogle Update]
    2010-03-23 20:02 136176 —-atw- c:usersMatejaAppDataLocalGoogleUpdateGoogleUpdate.exe
    .
    [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregiTunesHelper]
    2011-06-07 15:51 421160 —-a-w- c:program filesiTunesiTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregQuickTime Task]
    2010-11-29 16:38 421888 —-a-w- c:program filesQuickTimeQTTask.exe
    .
    [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSunJavaUpdateSched]
    2011-06-09 12:06 254696 —-a-w- c:program filesCommon FilesJavaJava Updatejusched.exe
    .
    R2 SkypeUpdate;Skype Updater;c:program filesSkypeUpdaterUpdater.exe [x]
    R3 athrusb;Atheros Wireless LAN USB device driver;c:windowssystem32DRIVERSathrusb.sys [x]
    R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:program filesAVGAVG10ToolbarToolbarBroker.exe [x]
    R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:program filesLavasoftAd-AwareKernExplorer.sys [x]
    R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:windowssystem32DRIVERSnetw5v32.sys [x]
    R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:windowssystem32driversnmwcdnsu.sys [x]
    R3 nmwcdnsuc;Nokia USB Flashing Generic;c:windowssystem32driversnmwcdnsuc.sys [x]
    R3 SrvHsfHDA;SrvHsfHDA;c:windowssystem32DRIVERSVSTAZL3.SYS [x]
    R3 SrvHsfV92;SrvHsfV92;c:windowssystem32DRIVERSVSTDPV3.SYS [x]
    R3 SrvHsfWinac;SrvHsfWinac;c:windowssystem32DRIVERSVSTCNXT3.SYS [x]
    R3 WatAdminSvc;Storitev tehnologije za aktiviranje sistema Windows;c:windowssystem32WatWatAdminSvc.exe [x]
    R4 sptd;sptd;c:windowsSystem32Driverssptd.sys [x]
    S1 VWiFiFlt;Virtual WiFi Filter Driver;c:windowssystem32DRIVERSvwififlt.sys [x]
    S2 Akamai;Akamai NetSession Interface;c:windowsSystem32svchost.exe [x]
    S2 Power Manager DBC Service;Power Manager DBC Service;c:program filesThinkPadUtilitiesPWMDBSVC.EXE [x]
    S2 TeamViewer6;TeamViewer 6;c:program filesTeamViewerVersion6TeamViewer_Service.exe [x]
    S2 UNS;Intel(R) Management & Security Application User Notification Service;c:program filesIntelIntel(R) Management Engine ComponentsUNSUNS.exe [x]
    S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:windowssystem32DRIVERSe1k6232.sys [x]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:windowssystem32driversnvhda32v.sys [x]
    S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:windowssystem32DRIVERSRTL8192su.sys [x]
    S3 TVTI2C;Lenovo SM bus driver;c:windowssystem32DRIVERSTvti2c.sys [x]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:windowssystem32DRIVERSvwifimp.sys [x]
    .
    .
    — Other Services/Drivers In Memory —
    .
    *NewlyCreated* – WS2IFSL
    .
    [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]
    Akamai REG_MULTI_SZ Akamai
    .
    Contents of the ‘Scheduled Tasks’ folder
    .
    2012-09-25 c:windowsTasksGoogleUpdateTaskUserS-1-5-21-1043056270-1798009061-3640862498-1004Core.job
    – c:usersMatejaAppDataLocalGoogleUpdateGoogleUpdate.exe [2010-03-23 20:02]
    .
    2012-09-26 c:windowsTasksGoogleUpdateTaskUserS-1-5-21-1043056270-1798009061-3640862498-1004UA.job
    – c:usersMatejaAppDataLocalGoogleUpdateGoogleUpdate.exe [2010-03-23 20:02]
    .
    2011-12-14 c:windowsTasksPCDoctorBackgroundMonitorTask.job
    – c:program filesPC-Doctorpcdlauncher.exe [2009-11-20 10:12]
    .
    2012-09-11 c:windowsTasksSystemToolsDailyTest.job
    – c:program filesPC-Doctorpcdr5cuiw32.exe [2010-02-18 00:15]
    .
    .
    ——- Supplementary Scan ——-
    .
    uStart Page = hxxp://www.google.si/
    uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;
    IE: Append Link Target to Existing PDF – c:program filesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: E&xport to Microsoft Excel – c:progra~1MICROS~1Office12EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
    FF – ProfilePath – c:usersMatejaAppDataRoamingMozillaFirefoxProfilesrfmwrfe8.default
    FF – prefs.js: keyword.URL – hxxp://isearch.avg.com/search?cid=%7Ba09b7265-a9b3-4f3d-80d6-6389feff1f5b%7D&mid=827c94f3b953c2161707c680c17db71e-1fd6ce85b3ccfa0cc5a4b477c3b5ffcb610695e7&ds=AVG&v=11.1.0.12&lang=us&pr=fr&d=2011-12-08%2011%3A24%3A48&sap=ku&q=
    .
    – – – – ORPHANS REMOVED – – – –
    .
    Toolbar-Locked – (no file)
    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} – (no file)
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} – (no file)
    WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} – (no file)
    HKLM-Run-ROC_roc_dec12 – c:program filesAVG Secure SearchROC_roc_dec12.exe
    MSConfigStartUp-Acrobat Assistant 8 – c:program filesAdobeAcrobat 9.0AcrobatAcrotray.exe
    MSConfigStartUp-Adobe Acrobat Speed Launcher – c:program filesAdobeAcrobat 9.0AcrobatAcrobat_sl.exe
    MSConfigStartUp-Adobe ARM – c:program filesCommon FilesAdobeARM1.0AdobeARM.exe
    MSConfigStartUp-AdobeCS4ServiceManager – c:program filesCommon FilesAdobeCS4ServiceManagerCS4ServiceManager.exe
    MSConfigStartUp-NeroFilterCheck – c:program filesCommon FilesAheadLibNeroCheck.exe
    MSConfigStartUp-Windows – c:usersPublicPublic DocumentsWindows Movie Playerplayers.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINESYSTEMControlSet001servicesAkamai]
    “ServiceDll”=”c:program filescommon filesakamai/netsession_win_5891ae0.dll”
    .
    ——————— LOCKED REGISTRY KEYS ———————
    .
    [HKEY_USERSS-1-5-21-1043056270-1798009061-3640862498-1004SoftwareSecuROMLicense information*]
    “datasecu”=hex:8b,66,1e,8b,ef,6d,d1,0c,f5,fa,fc,4b,77,21,f4,f6,46,cb,1f,c5,34,
    52,d5,ec,76,a8,4a,55,7c,7f,65,4e,2b,30,8d,d6,f0,2a,77,88,b7,d1,c7,b6,a6,6f,
    “rkeysecu”=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
    .
    [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}000AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    “BlindDial”=dword:00000000
    .
    [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlPCWSecurity]
    @Denied: (Full) (Everyone)
    .
    ———————— Other Running Processes ————————
    .
    c:windowssystem32nvvsvc.exe
    c:windowssystem32nvvsvc.exe
    c:program filesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe
    c:program filesBonjourmDNSResponder.exe
    c:program filesIntelIntel(R) Management Engine ComponentsLMSLMS.exe
    c:program filesCommon FilesLogiShrdLVMVFMLVPrcSrv.exe
    c:windowsservicingTrustedInstaller.exe
    c:windowssystem32taskhost.exe
    c:windowssystem32conhost.exe
    c:windowsSystem32rundll32.exe
    c:program filesThinkPadUtilitiesSCHTASK.EXE
    c:windowssystem32WerFault.exe
    c:program filesCommon FilesLogishrdLQCVFXCOCIManager.exe
    c:program filesWindows Media Playerwmpnetwk.exe
    c:windowssystem32sppsvc.exe
    c:program filesLenovoSystem UpdateSUService.exe
    c:program filesCommon FilesLenovotvt_reg_monitor_svc.exe
    .
    **************************************************************************
    .
    Completion time: 2012-09-27 18:22:05 – machine was rebooted
    ComboFix-quarantined-files.txt 2012-09-27 16:22
    .
    Pre-Run: 198.429.941.760 bytes free
    Post-Run: 200.963.641.344 bytes free
    .
    – – End Of File – – F5EDE9EE867AE5CA5A073BDD86E6EFDF

    #99511

    Good so far.

    Go to Start Search, type cmd.exe in the Start Search box. Cmd.exe will appear at the top of the Menu. Rightclick on it and choose “Run as administrator”. At the prompt copy/paste the following, pressing Enter after each:

    sc config “Lavasoft Kernexplorer” start= disabled

    You should get a confirmation of that change. Then type exit and press Enter to close the window. Then we can uninstall it later.

    ————

    Then go here and download and run the AVG uninstaller. Just select the 2011 uninstaller, which should remove any older versions as well. Make sure you have it uninstall everything – it tries to have user’s keep it’s search hijacker toolbar (which still show here).

    ——-

    Be sure to continue to temporarily disable any protective software when running the scan tools we use here.

    Download the latest version of Malwarebytes’ Anti-Malware from Here.

    Double Click mbam-setup-1.65.0.1400.exe to install the application.

    Follow all prompts, and check off all boxes except the one to load the Trial version. I just expires and causes confusion in a few weeks.

    * If an update is found, it will download and install the latest version.

    * Make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select “Perform quick scan”, then click Scan.
    * The scan may take some time to finish,so please be patient.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Make sure that everything is checked, and click Remove Selected.
    * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
    * The log is automatically saved by Malwarebytes and can be viewed by clicking the Logs tab in Malwarebytes.
    * Copy and Paste the entire report in your next reply. If it calls for a reboot to complete the repairs do that as well then.

    ———-

    Disable your antivirus program and click here and download the esetsmartinstaller_enu.exe Eset installer. Then click that file to run the scanner.

    If you accept the Terms of Use, check the box and click Start. It will take a couple minutes for the scanner to get ready. When the Computer scan settings display shows, check the following boxes:

    Remove found threats
    Scan unwanted applications

    Next to “Current scan targets: Operating memory, Local drives”, click the “Change” word. Make sure you place a check next to all disk drives, including any external drives that are attached (no need to check off the floppy or DVD/CD-Rom drives).

    Then click the Advanced option, the place a check next to the following (if it is not already checked):

    Enable Anti-Stealth technology

    Click Start. This scan may take a while, so please be patient.

    If infection is found, at the end of the scan click “List of found threats”.

    In that display, at the bottom, select the option to save the results as a text file, and save that to your desktop. Post that back here please.

    Post that log and the Malwarebytes log please.

    #99518

    “sc config “Lavasoft Kernexplorer” start= disabled” succesfully executed

    avg uninstaller: i downloaded the 2013 version (there were 2012 and 2013 to choose from). however, it opened the command prompt and executed something there. it went fast and closed immediately after the execution. so, i could not choose anything to uninstall. the computer did notify right after that that i do not have any protection.

    Maleware bytes log:
    Malwarebytes Anti-Malware (Trial) 1.65.0.1400
    www.malwarebytes.org

    Database version: v2012.09.28.06

    Windows 7 x86 NTFS
    Internet Explorer 8.0.7600.16385
    Mateja :: CRNI [administrator]

    Protection: Enabled

    28.9.2012 17:55:53
    mbam-log-2012-09-28 (17-55-53).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 194198
    Time elapsed: 2 minute(s), 46 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    The Eset programme did not find any infections, so I just had the option to finish it.

    #99512

    Difficult to keep up with what each change to uninstallers do. Post a new OTL scan log, and we can manually remove anything that remains. Also post back if there are any problems we still need to correct please.

    #99519

    OTL.txt:
    OTL logfile created on: 9/29/2012 10:46:13 AM – Run 5
    OTL by OldTimer – Version 3.2.59.1 Folder = C:UsersMatejaDesktopNova mapa
    Professional (Version = 6.1.7600) – Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: Slovenija | Language: SLV | Date Format: d.M.yyyy

    2.94 Gb Total Physical Memory | 2.04 Gb Available Physical Memory | 69.57% Memory free
    5.87 Gb Paging File | 4.86 Gb Available in Paging File | 82.74% Paging File free
    Paging file location(s): ?:pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:Windows | %ProgramFiles% = C:Program Files
    Drive C: | 454.82 Gb Total Space | 186.91 Gb Free Space | 41.10% Space Free | Partition Type: NTFS
    Drive Q: | 9.77 Gb Total Space | 2.88 Gb Free Space | 29.45% Space Free | Partition Type: NTFS

    Computer Name: CRNI | User Name: Mateja | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

    ========== Processes (SafeList) ==========

    PRC – C:Program FilesMalwarebytes’ Anti-Malwarembamservice.exe (Malwarebytes Corporation)
    PRC – C:Program FilesMalwarebytes’ Anti-Malwarembamscheduler.exe (Malwarebytes Corporation)
    PRC – C:Program FilesMalwarebytes’ Anti-Malwarembamgui.exe (Malwarebytes Corporation)
    PRC – C:UsersMatejaDesktopNova mapaOTL.exe (OldTimer Tools)
    PRC – C:UsersMatejaAppDataLocalAkamainetsession_win.exe (Akamai Technologies, Inc.)
    PRC – C:Program FilesSkypeUpdaterUpdater.exe (Skype Technologies)
    PRC – C:Program FilesTeamViewerVersion6TeamViewer_Service.exe (TeamViewer GmbH)
    PRC – C:Program FilesAutoInstallZD1211B_Auto_Install_CD_Only_Gen_0ACE20FFAutoEJCD.EXE ()
    PRC – C:Program FilesIntelIntel(R) Management Engine ComponentsUNSUNS.exe (Intel Corporation)
    PRC – C:Program FilesIntelIntel(R) Management Engine ComponentsLMSLMS.exe (Intel Corporation)
    PRC – C:Program FilesLenovoMouse Suiteico.exe (Primax Electronics Ltd.)
    PRC – C:Windowsexplorer.exe (Microsoft Corporation)
    PRC – C:Program FilesThinkPadUtilitiesSCHTASK.EXE (Lenovo Group Limited)
    PRC – C:Program FilesThinkPadUtilitiesPWMDBSVC.EXE (Lenovo)
    PRC – C:Program FilesLogitechLogitech WebCam SoftwareLWS.exe ()
    PRC – C:Program FilesCommon FilesLogishrdLQCVFXCOCIManager.exe ()
    PRC – C:Program FilesCommon FilesLogiShrdLVMVFMLVPrcSrv.exe (Logitech Inc.)
    PRC – C:WindowsSystem32taskhost.exe (Microsoft Corporation)
    PRC – C:Program FilesLenovoMessage Center PlusMCPLaunch.exe ()
    PRC – C:Program FilesLenovoMouse SuiteFSRremoS.EXE ()

    ========== Modules (No Company Name) ==========

    MOD – C:Program FilesAutoInstallZD1211B_Auto_Install_CD_Only_Gen_0ACE20FFAutoEJCD.EXE ()
    MOD – C:Program FilesLogitechLogitech WebCam SoftwareLWS.exe ()
    MOD – C:Program FilesCommon FilesLogishrdLQCVFXCOCIManager.exe ()
    MOD – C:PROGRA~1ThinkPadUTILIT~1USPWMRT32V.DLL ()
    MOD – C:Program FilesLenovoMessage Center PlusMCPLaunch.exe ()
    MOD – C:Program FilesLenovoMouse SuiteFSRremoS.EXE ()

    ========== Services (SafeList) ==========

    SRV – (NMIndexingService) — C:Program FilesCommon FilesAheadLibNMIndexingService.exe File not found
    SRV – (MBAMService) — C:Program FilesMalwarebytes’ Anti-Malwarembamservice.exe (Malwarebytes Corporation)
    SRV – (MBAMScheduler) — C:Program FilesMalwarebytes’ Anti-Malwarembamscheduler.exe (Malwarebytes Corporation)
    SRV – (Akamai) — c:program filescommon filesakamai/netsession_win_5891ae0.dll ()
    SRV – (SkypeUpdate) — C:Program FilesSkypeUpdaterUpdater.exe (Skype Technologies)
    SRV – (TeamViewer6) — C:Program FilesTeamViewerVersion6TeamViewer_Service.exe (TeamViewer GmbH)
    SRV – (SUService) — C:Program FilesLenovoSystem UpdateSUService.exe (Lenovo Group Limited)
    SRV – (WatAdminSvc) — C:WindowsSystem32WatWatAdminSvc.exe (Microsoft Corporation)
    SRV – (ServiceLayer) — C:Program FilesPC Connectivity SolutionServiceLayer.exe (Nokia)
    SRV – (UNS) — C:Program FilesIntelIntel(R) Management Engine ComponentsUNSUNS.exe (Intel Corporation)
    SRV – (LMS) — C:Program FilesIntelIntel(R) Management Engine ComponentsLMSLMS.exe (Intel Corporation)
    SRV – (Power Manager DBC Service) — C:Program FilesThinkPadUtilitiesPWMDBSVC.EXE (Lenovo)
    SRV – (LVPrcSrv) — C:Program FilesCommon FilesLogiShrdLVMVFMLVPrcSrv.exe (Logitech Inc.)
    SRV – (ThinkVantage Registry Monitor Service) — C:Program FilesCommon FilesLenovotvt_reg_monitor_svc.exe (Lenovo Group Limited)
    SRV – (LBTServ) — C:Program FilesCommon FileslogishrdBluetoothLBTServ.exe (Logitech, Inc.)
    SRV – (StorSvc) — C:WindowsSystem32StorSvc.dll (Microsoft Corporation)
    SRV – (SensrSvc) — C:WindowsSystem32sensrsvc.dll (Microsoft Corporation)
    SRV – (PeerDistSvc) — C:WindowsSystem32PeerDistSvc.dll (Microsoft Corporation)
    SRV – (WinDefend) — C:Program FilesWindows Defendermpsvc.dll (Microsoft Corporation)

    ========== Driver Services (SafeList) ==========

    DRV – (Lavasoft Kernexplorer) — C:Program FilesLavasoftAd-AwareKernExplorer.sys File not found
    DRV – (catchme) — C:UsersMatejaAppDataLocalTempcatchme.sys File not found
    DRV – (MBAMProtector) — C:WindowsSystem32driversmbam.sys (Malwarebytes Corporation)
    DRV – (UsbserFilt) — C:WindowsSystem32driversusbser_lowerfltj.sys (Nokia)
    DRV – (upperdev) — C:WindowsSystem32driversusbser_lowerflt.sys (Nokia)
    DRV – (nmwcdc) — C:WindowsSystem32driversccdcmbo.sys (Nokia)
    DRV – (nmwcd) — C:WindowsSystem32driversccdcmb.sys (Nokia)
    DRV – (nmwcdnsu) — C:WindowsSystem32driversnmwcdnsu.sys (Nokia)
    DRV – (nmwcdnsuc) — C:WindowsSystem32driversnmwcdnsuc.sys (Nokia)
    DRV – (RTL8192su) — C:WindowsSystem32driversRTL8192su.sys (Realtek Semiconductor Corporation )
    DRV – (sptd) — C:WindowsSystem32driverssptd.sys (Duplex Secure Ltd.)
    DRV – (vpcvmm) — C:WindowsSystem32driversvpcvmm.sys (Microsoft Corporation)
    DRV – (vpcbus) — C:WindowsSystem32driversvpchbus.sys (Microsoft Corporation)
    DRV – (vpcusb) — C:WindowsSystem32driversvpcusb.sys (Microsoft Corporation)
    DRV – (vpcnfltr) — C:WindowsSystem32driversvpcnfltr.sys (Microsoft Corporation)
    DRV – (pelusblf) — C:WindowsSystem32driversPELUSBLF.SYS (TPMX Electronics Ltd.)
    DRV – (pelmouse) — C:WindowsSystem32driversPELMOUSE.SYS (TPMX Electronics Ltd.)
    DRV – (LVPr2Mon) — C:WindowsSystem32driversLVPr2Mon.sys ()
    DRV – (TVTI2C) — C:WindowsSystem32driverstvti2c.sys (Lenovo (United States) Inc.)
    DRV – (e1kexpress) — C:WindowsSystem32driverse1k6232.sys (Intel Corporation)
    DRV – (nvlddmkm) — C:WindowsSystem32driversnvlddmkm.sys (NVIDIA Corporation)
    DRV – (HECI) — C:WindowsSystem32driversHECI.sys (Intel Corporation)
    DRV – (NVHDA) — C:WindowsSystem32driversnvhda32v.sys (NVIDIA Corporation)
    DRV – (vmbus) — C:WindowsSystem32driversvmbus.sys (Microsoft Corporation)
    DRV – (storflt) — C:WindowsSystem32driversvmstorfl.sys (Microsoft Corporation)
    DRV – (storvsc) — C:WindowsSystem32driversstorvsc.sys (Microsoft Corporation)
    DRV – (vwifimp) — C:WindowsSystem32driversvwifimp.sys (Microsoft Corporation)
    DRV – (WinUsb) — C:WindowsSystem32driverswinusb.sys (Microsoft Corporation)
    DRV – (s3cap) — C:WindowsSystem32driversvms3cap.sys (Microsoft Corporation)
    DRV – (VMBusHID) — C:WindowsSystem32driversVMBusHID.sys (Microsoft Corporation)
    DRV – (TPM) — C:WindowsSystem32driverstpm.sys (Microsoft Corporation)
    DRV – (netw5v32) — C:WindowsSystem32driversnetw5v32.sys (Intel Corporation)
    DRV – (psadd) — C:WindowsSystem32driverspsadd.sys (Lenovo (United States) Inc.)
    DRV – (LUsbFilt) — C:WindowsSystem32driversLUsbFilt.sys (Logitech, Inc.)
    DRV – (LMouFilt) — C:WindowsSystem32driversLMouFilt.Sys (Logitech, Inc.)
    DRV – (LHidFilt) — C:WindowsSystem32driversLHidFilt.Sys (Logitech, Inc.)
    DRV – (pccsmcfd) — C:WindowsSystem32driverspccsmcfd.sys (Nokia)
    DRV – (LVUSBSta) — C:WindowsSystem32driversLVUSBSta.sys (Logitech Inc.)
    DRV – (PID_PEPI) — C:WindowsSystem32driversLV302V32.SYS (Logitech Inc.)
    DRV – (LVRS) — C:WindowsSystem32driverslvrs.sys (Logitech Inc.)
    DRV – (pepifilter) — C:WindowsSystem32driverslv302af.sys (Logitech Inc.)
    DRV – (athrusb) — C:WindowsSystem32driversathrusb.sys (Atheros Communications, Inc.)

    ========== Standard Registry (SafeList) ==========

    ========== Internet Explorer ==========

    IE – HKLM..SearchScopes,DefaultScope = {B33C4B21-55F4-4CDD-A33F-EFC7F27934A2}
    IE – HKLM..SearchScopes{B33C4B21-55F4-4CDD-A33F-EFC7F27934A2}: “URL” = http://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox;

    IE – HKCUSOFTWAREMicrosoftInternet ExplorerMain,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkcentre [binary data]
    IE – HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://www.google.si/
    IE – HKCU..SearchScopes,DefaultScope = {1291DCB8-B322-4588-93A8-7892589628F4}
    IE – HKCU..SearchScopes{1291DCB8-B322-4588-93A8-7892589628F4}: “URL” = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
    IE – HKCU..SearchScopes{95B7759C-8C7F-4BF1-B163-73684A933233}: “URL” = http://isearch.avg.com/search?cid={41D2705F-F133-416F-B5C8-039E30057B76}&mid=827c94f3b953c2161707c680c17db71e-1fd6ce85b3ccfa0cc5a4b477c3b5ffcb610695e7&lang=us&ds=AVG&pr=fr&d=2011-12-08 11:24:48&v=9.0.0.18&sap=dsp&q={searchTerms}
    IE – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: “ProxyEnable” = 0
    IE – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: “ProxyOverride” = *.local;127.0.0.1:9421;

    ========== FireFox ==========

    FF – prefs.js..browser.search.defaultenginename: “AVG Secure Search”
    FF – prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.51
    FF – prefs.js..extensions.enabledItems: {12B5FEAA-16C9-4DE9-98A0-83D6FE5B1316}:2.0.54.0
    FF – prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.9.0.9216
    FF – prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
    FF – prefs.js..extensions.enabledItems: avg@toolbar:11.1.0.12
    FF – prefs.js..keyword.URL: “http://isearch.avg.com/search?cid=%7Ba09b7265-a9b3-4f3d-80d6-6389feff1f5b%7D&mid=827c94f3b953c2161707c680c17db71e-1fd6ce85b3ccfa0cc5a4b477c3b5ffcb610695e7&ds=AVG&v=11.1.0.12&lang=us&pr=fr&d=2011-12-08%2011%3A24%3A48&sap=ku&q=”
    FF – user.js – File not found

    FF – HKLMSoftwareMozillaPlugins@adobe.com/FlashPlayer: C:Windowssystem32MacromedFlashNPSWF32.dll ()
    FF – HKLMSoftwareMozillaPlugins@Apple.com/iTunes,version=: File not found
    FF – HKLMSoftwareMozillaPlugins@Apple.com/iTunes,version=1.0: C:Program FilesiTunesMozilla Pluginsnpitunes.dll ()
    FF – HKLMSoftwareMozillaPlugins@garmin.com/GpsControl: C:Program FilesGarmin GPS PluginnpGarmin.dll (GARMIN Corp.)
    FF – HKLMSoftwareMozillaPlugins@java.com/JavaPlugin: C:Program FilesJavajre6binnew_pluginnpjp2.dll (Sun Microsystems, Inc.)
    FF – HKLMSoftwareMozillaPlugins@microsoft.com/GENUINE: disabled File not found
    FF – HKLMSoftwareMozillaPlugins@Microsoft.com/NpCtrl,version=1.0: c:Program FilesMicrosoft Silverlight4.1.10111.0npctrl.dll ( Microsoft Corporation)
    FF – HKCUSoftwareMozillaPlugins@tools.google.com/Google Update;version=3: C:UsersMatejaAppDataLocalGoogleUpdate1.3.21.123npGoogleUpdate3.dll (Google Inc.)
    FF – HKCUSoftwareMozillaPlugins@tools.google.com/Google Update;version=9: C:UsersMatejaAppDataLocalGoogleUpdate1.3.21.123npGoogleUpdate3.dll (Google Inc.)

    FF – HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:Program FilesNokiaNokia Ovi SuiteConnectorsBookmarks ConnectorFirefoxExtension [2011/02/11 15:06:39 | 000,000,000 | —D | M]
    FF – HKEY_LOCAL_MACHINEsoftwaremozillaMozilla Firefox 3.6.25extensions\Components: C:Program FilesMozilla Firefoxcomponents [2012/02/19 14:05:29 | 000,000,000 | —D | M]
    FF – HKEY_LOCAL_MACHINEsoftwaremozillaMozilla Firefox 3.6.25extensions\Plugins: C:Program FilesMozilla Firefoxplugins [2012/02/19 14:05:29 | 000,000,000 | —D | M]
    FF – HKEY_LOCAL_MACHINEsoftwaremozillaThunderbirdExtensions\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:Program FilesNokiaNokia Ovi SuiteConnectorsThunderbird ConnectorThunderbirdExtension [2011/02/11 15:06:39 | 000,000,000 | —D | M]

    [2010/06/23 14:47:56 | 000,000,000 | —D | M] (No name found) — C:UsersMatejaAppDataRoamingmozillaExtensions
    [2012/01/22 21:37:00 | 000,000,000 | —D | M] (No name found) — C:UsersMatejaAppDataRoamingmozillaFirefoxProfilesrfmwrfe8.defaultextensions
    [2011/02/15 12:32:31 | 000,000,000 | —D | M] (Hermes SoftLab DigSigSDK) — C:UsersMatejaAppDataRoamingmozillaFirefoxProfilesrfmwrfe8.defaultextensions{12B5FEAA-16C9-4DE9-98A0-83D6FE5B1316}
    [2011/11/24 20:07:29 | 000,000,000 | —D | M] (No name found) — C:Program Filesmozilla firefoxextensions
    [2012/03/09 21:30:19 | 000,000,000 | —D | M] (Skype Click to Call) — C:Program Filesmozilla firefoxextensions{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2011/11/24 20:07:29 | 000,000,000 | —D | M] (Java Console) — C:Program Filesmozilla firefoxextensions{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
    [2011/02/11 15:06:39 | 000,000,000 | —D | M] (Firefox Synchronisation Extension) — C:PROGRAM FILESNOKIANOKIA OVI SUITECONNECTORSBOOKMARKS CONNECTORFIREFOXEXTENSION
    File not found (No name found) — C:PROGRAMDATAAVG SECURE SEARCH11.1.0.12
    [2011/10/03 06:06:04 | 000,476,904 | —- | M] (Sun Microsystems, Inc.) — C:Program Filesmozilla firefoxpluginsnpdeployJava1.dll
    [2011/10/26 20:49:56 | 000,012,800 | —- | M] (Nullsoft, Inc.) — C:Program Filesmozilla firefoxpluginsnpwachk.dll
    [2012/07/12 19:32:37 | 000,003,767 | —- | M] () — C:Program Filesmozilla firefoxsearchpluginsavg-secure-search.xml
    [2012/02/19 14:05:27 | 000,010,799 | —- | M] () — C:Program Filesmozilla firefoxsearchpluginsceneji.xml
    [2012/02/19 14:05:27 | 000,003,584 | —- | M] () — C:Program Filesmozilla firefoxsearchpluginsodpiralni.xml
    [2012/02/19 14:05:27 | 000,006,155 | —- | M] () — C:Program Filesmozilla firefoxsearchpluginstwitter.xml
    [2012/02/19 14:05:27 | 000,001,328 | —- | M] () — C:Program Filesmozilla firefoxsearchpluginswikipedia-sl.xml

    O1 HOSTS File: ([2012/09/27 18:19:12 | 000,000,027 | —- | M]) – C:WindowsSystem32driversetchosts
    O1 – Hosts: 127.0.0.1 localhost
    O2 – BHO: (Skype Browser Helper) – {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} – C:Program FilesSkypeToolbarsInternet Explorerskypeieplugin.dll (Skype Technologies S.A.)
    O3 – HKCU..ToolbarWebBrowser: (no name) – {21FA44EF-376D-4D53-9B0F-8A89D3229068} – No CLSID value found.
    O3 – HKCU..ToolbarWebBrowser: (no name) – {47833539-D0C5-4125-9FA8-0819E2EAAC93} – No CLSID value found.
    O4 – HKLM..Run: [AutoEJCD_0ACE20FF] C:Program FilesAutoInstallZD1211B_Auto_Install_CD_Only_Gen_0ACE20FFAutoEJCD.EXE ()
    O4 – HKLM..Run: [IMSS] C:Program FilesIntelIntel(R) Management Engine ComponentsIMSSPIconStartup.exe ()
    O4 – HKLM..Run: [Kernel and Hardware Abstraction Layer] C:WindowsKHALMNPR.Exe (Logitech, Inc.)
    O4 – HKLM..Run: [LogitechQuickCamRibbon] C:Program FilesLogitechLogitech WebCam SoftwareLWS.exe ()
    O4 – HKLM..Run: [Message Center Plus] C:Program FilesLENOVOMessage Center PlusMCPLaunch.exe ()
    O4 – HKLM..Run: [Mouse Suite 98 Daemon] C:Program FilesLenovoMouse SuiteICO.EXE (Primax Electronics Ltd.)
    O4 – HKLM..Run: [Power Manager Power Agenda] C:PROGRA~1ThinkPadUTILIT~1DPMHost.exe ()
    O4 – HKLM..Run: [PWMTRV] rundll32 C:PROGRA~1ThinkPadUTILIT~1PWMTR32V.DLL,PwrMgrBkGndMonitor File not found
    O4 – HKCU..Run: [Akamai NetSession Interface] C:UsersMatejaAppDataLocalAkamainetsession_win.exe (Akamai Technologies, Inc.)
    O4 – HKLM..RunOnce: [AvgUninstallURL] C:WindowsSystem32cmd.exe (Microsoft Corporation)
    O6 – HKLMSoftwarePoliciesMicrosoftInternet ExplorerRestrictions present
    O6 – HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0
    O6 – HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorAdmin = 5
    O6 – HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorUser = 3
    O7 – HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
    O7 – HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 0
    O7 – HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0
    O8 – Extra context menu item: Append Link Target to Existing PDF – res://C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
    O8 – Extra context menu item: E&xport to Microsoft Excel – res://C:PROGRA~1MICROS~1Office12EXCEL.EXE/3000 File not found
    O9 – Extra Button: Skype Click to Call – {898EA8C8-E7FF-479B-8935-AEC46303B9E5} – C:Program FilesSkypeToolbarsInternet Explorerskypeieplugin.dll (Skype Technologies S.A.)
    O9 – Extra ‘Tools’ menuitem : Skype Click to Call – {898EA8C8-E7FF-479B-8935-AEC46303B9E5} – C:Program FilesSkypeToolbarsInternet Explorerskypeieplugin.dll (Skype Technologies S.A.)
    O10 – NameSpace_Catalog5Catalog_Entries00000000008 [] – C:Program FilesBonjourmdnsNSP.dll (Apple Inc.)
    O16 – DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
    O16 – DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 – DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
    O16 – DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 – DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 – DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.1.1 192.168.1.1
    O17 – HKLMSystemCCSServicesTcpipParametersInterfaces{14A0D4F0-850B-487A-B7B4-8E93FD231341}: DhcpNameServer = 192.168.1.1 192.168.1.1
    O17 – HKLMSystemCCSServicesTcpipParametersInterfaces{855473E8-93B9-43B6-9FAC-A0960DFCD68C}: DhcpNameServer = 195.34.133.21 195.34.133.22
    O17 – HKLMSystemCCSServicesTcpipParametersInterfaces{8662691B-B9BB-4C7C-B0F1-3740E3A0FF48}: DhcpNameServer = 192.168.1.1 192.168.1.1
    O18 – ProtocolHandlerskype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} – C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL (Skype Technologies)
    O18 – ProtocolHandlerskype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} – C:Program FilesSkypeToolbarsInternet Explorerskypeieplugin.dll (Skype Technologies S.A.)
    O20 – HKLM Winlogon: Shell – (Explorer.exe) – C:Windowsexplorer.exe (Microsoft Corporation)
    O20 – HKLM Winlogon: UserInit – (C:Windowssystem32userinit.exe) – C:WindowsSystem32userinit.exe (Microsoft Corporation)
    O20 – HKLM Winlogon: VMApplet – (SystemPropertiesPerformance.exe) – C:WindowsSystem32SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 – HKLM Winlogon: VMApplet – (/pagefile) – File not found
    O20 – WinlogonNotifyLBTWlgn: DllName – (c:program filescommon fileslogishrdbluetoothLBTWlgn.dll) – c:program filescommon fileslogishrdbluetoothLBTWlgn.dll (Logitech, Inc.)
    O32 – HKLM CDRom: AutoRun – 1
    O32 – AutoRun File – [2009/06/10 23:42:20 | 000,000,024 | —- | M] () – C:autoexec.bat — [ NTFS ]
    O34 – HKLM BootExecute: (autocheck autochk *)
    O35 – HKLM..comfile [open] — “%1” %*
    O35 – HKLM..exefile [open] — “%1” %*
    O37 – HKLM…com [@ = ComFile] — “%1” %*
    O37 – HKLM…exe [@ = exefile] — “%1” %*
    O38 – SubSystems\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 – SubSystems\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 – SubSystems\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders – Created Within 60 Days ==========

    [2012/09/29 10:45:11 | 000,000,000 | —D | C] — C:UsersMatejaDesktopNova mapa
    [2012/09/28 16:17:05 | 000,000,000 | —D | C] — C:Program FilesESET
    [2012/09/28 16:06:25 | 000,000,000 | —D | C] — C:UsersMatejaAppDataRoamingMalwarebytes
    [2012/09/28 16:05:25 | 000,000,000 | —D | C] — C:ProgramDataMicrosoftWindowsStart MenuProgramsMalwarebytes’ Anti-Malware
    [2012/09/28 16:05:24 | 000,022,856 | —- | C] (Malwarebytes Corporation) — C:WindowsSystem32driversmbam.sys
    [2012/09/28 16:05:24 | 000,000,000 | —D | C] — C:Program FilesMalwarebytes’ Anti-Malware
    [2012/09/28 16:05:24 | 000,000,000 | —D | C] — C:ProgramDataMalwarebytes
    [2012/09/27 18:19:15 | 000,000,000 | —D | C] — C:$RECYCLE.BIN
    [2012/09/27 18:17:27 | 000,000,000 | —D | C] — C:UsersMatejaAppDataLocaltemp
    [2012/09/27 18:17:26 | 000,000,000 | —D | C] — C:Windowstemp
    [2012/09/27 18:11:24 | 000,518,144 | —- | C] (SteelWerX) — C:WindowsSWREG.exe
    [2012/09/27 18:11:24 | 000,406,528 | —- | C] (SteelWerX) — C:WindowsSWSC.exe
    [2012/09/27 18:11:24 | 000,060,416 | —- | C] (NirSoft) — C:WindowsNIRCMD.exe
    [2012/09/27 18:11:20 | 000,000,000 | —D | C] — C:ComboFix
    [2012/09/27 18:11:18 | 000,000,000 | —D | C] — C:Qoobox
    [2012/09/27 18:11:05 | 000,000,000 | —D | C] — C:Windowserdnt
    [2012/09/26 20:04:12 | 000,000,000 | —D | C] — C:Config.Msi
    [2012/09/06 20:31:53 | 000,000,000 | —D | C] — C:UsersMatejaAppDataLocalLogiShrd
    [2012/08/29 13:44:23 | 000,000,000 | —D | C] — C:_SMA

    ========== Files – Modified Within 60 Days ==========

    [2012/09/29 10:44:43 | 000,067,584 | –S- | M] () — C:Windowsbootstat.dat
    [2012/09/29 10:44:37 | 2364,297,216 | -HS- | M] () — C:hiberfil.sys
    [2012/09/29 00:58:58 | 000,016,976 | -H– | M] () — C:WindowsSystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/09/29 00:58:58 | 000,016,976 | -H– | M] () — C:WindowsSystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/09/29 00:58:51 | 000,607,530 | —- | M] () — C:WindowsSystem32perfh009.dat
    [2012/09/29 00:58:51 | 000,103,908 | —- | M] () — C:WindowsSystem32perfc009.dat
    [2012/09/28 17:38:00 | 000,001,070 | —- | M] () — C:WindowstasksGoogleUpdateTaskUserS-1-5-21-1043056270-1798009061-3640862498-1004UA.job
    [2012/09/27 18:19:12 | 000,000,027 | —- | M] () — C:WindowsSystem32driversetchosts
    [2012/09/26 19:58:11 | 000,000,020 | —- | M] () — C:UsersMatejadefogger_reenable
    [2012/09/25 18:38:00 | 000,001,018 | —- | M] () — C:WindowstasksGoogleUpdateTaskUserS-1-5-21-1043056270-1798009061-3640862498-1004Core.job
    [2012/09/11 22:00:00 | 000,000,340 | —- | M] () — C:WindowstasksSystemToolsDailyTest.job
    [2012/09/11 18:13:24 | 002,329,896 | —- | M] () — C:WindowsSystem32FNTCACHE.DAT
    [2012/09/07 17:04:46 | 000,022,856 | —- | M] (Malwarebytes Corporation) — C:WindowsSystem32driversmbam.sys
    [2012/08/18 18:09:28 | 000,002,020 | —- | M] () — C:UsersMatejaDesktopMouse and Keyboard Settings.lnk

    ========== Files Created – No Company Name ==========

    [2012/09/27 18:11:24 | 000,256,000 | —- | C] () — C:WindowsPEV.exe
    [2012/09/27 18:11:24 | 000,208,896 | —- | C] () — C:WindowsMBR.exe
    [2012/09/27 18:11:24 | 000,098,816 | —- | C] () — C:Windowssed.exe
    [2012/09/27 18:11:24 | 000,080,412 | —- | C] () — C:Windowsgrep.exe
    [2012/09/27 18:11:24 | 000,068,096 | —- | C] () — C:Windowszip.exe
    [2012/09/26 19:57:59 | 000,000,020 | —- | C] () — C:UsersMatejadefogger_reenable
    [2012/08/18 18:09:28 | 000,002,020 | —- | C] () — C:UsersMatejaDesktopMouse and Keyboard Settings.lnk
    [2012/05/27 14:16:00 | 000,001,087 | —- | C] () — C:UsersMatejaSlike – Bližnjica.lnk
    [2012/04/17 23:37:33 | 000,684,513 | —- | C] () — C:UsersMatejaPhoto0068.jpg
    [2012/04/17 23:37:33 | 000,660,236 | —- | C] () — C:UsersMatejaPhoto0069.jpg
    [2011/02/15 12:29:40 | 000,004,387 | —- | C] () — C:UsersMatejaVarnostna_kop_cert.p12
    [2010/04/18 13:03:32 | 000,022,328 | —- | C] () — C:UsersMatejaAppDataRoamingPnkBstrK.sys

    Extras.txt:
    OTL Extras logfile created on: 9/29/2012 10:46:13 AM – Run 5
    OTL by OldTimer – Version 3.2.59.1 Folder = C:UsersMatejaDesktopNova mapa
    Professional (Version = 6.1.7600) – Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: Slovenija | Language: SLV | Date Format: d.M.yyyy

    2.94 Gb Total Physical Memory | 2.04 Gb Available Physical Memory | 69.57% Memory free
    5.87 Gb Paging File | 4.86 Gb Available in Paging File | 82.74% Paging File free
    Paging file location(s): ?:pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:Windows | %ProgramFiles% = C:Program Files
    Drive C: | 454.82 Gb Total Space | 186.91 Gb Free Space | 41.10% Space Free | Partition Type: NTFS
    Drive Q: | 9.77 Gb Total Space | 2.88 Gb Free Space | 29.45% Space Free | Partition Type: NTFS

    Computer Name: CRNI | User Name: Mateja | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

    ========== Extra Registry (SafeList) ==========

    ========== File Associations ==========

    [HKEY_LOCAL_MACHINESOFTWAREClasses]
    .cpl [@ = cplfile] — C:WindowsSystem32control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] — C:Windowswinhlp32.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINESOFTWAREClassesshell[command]command]
    batfile [open] — “%1” %*
    cmdfile [open] — “%1” %*
    comfile [open] — “%1” %*
    cplfile [cplopen] — %SystemRoot%System32control.exe “%1”,%* (Microsoft Corporation)
    exefile [open] — “%1” %*
    helpfile [open] — Reg Error: Key error.
    hlpfile [open] — %SystemRoot%winhlp32.exe %1 (Microsoft Corporation)
    htmlfile [edit] — Reg Error: Key error.
    piffile [open] — “%1” %*
    regfile [merge] — Reg Error: Key error.
    scrfile [config] — “%1”
    scrfile [install] — rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] — “%1” /S
    txtfile [edit] — Reg Error: Key error.
    Unknown [openas] — %SystemRoot%system32rundll32.exe %SystemRoot%system32shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] — “C:Program FilesVideoLANVLCvlc.exe” –started-from-file –playlist-enqueue “%1” ()
    Directory [cmd] — cmd.exe /s /k pushd “%V” (Microsoft Corporation)
    Directory [find] — %SystemRoot%Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] — “C:Program FilesVideoLANVLCvlc.exe” –started-from-file –no-playlist-enqueue “%1” ()
    Directory [Winamp.Bookmark] — “C:Program FilesWinampwinamp.exe” /BOOKMARK “%1” (Nullsoft, Inc.)
    Directory [Winamp.Enqueue] — “C:Program FilesWinampwinamp.exe” /ADD “%1” (Nullsoft, Inc.)
    Directory [Winamp.Play] — “C:Program FilesWinampwinamp.exe” “%1” (Nullsoft, Inc.)
    Folder [open] — %SystemRoot%Explorer.exe (Microsoft Corporation)
    Folder [explore] — Reg Error: Value error.
    Drive [find] — %SystemRoot%Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center]
    “cval” = 1
    “FirewallDisableNotify” = 0
    “AntiVirusDisableNotify” = 0
    “UpdatesDisableNotify” = 0

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoring]

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterSvc]
    “VistaSp1” = Reg Error: Unknown registry data type — File not found
    “AntiVirusOverride” = 0
    “AntiSpywareOverride” = 0
    “FirewallOverride” = 0

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterSvcVol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSystemRestore]
    “DisableSR” = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsFirewall]

    [HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsFirewallDomainProfile]

    [HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsFirewallStandardProfile]

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfile]
    “DisableNotifications” = 0
    “EnableFirewall” = 1

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfile]
    “DisableNotifications” = 0
    “EnableFirewall” = 0

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileGloballyOpenPortsList]

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyPublicProfile]
    “DisableNotifications” = 0
    “EnableFirewall” = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfileAuthorizedApplicationsList]

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList]

    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyFirewallRules]
    “{333EAEED-38CC-473F-A57C-5B5A63B00248}” = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%system32spoolsv.exe |
    “{468130D8-6C36-4842-ACDD-B2064F61DC93}” = rport=137 | protocol=17 | dir=out | app=system |
    “{729B445F-3EB6-4CA5-AC8A-EDAF2AE5E2EE}” = rport=139 | protocol=6 | dir=out | app=system |
    “{952806DA-FCF8-44E5-A5C8-7518336657F0}” = lport=137 | protocol=17 | dir=in | app=system |
    “{BEF6D7B7-AC76-4E7E-B464-DFC02E998D2A}” = rport=445 | protocol=6 | dir=out | app=system |
    “{C364EBB0-7EC6-4F64-B834-7F05E4264250}” = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    “{C4EBB297-479B-4D8E-947A-7EB25B48132D}” = rport=138 | protocol=17 | dir=out | app=system |
    “{DDC074D6-27AD-452F-9EC5-1F64C61841D2}” = lport=445 | protocol=6 | dir=in | app=system |
    “{E0613A1A-CFAC-4A88-81F9-016C3B1CC1E6}” = lport=138 | protocol=17 | dir=in | app=system |
    “{E4953274-9106-488C-93A1-FF7F5DB70909}” = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%system32svchost.exe |
    “{F609C9EB-CB6F-4F6A-AA11-CAD9FF014D47}” = lport=139 | protocol=6 | dir=in | app=system |
    “{FA17BC34-E1A2-444C-A651-2A12385360E6}” = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%system32svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyFirewallRules]
    “{01C15D8F-7291-473D-AEDF-9CAE42484533}” = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    “{02D4E20D-345F-4EA4-B4D8-6164DDB5569D}” = protocol=17 | dir=in | app=c:program filesavgavg10avgnsx.exe |
    “{09B78E16-4437-4439-97C7-FCBF262DFD3C}” = protocol=17 | dir=in | app=c:program filesavgavg10avgemcx.exe |
    “{0DA1F044-7397-4147-8B7C-D8325E5B7314}” = dir=in | app=c:program filesskypephoneskype.exe |
    “{116C8602-268A-4F5B-98BC-C2540A1C9DD9}” = protocol=17 | dir=in | app=%programfiles%windows media playerwmplayer.exe |
    “{1A4E2860-8948-4F3F-B4B1-0399ACA51F25}” = protocol=17 | dir=out | app=%programfiles%windows media playerwmplayer.exe |
    “{3789B5C3-54F3-4C74-A35F-49B3BC968AD1}” = dir=in | app=c:program filesnokianokia ovi suitenokiaovisuite.exe |
    “{39C70184-59E7-454A-B5DE-6054234B7D42}” = protocol=17 | dir=in | app=c:program fileselectronic artsbattlefield bad company 2bfbc2updater.exe |
    “{43E8376A-5738-4A36-8998-1E91D2AD8795}” = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    “{460C10B2-D3AC-4287-A9ED-670B95B5BF1F}” = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    “{474D98FA-344E-4EE5-9605-893F0AF29287}” = protocol=6 | dir=in | app=c:program filesavgavg10avgmfapx.exe |
    “{4F3C5C4A-755A-43C4-B9CD-B4ED7D9519B9}” = protocol=6 | dir=in | app=c:program filesavgavg10avgemcx.exe |
    “{5C4216F5-14F9-4DF8-88DE-C5FBE0F9097F}” = protocol=17 | dir=in | app=c:windowssystem32pnkbstra.exe |
    “{6C3B04F5-E882-46A7-8CCF-6E762263BC99}” = protocol=6 | dir=in | app=c:program fileselectronic artsbattlefield bad company 2bfbc2updater.exe |
    “{6DE9BA40-20E9-4DDA-84E4-C4ABF3C4E797}” = protocol=6 | dir=in | app=c:windowssystem32pnkbstrb.exe |
    “{7DB2EC20-722B-4749-8924-0BBAD40AFBEE}” = protocol=6 | dir=in | app=c:program fileslenovosystem updateuncserver.exe |
    “{83294C1F-F4BA-41B9-8C5C-FEABB7C54CF0}” = protocol=17 | dir=in | app=c:program filesbonjourmdnsresponder.exe |
    “{85B776EB-E0E5-463C-A0AE-5109506F4E98}” = protocol=6 | dir=in | app=c:program filesbonjourmdnsresponder.exe |
    “{8E64FB90-6578-44F4-AE8A-9FB639118C41}” = protocol=6 | dir=in | app=c:program filesavgavg10avgnsx.exe |
    “{99CD7EDC-1DB8-4EE1-A038-81CD0998ABE6}” = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    “{A1B9E271-F9E9-45DF-B0EC-429EF6DD58DB}” = protocol=17 | dir=in | app=c:usersmatejaappdatalocalakamainetsession_win.exe |
    “{A202F250-6270-4DDD-B25D-B84C5503BECB}” = protocol=6 | dir=in | app=c:program filesavgavg10avgemcx.exe |
    “{A7FBB667-5619-469C-8BA2-B64C7C2AD6EA}” = protocol=6 | dir=in | app=c:program filesavgavg10avgmfapx.exe |
    “{B2449CAD-522A-4A0F-ACAA-323E1752A32B}” = protocol=6 | dir=in | app=c:program filesteamviewerversion6teamviewer.exe |
    “{B2B57C50-0A69-4F99-A21D-1924841651FA}” = protocol=6 | dir=in | app=c:usersmatejaappdatalocalakamainetsession_win.exe |
    “{B2E2EB96-B023-4457-864B-913EC8292A5E}” = protocol=17 | dir=in | app=c:program filesavgavg10avgemcx.exe |
    “{B60E7015-6035-41CB-9665-43B78E051361}” = dir=in | app=c:program filescommon filesnokiaservice layeransl_host_process.exe |
    “{B94FC9E9-DD07-4824-86CF-9D2907A7B81D}” = protocol=6 | dir=out | app=%programfiles%windows media playerwmplayer.exe |
    “{BEC04389-443D-4A26-AFB8-3D597A398547}” = dir=in | app=c:program filesitunesitunes.exe |
    “{D2ADEE22-0271-47E0-982D-B5C4BC27043A}” = protocol=17 | dir=in | app=c:windowssystem32pnkbstrb.exe |
    “{E473A1EA-837E-47BE-A6FA-F3B319E04957}” = protocol=17 | dir=in | app=c:program filesteamviewerversion6teamviewer.exe |
    “{EBF4781E-CCE6-4375-A56F-FA0591398C39}” = protocol=17 | dir=in | app=c:program filesteamviewerversion6teamviewer_service.exe |
    “{EE7531C5-0C6C-41FB-9B70-A4B18E9BEE6F}” = protocol=6 | dir=in | app=c:program filesteamviewerversion6teamviewer_service.exe |
    “{F26FBF49-6DF7-452F-92A0-429897669D58}” = protocol=17 | dir=in | app=c:program filesbonjourmdnsresponder.exe |
    “{F522D64D-0BBF-492D-A0C9-F32271967452}” = protocol=17 | dir=in | app=c:program filesavgavg10avgmfapx.exe |
    “{F81765D4-79D1-4969-8B95-E011D5447931}” = protocol=6 | dir=in | app=c:program filesbonjourmdnsresponder.exe |
    “{F87EA6FC-06F4-4C4B-A507-FCFF3C4EDA82}” = protocol=17 | dir=in | app=c:program fileslenovosystem updateuncserver.exe |
    “{F8995668-FC4A-4DFD-8D82-E2CF77CD5FE3}” = protocol=17 | dir=in | app=c:program filesavgavg10avgmfapx.exe |
    “{F89EC113-B7F6-41B5-AA80-03F009FD6772}” = dir=in | app=c:program filesnokianokia ovi suitenokiaovisuite.exe |
    “{F9AA3E56-CE23-480B-B227-81BE32FD52F8}” = protocol=6 | dir=in | app=c:windowssystem32pnkbstra.exe |
    “{FB6D86DB-8F39-4EC7-A803-B4AE443DA77B}” = dir=in | app=c:program filescommon filesnokiaservice layeransl_host_process.exe |
    “TCP Query User{0B639AAC-FE1F-4986-8278-4851FA172F8A}C:program filesutorrentutorrent.exe” = protocol=6 | dir=in | app=c:program filesutorrentutorrent.exe |
    “TCP Query User{32DD3A1F-4271-4AD7-B554-A2762B2D757E}C:program filesvideolanvlcvlc.exe” = protocol=6 | dir=in | app=c:program filesvideolanvlcvlc.exe |
    “TCP Query User{3F26A60B-5937-490F-95B8-A0C26A24A4DD}C:program fileslogitechlogitech vidvid.exe” = protocol=6 | dir=in | app=c:program fileslogitechlogitech vidvid.exe |
    “TCP Query User{491F48F6-F213-40C5-9DD1-D8A1EF9625BF}C:program filesutorrentutorrent.exe” = protocol=6 | dir=in | app=c:program filesutorrentutorrent.exe |
    “TCP Query User{6C79178B-EA0F-49E4-B087-95A542473162}C:usersmatejaappdatalocalgooglechromeapplicationchrome.exe” = protocol=6 | dir=in | app=c:usersmatejaappdatalocalgooglechromeapplicationchrome.exe |
    “TCP Query User{790CCC12-83C4-426A-B7BF-C77C8DACE412}C:usersmatejadownloadscod1call of duty 1call of dutycall of duty 1codmp.exe” = protocol=6 | dir=in | app=c:usersmatejadownloadscod1call of duty 1call of dutycall of duty 1codmp.exe |
    “TCP Query User{8F6BDDF7-4C5E-4331-9E02-F5E4E6748CE8}C:program fileswinampwinamp.exe” = protocol=6 | dir=in | app=c:program fileswinampwinamp.exe |
    “TCP Query User{9B5FA1D7-5532-4D80-B809-D3D8A790538B}C:program filesinternet exploreriexplore.exe” = protocol=6 | dir=in | app=c:program filesinternet exploreriexplore.exe |
    “TCP Query User{AEB29DD1-8738-4328-8A02-819537CF45F1}C:program filesinternet exploreriexplore.exe” = protocol=6 | dir=in | app=c:program filesinternet exploreriexplore.exe |
    “TCP Query User{C4A004AF-2D55-4F70-92A1-F3480067C9B0}C:usersmatejaappdataroamingmacromediaflash playerwww.macromedia.combinoctoshapeoctoshape.exe” = protocol=6 | dir=in | app=c:usersmatejaappdataroamingmacromediaflash playerwww.macromedia.combinoctoshapeoctoshape.exe |
    “UDP Query User{04A71F5E-3B46-415E-B26D-2F6C1C29DB89}C:program filesvideolanvlcvlc.exe” = protocol=17 | dir=in | app=c:program filesvideolanvlcvlc.exe |
    “UDP Query User{1F7B3CCD-AA99-4545-A6E4-FEE579307379}C:program filesinternet exploreriexplore.exe” = protocol=17 | dir=in | app=c:program filesinternet exploreriexplore.exe |
    “UDP Query User{3A2074F5-048A-4BDB-A771-9508CF14BEE2}C:program filesutorrentutorrent.exe” = protocol=17 | dir=in | app=c:program filesutorrentutorrent.exe |
    “UDP Query User{691FDBDB-128A-4DF9-8D83-FB33427CDBAE}C:usersmatejaappdatalocalgooglechromeapplicationchrome.exe” = protocol=17 | dir=in | app=c:usersmatejaappdatalocalgooglechromeapplicationchrome.exe |
    “UDP Query User{A47ECA15-934D-45DD-9237-08C1B3FD975C}C:usersmatejaappdataroamingmacromediaflash playerwww.macromedia.combinoctoshapeoctoshape.exe” = protocol=17 | dir=in | app=c:usersmatejaappdataroamingmacromediaflash playerwww.macromedia.combinoctoshapeoctoshape.exe |
    “UDP Query User{B497EBB0-64AD-450B-B541-A9160047C807}C:program fileswinampwinamp.exe” = protocol=17 | dir=in | app=c:program fileswinampwinamp.exe |
    “UDP Query User{C3B60592-6A88-4B79-AF35-022CBE0AB7D5}C:program filesutorrentutorrent.exe” = protocol=17 | dir=in | app=c:program filesutorrentutorrent.exe |
    “UDP Query User{F0AD559E-664B-4F52-BD6A-C09FFAF23971}C:program filesinternet exploreriexplore.exe” = protocol=17 | dir=in | app=c:program filesinternet exploreriexplore.exe |
    “UDP Query User{F1DF7A87-5245-4BB3-9F38-D00A98D4E815}C:usersmatejadownloadscod1call of duty 1call of dutycall of duty 1codmp.exe” = protocol=17 | dir=in | app=c:usersmatejadownloadscod1call of duty 1call of dutycall of duty 1codmp.exe |
    “UDP Query User{FD12BF5F-5B23-407B-93D5-21FA4BD994F6}C:program fileslogitechlogitech vidvid.exe” = protocol=17 | dir=in | app=c:program fileslogitechlogitech vidvid.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstall]
    “{08600005-5228-4BF6-845E-E9A957AFDCB4}” = OviMPlatform
    “{0C826C5B-B131-423A-A229-C71B3CACCD6A}” = CDDRV_Installer
    “{1C9FE8CC-2578-41E6-AB28-3B927B055224}” = Windows Live – Pomocnik za vpis
    “{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}” = Microsoft Visual C++ 2008 Redistributable – x86 9.0.30729.4148
    “{25C64847-B900-48AD-A164-1B4F9B774650}” = System Update
    “{26A24AE4-039D-4CA4-87B4-2F83216017FF}” = Java(TM) 6 Update 29
    “{28191B83-1D60-44B6-9B08-E854EF6632D5}” = Ovi Desktop Sync Engine
    “{3101CB58-3482-4D21-AF1A-7057FC935355}” = KhalInstallWrapper
    “{3553E875-F00E-4031-BDEC-75FB1DFEB093}” = Nokia Ovi Suite Software Updater
    “{3FC42713-B6E7-49AA-A553-A224FE9828A8}” = Nokia Ovi Suite
    “{4216D328-0FE8-48B8-85B8-BD300E6F080F}” = Nokia Connectivity Cable Driver
    “{4A03706F-666A-4037-7777-5F2748764D10}” = Java Auto Updater
    “{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}” = Create Recovery Media
    “{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}” = Microsoft SQL Server Setup Support Files (English)
    “{549CE1BD-88E4-4C5E-BF75-B155624714CC}” = Belkin USB Wireless Adaptor
    “{56B4002F-671C-49F4-984C-C760FE3806B5}” = Microsoft SQL Server VSS Writer
    “{56C049BE-79E9-4502-BEA7-9754A3E60F9B}” = neroxml
    “{57752979-A1C9-4C02-856B-FBB27AC4E02C}” = QuickTime
    “{5DB65884-C963-4454-AABA-4CA3089281FA}” = NVIDIA PhysX
    “{65153EA5-8B6E-43B6-857B-C6E4FC25798A}” = Intel(R) Management Engine Components
    “{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}” = Garmin USB Drivers
    “{6956856F-B6B3-4BE0-BA0B-8F495BE32033}” = Apple Software Update
    “{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}” = Windows Media Player Firefox Plugin
    “{6AFCA4E1-9B78-3640-8F72-A7BF33448200}” = Microsoft Visual C++ 2008 Redistributable – x86 9.0.30729
    “{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}” = MSVC80_x86_v2
    “{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}” = Microsoft Visual C++ 2005 Redistributable
    “{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}” = Norton Internet Security
    “{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}” = iTunes
    “{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}” = Microsoft Silverlight
    “{95120000-00B9-0409-0000-0000000FF1CE}” = Microsoft Application Error Reporting
    “{9A25302D-30C0-39D9-BD6F-21E6EC160475}” = Microsoft Visual C++ 2008 Redistributable – x86 9.0.30729.17
    “{9BE518E6-ECC6-35A9-88E4-87755C07200F}” = Microsoft Visual C++ 2008 Redistributable – x86 9.0.30729.6161
    “{A498D9EB-927B-459B-85D6-DD6EF8C2C564}” = erLT
    “{AF111648-99A1-453E-81DD-80DBBF6DAD0D}” = MSVC90_x86
    “{B1EE1CC5-6CED-4801-BFFF-8454F21A245A}” = Garmin Communicator Plugin
    “{B3575D00-27EF-49C2-B9E0-14B3D954E992}” = Apple Application Support
    “{B383F243-0ABC-4E56-AA30-923B8D85076E}” = Rescue and Recovery
    “{B6CF2967-C81E-40C0-9815-C05774FEF120}” = Skype Click to Call
    “{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}” = Microsoft SQL Server Native Client
    “{C23CD6DA-1958-43A5-ADD0-59396572E02E}” = Apple Mobile Device Support
    “{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}” = Logitech Webcam Software
    “{C2E4B5BD-32DB-4817-A060-341AB17C3F90}” = Bonjour
    “{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}” = PC Connectivity Solution
    “{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}” = ThinkVantage Power Manager
    “{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}” = Skype™ 5.10
    “{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}” = Realtek High Definition Audio Driver
    “{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}” = Logitech SetPoint
    “{F333A33D-125C-32A2-8DCE-5C5D14231E27}” = Visual C++ 2008 x86 Runtime – (v9.0.30729)
    “{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01” = Visual C++ 2008 x86 Runtime – v9.0.30729.01
    “{F8A9085D-4C7A-41a9-8A77-C8998A96C421}” = Intel(R) Control Center
    “{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}” = Message Center Plus
    “0134DA19E49BF25E588E062BF3AF5B52A1FB0570” = Windows Driver Package – Intel System (06/04/2009 9.1.1.1013)
    “0F85FF5427F83EBFD8D26A476513F129AA6A9BDE” = Windows Driver Package – Realtek Semiconductor Corp. HD Audio Driver (11/09/2009 6.0.1.5977)
    “1AE98C75AE2DD1284F66876FA76F46BFDF6B9D31” = Windows Driver Package – Intel hdc (06/04/2009 7.0.0.1013)
    “30A4777E896192B8D398199AE1AB235B69BAB26D” = Windows Driver Package – Intel (HECI) System (09/17/2009 6.0.0.1179)
    “4165529BF5F060D6DCE68D5EFB7C01F8C133A42B” = Windows Driver Package – Realtek Semiconductor Corp. HD Audio Driver (11/09/2009 6.0.1.5977)
    “49CF605F02C7954F4E139D18828DE298CD59217C” = Windows Driver Package – Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
    “504244733D18C8F63FF584AEB290E3904E791693” = Windows Driver Package – Nokia pccsmcfd (08/22/2008 7.0.0.0)
    “563601B59417ECE6367FFC9E33EF23D1E64AA350” = Windows Driver Package – Intel System (06/04/2009 9.1.1.1013)
    “746B3FA92A51BF163E30D6121404CCC057D4C12B” = Windows Driver Package – NVIDIA (nvlddmkm) Display (09/22/2009 8.16.11.9070)
    “971CFAB99B2A1B969F4D55F9A2AAC330B2A2551C” = Windows Driver Package – Intel (e1kexpress) Net (09/23/2009 11.2.19.0)
    “A7B0B8D913E4DC2FA0B31E392E1512A901CA66B9” = Windows Driver Package – Intel USB (08/20/2009 9.1.1.1020)
    “Adobe Flash Player ActiveX” = Adobe Flash Player 10 ActiveX
    “Adobe Flash Player Plugin” = Adobe Flash Player 10 Plugin
    “Akamai” = Akamai NetSession Interface Service
    “Chuzzle Deluxe” = Chuzzle Deluxe (remove only)
    “Cooking Academy 2” = Cooking Academy 2 (remove only)
    “Cooking Dash – DinerTown Studios” = Cooking Dash – DinerTown Studios (remove only)
    “D4577BB192DCD9AD7FB9C09EFCCBE8CC15ED70BF” = Windows Driver Package – NVIDIA Corporation (NVHDA) MEDIA (08/11/2009 1.00.00.58)
    “Diner Dash Hometown Hero Gourmet” = Diner Dash Hometown Hero Gourmet (remove only)
    “E7B58217635B8F723D4744A328A4B3237DB35FA9” = Windows Driver Package – Intel System (06/04/2009 1.0.0.0002)
    “ESET Online Scanner” = ESET Online Scanner v3
    “F46B861A702511B4B61AA6F81D8899BEDFE22EDD” = Windows Driver Package – Intel (Serial) Ports (09/17/2009 6.0.0.1179)
    “Go Go Gourmet – Chef of the Year” = Go Go Gourmet – Chef of the Year (remove only)
    “GTR Evolution_1.1.1.2_is1” = GTR Evolution
    “InstallShield_{549CE1BD-88E4-4C5E-BF75-B155624714CC}” = Belkin USB Wireless Adaptor
    “Lenovo Welcome_is1” = Lenovo Welcome
    “LUXOR Adventures Bundle” = LUXOR Adventures Bundle (remove only)
    “Malwarebytes’ Anti-Malware_is1” = Malwarebytes Anti-Malware version 1.65.0.1400
    “MouseSuite98” = Mouse Suite
    “Mozilla Firefox (3.6.25)” = Mozilla Firefox (3.6.25)
    “Nokia Ovi Suite” = Nokia Ovi Suite
    “NVIDIA Drivers” = NVIDIA Drivers
    “PC-Doctor for Windows” = Lenovo ThinkVantage Toolbox
    “PROSet” = Intel(R) Network Connections Drivers
    “SystemRequirementsLab” = System Requirements Lab
    “TagScanner_is1” = TagScanner 5.1.611
    “TeamViewer 6” = TeamViewer 6
    “uTorrent” = µTorrent
    “VLC media player” = VLC media player 2.0.2
    “Winamp” = Winamp
    “Zuma’s Revenge – Adventure” = Zuma’s Revenge – Adventure (remove only)

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionUninstall]
    “Akamai” = Akamai NetSession Interface
    “Google Chrome” = Google Chrome
    “Octoshape add-in for Adobe Flash Player” = Octoshape add-in for Adobe Flash Player
    “Winamp Detect” = Winamp Detector Plug-in

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error – 1/15/2012 8:48:11 AM | Computer Name = Crni | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for “c:Program FilesLenovoSystem
    UpdateInstaller64.exe”. Dependent Assembly Microsoft.VC80.CRT,processorArchitecture=”amd64″,publicKeyToken=”1fc8b3b9a1e18e3b”,type=”win32″,version=”8.0.50608.0″
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error – 1/16/2012 1:08:38 PM | Computer Name = Crni | Source = Microsoft-Windows-LoadPerf | ID = 3006
    Description = Unable to read the performance counter strings defined for the 024
    language ID. The first DWORD in the Data section contains the Win32 error code.

    Error – 1/16/2012 1:08:38 PM | Computer Name = Crni | Source = Microsoft-Windows-LoadPerf | ID = 3006
    Description = Unable to read the performance counter strings defined for the 024
    language ID. The first DWORD in the Data section contains the Win32 error code.

    Error – 1/17/2012 2:34:27 PM | Computer Name = Crni | Source = Microsoft-Windows-LoadPerf | ID = 3006
    Description = Unable to read the performance counter strings defined for the 024
    language ID. The first DWORD in the Data section contains the Win32 error code.

    Error – 1/17/2012 2:34:27 PM | Computer Name = Crni | Source = Microsoft-Windows-LoadPerf | ID = 3006
    Description = Unable to read the performance counter strings defined for the 024
    language ID. The first DWORD in the Data section contains the Win32 error code.

    Error – 1/18/2012 1:06:35 PM | Computer Name = Crni | Source = Microsoft-Windows-LoadPerf | ID = 3006
    Description = Unable to read the performance counter strings defined for the 024
    language ID. The first DWORD in the Data section contains the Win32 error code.

    Error – 1/18/2012 1:06:35 PM | Computer Name = Crni | Source = Microsoft-Windows-LoadPerf | ID = 3006
    Description = Unable to read the performance counter strings defined for the 024
    language ID. The first DWORD in the Data section contains the Win32 error code.

    Error – 1/18/2012 1:24:26 PM | Computer Name = Crni | Source = SideBySide | ID = 16842827
    Description = Activation context generation failed for “C:Program FilesSkypeToolbarsInternet
    ExplorerSkypeIEPluginBroker.exe”.Error in manifest or policy file “C:Program
    FilesSkypeToolbarsInternet ExplorerSkypeIEPluginBroker.exe” on line 2. Multiple
    requestedPrivileges elements are not allowed in manifest.

    Error – 1/18/2012 1:24:53 PM | Computer Name = Crni | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for “c:Program FilesLenovoSystem
    UpdateInstaller64.exe”. Dependent Assembly Microsoft.VC80.CRT,processorArchitecture=”amd64″,publicKeyToken=”1fc8b3b9a1e18e3b”,type=”win32″,version=”8.0.50608.0″
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error – 1/18/2012 6:30:37 PM | Computer Name = Crni | Source = EventSystem | ID = 4621
    Description =

    [ Lenovo-Message Center Plus/Admin Events ]
    Error – 11/9/2011 9:43:16 AM | Computer Name = Crni | Source = Lenovo-Message Center Plus/Admin | ID = 2
    Description = Object reference not set to an instance of an object. -> Exception
    message: Object reference not set to an instance of an object.

    [ System Events ]
    Error – 9/27/2012 12:19:26 PM | Computer Name = Crni | Source = Service Control Manager | ID = 7031
    Description = Storitev »Samodejna konfiguracija brezži?nega krajevnega omrežja«
    se je nepri?akovano prekinila. To je storila 1-krat. Naslednja popravljalna dejanja
    bodo izvedena v 120000 milisekundah: Vnovi?ni zagon storitve.

    Error – 9/27/2012 12:19:26 PM | Computer Name = Crni | Source = Service Control Manager | ID = 7031
    Description = Storitev »Portable Device Enumerator Service« se je nepri?akovano
    prekinila. To je storila 1-krat. Naslednja popravljalna dejanja bodo izvedena v
    120000 milisekundah: Vnovi?ni zagon storitve.

    Error – 9/27/2012 12:19:26 PM | Computer Name = Crni | Source = Service Control Manager | ID = 7031
    Description = Storitev »Windows Driver Foundation – User-mode Driver Framework«
    se je nepri?akovano prekinila. To je storila 1-krat. Naslednja popravljalna dejanja
    bodo izvedena v 120000 milisekundah: Vnovi?ni zagon storitve.

    Error – 9/27/2012 12:20:35 PM | Computer Name = Crni | Source = Service Control Manager | ID = 7034
    Description = Storitev »SQL Server VSS Writer« se je nepri?akovano prekinila. To
    je storila 1-krat.

    Error – 9/27/2012 12:26:30 PM | Computer Name = Crni | Source = Service Control Manager | ID = 7016
    Description = Storitev »NVIDIA Display Driver Service« je sporo?ila neveljavno trenutno
    stanje »32«.

    Error – 9/28/2012 9:50:13 AM | Computer Name = Crni | Source = Service Control Manager | ID = 7034
    Description = Storitev »SQL Server VSS Writer« se je nepri?akovano prekinila. To
    je storila 1-krat.

    Error – 9/28/2012 12:10:07 PM | Computer Name = Crni | Source = Service Control Manager | ID = 7016
    Description = Storitev »NVIDIA Display Driver Service« je sporo?ila neveljavno trenutno
    stanje »32«.

    Error – 9/28/2012 6:56:31 PM | Computer Name = Crni | Source = Service Control Manager | ID = 7034
    Description = Storitev »SQL Server VSS Writer« se je nepri?akovano prekinila. To
    je storila 1-krat.

    Error – 9/28/2012 6:58:58 PM | Computer Name = Crni | Source = Service Control Manager | ID = 7016
    Description = Storitev »NVIDIA Display Driver Service« je sporo?ila neveljavno trenutno
    stanje »32«.

    Error – 9/29/2012 4:46:48 AM | Computer Name = Crni | Source = Service Control Manager | ID = 7034
    Description = Storitev »SQL Server VSS Writer« se je nepri?akovano prekinila. To
    je storila 1-krat.

    #99513

    Actually is looking pretty good there now. Just need to remove that Ad-Aware service remnant.

    Go to Start Search, type cmd.exe in the Start Search box. Cmd.exe will appear at the top of the Menu. Rightclick on it and choose “Run as administrator”. At the prompt copy/paste the following, pressing Enter after each:

    sc delete “Lavasoft Kernexplorer”

    Then type exit and press Enter to close the window.

    Please post back on any problems we still need to correct.

Ansicht von 15 Beiträgen - 1 bis 15 (von insgesamt 15)

Das Thema „Bundespolizei Malware, Österreich“ ist für neue Antworten geschlossen.