Bundespolizei Malware, Österreich

[GoGe]

Hello.

It's easier to explain things in English, if you don't mind. I understand German very good, but to write things down would be an incomprehensible thing.

So, what happened:

I opened a website, using internet explorer and immediately i got a notification "Bundespolizei", asking me to transfer money, which of course I did not. The notification blocked my screen and I could not close it. I could Alt+Tab my open windows, but could not access them. After restarting the computer, the notification was still there. I restarted again with my internet cable unplugged. Now I had the windows screen without the police notification. I could access my files without any problems. I plugged in the network cable while computer was running and received the police notification immediately. I unplugged the cable again and started the computer again. Again no notification. Now I run a whole computer scan with the AVG, but it did not find anything. However, during the scan I opened my Task Manager (Ctrl+Shift+Esc) and before opening it, AVG blocked the file and moved it to the vault. The file was named "MOLBCRY.EXE" and was located in "appdata\Local\Temp". After that I restarted my computer without the internet and then again with the internet connection and no notification appeared in any of the cases. This was last week. Until then I tried restarting the computer several times and there was no "bundespolizei" notification. I have all the files backed up. Today I ran the OTL scan (after reading this forum) and received the following log:
OTL.Txt

Code:

OTL logfile created on: 8/31/2012 9:28:27 AM - Run 2
OTL by OldTimer - Version 3.2.59.1     Folder = C:\Users\Mateja\Desktop
 Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Slovenija | Language: SLV | Date Format: d.M.yyyy
 
2.94 Gb Total Physical Memory | 2.20 Gb Available Physical Memory | 74.84% Memory free
5.87 Gb Paging File | 5.15 Gb Available in Paging File | 87.76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 454.82 Gb Total Space | 168.63 Gb Free Space | 37.08% Space Free | Partition Type: NTFS
Drive Q: | 9.77 Gb Total Space | 2.88 Gb Free Space | 29.45% Space Free | Partition Type: NTFS
 
Computer Name: CRNI | User Name: Mateja | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Mateja\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\WinRAR\rarext.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (vToolbarUpdater11.2.0) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe ()
SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_4f7fccd.dll ()
SRV - (TeamViewer6) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (AVG Security Toolbar Service) -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe ()
SRV - (SUService) -- C:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (UNS) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (Power Manager DBC Service) -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE (Lenovo)
SRV - (ThinkVantage Registry Monitor Service) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
SRV - (LBTServ) -- C:\Program Files\Common Files\logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys File not found
DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSEH) -- C:\Windows\System32\drivers\AVGIDSEH.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\Windows\System32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys (Nokia)
DRV - (nmwcdnsuc) -- C:\Windows\System32\drivers\nmwcdnsuc.sys (Nokia)
DRV - (RTL8192su) -- C:\Windows\System32\drivers\RTL8192su.sys (Realtek Semiconductor Corporation                           )
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (vpcvmm) -- C:\Windows\System32\drivers\vpcvmm.sys (Microsoft Corporation)
DRV - (vpcbus) -- C:\Windows\System32\drivers\vpchbus.sys (Microsoft Corporation)
DRV - (vpcusb) -- C:\Windows\System32\drivers\vpcusb.sys (Microsoft Corporation)
DRV - (vpcnfltr) -- C:\Windows\System32\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV - (pelusblf) -- C:\Windows\System32\drivers\PELUSBLF.SYS (TPMX Electronics Ltd.)
DRV - (pelmouse) -- C:\Windows\System32\drivers\PELMOUSE.SYS (TPMX Electronics Ltd.)
DRV - (TVTI2C) -- C:\Windows\System32\drivers\tvti2c.sys (Lenovo (United States) Inc.)
DRV - (e1kexpress) -- C:\Windows\System32\drivers\e1k6232.sys (Intel Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (HECI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (netw5v32) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (psadd) -- C:\Windows\System32\drivers\psadd.sys (Lenovo (United States) Inc.)
DRV - (LUsbFilt) -- C:\Windows\System32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (PID_PEPI) -- C:\Windows\System32\drivers\LV302V32.SYS (Logitech Inc.)
DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)
DRV - (pepifilter) -- C:\Windows\System32\drivers\lv302af.sys (Logitech Inc.)
DRV - (athrusb) -- C:\Windows\System32\drivers\athrusb.sys (Atheros Communications, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {B33C4B21-55F4-4CDD-A33F-EFC7F27934A2}
IE - HKLM\..\SearchScopes\{B33C4B21-55F4-4CDD-A33F-EFC7F27934A2}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox;
 
 
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\S-1-5-21-1043056270-1798009061-3640862498-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.msn.com
IE - HKU\S-1-5-21-1043056270-1798009061-3640862498-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkcentre [binary data]
IE - HKU\S-1-5-21-1043056270-1798009061-3640862498-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.si/
IE - HKU\S-1-5-21-1043056270-1798009061-3640862498-1004\..\SearchScopes,DefaultScope = {1291DCB8-B322-4588-93A8-7892589628F4}
IE - HKU\S-1-5-21-1043056270-1798009061-3640862498-1004\..\SearchScopes\{1291DCB8-B322-4588-93A8-7892589628F4}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-1043056270-1798009061-3640862498-1004\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={41D2705F-F133-416F-B5C8-039E30057B76}&mid=827c94f3b953c2161707c680c17db71e-1fd6ce85b3ccfa0cc5a4b477c3b5ffcb610695e7&lang=us&ds=AVG&pr=fr&d=2011-12-08 11:24:48&v=9.0.0.18&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1043056270-1798009061-3640862498-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1043056270-1798009061-3640862498-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.51
FF - prefs.js..extensions.enabledItems: {12B5FEAA-16C9-4DE9-98A0-83D6FE5B1316}:2.0.54.0
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.9.0.9216
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: avg@toolbar:11.1.0.7
FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid=%7Ba09b7265-a9b3-4f3d-80d6-6389feff1f5b%7D&mid=827c94f3b953c2161707c680c17db71e-1fd6ce85b3ccfa0cc5a4b477c3b5ffcb610695e7&ds=AVG&v=11.1.0.7&lang=us&pr=fr&d=2011-12-08%2011%3A24%3A48&sap=ku&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Mateja\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Mateja\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011/02/11 15:06:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2012/02/02 19:23:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.12\ [2012/07/12 19:32:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/19 14:05:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/19 14:05:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011/02/11 15:06:39 | 000,000,000 | ---D | M]
 
[2010/06/23 14:47:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mateja\AppData\Roaming\mozilla\Extensions
[2012/01/22 21:37:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mateja\AppData\Roaming\mozilla\Firefox\Profiles\rfmwrfe8.default\extensions
[2011/02/15 12:32:31 | 000,000,000 | ---D | M] (Hermes SoftLab DigSigSDK) -- C:\Users\Mateja\AppData\Roaming\mozilla\Firefox\Profiles\rfmwrfe8.default\extensions\{12B5FEAA-16C9-4DE9-98A0-83D6FE5B1316}
[2011/11/24 20:07:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012/03/09 21:30:19 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/11/24 20:07:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/02/11 15:06:39 | 000,000,000 | ---D | M] (Firefox Synchronisation Extension) -- C:\PROGRAM FILES\NOKIA\NOKIA OVI SUITE\CONNECTORS\BOOKMARKS CONNECTOR\FIREFOXEXTENSION
[2012/06/16 11:12:57 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\11.1.0.7
[2011/10/03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/26 20:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012/07/12 19:32:37 | 000,003,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/02/19 14:05:27 | 000,010,799 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\ceneji.xml
[2012/02/19 14:05:27 | 000,003,584 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\odpiralni.xml
[2012/02/19 14:05:27 | 000,006,155 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/02/19 14:05:27 | 000,001,328 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-sl.xml
 
O1 HOSTS File: ([2010/03/29 13:54:11 | 000,001,276 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1  practivate.adobe.com
O1 - Hosts: 127.0.0.1  ereg.adobe.com
O1 - Hosts: 127.0.0.1  activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1  wip3.adobe.com
O1 - Hosts: 127.0.0.1  3dns-3.adobe.com
O1 - Hosts: 127.0.0.1  3dns-2.adobe.com
O1 - Hosts: 127.0.0.1  adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1  adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1  adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1  ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1  activate-sea.adobe.com
O1 - Hosts: 127.0.0.1  wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1  activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1  activate.adobe.com
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1043056270-1798009061-3640862498-1004\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-1043056270-1798009061-3640862498-1004\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AutoEJCD_0ACE20FF] C:\Program Files\AutoInstall\ZD1211B_Auto_Install_CD_Only_Gen_0ACE20FF\AutoEJCD.EXE ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [IMSS] C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe ()
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Launch Backup Service Once] C:\Program Files\Lenovo\Rescue and Recovery\rrstrigger.exe ()
O4 - HKLM..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe ()
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\Program Files\Lenovo\Mouse Suite\ICO.EXE (Primax Electronics Ltd.)
O4 - HKLM..\Run: [Power Manager Power Agenda] C:\PROGRA~1\ThinkPad\UTILIT~1\DPMHost.exe ()
O4 - HKLM..\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor File not found
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-21-1043056270-1798009061-3640862498-1004..\Run: [Akamai NetSession Interface] C:\Users\Mateja\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-1043056270-1798009061-3640862498-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Pošlji v OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : P&ošlji v OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{14A0D4F0-850B-487A-B7B4-8E93FD231341}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{855473E8-93B9-43B6-9FAC-A0960DFCD68C}: DhcpNameServer = 195.34.133.21 195.34.133.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8662691B-B9BB-4C7C-B0F1-3740E3A0FF48}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\System32\acaptuser32.dll (Adobe Systems, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/06/10 18:32:46 | 000,000,049 | -HS- | M] () - Q:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{00d3d9ab-3b48-11df-9fae-002186fa0f16}\Shell - "" = AutoRun
O33 - MountPoints2\{00d3d9ab-3b48-11df-9fae-002186fa0f16}\Shell\AutoRun\command - "" = G:\autorun.exe
O33 - MountPoints2\{1d1d34ca-22f7-11df-80dc-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1d1d34ca-22f7-11df-80dc-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2009/08/10 23:01:24 | 000,267,576 | -HS- | M] (Lenovo Group Limited)
O33 - MountPoints2\{535f5dd4-ba9f-11e0-ab68-002186fa0f16}\Shell - "" = AutoRun
O33 - MountPoints2\{535f5dd4-ba9f-11e0-ab68-002186fa0f16}\Shell\AutoRun\command - "" = D:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/08/29 16:28:11 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\Mateja\Desktop\OTL.exe
[2012/08/29 13:44:23 | 000,000,000 | ---D | C] -- C:\_SMA
 
========== Files - Modified Within 30 Days ==========
 
[2012/08/31 09:26:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/31 09:26:54 | 2364,297,216 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/31 08:30:01 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1043056270-1798009061-3640862498-1004UA.job
[2012/08/30 22:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/08/30 17:06:56 | 105,340,250 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/08/30 17:06:16 | 000,513,995 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/08/30 16:30:00 | 000,001,018 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1043056270-1798009061-3640862498-1004Core.job
[2012/08/29 20:59:00 | 000,016,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/29 20:59:00 | 000,016,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/29 20:56:38 | 000,607,530 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/08/29 20:56:38 | 000,103,908 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/08/27 21:58:32 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Mateja\Desktop\OTL.exe
[2012/08/18 18:09:28 | 000,002,020 | ---- | M] () -- C:\Users\Mateja\Desktop\Mouse and Keyboard Settings.lnk
[2012/08/17 22:35:50 | 003,989,507 | ---- | M] () -- C:\Users\Mateja\Desktop\StAnton.pdf
 
========== Files Created - No Company Name ==========
 
[2012/08/18 18:09:28 | 000,002,020 | ---- | C] () -- C:\Users\Mateja\Desktop\Mouse and Keyboard Settings.lnk
[2012/08/17 22:35:50 | 003,989,507 | ---- | C] () -- C:\Users\Mateja\Desktop\StAnton.pdf
[2012/05/27 14:16:00 | 000,001,087 | ---- | C] () -- C:\Users\Mateja\Slike - Bližnjica.lnk
[2012/04/17 23:37:33 | 000,684,513 | ---- | C] () -- C:\Users\Mateja\Photo0068.jpg
[2012/04/17 23:37:33 | 000,660,236 | ---- | C] () -- C:\Users\Mateja\Photo0069.jpg
[2011/02/15 12:29:40 | 000,004,387 | ---- | C] () -- C:\Users\Mateja\Varnostna_kop_cert.p12
[2010/11/08 15:17:20 | 000,005,632 | ---- | C] () -- C:\Users\Mateja\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/28 11:57:58 | 000,004,096 | -H-- | C] () -- C:\Users\Mateja\AppData\Local\keyfile3.drm
[2010/04/18 13:03:32 | 000,022,328 | ---- | C] () -- C:\Users\Mateja\AppData\Roaming\PnkBstrK.sys
 
========== LOP Check ==========
 
[2010/11/29 13:57:27 | 000,000,000 | ---D | M] -- C:\Users\Mateja\AppData\Roaming\AVG10
[2010/05/27 22:25:36 | 000,000,000 | ---D | M] -- C:\Users\Mateja\AppData\Roaming\BlackBean
[2010/03/29 17:39:30 | 000,000,000 | ---D | M] -- C:\Users\Mateja\AppData\Roaming\DAEMON Tools Lite
[2010/03/23 21:39:54 | 000,000,000 | ---D | M] -- C:\Users\Mateja\AppData\Roaming\DesktopPwrMgr
[2011/06/22 22:20:33 | 000,000,000 | ---D | M] -- C:\Users\Mateja\AppData\Roaming\GARMIN
[2010/04/14 14:38:27 | 000,000,000 | ---D | M] -- C:\Users\Mateja\AppData\Roaming\Go-Go Gourmet Chef of the Year
[2011/03/28 19:49:02 | 000,000,000 | ---D | M] -- C:\Users\Mateja\AppData\Roaming\Leadertech
[2010/11/08 15:11:06 | 000,000,000 | ---D | M] -- C:\Users\Mateja\AppData\Roaming\Nokia
[2010/11/08 15:11:07 | 000,000,000 | ---D | M] -- C:\Users\Mateja\AppData\Roaming\Nokia Ovi Suite
[2010/11/08 13:54:25 | 000,000,000 | ---D | M] -- C:\Users\Mateja\AppData\Roaming\PC Suite
[2010/07/31 19:14:47 | 000,000,000 | ---D | M] -- C:\Users\Mateja\AppData\Roaming\PlayFirst
[2012/03/09 19:32:50 | 000,000,000 | ---D | M] -- C:\Users\Mateja\AppData\Roaming\TagScanner
[2012/04/10 22:42:19 | 000,000,000 | ---D | M] -- C:\Users\Mateja\AppData\Roaming\TeamViewer
[2012/08/31 09:24:40 | 000,000,000 | ---D | M] -- C:\Users\Mateja\AppData\Roaming\uTorrent
[2010/12/04 16:09:06 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2011/12/14 10:00:00 | 000,000,528 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2012/06/24 08:15:36 | 000,032,646 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/08/30 22:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job
 
========== Purity Check ==========
 
 

< End of report >

Extras.Txt

Code:

OTL Extras logfile created on: 8/31/2012 9:28:27 AM - Run 2
OTL by OldTimer - Version 3.2.59.1     Folder = C:\Users\Mateja\Desktop
 Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Slovenija | Language: SLV | Date Format: d.M.yyyy
 
2.94 Gb Total Physical Memory | 2.20 Gb Available Physical Memory | 74.84% Memory free
5.87 Gb Paging File | 5.15 Gb Available in Paging File | 87.76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 454.82 Gb Total Space | 168.63 Gb Free Space | 37.08% Space Free | Partition Type: NTFS
Drive Q: | 9.77 Gb Total Space | 2.88 Gb Free Space | 29.45% Space Free | Partition Type: NTFS
 
Computer Name: CRNI | User Name: Mateja | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [BILLA Fotoshop] -- "C:\Program Files\BILLA\BILLA Fotoshop\BILLA Fotoshop.exe" "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\BILLA\BILLA Fotoshop\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08707EFF-F7F7-41FD-8A7C-2A33F379F173}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 | 
"{333EAEED-38CC-473F-A57C-5B5A63B00248}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{468130D8-6C36-4842-ACDD-B2064F61DC93}" = rport=137 | protocol=17 | dir=out | app=system | 
"{5A37B177-C577-4920-86AD-B075B1AA4DE9}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{729B445F-3EB6-4CA5-AC8A-EDAF2AE5E2EE}" = rport=139 | protocol=6 | dir=out | app=system | 
"{952806DA-FCF8-44E5-A5C8-7518336657F0}" = lport=137 | protocol=17 | dir=in | app=system | 
"{BEF6D7B7-AC76-4E7E-B464-DFC02E998D2A}" = rport=445 | protocol=6 | dir=out | app=system | 
"{C364EBB0-7EC6-4F64-B834-7F05E4264250}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{C4EBB297-479B-4D8E-947A-7EB25B48132D}" = rport=138 | protocol=17 | dir=out | app=system | 
"{DDC074D6-27AD-452F-9EC5-1F64C61841D2}" = lport=445 | protocol=6 | dir=in | app=system | 
"{E0613A1A-CFAC-4A88-81F9-016C3B1CC1E6}" = lport=138 | protocol=17 | dir=in | app=system | 
"{E4953274-9106-488C-93A1-FF7F5DB70909}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F609C9EB-CB6F-4F6A-AA11-CAD9FF014D47}" = lport=139 | protocol=6 | dir=in | app=system | 
"{FA17BC34-E1A2-444C-A651-2A12385360E6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01C15D8F-7291-473D-AEDF-9CAE42484533}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{02D4E20D-345F-4EA4-B4D8-6164DDB5569D}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe | 
"{09B78E16-4437-4439-97C7-FCBF262DFD3C}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe | 
"{0DA1F044-7397-4147-8B7C-D8325E5B7314}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{116C8602-268A-4F5B-98BC-C2540A1C9DD9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{1A4E2860-8948-4F3F-B4B1-0399ACA51F25}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3789B5C3-54F3-4C74-A35F-49B3BC968AD1}" = dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe | 
"{39C70184-59E7-454A-B5DE-6054234B7D42}" = protocol=17 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe | 
"{3DA2E7F1-B74D-4981-8B20-6EC6D4B6502D}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe | 
"{43E8376A-5738-4A36-8998-1E91D2AD8795}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{460C10B2-D3AC-4287-A9ED-670B95B5BF1F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{474D98FA-344E-4EE5-9605-893F0AF29287}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe | 
"{4F3C5C4A-755A-43C4-B9CD-B4ED7D9519B9}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe | 
"{5C4216F5-14F9-4DF8-88DE-C5FBE0F9097F}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{5DBC9756-960D-4322-B09C-EE0F928B7939}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{6C3B04F5-E882-46A7-8CCF-6E762263BC99}" = protocol=6 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe | 
"{6DE9BA40-20E9-4DDA-84E4-C4ABF3C4E797}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{7DB2EC20-722B-4749-8924-0BBAD40AFBEE}" = protocol=6 | dir=in | app=c:\program files\lenovo\system update\uncserver.exe | 
"{83294C1F-F4BA-41B9-8C5C-FEABB7C54CF0}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{85B776EB-E0E5-463C-A0AE-5109506F4E98}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{8E64FB90-6578-44F4-AE8A-9FB639118C41}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe | 
"{99CD7EDC-1DB8-4EE1-A038-81CD0998ABE6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{A1B9E271-F9E9-45DF-B0EC-429EF6DD58DB}" = protocol=17 | dir=in | app=c:\users\mateja\appdata\local\akamai\netsession_win.exe | 
"{A202F250-6270-4DDD-B25D-B84C5503BECB}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe | 
"{A7FBB667-5619-469C-8BA2-B64C7C2AD6EA}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe | 
"{B2449CAD-522A-4A0F-ACAA-323E1752A32B}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe | 
"{B2B57C50-0A69-4F99-A21D-1924841651FA}" = protocol=6 | dir=in | app=c:\users\mateja\appdata\local\akamai\netsession_win.exe | 
"{B2E2EB96-B023-4457-864B-913EC8292A5E}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe | 
"{B60E7015-6035-41CB-9665-43B78E051361}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"{B94FC9E9-DD07-4824-86CF-9D2907A7B81D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{BC67B913-85B1-44E4-A533-ED7E1FD66422}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe | 
"{BEC04389-443D-4A26-AFB8-3D597A398547}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{D2ADEE22-0271-47E0-982D-B5C4BC27043A}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{E19E3549-9946-4648-B09B-751154003477}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe | 
"{E31585D8-8300-415A-9B91-7958812DDEE0}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe | 
"{E473A1EA-837E-47BE-A6FA-F3B319E04957}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe | 
"{EBF4781E-CCE6-4375-A56F-FA0591398C39}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe | 
"{EE7531C5-0C6C-41FB-9B70-A4B18E9BEE6F}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe | 
"{F26FBF49-6DF7-452F-92A0-429897669D58}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{F522D64D-0BBF-492D-A0C9-F32271967452}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe | 
"{F81765D4-79D1-4969-8B95-E011D5447931}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{F87EA6FC-06F4-4C4B-A507-FCFF3C4EDA82}" = protocol=17 | dir=in | app=c:\program files\lenovo\system update\uncserver.exe | 
"{F8995668-FC4A-4DFD-8D82-E2CF77CD5FE3}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe | 
"{F89EC113-B7F6-41B5-AA80-03F009FD6772}" = dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe | 
"{F9AA3E56-CE23-480B-B227-81BE32FD52F8}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{FAFAEADD-0BE0-41A9-9AA9-B019219BA635}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{FB6D86DB-8F39-4EC7-A803-B4AE443DA77B}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"TCP Query User{0B639AAC-FE1F-4986-8278-4851FA172F8A}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"TCP Query User{32DD3A1F-4271-4AD7-B554-A2762B2D757E}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"TCP Query User{491F48F6-F213-40C5-9DD1-D8A1EF9625BF}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"TCP Query User{6C79178B-EA0F-49E4-B087-95A542473162}C:\users\mateja\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\mateja\appdata\local\google\chrome\application\chrome.exe | 
"TCP Query User{790CCC12-83C4-426A-B7BF-C77C8DACE412}C:\users\mateja\downloads\cod1\call of duty 1\call of duty\call of duty 1\codmp.exe" = protocol=6 | dir=in | app=c:\users\mateja\downloads\cod1\call of duty 1\call of duty\call of duty 1\codmp.exe | 
"TCP Query User{8F6BDDF7-4C5E-4331-9E02-F5E4E6748CE8}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 
"TCP Query User{9B5FA1D7-5532-4D80-B809-D3D8A790538B}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{AEB29DD1-8738-4328-8A02-819537CF45F1}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{C4A004AF-2D55-4F70-92A1-F3480067C9B0}C:\users\mateja\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\mateja\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe | 
"UDP Query User{04A71F5E-3B46-415E-B26D-2F6C1C29DB89}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{1F7B3CCD-AA99-4545-A6E4-FEE579307379}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{3A2074F5-048A-4BDB-A771-9508CF14BEE2}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"UDP Query User{691FDBDB-128A-4DF9-8D83-FB33427CDBAE}C:\users\mateja\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\mateja\appdata\local\google\chrome\application\chrome.exe | 
"UDP Query User{A47ECA15-934D-45DD-9237-08C1B3FD975C}C:\users\mateja\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\mateja\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe | 
"UDP Query User{B497EBB0-64AD-450B-B541-A9160047C807}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 
"UDP Query User{C3B60592-6A88-4B79-AF35-022CBE0AB7D5}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"UDP Query User{F0AD559E-664B-4F52-BD6A-C09FFAF23971}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{F1DF7A87-5245-4BB3-9F38-D00A98D4E815}C:\users\mateja\downloads\cod1\call of duty 1\call of duty\call of duty 1\codmp.exe" = protocol=17 | dir=in | app=c:\users\mateja\downloads\cod1\call of duty 1\call of duty\call of duty 1\codmp.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{08600005-5228-4BF6-845E-E9A957AFDCB4}" = OviMPlatform
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1C9FE8CC-2578-41E6-AB28-3B927B055224}" = Windows Live - Pomocnik za vpis
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 29
"{28191B83-1D60-44B6-9B08-E854EF6632D5}" = Ovi Desktop Sync Engine
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3553E875-F00E-4031-BDEC-75FB1DFEB093}" = Nokia Ovi Suite Software Updater
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3FC42713-B6E7-49AA-A553-A224FE9828A8}" = Nokia Ovi Suite
"{4216D328-0FE8-48B8-85B8-BD300E6F080F}" = Nokia Connectivity Cable Driver
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}" = Create Recovery Media
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{549CE1BD-88E4-4C5E-BF75-B155624714CC}" = Belkin USB Wireless Adaptor
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5DB65884-C963-4454-AABA-4CA3089281FA}" = NVIDIA PhysX
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0424-0000-0000000FF1CE}" = Microsoft Office Access MUI (Slovenian) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0424-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Slovenian) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0424-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Slovenian) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0424-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Slovenian) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0424-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Slovenian) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0424-0000-0000000FF1CE}" = Microsoft Office Word MUI (Slovenian) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-041A-0000-0000000FF1CE}" = Microsoft Office Proof (Croatian) 2007
"{90120000-001F-0424-0000-0000000FF1CE}" = Microsoft Office Proof (Slovenian) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-0424-0000-0000000FF1CE}" = Microsoft Office Proofing (Slovenian) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0424-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Slovenian) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0424-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Slovenian) 2007
"{90120000-00A1-0424-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Slovenian) 2007
"{90120000-00BA-0424-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Slovenian) 2007
"{90120000-0100-0424-0000-0000000FF1CE}" = Microsoft Office O MUI (Slovenian) 2007
"{90120000-0101-0424-0000-0000000FF1CE}" = Microsoft Office X MUI (Slovenian) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{91C0B95B-B83A-4828-A775-BBE2DD421060}" = Nero 7 Ultra Edition
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}_920" = Adobe Acrobat 9.2.0 - CPSID_50026
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B1EE1CC5-6CED-4801-BFFF-8454F21A245A}" = Garmin Communicator Plugin
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B383F243-0ABC-4E56-AA30-923B8D85076E}" = Rescue and Recovery
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C8FC7066-4457-4365-9BDF-4E439BF703C8}" = AVG 2011
"{CA1CA5F8-7500-45C5-9D4C-47D13FBC92D2}" = Adobe Setup
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}" = PC Connectivity Solution
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkVantage Power Manager
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E533E637-FB3E-4F28-8B18-449CC9AB7235}" = AVG 2011
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus
"0134DA19E49BF25E588E062BF3AF5B52A1FB0570" = Windows Driver Package - Intel System  (06/04/2009 9.1.1.1013)
"0F85FF5427F83EBFD8D26A476513F129AA6A9BDE" = Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (11/09/2009 6.0.1.5977)
"1AE98C75AE2DD1284F66876FA76F46BFDF6B9D31" = Windows Driver Package - Intel hdc  (06/04/2009 7.0.0.1013)
"30A4777E896192B8D398199AE1AB235B69BAB26D" = Windows Driver Package - Intel (HECI) System  (09/17/2009 6.0.0.1179)
"4165529BF5F060D6DCE68D5EFB7C01F8C133A42B" = Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (11/09/2009 6.0.1.5977)
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"563601B59417ECE6367FFC9E33EF23D1E64AA350" = Windows Driver Package - Intel System  (06/04/2009 9.1.1.1013)
"746B3FA92A51BF163E30D6121404CCC057D4C12B" = Windows Driver Package - NVIDIA (nvlddmkm) Display  (09/22/2009 8.16.11.9070)
"971CFAB99B2A1B969F4D55F9A2AAC330B2A2551C" = Windows Driver Package - Intel (e1kexpress) Net  (09/23/2009 11.2.19.0)
"A7B0B8D913E4DC2FA0B31E392E1512A901CA66B9" = Windows Driver Package - Intel USB  (08/20/2009 9.1.1.1020)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_1710d324011afc3e7658e969025f4ba" = Adobe InDesign CS4
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Akamai" = Akamai NetSession Interface Service
"AVG" = AVG 2011
"BILLA Fotoshop" = BILLA Fotoshop
"Chuzzle Deluxe" = Chuzzle Deluxe (remove only)
"Cooking Academy 2" = Cooking Academy 2 (remove only)
"Cooking Dash - DinerTown Studios" = Cooking Dash - DinerTown Studios (remove only)
"D4577BB192DCD9AD7FB9C09EFCCBE8CC15ED70BF" = Windows Driver Package - NVIDIA Corporation (NVHDA) MEDIA  (08/11/2009 1.00.00.58)
"Diner Dash Hometown Hero Gourmet" = Diner Dash Hometown Hero Gourmet (remove only)
"E7B58217635B8F723D4744A328A4B3237DB35FA9" = Windows Driver Package - Intel System  (06/04/2009 1.0.0.0002)
"F46B861A702511B4B61AA6F81D8899BEDFE22EDD" = Windows Driver Package - Intel (Serial) Ports  (09/17/2009 6.0.0.1179)
"Go Go Gourmet - Chef of the Year" = Go Go Gourmet - Chef of the Year (remove only)
"GTR Evolution_1.1.1.2_is1" = GTR Evolution
"InstallShield_{549CE1BD-88E4-4C5E-BF75-B155624714CC}" = Belkin USB Wireless Adaptor
"Lenovo Welcome_is1" = Lenovo Welcome
"LUXOR Adventures Bundle" = LUXOR Adventures Bundle (remove only)
"MouseSuite98" = Mouse Suite
"Mozilla Firefox (3.6.25)" = Mozilla Firefox (3.6.25)
"Nokia Ovi Suite" = Nokia Ovi Suite
"NVIDIA Drivers" = NVIDIA Drivers
"OMUI.sl-si" = Microsoft Office Language Pack 2007 - Slovenian/slovenščina
"PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox
"PROPLUS" = Microsoft Office Professional Plus 2007
"PROSet" = Intel(R) Network Connections Drivers
"SystemRequirementsLab" = System Requirements Lab
"TagScanner_is1" = TagScanner 5.1.611
"TeamViewer 6" = TeamViewer 6
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.2
"Winamp" = Winamp
"WinRAR archiver" = WinRAR arhiver
"Zuma's Revenge - Adventure" = Zuma's Revenge - Adventure (remove only)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1043056270-1798009061-3640862498-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Google Chrome" = Google Chrome
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Winamp Detect" = Winamp Detector Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 1/14/2012 6:43:51 AM | Computer Name = Crni | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 024
 language ID. The first DWORD in the Data section contains the Win32 error code.
 
Error - 1/14/2012 6:43:51 AM | Computer Name = Crni | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 024
 language ID. The first DWORD in the Data section contains the Win32 error code.
 
Error - 1/14/2012 9:34:21 AM | Computer Name = Crni | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 024
 language ID. The first DWORD in the Data section contains the Win32 error code.
 
Error - 1/14/2012 9:34:21 AM | Computer Name = Crni | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 024
 language ID. The first DWORD in the Data section contains the Win32 error code.
 
Error - 1/15/2012 8:04:06 AM | Computer Name = Crni | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 024
 language ID. The first DWORD in the Data section contains the Win32 error code.
 
Error - 1/15/2012 8:04:06 AM | Computer Name = Crni | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 024
 language ID. The first DWORD in the Data section contains the Win32 error code.
 
Error - 1/15/2012 8:47:39 AM | Computer Name = Crni | Source = SideBySide | ID = 16842827
Description = Activation context generation failed for "C:\Program Files\Skype\Toolbars\Internet
 Explorer\SkypeIEPluginBroker.exe".Error in manifest or policy file "C:\Program 
Files\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" on line 2.  Multiple
 requestedPrivileges elements are not allowed in manifest.
 
Error - 1/15/2012 8:48:11 AM | Computer Name = Crni | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Program Files\Lenovo\System
 Update\Installer64.exe".  Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 1/16/2012 1:08:38 PM | Computer Name = Crni | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 024
 language ID. The first DWORD in the Data section contains the Win32 error code.
 
Error - 1/16/2012 1:08:38 PM | Computer Name = Crni | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 024
 language ID. The first DWORD in the Data section contains the Win32 error code.
 
[ Lenovo-Message Center Plus/Admin Events ]
Error - 11/9/2011 9:43:16 AM | Computer Name = Crni | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Object reference not set to an instance of an object. -> Exception
 message: Object reference not set to an instance of an object.
 
[ OSession Events ]
Error - 5/10/2010 9:41:05 AM | Computer Name = Crni | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 23488
 seconds with 1560 seconds of active time.  This session ended with a crash.
 
Error - 6/15/2010 3:04:59 AM | Computer Name = Crni | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 5
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 7/12/2010 9:09:04 AM | Computer Name = Crni | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 7034
 seconds with 3240 seconds of active time.  This session ended with a crash.
 
Error - 11/15/2010 8:29:56 AM | Computer Name = Crni | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3604
 seconds with 1080 seconds of active time.  This session ended with a crash.
 
Error - 11/29/2010 7:41:00 AM | Computer Name = Crni | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 317
 seconds with 240 seconds of active time.  This session ended with a crash.
 
Error - 12/6/2010 12:58:16 PM | Computer Name = Crni | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 7499
 seconds with 1500 seconds of active time.  This session ended with a crash.
 
Error - 4/12/2011 2:16:03 PM | Computer Name = Crni | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1167
 seconds with 300 seconds of active time.  This session ended with a crash.
 
Error - 6/28/2011 5:00:52 PM | Computer Name = Crni | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 31
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 8/31/2012 3:27:18 AM | Computer Name = Crni | Source = DCOM | ID = 10005
Description = 
 
Error - 8/31/2012 3:27:18 AM | Computer Name = Crni | Source = DCOM | ID = 10005
Description = 
 
Error - 8/31/2012 3:27:18 AM | Computer Name = Crni | Source = Service Control Manager | ID = 7001
Description = Storitev »Network List Service« je odvisna od storitve »Network Location
 Awareness«, ki se ni uspela zagnati zaradi te napake:   %%1068
 
Error - 8/31/2012 3:27:18 AM | Computer Name = Crni | Source = Service Control Manager | ID = 7001
Description = Storitev »Network List Service« je odvisna od storitve »Network Location
 Awareness«, ki se ni uspela zagnati zaradi te napake:   %%1068
 
Error - 8/31/2012 3:27:18 AM | Computer Name = Crni | Source = Service Control Manager | ID = 7001
Description = Storitev »Network List Service« je odvisna od storitve »Network Location
 Awareness«, ki se ni uspela zagnati zaradi te napake:   %%1068
 
Error - 8/31/2012 3:27:18 AM | Computer Name = Crni | Source = Service Control Manager | ID = 7001
Description = Storitev »Network List Service« je odvisna od storitve »Network Location
 Awareness«, ki se ni uspela zagnati zaradi te napake:   %%1068
 
Error - 8/31/2012 3:27:18 AM | Computer Name = Crni | Source = Service Control Manager | ID = 7001
Description = Storitev »Network List Service« je odvisna od storitve »Network Location
 Awareness«, ki se ni uspela zagnati zaradi te napake:   %%1068
 
Error - 8/31/2012 3:27:18 AM | Computer Name = Crni | Source = Service Control Manager | ID = 7001
Description = Storitev »Network List Service« je odvisna od storitve »Network Location
 Awareness«, ki se ni uspela zagnati zaradi te napake:   %%1068
 
Error - 8/31/2012 3:27:18 AM | Computer Name = Crni | Source = Service Control Manager | ID = 7001
Description = Storitev »Network List Service« je odvisna od storitve »Network Location
 Awareness«, ki se ni uspela zagnati zaradi te napake:   %%1068
 
Error - 8/31/2012 3:27:18 AM | Computer Name = Crni | Source = Service Control Manager | ID = 7001
Description = Storitev »Network List Service« je odvisna od storitve »Network Location
 Awareness«, ki se ni uspela zagnati zaradi te napake:   %%1068
 
 
< End of report >

Now I see some of the Error messages are Slovenian. Here, a quick translation.
Description = Storitev »Network List Service« je odvisna od storitve »Network Location Awareness«, ki se ni uspela zagnati zaradi te napake: %%1068
Description = Service >>Network List Service<< depends on service »Network Location Awareness« which didn't start because of error: %%1068.

Please, let me know how to proceed. The fact that the "Bundespolizei" screen doesn't pop-up any more doesn't make me feel secure about computer being clean.
Thanks in advance,
G

[Jintan]

Welcome to Hilfe-Forum der Anti-Botnet-Experten GoGe,

I will be glad to help you with any problems there, but first there is one other problem to be addressed. The logs show some entries that tell me this system has been used to install an illegal copy of Adobe CS. Our forum's rules say that no help can be given unless all illegal software use is removed from the system. Please uninstall any Adobe CS programs, and any other programs that may not have been installed legitimately, then reboot, and we can move forward here.

Then please do the following, which includes running OTL again.


To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types"



To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Here are some antivirus disable tips if needed.

-------

Click here and download OldTimer's OTL to your desktop, then click that to open the scan display. At the top click "Scan All Users", then click "Run Scan". Make no other changes at this time.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are also saved in the same location as OTL.exe. Post the contents of those back here please.

-----------

Click here and download the installer for Gmer to your desktop, then click that file to run Gmer.


Once the opening scan finishes, click on Scan (again, before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan).

When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.

-----------

Download aswMBR ( 511KB ) to your desktop.

• Double click the aswMBR.exe icon to run it
• If you can have an open Internet connection, and allow it to download the latest Avast engine detections.
• If avast! antivirus is already installed, just do the next step.
• Click the Scan button to start the scan
• On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

A lot, but comprehensive, and will make sure we get a good view of everything. Please just post logs without using the Code function.

[GoGe]

Hi

Thank you for your reply. It took a while, but finally I managed to do the things you asked. So, I ran the OTL again. I had some problems with disabling the anti-virus software, because it turning itself back on, but I think it worked then. I ran the scan once and it opened only the OTL.txt file. I checked the "Extra Registry" part and ran it again and then I got two sets of results. So:
OTL.txt
OTL logfile created on: 9/11/2012 6:44:15 PM - Run 4
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Mateja\Desktop
Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Slovenija | Language: SLV | Date Format: d.M.yyyy

2.94 Gb Total Physical Memory | 1.71 Gb Available Physical Memory | 58.08% Memory free
5.87 Gb Paging File | 4.69 Gb Available in Paging File | 79.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 454.82 Gb Total Space | 181.98 Gb Free Space | 40.01% Space Free | Partition Type: NTFS
Drive Q: | 9.77 Gb Total Space | 2.88 Gb Free Space | 29.45% Space Free | Partition Type: NTFS

Computer Name: CRNI | User Name: Mateja | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Mateja\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Mateja\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe ()
PRC - C:\Program Files\AVG Secure Search\vprot.exe ()
PRC - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AutoInstall\ZD1211B_Auto_Install_CD_Only_Gen_0ACE20FF\AutoEJCD.EXE ()
PRC - C:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\AVG\AVG10\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe ()
PRC - C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgscanx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files\Lenovo\Mouse Suite\ico.exe (Primax Electronics Ltd.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\ThinkPad\Utilities\SCHTASK.EXE (Lenovo Group Limited)
PRC - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE (Lenovo)
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe ()
PRC - C:\Program Files\Lenovo\Mouse Suite\FSRremoS.EXE ()


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\SiteSafety.dll ()
MOD - C:\Program Files\AVG Secure Search\vprot.exe ()
MOD - C:\Program Files\AutoInstall\ZD1211B_Auto_Install_CD_Only_Gen_0ACE20FF\AutoEJCD.EXE ()
MOD - C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe ()
MOD - C:\PROGRA~1\ThinkPad\UTILIT~1\US\PWMRT32V.DLL ()
MOD - C:\Program Files\Common Files\Lenovo\CDRecord.dll ()
MOD - C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe ()
MOD - C:\Program Files\Lenovo\Mouse Suite\FSRremoS.EXE ()


========== Services (SafeList) ==========

SRV - (NMIndexingService) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe File not found
SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_5891ae0.dll ()
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (vToolbarUpdater11.2.0) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe ()
SRV - (TeamViewer6) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (AVG Security Toolbar Service) -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe ()
SRV - (SUService) -- C:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (UNS) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (Power Manager DBC Service) -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE (Lenovo)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (ThinkVantage Registry Monitor Service) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
SRV - (LBTServ) -- C:\Program Files\Common Files\logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (pgddqpod) -- C:\Users\Mateja\AppData\Local\Temp\pgddqpod.sys File not found
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys File not found
DRV - (a9dm9a8n) -- File not found
DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSEH) -- C:\Windows\System32\drivers\AVGIDSEH.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\Windows\System32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys (Nokia)
DRV - (nmwcdnsuc) -- C:\Windows\System32\drivers\nmwcdnsuc.sys (Nokia)
DRV - (RTL8192su) -- C:\Windows\System32\drivers\RTL8192su.sys (Realtek Semiconductor Corporation )
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys ()
DRV - (vpcvmm) -- C:\Windows\System32\drivers\vpcvmm.sys (Microsoft Corporation)
DRV - (vpcbus) -- C:\Windows\System32\drivers\vpchbus.sys (Microsoft Corporation)
DRV - (vpcusb) -- C:\Windows\System32\drivers\vpcusb.sys (Microsoft Corporation)
DRV - (vpcnfltr) -- C:\Windows\System32\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV - (pelusblf) -- C:\Windows\System32\drivers\PELUSBLF.SYS (TPMX Electronics Ltd.)
DRV - (pelmouse) -- C:\Windows\System32\drivers\PELMOUSE.SYS (TPMX Electronics Ltd.)
DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()
DRV - (TVTI2C) -- C:\Windows\System32\drivers\tvti2c.sys (Lenovo (United States) Inc.)
DRV - (e1kexpress) -- C:\Windows\System32\drivers\e1k6232.sys (Intel Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (HECI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (netw5v32) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (psadd) -- C:\Windows\System32\drivers\psadd.sys (Lenovo (United States) Inc.)
DRV - (LUsbFilt) -- C:\Windows\System32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (PID_PEPI) -- C:\Windows\System32\drivers\LV302V32.SYS (Logitech Inc.)
DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)
DRV - (pepifilter) -- C:\Windows\System32\drivers\lv302af.sys (Logitech Inc.)
DRV - (athrusb) -- C:\Windows\System32\drivers\athrusb.sys (Atheros Communications, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {B33C4B21-55F4-4CDD-A33F-EFC7F27934A2}
IE - HKLM\..\SearchScopes\{B33C4B21-55F4-4CDD-A33F-EFC7F27934A2}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox;


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-1043056270-1798009061-3640862498-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.msn.com
IE - HKU\S-1-5-21-1043056270-1798009061-3640862498-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkcentre [binary data]
IE - HKU\S-1-5-21-1043056270-1798009061-3640862498-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.si/
IE - HKU\S-1-5-21-1043056270-1798009061-3640862498-1004\..\SearchScopes,DefaultScope = {1291DCB8-B322-4588-93A8-7892589628F4}
IE - HKU\S-1-5-21-1043056270-1798009061-3640862498-1004\..\SearchScopes\{1291DCB8-B322-4588-93A8-7892589628F4}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-1043056270-1798009061-3640862498-1004\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={41D2705F-F133-416F-B5C8-039E30057B76}&mid=827c94f3b953c2161707c680c17db71e-1fd6ce85b3ccfa0cc5a4b477c3b5ffcb610695e7&lang=us&ds=AVG&pr=fr&d=2011-12-08 11:24:48&v=9.0.0.18&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1043056270-1798009061-3640862498-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1043056270-1798009061-3640862498-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.51
FF - prefs.js..extensions.enabledItems: {12B5FEAA-16C9-4DE9-98A0-83D6FE5B1316}:2.0.54.0
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.9.0.9216
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: avg@toolbar:11.1.0.12
FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid=%7Ba09b7265-a9b3-4f3d-80d6-6389feff1f5b%7D&mid=827c94f3b953c2161707c680c17db71e-1fd6ce85b3ccfa0cc5a4b477c3b5ffcb610695e7&ds=AVG&v=11.1.0.12&lang=us&pr=fr&d=2011-12-08%2011%3A24%3A48&sap=ku&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Mateja\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Mateja\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011/02/11 15:06:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2012/02/02 19:23:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.12\ [2012/07/12 19:32:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/19 14:05:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/19 14:05:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011/02/11 15:06:39 | 000,000,000 | ---D | M]

[2010/06/23 14:47:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mateja\AppData\Roaming\mozilla\Extensions
[2012/01/22 21:37:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mateja\AppData\Roaming\mozilla\Firefox\Profiles\rfmwrfe8.default\extensions
[2011/02/15 12:32:31 | 000,000,000 | ---D | M] (Hermes SoftLab DigSigSDK) -- C:\Users\Mateja\AppData\Roaming\mozilla\Firefox\Profiles\rfmwrfe8.default\extensions\{12B5FEAA-16C9-4DE9-98A0-83D6FE5B1316}
[2011/11/24 20:07:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012/03/09 21:30:19 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/11/24 20:07:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/02/11 15:06:39 | 000,000,000 | ---D | M] (Firefox Synchronisation Extension) -- C:\PROGRAM FILES\NOKIA\NOKIA OVI SUITE\CONNECTORS\BOOKMARKS CONNECTOR\FIREFOXEXTENSION
[2012/07/12 19:32:49 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\11.1.0.12
[2011/10/03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/26 20:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012/07/12 19:32:37 | 000,003,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/02/19 14:05:27 | 000,010,799 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\ceneji.xml
[2012/02/19 14:05:27 | 000,003,584 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\odpiralni.xml
[2012/02/19 14:05:27 | 000,006,155 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/02/19 14:05:27 | 000,001,328 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-sl.xml

O1 HOSTS File: ([2010/03/29 13:54:11 | 000,001,276 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1043056270-1798009061-3640862498-1004\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-1043056270-1798009061-3640862498-1004\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKU\S-1-5-21-1043056270-1798009061-3640862498-1004\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-1043056270-1798009061-3640862498-1004\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [AutoEJCD_0ACE20FF] C:\Program Files\AutoInstall\ZD1211B_Auto_Install_CD_Only_Gen_0ACE20FF\AutoEJCD.EXE ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [IMSS] C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe ()
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Launch Backup Service Once] C:\Program Files\Lenovo\Rescue and Recovery\rrstrigger.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe ()
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\Program Files\Lenovo\Mouse Suite\ICO.EXE (Primax Electronics Ltd.)
O4 - HKLM..\Run: [Power Manager Power Agenda] C:\PROGRA~1\ThinkPad\UTILIT~1\DPMHost.exe ()
O4 - HKLM..\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor File not found
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-21-1043056270-1798009061-3640862498-1004..\Run: [Akamai NetSession Interface] C:\Users\Mateja\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-1043056270-1798009061-3640862498-1004..\Run: [Logitech Vid] C:\Program Files\Logitech\Logitech Vid\vid.exe (Logitech Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-1043056270-1798009061-3640862498-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/Driver...reqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/...soft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{14A0D4F0-850B-487A-B7B4-8E93FD231341}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{855473E8-93B9-43B6-9FAC-A0960DFCD68C}: DhcpNameServer = 195.34.133.21 195.34.133.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8662691B-B9BB-4C7C-B0F1-3740E3A0FF48}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/06/10 18:32:46 | 000,000,049 | -HS- | M] () - Q:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{00d3d9ab-3b48-11df-9fae-002186fa0f16}\Shell - "" = AutoRun
O33 - MountPoints2\{00d3d9ab-3b48-11df-9fae-002186fa0f16}\Shell\AutoRun\command - "" = G:\autorun.exe
O33 - MountPoints2\{1d1d34ca-22f7-11df-80dc-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1d1d34ca-22f7-11df-80dc-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2009/08/10 23:01:24 | 000,267,576 | -HS- | M] (Lenovo Group Limited)
O33 - MountPoints2\{535f5dd4-ba9f-11e0-ab68-002186fa0f16}\Shell - "" = AutoRun
O33 - MountPoints2\{535f5dd4-ba9f-11e0-ab68-002186fa0f16}\Shell\AutoRun\command - "" = D:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/09 14:59:53 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/09/06 20:31:53 | 000,000,000 | ---D | C] -- C:\Users\Mateja\AppData\Local\LogiShrd
[2012/08/29 16:28:11 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\Mateja\Desktop\OTL.exe
[2012/08/29 13:44:23 | 000,000,000 | ---D | C] -- C:\_SMA

========== Files - Modified Within 30 Days ==========

[2012/09/11 18:30:05 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1043056270-1798009061-3640862498-1004UA.job
[2012/09/11 18:20:40 | 000,016,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/11 18:20:40 | 000,016,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/11 18:19:31 | 000,607,530 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/09/11 18:19:31 | 000,103,908 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/09/11 18:18:22 | 094,530,750 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/09/11 18:13:24 | 002,329,896 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/09/11 18:13:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/11 18:13:08 | 2364,297,216 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/30 22:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/08/30 17:06:16 | 000,513,995 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/08/30 16:30:00 | 000,001,018 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1043056270-1798009061-3640862498-1004Core.job
[2012/08/27 21:58:32 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Mateja\Desktop\OTL.exe
[2012/08/18 18:09:28 | 000,002,020 | ---- | M] () -- C:\Users\Mateja\Desktop\Mouse and Keyboard Settings.lnk

========== Files Created - No Company Name ==========

[2012/08/18 18:09:28 | 000,002,020 | ---- | C] () -- C:\Users\Mateja\Desktop\Mouse and Keyboard Settings.lnk
[2012/05/27 14:16:00 | 000,001,087 | ---- | C] () -- C:\Users\Mateja\Slike - Bližnjica.lnk
[2012/04/17 23:37:33 | 000,684,513 | ---- | C] () -- C:\Users\Mateja\Photo0068.jpg
[2012/04/17 23:37:33 | 000,660,236 | ---- | C] () -- C:\Users\Mateja\Photo0069.jpg
[2011/02/15 12:29:40 | 000,004,387 | ---- | C] () -- C:\Users\Mateja\Varnostna_kop_cert.p12
[2010/11/08 15:17:20 | 000,005,632 | ---- | C] () -- C:\Users\Mateja\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/28 11:57:58 | 000,004,096 | -H-- | C] () -- C:\Users\Mateja\AppData\Local\keyfile3.drm
[2010/04/18 13:03:32 | 000,022,328 | ---- | C] () -- C:\Users\Mateja\AppData\Roaming\PnkBstrK.sys

< End of report >

Extras.txt

OTL Extras logfile created on: 9/11/2012 6:44:15 PM - Run 4
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Mateja\Desktop
Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Slovenija | Language: SLV | Date Format: d.M.yyyy

2.94 Gb Total Physical Memory | 1.71 Gb Available Physical Memory | 58.08% Memory free
5.87 Gb Paging File | 4.69 Gb Available in Paging File | 79.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 454.82 Gb Total Space | 181.98 Gb Free Space | 40.01% Space Free | Partition Type: NTFS
Drive Q: | 9.77 Gb Total Space | 2.88 Gb Free Space | 29.45% Space Free | Partition Type: NTFS

Computer Name: CRNI | User Name: Mateja | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{333EAEED-38CC-473F-A57C-5B5A63B00248}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{468130D8-6C36-4842-ACDD-B2064F61DC93}" = rport=137 | protocol=17 | dir=out | app=system |
"{729B445F-3EB6-4CA5-AC8A-EDAF2AE5E2EE}" = rport=139 | protocol=6 | dir=out | app=system |
"{952806DA-FCF8-44E5-A5C8-7518336657F0}" = lport=137 | protocol=17 | dir=in | app=system |
"{BEF6D7B7-AC76-4E7E-B464-DFC02E998D2A}" = rport=445 | protocol=6 | dir=out | app=system |
"{C364EBB0-7EC6-4F64-B834-7F05E4264250}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{C4EBB297-479B-4D8E-947A-7EB25B48132D}" = rport=138 | protocol=17 | dir=out | app=system |
"{DDC074D6-27AD-452F-9EC5-1F64C61841D2}" = lport=445 | protocol=6 | dir=in | app=system |
"{E0613A1A-CFAC-4A88-81F9-016C3B1CC1E6}" = lport=138 | protocol=17 | dir=in | app=system |
"{E4953274-9106-488C-93A1-FF7F5DB70909}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F609C9EB-CB6F-4F6A-AA11-CAD9FF014D47}" = lport=139 | protocol=6 | dir=in | app=system |
"{FA17BC34-E1A2-444C-A651-2A12385360E6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01C15D8F-7291-473D-AEDF-9CAE42484533}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02D4E20D-345F-4EA4-B4D8-6164DDB5569D}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{09B78E16-4437-4439-97C7-FCBF262DFD3C}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{0DA1F044-7397-4147-8B7C-D8325E5B7314}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{116C8602-268A-4F5B-98BC-C2540A1C9DD9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1A4E2860-8948-4F3F-B4B1-0399ACA51F25}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3789B5C3-54F3-4C74-A35F-49B3BC968AD1}" = dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"{39C70184-59E7-454A-B5DE-6054234B7D42}" = protocol=17 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{3DA2E7F1-B74D-4981-8B20-6EC6D4B6502D}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{43E8376A-5738-4A36-8998-1E91D2AD8795}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{460C10B2-D3AC-4287-A9ED-670B95B5BF1F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{474D98FA-344E-4EE5-9605-893F0AF29287}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{4F3C5C4A-755A-43C4-B9CD-B4ED7D9519B9}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{5C4216F5-14F9-4DF8-88DE-C5FBE0F9097F}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{6C3B04F5-E882-46A7-8CCF-6E762263BC99}" = protocol=6 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{6DE9BA40-20E9-4DDA-84E4-C4ABF3C4E797}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{7DB2EC20-722B-4749-8924-0BBAD40AFBEE}" = protocol=6 | dir=in | app=c:\program files\lenovo\system update\uncserver.exe |
"{83294C1F-F4BA-41B9-8C5C-FEABB7C54CF0}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{85B776EB-E0E5-463C-A0AE-5109506F4E98}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8E64FB90-6578-44F4-AE8A-9FB639118C41}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{946900B6-5955-4B3A-B983-3B684B3DA699}" = protocol=6 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"{99CD7EDC-1DB8-4EE1-A038-81CD0998ABE6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{9E83DD66-1472-4C2B-A471-D1D2B9F626B5}" = protocol=17 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"{A1B9E271-F9E9-45DF-B0EC-429EF6DD58DB}" = protocol=17 | dir=in | app=c:\users\mateja\appdata\local\akamai\netsession_win.exe |
"{A202F250-6270-4DDD-B25D-B84C5503BECB}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{A7FBB667-5619-469C-8BA2-B64C7C2AD6EA}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{B2449CAD-522A-4A0F-ACAA-323E1752A32B}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{B2B57C50-0A69-4F99-A21D-1924841651FA}" = protocol=6 | dir=in | app=c:\users\mateja\appdata\local\akamai\netsession_win.exe |
"{B2E2EB96-B023-4457-864B-913EC8292A5E}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{B60E7015-6035-41CB-9665-43B78E051361}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"{B94FC9E9-DD07-4824-86CF-9D2907A7B81D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BC67B913-85B1-44E4-A533-ED7E1FD66422}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{BEC04389-443D-4A26-AFB8-3D597A398547}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{D2ADEE22-0271-47E0-982D-B5C4BC27043A}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{E19E3549-9946-4648-B09B-751154003477}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{E31585D8-8300-415A-9B91-7958812DDEE0}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{E473A1EA-837E-47BE-A6FA-F3B319E04957}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{EBF4781E-CCE6-4375-A56F-FA0591398C39}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{EE7531C5-0C6C-41FB-9B70-A4B18E9BEE6F}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{F26FBF49-6DF7-452F-92A0-429897669D58}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F522D64D-0BBF-492D-A0C9-F32271967452}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{F81765D4-79D1-4969-8B95-E011D5447931}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F87EA6FC-06F4-4C4B-A507-FCFF3C4EDA82}" = protocol=17 | dir=in | app=c:\program files\lenovo\system update\uncserver.exe |
"{F8995668-FC4A-4DFD-8D82-E2CF77CD5FE3}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{F89EC113-B7F6-41B5-AA80-03F009FD6772}" = dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"{F9AA3E56-CE23-480B-B227-81BE32FD52F8}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{FB6D86DB-8F39-4EC7-A803-B4AE443DA77B}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{0B639AAC-FE1F-4986-8278-4851FA172F8A}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{32DD3A1F-4271-4AD7-B554-A2762B2D757E}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{491F48F6-F213-40C5-9DD1-D8A1EF9625BF}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{6C79178B-EA0F-49E4-B087-95A542473162}C:\users\mateja\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\mateja\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{790CCC12-83C4-426A-B7BF-C77C8DACE412}C:\users\mateja\downloads\cod1\call of duty 1\call of duty\call of duty 1\codmp.exe" = protocol=6 | dir=in | app=c:\users\mateja\downloads\cod1\call of duty 1\call of duty\call of duty 1\codmp.exe |
"TCP Query User{8F6BDDF7-4C5E-4331-9E02-F5E4E6748CE8}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{9B5FA1D7-5532-4D80-B809-D3D8A790538B}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{AEB29DD1-8738-4328-8A02-819537CF45F1}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{C4A004AF-2D55-4F70-92A1-F3480067C9B0}C:\users\mateja\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\mateja\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"UDP Query User{04A71F5E-3B46-415E-B26D-2F6C1C29DB89}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{1F7B3CCD-AA99-4545-A6E4-FEE579307379}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{3A2074F5-048A-4BDB-A771-9508CF14BEE2}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{691FDBDB-128A-4DF9-8D83-FB33427CDBAE}C:\users\mateja\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\mateja\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{A47ECA15-934D-45DD-9237-08C1B3FD975C}C:\users\mateja\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\mateja\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"UDP Query User{B497EBB0-64AD-450B-B541-A9160047C807}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{C3B60592-6A88-4B79-AF35-022CBE0AB7D5}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{F0AD559E-664B-4F52-BD6A-C09FFAF23971}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{F1DF7A87-5245-4BB3-9F38-D00A98D4E815}C:\users\mateja\downloads\cod1\call of duty 1\call of duty\call of duty 1\codmp.exe" = protocol=17 | dir=in | app=c:\users\mateja\downloads\cod1\call of duty 1\call of duty\call of duty 1\codmp.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08600005-5228-4BF6-845E-E9A957AFDCB4}" = OviMPlatform
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{1C9FE8CC-2578-41E6-AB28-3B927B055224}" = Windows Live - Pomocnik za vpis
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 29
"{28191B83-1D60-44B6-9B08-E854EF6632D5}" = Ovi Desktop Sync Engine
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3553E875-F00E-4031-BDEC-75FB1DFEB093}" = Nokia Ovi Suite Software Updater
"{3FC42713-B6E7-49AA-A553-A224FE9828A8}" = Nokia Ovi Suite
"{4216D328-0FE8-48B8-85B8-BD300E6F080F}" = Nokia Connectivity Cable Driver
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}" = Create Recovery Media
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{549CE1BD-88E4-4C5E-BF75-B155624714CC}" = Belkin USB Wireless Adaptor
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5DB65884-C963-4454-AABA-4CA3089281FA}" = NVIDIA PhysX
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B1EE1CC5-6CED-4801-BFFF-8454F21A245A}" = Garmin Communicator Plugin
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B383F243-0ABC-4E56-AA30-923B8D85076E}" = Rescue and Recovery
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C8FC7066-4457-4365-9BDF-4E439BF703C8}" = AVG 2011
"{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}" = PC Connectivity Solution
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkVantage Power Manager
"{E533E637-FB3E-4F28-8B18-449CC9AB7235}" = AVG 2011
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus
"0134DA19E49BF25E588E062BF3AF5B52A1FB0570" = Windows Driver Package - Intel System (06/04/2009 9.1.1.1013)
"0F85FF5427F83EBFD8D26A476513F129AA6A9BDE" = Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (11/09/2009 6.0.1.5977)
"1AE98C75AE2DD1284F66876FA76F46BFDF6B9D31" = Windows Driver Package - Intel hdc (06/04/2009 7.0.0.1013)
"30A4777E896192B8D398199AE1AB235B69BAB26D" = Windows Driver Package - Intel (HECI) System (09/17/2009 6.0.0.1179)
"4165529BF5F060D6DCE68D5EFB7C01F8C133A42B" = Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (11/09/2009 6.0.1.5977)
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"563601B59417ECE6367FFC9E33EF23D1E64AA350" = Windows Driver Package - Intel System (06/04/2009 9.1.1.1013)
"746B3FA92A51BF163E30D6121404CCC057D4C12B" = Windows Driver Package - NVIDIA (nvlddmkm) Display (09/22/2009 8.16.11.9070)
"971CFAB99B2A1B969F4D55F9A2AAC330B2A2551C" = Windows Driver Package - Intel (e1kexpress) Net (09/23/2009 11.2.19.0)
"A7B0B8D913E4DC2FA0B31E392E1512A901CA66B9" = Windows Driver Package - Intel USB (08/20/2009 9.1.1.1020)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Akamai" = Akamai NetSession Interface Service
"AVG" = AVG 2011
"Chuzzle Deluxe" = Chuzzle Deluxe (remove only)
"Cooking Academy 2" = Cooking Academy 2 (remove only)
"Cooking Dash - DinerTown Studios" = Cooking Dash - DinerTown Studios (remove only)
"D4577BB192DCD9AD7FB9C09EFCCBE8CC15ED70BF" = Windows Driver Package - NVIDIA Corporation (NVHDA) MEDIA (08/11/2009 1.00.00.58)
"Diner Dash Hometown Hero Gourmet" = Diner Dash Hometown Hero Gourmet (remove only)
"E7B58217635B8F723D4744A328A4B3237DB35FA9" = Windows Driver Package - Intel System (06/04/2009 1.0.0.0002)
"F46B861A702511B4B61AA6F81D8899BEDFE22EDD" = Windows Driver Package - Intel (Serial) Ports (09/17/2009 6.0.0.1179)
"Go Go Gourmet - Chef of the Year" = Go Go Gourmet - Chef of the Year (remove only)
"GTR Evolution_1.1.1.2_is1" = GTR Evolution
"InstallShield_{549CE1BD-88E4-4C5E-BF75-B155624714CC}" = Belkin USB Wireless Adaptor
"Lenovo Welcome_is1" = Lenovo Welcome
"LUXOR Adventures Bundle" = LUXOR Adventures Bundle (remove only)
"MouseSuite98" = Mouse Suite
"Mozilla Firefox (3.6.25)" = Mozilla Firefox (3.6.25)
"Nokia Ovi Suite" = Nokia Ovi Suite
"NVIDIA Drivers" = NVIDIA Drivers
"PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox
"PROSet" = Intel(R) Network Connections Drivers
"SystemRequirementsLab" = System Requirements Lab
"TagScanner_is1" = TagScanner 5.1.611
"TeamViewer 6" = TeamViewer 6
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.2
"Winamp" = Winamp
"Zuma's Revenge - Adventure" = Zuma's Revenge - Adventure (remove only)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1043056270-1798009061-3640862498-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Google Chrome" = Google Chrome
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Winamp Detect" = Winamp Detector Plug-in

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 1/15/2012 8:47:39 AM | Computer Name = Crni | Source = SideBySide | ID = 16842827
Description = Activation context generation failed for "C:\Program Files\Skype\Toolbars\Internet
Explorer\SkypeIEPluginBroker.exe".Error in manifest or policy file "C:\Program
Files\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" on line 2. Multiple
requestedPrivileges elements are not allowed in manifest.

Error - 1/15/2012 8:48:11 AM | Computer Name = Crni | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Program Files\Lenovo\System
Update\Installer64.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/16/2012 1:08:38 PM | Computer Name = Crni | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 024
language ID. The first DWORD in the Data section contains the Win32 error code.

Error - 1/16/2012 1:08:38 PM | Computer Name = Crni | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 024
language ID. The first DWORD in the Data section contains the Win32 error code.

Error - 1/17/2012 2:34:27 PM | Computer Name = Crni | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 024
language ID. The first DWORD in the Data section contains the Win32 error code.

Error - 1/17/2012 2:34:27 PM | Computer Name = Crni | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 024
language ID. The first DWORD in the Data section contains the Win32 error code.

Error - 1/18/2012 1:06:35 PM | Computer Name = Crni | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 024
language ID. The first DWORD in the Data section contains the Win32 error code.

Error - 1/18/2012 1:06:35 PM | Computer Name = Crni | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 024
language ID. The first DWORD in the Data section contains the Win32 error code.

Error - 1/18/2012 1:24:26 PM | Computer Name = Crni | Source = SideBySide | ID = 16842827
Description = Activation context generation failed for "C:\Program Files\Skype\Toolbars\Internet
Explorer\SkypeIEPluginBroker.exe".Error in manifest or policy file "C:\Program
Files\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" on line 2. Multiple
requestedPrivileges elements are not allowed in manifest.

Error - 1/18/2012 1:24:53 PM | Computer Name = Crni | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Program Files\Lenovo\System
Update\Installer64.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

[ Lenovo-Message Center Plus/Admin Events ]
Error - 11/9/2011 9:43:16 AM | Computer Name = Crni | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Object reference not set to an instance of an object. -> Exception
message: Object reference not set to an instance of an object.

[ System Events ]
Error - 8/31/2012 5:16:29 AM | Computer Name = Crni | Source = Service Control Manager | ID = 7011
Description = Pri čakanju na odziv transakcije storitve Power Manager DBC Service
je bila dosežena časovna omejitev (30000 milisekund).

Error - 9/6/2012 2:23:01 PM | Computer Name = Crni | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:16:49 on ?31.?8.?2012 was unexpected.

Error - 9/6/2012 2:25:31 PM | Computer Name = Crni | Source = Service Control Manager | ID = 7034
Description = Storitev »SQL Server VSS Writer« se je nepričakovano prekinila. To
je storila 1-krat.

Error - 9/6/2012 2:33:06 PM | Computer Name = Crni | Source = Service Control Manager | ID = 7016
Description = Storitev »NVIDIA Display Driver Service« je sporočila neveljavno trenutno
stanje »32«.

Error - 9/9/2012 8:16:30 AM | Computer Name = Crni | Source = Service Control Manager | ID = 7034
Description = Storitev »SQL Server VSS Writer« se je nepričakovano prekinila. To
je storila 1-krat.

Error - 9/9/2012 8:54:10 AM | Computer Name = Crni | Source = Service Control Manager | ID = 7016
Description = Storitev »NVIDIA Display Driver Service« je sporočila neveljavno trenutno
stanje »32«.

Error - 9/9/2012 8:58:02 AM | Computer Name = Crni | Source = Service Control Manager | ID = 7034
Description = Storitev »SQL Server VSS Writer« se je nepričakovano prekinila. To
je storila 1-krat.

Error - 9/9/2012 9:05:17 AM | Computer Name = Crni | Source = Service Control Manager | ID = 7016
Description = Storitev »NVIDIA Display Driver Service« je sporočila neveljavno trenutno
stanje »32«.

Error - 9/11/2012 12:15:38 PM | Computer Name = Crni | Source = Service Control Manager | ID = 7034
Description = Storitev »SQL Server VSS Writer« se je nepričakovano prekinila. To
je storila 1-krat.

Error - 9/11/2012 12:32:20 PM | Computer Name = Crni | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.


< End of report >

I also ran both additional scans (Gmer and asvMBR). for these two I am sure the anti-virus was off.

Gmer:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-09-11 19:49:44
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3500418AS rev.CC66
Running: u4o19d67.exe; Driver: C:\Users\Mateja\AppData\Local\Temp\pgddqpod.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 832955D9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 832BA092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? System32\Drivers\spyb.sys Navedene poti ni mogoče najti. !
PAGE ataport.SYS!DllUnload + 1 8B683AD7 4 Bytes JMP 8590E1D9
.text USBPORT.SYS!DllUnload 919B2CA0 5 Bytes JMP 871B44E0
.text a9dm9a8n.SYS 92C0C000 12 Bytes [44, 08, 22, 83, EE, 06, 22, ...] {INC ESP; OR [EDX], AH; SUB ESI, 0x6; AND AL, [EBX-0x7cde1860]}
.text a9dm9a8n.SYS 92C0C00D 9 Bytes [E7, 21, 83, 48, 0B, 22, 83, ...] {OUT 0x21, EAX; OR DWORD [EAX+0xb], 0x22; ADD DWORD [EAX], 0x0}
.text a9dm9a8n.SYS 92C0C017 20 Bytes [00, DE, D7, 5A, 8B, E6, D5, ...]
.text a9dm9a8n.SYS 92C0C02C 64 Bytes [00, 00, 00, 00, 00, 02, 29, ...]
.text a9dm9a8n.SYS 92C0C06D 84 Bytes [1B, 29, 83, 38, 8E, 2B, 83, ...]
.text ...

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8B4B1042] \SystemRoot\System32\Drivers\spyb.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8B4B16D6] \SystemRoot\System32\Drivers\spyb.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8B4B1800] \SystemRoot\System32\Drivers\spyb.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8B4B113E] \SystemRoot\System32\Drivers\spyb.sys
IAT \SystemRoot\System32\Drivers\a9dm9a8n.SYS[ataport.SYS!AtaPortNotification] 00147880
IAT \SystemRoot\System32\Drivers\a9dm9a8n.SYS[ataport.SYS!AtaPortQuerySystemTime] 78800C75
IAT \SystemRoot\System32\Drivers\a9dm9a8n.SYS[ataport.SYS!AtaPortReadPortUchar] 06750015
IAT \SystemRoot\System32\Drivers\a9dm9a8n.SYS[ataport.SYS!AtaPortStallExecution] C25DC033
IAT \SystemRoot\System32\Drivers\a9dm9a8n.SYS[ataport.SYS!AtaPortWritePortUchar] 458B0008
IAT \SystemRoot\System32\Drivers\a9dm9a8n.SYS[ataport.SYS!AtaPortWritePortUlong] 6A006A08
IAT \SystemRoot\System32\Drivers\a9dm9a8n.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 50056A24
IAT \SystemRoot\System32\Drivers\a9dm9a8n.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 005AB7E8
IAT \SystemRoot\System32\Drivers\a9dm9a8n.SYS[ataport.SYS!AtaPortGetScatterGatherList] 0001B800
IAT \SystemRoot\System32\Drivers\a9dm9a8n.SYS[ataport.SYS!AtaPortGetParentBusType] C25D0000
IAT \SystemRoot\System32\Drivers\a9dm9a8n.SYS[ataport.SYS!AtaPortRequestCallback] CCCC0008
IAT \SystemRoot\System32\Drivers\a9dm9a8n.SYS[ataport.SYS!AtaPortWritePortBufferUshort] CCCCCCCC
IAT \SystemRoot\System32\Drivers\a9dm9a8n.SYS[ataport.SYS!AtaPortGetUnCachedExtension] CCCCCCCC
IAT \SystemRoot\System32\Drivers\a9dm9a8n.SYS[ataport.SYS!AtaPortCompleteRequest] CCCCCCCC
IAT \SystemRoot\System32\Drivers\a9dm9a8n.SYS[ataport.SYS!AtaPortCopyMemory] 53EC8B55
IAT \SystemRoot\System32\Drivers\a9dm9a8n.SYS[ataport.SYS!AtaPortEtwTraceLog] 800C5D8B
IAT \SystemRoot\System32\Drivers\a9dm9a8n.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 7500117B
IAT \SystemRoot\System32\Drivers\a9dm9a8n.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 127B806A
IAT \SystemRoot\System32\Drivers\a9dm9a8n.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 80647500
IAT \SystemRoot\System32\Drivers\a9dm9a8n.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 7500137B
IAT \SystemRoot\System32\Drivers\a9dm9a8n.SYS[ataport.SYS!AtaPortInitialize] 157B805E
IAT \SystemRoot\System32\Drivers\a9dm9a8n.SYS[ataport.SYS!AtaPortGetDeviceBase] 56587500
IAT \SystemRoot\System32\Drivers\a9dm9a8n.SYS[ataport.SYS!AtaPortDeviceStateChange] 8008758B

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\System32\rundll32.exe[3760] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [74F75E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3760] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [74F75E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3760] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [74F75E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3760] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [74F75E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe[3784] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [74F75E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe[3784] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [74F75E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe[3784] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [74F75E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe[3784] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [74F75E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Lenovo\System Update\SUService.exe[5028] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [74F75E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Lenovo\System Update\SUService.exe[5028] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [74F75E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Lenovo\System Update\SUService.exe[5028] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [74F75E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Lenovo\System Update\SUService.exe[5028] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [74F75E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Lenovo\System Update\SUService.exe[5028] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [74F75E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Lenovo\System Update\SUService.exe[5028] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [74F75E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 859151F8
Device \Driver\volmgr \Device\VolMgrControl 859101F8
Device \Driver\sptd \Device\1248631298 spyb.sys
Device \Driver\usbehci \Device\USBPDO-0 86F5A500
Device \Driver\usbehci \Device\USBPDO-1 86F5A500
Device \Driver\NetBT \Device\NetBT_Tcpip_{855473E8-93B9-43B6-9FAC-A0960DFCD68C} 86DEA1F8
Device \Driver\ACPI_HAL \Device\00000055 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\PCI_PNP9296 \Device\00000061 spyb.sys

AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\volmgr \Device\HarddiskVolume1 859101F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\volmgr \Device\HarddiskVolume2 859101F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\cdrom \Device\CdRom0 86D2D1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 859121F8
Device \Driver\atapi \Device\Ide\IdePort0 859121F8
Device \Driver\atapi \Device\Ide\IdePort1 859121F8
Device \Driver\atapi \Device\Ide\IdePort2 859121F8
Device \Driver\atapi \Device\Ide\IdePort3 859121F8
Device \Driver\atapi \Device\Ide\IdePort4 859121F8
Device \Driver\atapi \Device\Ide\IdePort5 859121F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 859121F8
Device \Driver\msahci \Device\Ide\PciIde0Channel0 859131F8
Device \Driver\msahci \Device\Ide\PciIde0Channel1 859131F8
Device \Driver\msahci \Device\Ide\PciIde0Channel2 859131F8
Device \Driver\msahci \Device\Ide\PciIde0Channel3 859131F8
Device \Driver\msahci \Device\Ide\PciIde0Channel4 859131F8
Device \Driver\msahci \Device\Ide\PciIde0Channel5 859131F8
Device \Driver\volmgr \Device\HarddiskVolume3 859101F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\NetBT \Device\NetBt_Wins_Export 86DEA1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{8662691B-B9BB-4C7C-B0F1-3740E3A0FF48} 86DEA1F8

AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\NetBT \Device\NetBT_Tcpip_{DA9B9595-B03A-4992-A6B2-51820DAAA7E5} 86DEA1F8
Device \Driver\usbehci \Device\USBFDO-0 86F5A500
Device \Driver\usbehci \Device\USBFDO-1 86F5A500
Device \Driver\a9dm9a8n \Device\Scsi\a9dm9a8n1 87061500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001f3ad3f68b
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD5 0xA2 0x37 0xF9 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x25 0xE4 0x50 0xB2 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x2E 0xB4 0x9B 0x43 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xEE 0xB9 0x8E 0x98 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001f3ad3f68b (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD5 0xA2 0x37 0xF9 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x25 0xE4 0x50 0xB2 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x2E 0xB4 0x9B 0x43 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xEE 0xB9 0x8E 0x98 ...

---- EOF - GMER 1.0.15 ----

aswMBR:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-11 19:50:22
-----------------------------
19:50:22.400 OS Version: Windows 6.1.7600
19:50:22.400 Number of processors: 4 586 0x1E05
19:50:22.400 ComputerName: CRNI UserName:
19:50:24.490 Initialize success
19:59:40.284 AVAST engine defs: 12091100
20:00:43.371 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:00:43.371 Disk 0 Vendor: ST3500418AS CC66 Size: 476940MB BusType: 11
20:00:43.449 Disk 0 MBR read successfully
20:00:43.449 Disk 0 MBR scan
20:00:43.464 Disk 0 unknown MBR code
20:00:43.464 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1200 MB offset 2048
20:00:43.558 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 465736 MB offset 2459648
20:00:43.651 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 10006 MB offset 956291072
20:00:43.683 Disk 0 scanning sectors +976784130
20:00:44.073 Disk 0 scanning C:\Windows\system32\drivers
20:03:00.308 Service scanning
20:03:12.413 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
20:03:18.061 Modules scanning
20:05:11.410 Disk 0 trace - called modules:
20:05:11.457 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x859121f8]<<
20:05:11.473 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86883030]
20:05:11.473 3 CLASSPNP.SYS[8bc9759e] -> nt!IofCallDriver -> [0x86734c10]
20:05:11.473 5 ACPI.sys[8b3ad3b2] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x86681030]
20:05:11.473 \Driver\atapi[0x8667b710] -> IRP_MJ_CREATE -> 0x859121f8
20:05:13.220 AVAST engine scan C:\Windows
20:07:20.298 AVAST engine scan C:\Windows\system32
20:12:53.156 AVAST engine scan C:\Windows\system32\drivers
20:13:15.089 AVAST engine scan C:\Users\Mateja
21:15:38.019 Disk 0 MBR has been saved successfully to "C:\Users\Mateja\Desktop\MBR.dat"
21:15:38.019 The log file has been saved successfully to "C:\Users\Mateja\Desktop\aswMBR.txt"
21:51:41.475 AVAST engine scan C:\ProgramData
22:34:41.345 Scan finished successfully
22:56:44.749 Disk 0 MBR has been saved successfully to "C:\Users\Mateja\Desktop\MBR.dat"
22:56:44.764 The log file has been saved successfully to "C:\Users\Mateja\Desktop\aswMBR.txt"

With these results onel line was coloured in yellow (20:03:12.413) and two in red (20:05:11.457 and 20:05:11.473 \driver...).

There may be some sentences in Slovenian as my OS is in that language. If you need a translation of anything, just let me know.
So, that's it. Thank you!

G.

[Jintan]

The system does look infected, but unfortunately for you, and I, the logs also show the entries that indicate this system has been used to run an illegal copy of Adobe CS software. As the Hilfe-Forum der Anti-Botnet-Experten rules state no assistance when illegal software use shows, I cannot assist you here. Best I might suggest is to reformat your drive and reinstall Windows to remove any malware. I will need to close this request at this time.

[Jintan]

I have just become aware that the policy I am applying here is not "written in stone". Which is good, as I am only here to enjoy helping others. If you get this new post via email notification, all I asked is that you uninstall any illegal software you have installed, reboot, and then I can help you make things right. Let me know if you would still like my assistance. Thanks.

[GoGe]

Hi,
Thanks for reopening the topic. As I wrote earlier, I already uninstalled the Adobe software, before running the second scan. I do not see it anymore in my Programs list. However, I just checked my Program Files and some folders are left there, but all of them are either empty or contain "desktop.ini" file. Maybe that shows in the logs? Is there really no difference between my first and my second scan (before and after the uninstall), that makes you see the software is uninstalled? Or do I need to run all the scans again?

Please, let me know how to proceed.
G.

[Jintan]

I expect you have removed any illegal software you are aware of, so the emphasis now is on malware removal. But some changes to be made before that. You have Daemon Tools installed, which are those references you mentioned in the aswMBR log, but you also have two antivirus programs installed, which will have damaged each other, and system functions.

Be sure to continue to temporarily disable any protective software when running the scan tools we use here.


Download DeFogger to your desktop.

Double click DeFogger to run the tool.

Click the Disable button to disable your CD Emulation drivers, then click Yes to continue.

When the 'Finished!' message appears just click OK.

DeFogger will now ask to reboot the machine - click OK.

DeFogger will create a defogger_disable log on your desktop - post this in your next reply please.

Note: Do not re-enable these drivers until otherwise instructed.

--------

Go to Start - Control Panel - Programs - Programs and Features/Uninstall, then click on each of the following programs, if they show there, and click "Uninstall/Change".

AVG 2011

Bes ure to have it remove everything - it tries to get you to keep it's search hijacker toolbar.

-----------

Reboot, then uninstall Norton Internet Security. Be sure to save any key/registration info so you can reinstall it, should you choose to.

Reboot again.

-----------

Click here and download Kaspersky's TDSSKiller to your desktop, but as you download it, rename it to larry.com then click that file to run TDSSKiller.

In the display that opens click Start scan. Once that completes, follow any prompts to act on anything it located, including as reboot (Reboot Now) if requested.
When the scan completes it will create a log file on your C drive.

Similar in name to this:

C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt

Your copy will be different - some of those numbers will reflect the date/time it was just run by you there.

Copy/paste those contents back here please. If it does locate malware, but does not prompt for a reboot, go ahead and do reboot.

[GoGe]

The DeFogger log:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 19:57 on 26/09/2012 (Mateja)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
Unable to read sptd.sys
SPTD -> Disabled (Service running -> reboot required)


-=E.O.F=-



I uninstalled the AVG and rebooted the computer.

I did not unistall Norton as it was not installed. I think there might be some files pre-installed on the computer when I purchased it already. I did however delete two Norton folders I found in Program Data.

I run the TDSSKiller. It found one threat, but proposed toSkip it, so that is whaat I did. The log:
20:13:48.0468 3936 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
20:13:50.0470 3936 ============================================================
20:13:50.0470 3936 Current date / time: 2012/09/26 20:13:50.0470
20:13:50.0470 3936 SystemInfo:
20:13:50.0470 3936
20:13:50.0470 3936 OS Version: 6.1.7600 ServicePack: 0.0
20:13:50.0470 3936 Product type: Workstation
20:13:50.0470 3936 ComputerName: CRNI
20:13:50.0470 3936 UserName: Mateja
20:13:50.0470 3936 Windows directory: C:\Windows
20:13:50.0471 3936 System windows directory: C:\Windows
20:13:50.0471 3936 Processor architecture: Intel x86
20:13:50.0471 3936 Number of processors: 4
20:13:50.0471 3936 Page size: 0x1000
20:13:50.0471 3936 Boot type: Normal boot
20:13:50.0471 3936 ============================================================
20:13:52.0715 3936 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:13:52.0716 3936 ============================================================
20:13:52.0716 3936 \Device\Harddisk0\DR0:
20:13:52.0716 3936 MBR partitions:
20:13:52.0716 3936 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x258000
20:13:52.0716 3936 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x258800, BlocksNum 0x38DA453C
20:13:52.0716 3936 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x38FFD800, BlocksNum 0x138B302
20:13:52.0716 3936 ============================================================
20:13:52.0734 3936 C: <-> \Device\Harddisk0\DR0\Partition2
20:13:52.0772 3936 Q: <-> \Device\Harddisk0\DR0\Partition3
20:13:52.0772 3936 ============================================================
20:13:52.0772 3936 Initialize success
20:13:52.0772 3936 ============================================================
20:15:34.0406 0400 ============================================================
20:15:34.0406 0400 Scan started
20:15:34.0406 0400 Mode: Manual;
20:15:34.0406 0400 ============================================================
20:15:36.0634 0400 ================ Scan system memory ========================
20:15:36.0634 0400 System memory - ok
20:15:36.0635 0400 ================ Scan services =============================
20:15:36.0741 0400 [ 6D2ACA41739BFE8CB86EE8E85F29697D ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
20:15:36.0741 0400 1394ohci - ok
20:15:36.0756 0400 [ F0E07D144C8685B8774BC32FC8DA4DF0 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
20:15:36.0772 0400 ACPI - ok
20:15:36.0790 0400 [ 98D81CA942D19F7D9153B095162AC013 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
20:15:36.0792 0400 AcpiPmi - ok
20:15:36.0808 0400 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
20:15:36.0817 0400 adp94xx - ok
20:15:36.0830 0400 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
20:15:36.0835 0400 adpahci - ok
20:15:36.0847 0400 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
20:15:36.0850 0400 adpu320 - ok
20:15:36.0868 0400 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:15:36.0869 0400 AeLookupSvc - ok
20:15:36.0905 0400 [ 0DB7A48388D54D154EBEC120461A0FCD ] AFD C:\Windows\system32\drivers\afd.sys
20:15:36.0910 0400 AFD - ok
20:15:36.0929 0400 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
20:15:36.0931 0400 agp440 - ok
20:15:36.0946 0400 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
20:15:36.0948 0400 aic78xx - ok
20:15:37.0112 0400 [ 0923671CF87CD511E46D4668B53F5E76 ] Akamai c:\program files\common files\akamai/netsession_win_5891ae0.dll
20:15:37.0112 0400 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_5891ae0.dll. md5: 0923671CF87CD511E46D4668B53F5E76
20:15:37.0119 0400 Akamai ( HiddenFile.Multi.Generic ) - warning
20:15:37.0119 0400 Akamai - detected HiddenFile.Multi.Generic (1)
20:15:37.0155 0400 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
20:15:37.0157 0400 ALG - ok
20:15:37.0181 0400 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
20:15:37.0183 0400 aliide - ok
20:15:37.0212 0400 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\DRIVERS\amdagp.sys
20:15:37.0214 0400 amdagp - ok
20:15:37.0225 0400 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\DRIVERS\amdide.sys
20:15:37.0227 0400 amdide - ok
20:15:37.0242 0400 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
20:15:37.0244 0400 AmdK8 - ok
20:15:37.0256 0400 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
20:15:37.0258 0400 AmdPPM - ok
20:15:37.0274 0400 [ 2101A86C25C154F8314B24EF49D7FBC2 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
20:15:37.0276 0400 amdsata - ok
20:15:37.0290 0400 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
20:15:37.0293 0400 amdsbs - ok
20:15:37.0305 0400 [ B81C2B5616F6420A9941EA093A92B150 ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
20:15:37.0305 0400 amdxata - ok
20:15:37.0312 0400 [ FEB834C02CE1E84B6A38F953CA067706 ] AppID C:\Windows\system32\drivers\appid.sys
20:15:37.0314 0400 AppID - ok
20:15:37.0335 0400 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
20:15:37.0336 0400 AppIDSvc - ok
20:15:37.0346 0400 [ 7DEAD9E3F65DCB2794F2711003BBF650 ] Appinfo C:\Windows\System32\appinfo.dll
20:15:37.0348 0400 Appinfo - ok
20:15:37.0431 0400 [ 20F6F19FE9E753F2780DC2FA083AD597 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:15:37.0434 0400 Apple Mobile Device - ok
20:15:37.0457 0400 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
20:15:37.0460 0400 AppMgmt - ok
20:15:37.0479 0400 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
20:15:37.0482 0400 arc - ok
20:15:37.0495 0400 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
20:15:37.0498 0400 arcsas - ok
20:15:37.0507 0400 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:15:37.0508 0400 AsyncMac - ok
20:15:37.0523 0400 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\DRIVERS\atapi.sys
20:15:37.0523 0400 atapi - ok
20:15:37.0572 0400 [ 465293FD9F2E31A18C5B64A7A578D601 ] athrusb C:\Windows\system32\DRIVERS\athrusb.sys
20:15:37.0587 0400 athrusb - ok
20:15:37.0621 0400 [ 510C873BFA135AA829F4180352772734 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:15:37.0629 0400 AudioEndpointBuilder - ok
20:15:37.0639 0400 [ 510C873BFA135AA829F4180352772734 ] Audiosrv C:\Windows\System32\Audiosrv.dll
20:15:37.0644 0400 Audiosrv - ok
20:15:37.0685 0400 AVG Security Toolbar Service - ok
20:15:37.0704 0400 [ DD6A431B43E34B91A767D1CE33728175 ] AxInstSV C:\Windows\System32\AxInstSV.dll
20:15:37.0706 0400 AxInstSV - ok
20:15:37.0735 0400 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
20:15:37.0743 0400 b06bdrv - ok
20:15:37.0768 0400 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
20:15:37.0772 0400 b57nd60x - ok
20:15:37.0795 0400 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
20:15:37.0795 0400 BDESVC - ok
20:15:37.0811 0400 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
20:15:37.0811 0400 Beep - ok
20:15:37.0826 0400 [ 85AC71C045CEB054ED48A7841AAE0C11 ] BFE C:\Windows\System32\bfe.dll
20:15:37.0848 0400 BFE - ok
20:15:37.0876 0400 [ 53F476476F55A27F580661BDE09C4EC4 ] BITS C:\Windows\System32\qmgr.dll
20:15:37.0889 0400 BITS - ok
20:15:37.0903 0400 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
20:15:37.0905 0400 blbdrive - ok
20:15:37.0981 0400 [ F2060A34C8A75BC24A9222EB4F8C07BD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:15:37.0986 0400 Bonjour Service - ok
20:15:38.0027 0400 [ 9A5C671B7FBAE4865149BB11F59B91B2 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:15:38.0029 0400 bowser - ok
20:15:38.0037 0400 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:15:38.0038 0400 BrFiltLo - ok
20:15:38.0047 0400 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:15:38.0049 0400 BrFiltUp - ok
20:15:38.0070 0400 [ 598E1280E7FF3744F4B8329366CC5635 ] Browser C:\Windows\System32\browser.dll
20:15:38.0073 0400 Browser - ok
20:15:38.0092 0400 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
20:15:38.0098 0400 Brserid - ok
20:15:38.0110 0400 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
20:15:38.0113 0400 BrSerWdm - ok
20:15:38.0124 0400 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
20:15:38.0127 0400 BrUsbMdm - ok
20:15:38.0137 0400 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
20:15:38.0139 0400 BrUsbSer - ok
20:15:38.0163 0400 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
20:15:38.0165 0400 BthEnum - ok
20:15:38.0179 0400 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
20:15:38.0181 0400 BTHMODEM - ok
20:15:38.0193 0400 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
20:15:38.0196 0400 BthPan - ok
20:15:38.0210 0400 [ 4A34888E13224678DD062466AFEC4240 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
20:15:38.0217 0400 BTHPORT - ok
20:15:38.0247 0400 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
20:15:38.0249 0400 bthserv - ok
20:15:38.0264 0400 [ FA04C63916FA221DBB91FCE153D07A55 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
20:15:38.0267 0400 BTHUSB - ok
20:15:38.0277 0400 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:15:38.0279 0400 cdfs - ok
20:15:38.0295 0400 [ BA6E70AA0E6091BC39DE29477D866A77 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
20:15:38.0297 0400 cdrom - ok
20:15:38.0310 0400 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] CertPropSvc C:\Windows\System32\certprop.dll
20:15:38.0312 0400 CertPropSvc - ok
20:15:38.0326 0400 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
20:15:38.0328 0400 circlass - ok
20:15:38.0343 0400 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
20:15:38.0347 0400 CLFS - ok
20:15:38.0385 0400 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:15:38.0388 0400 clr_optimization_v2.0.50727_32 - ok
20:15:38.0402 0400 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
20:15:38.0404 0400 CmBatt - ok
20:15:38.0417 0400 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
20:15:38.0419 0400 cmdide - ok
20:15:38.0450 0400 [ 36C252E474B2FFA0F0FBBFF20D92A640 ] CNG C:\Windows\system32\Drivers\cng.sys
20:15:38.0455 0400 CNG - ok
20:15:38.0469 0400 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
20:15:38.0470 0400 Compbatt - ok
20:15:38.0494 0400 [ F1724BA27E97D627F808FB0BA77A28A6 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
20:15:38.0496 0400 CompositeBus - ok
20:15:38.0500 0400 COMSysApp - ok
20:15:38.0513 0400 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
20:15:38.0514 0400 crcdisk - ok
20:15:38.0548 0400 [ 9C231178CE4FB385F4B54B0A9080B8A4 ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:15:38.0550 0400 CryptSvc - ok
20:15:38.0567 0400 [ 27C9490BDD0AE48911AB8CF1932591ED ] CSC C:\Windows\system32\drivers\csc.sys
20:15:38.0573 0400 CSC - ok
20:15:38.0590 0400 [ 56FB5F222EA30D3D3FC459879772CB73 ] CscService C:\Windows\System32\cscsvc.dll
20:15:38.0599 0400 CscService - ok
20:15:38.0626 0400 [ B82CD39E336973359D7C9BF911E8E84F ] DcomLaunch C:\Windows\system32\rpcss.dll
20:15:38.0634 0400 DcomLaunch - ok
20:15:38.0652 0400 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
20:15:38.0656 0400 defragsvc - ok
20:15:38.0683 0400 [ 83D1ECEA8FAAE75604C0FA49AC7AD996 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:15:38.0685 0400 DfsC - ok
20:15:38.0715 0400 [ C56495FBD770712367CAD35E5DE72DA6 ] Dhcp C:\Windows\system32\dhcpcore.dll
20:15:38.0719 0400 Dhcp - ok
20:15:38.0746 0400 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
20:15:38.0747 0400 discache - ok
20:15:38.0769 0400 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
20:15:38.0770 0400 Disk - ok
20:15:38.0803 0400 [ B15BE77A2BACF9C3177D27518AFE26A9 ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:15:38.0806 0400 Dnscache - ok
20:15:38.0816 0400 [ 4408C85C21EEA48EB0CE486BAEEF0502 ] dot3svc C:\Windows\System32\dot3svc.dll
20:15:38.0820 0400 dot3svc - ok
20:15:38.0834 0400 [ 7FA81C6E11CAA594ADB52084DA73A1E5 ] DPS C:\Windows\system32\dps.dll
20:15:38.0836 0400 DPS - ok
20:15:38.0852 0400 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:15:38.0852 0400 drmkaud - ok
20:15:38.0883 0400 [ 8B6C3464D7FAC176500061DBFFF42AD4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:15:38.0898 0400 DXGKrnl - ok
20:15:38.0927 0400 [ BFD58DE8912EAB4F9995A8ADD08BC51C ] e1kexpress C:\Windows\system32\DRIVERS\e1k6232.sys
20:15:38.0929 0400 e1kexpress - ok
20:15:38.0948 0400 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
20:15:38.0952 0400 EapHost - ok
20:15:39.0025 0400 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
20:15:39.0101 0400 ebdrv - ok
20:15:39.0133 0400 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] EFS C:\Windows\System32\lsass.exe
20:15:39.0135 0400 EFS - ok
20:15:39.0182 0400 [ 3A74A6E33685662B125A3269B1F2114F ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:15:39.0191 0400 ehRecvr - ok
20:15:39.0203 0400 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
20:15:39.0205 0400 ehSched - ok
20:15:39.0222 0400 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
20:15:39.0229 0400 elxstor - ok
20:15:39.0236 0400 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
20:15:39.0237 0400 ErrDev - ok
20:15:39.0258 0400 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
20:15:39.0262 0400 EventSystem - ok
20:15:39.0288 0400 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
20:15:39.0290 0400 exfat - ok
20:15:39.0312 0400 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:15:39.0314 0400 fastfat - ok
20:15:39.0332 0400 [ F7EA23CC5E6BF2181F3F399D54F6EFC1 ] Fax C:\Windows\system32\fxssvc.exe
20:15:39.0339 0400 Fax - ok
20:15:39.0349 0400 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
20:15:39.0351 0400 fdc - ok
20:15:39.0358 0400 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
20:15:39.0360 0400 fdPHost - ok
20:15:39.0372 0400 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
20:15:39.0374 0400 FDResPub - ok
20:15:39.0380 0400 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:15:39.0380 0400 FileInfo - ok
20:15:39.0390 0400 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:15:39.0391 0400 Filetrace - ok
20:15:39.0399 0400 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
20:15:39.0401 0400 flpydisk - ok
20:15:39.0414 0400 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:15:39.0417 0400 FltMgr - ok
20:15:39.0435 0400 [ B6512A85815FDC3D560C3705F5BDB93D ] FontCache C:\Windows\system32\FntCache.dll
20:15:39.0444 0400 FontCache - ok
20:15:39.0478 0400 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:15:39.0480 0400 FontCache3.0.0.0 - ok
20:15:39.0495 0400 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
20:15:39.0496 0400 FsDepends - ok
20:15:39.0533 0400 [ 500A9814FD9446A8126858A5A7F7D273 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:15:39.0533 0400 Fs_Rec - ok
20:15:39.0553 0400 [ 5592F5DBA26282D24D2B080EB438A4D7 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
20:15:39.0557 0400 fvevol - ok
20:15:39.0569 0400 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
20:15:39.0571 0400 gagp30kx - ok
20:15:39.0604 0400 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:15:39.0605 0400 GEARAspiWDM - ok
20:15:39.0634 0400 [ 8BA3C04702BF8F927AB36AE8313CA4EE ] gpsvc C:\Windows\System32\gpsvc.dll
20:15:39.0642 0400 gpsvc - ok
20:15:39.0653 0400 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
20:15:39.0655 0400 hcw85cir - ok
20:15:39.0679 0400 [ 3530CAD25DEBA7DC7DE8BB51632CBC5F ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:15:39.0682 0400 HdAudAddService - ok
20:15:39.0694 0400 [ 717A2207FD6F13AD3E664C7D5A43C7BF ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
20:15:39.0695 0400 HDAudBus - ok
20:15:39.0705 0400 [ A88485DC6A7136C10D9A6C7E38FDFE3C ] HECI C:\Windows\system32\DRIVERS\HECI.sys
20:15:39.0706 0400 HECI - ok
20:15:39.0718 0400 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
20:15:39.0720 0400 HidBatt - ok
20:15:39.0731 0400 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
20:15:39.0733 0400 HidBth - ok
20:15:39.0740 0400 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
20:15:39.0742 0400 HidIr - ok
20:15:39.0751 0400 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
20:15:39.0753 0400 hidserv - ok
20:15:39.0760 0400 [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:15:39.0761 0400 HidUsb - ok
20:15:39.0780 0400 [ 741C2A45CA8407E374AABA3E330B7872 ] hkmsvc C:\Windows\system32\kmsvc.dll
20:15:39.0782 0400 hkmsvc - ok
20:15:39.0788 0400 [ A768CA158BB06782A2835B907F4873C3 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:15:39.0791 0400 HomeGroupListener - ok
20:15:39.0819 0400 [ FB08DEC5EF43D0C66D83B8E9694E7549 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:15:39.0823 0400 HomeGroupProvider - ok
20:15:39.0842 0400 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
20:15:39.0844 0400 HpSAMD - ok
20:15:39.0868 0400 [ C531C7FD9E8B62021112787C4E2C5A5A ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:15:39.0874 0400 HTTP - ok
20:15:39.0885 0400 [ 8305F33CDE89AD6C7A0763ED0B5A8D42 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
20:15:39.0885 0400 hwpolicy - ok
20:15:39.0907 0400 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
20:15:39.0907 0400 i8042prt - ok
20:15:39.0923 0400 [ 934AF4D7C5F457B9F0743F4299B77B67 ] iaStorV C:\Windows\system32\DRIVERS\iaStorV.sys
20:15:39.0923 0400 iaStorV - ok
20:15:39.0968 0400 [ 5AF815EB5BC9802E5A064E2BA62BFC0C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:15:39.0982 0400 idsvc - ok
20:15:40.0070 0400 [ AD626F6964F4D364D226C39E06872DD3 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
20:15:40.0163 0400 igfx - ok
20:15:40.0175 0400 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
20:15:40.0177 0400 iirsp - ok
20:15:40.0209 0400 [ FAC0EE6562B121B1399D6E855583F7A5 ] IKEEXT C:\Windows\System32\ikeext.dll
20:15:40.0219 0400 IKEEXT - ok
20:15:40.0300 0400 [ 64ED592EA429C24979C36CB0D42DD6C7 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
20:15:40.0328 0400 IntcAzAudAddService - ok
20:15:40.0352 0400 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\DRIVERS\intelide.sys
20:15:40.0353 0400 intelide - ok
20:15:40.0363 0400 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:15:40.0364 0400 intelppm - ok
20:15:40.0369 0400 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:15:40.0370 0400 IPBusEnum - ok
20:15:40.0383 0400 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:15:40.0385 0400 IpFilterDriver - ok
20:15:40.0409 0400 [ 477397B432A256A50EE7E4339EB9EA14 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:15:40.0413 0400 iphlpsvc - ok
20:15:40.0422 0400 [ E4454B6C37D7FFD5649611F6496308A7 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
20:15:40.0424 0400 IPMIDRV - ok
20:15:40.0431 0400 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
20:15:40.0433 0400 IPNAT - ok
20:15:40.0484 0400 [ B84A28B3984185EDA8867541AF14CDDB ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
20:15:40.0496 0400 iPod Service - ok
20:15:40.0519 0400 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:15:40.0520 0400 IRENUM - ok
20:15:40.0542 0400 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
20:15:40.0543 0400 isapnp - ok
20:15:40.0559 0400 [ ED46C223AE46C6866AB77CDC41C404B7 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
20:15:40.0562 0400 iScsiPrt - ok
20:15:40.0571 0400 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
20:15:40.0571 0400 kbdclass - ok
20:15:40.0583 0400 [ 3D9F0EBF350EDCFD6498057301455964 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
20:15:40.0584 0400 kbdhid - ok
20:15:40.0599 0400 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] KeyIso C:\Windows\system32\lsass.exe
20:15:40.0600 0400 KeyIso - ok
20:15:40.0627 0400 [ 0263364ACB9C834ACE52FB85C2C064EC ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:15:40.0628 0400 KSecDD - ok
20:15:40.0637 0400 [ 27391DB553BE2A4E2B0ADEEA2873B2AF ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
20:15:40.0640 0400 KSecPkg - ok
20:15:40.0661 0400 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
20:15:40.0668 0400 KtmRm - ok
20:15:40.0719 0400 [ 8F6BF790D3168224C16F2AF68A84438C ] LanmanServer C:\Windows\system32\srvsvc.dll
20:15:40.0724 0400 LanmanServer - ok
20:15:40.0746 0400 [ B9891F885DCF1F0513A51CB58493CB1F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:15:40.0749 0400 LanmanWorkstation - ok
20:15:40.0775 0400 Lavasoft Kernexplorer - ok
20:15:40.0840 0400 [ 3AF6B73A3AD1FC37C5933441F66CEB91 ] LBTServ C:\Program Files\Common Files\logishrd\Bluetooth\LBTServ.exe
20:15:40.0844 0400 LBTServ - ok
20:15:40.0858 0400 [ 7F9C7B28CF1C859E1C42619EEA946DC8 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
20:15:40.0860 0400 LHidFilt - ok
20:15:40.0881 0400 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:15:40.0883 0400 lltdio - ok
20:15:40.0906 0400 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:15:40.0909 0400 lltdsvc - ok
20:15:40.0921 0400 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
20:15:40.0923 0400 lmhosts - ok
20:15:40.0930 0400 [ AB33792A87285344F43B5CE23421BAB0 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
20:15:40.0932 0400 LMouFilt - ok
20:15:40.0978 0400 [ B10BA06B48A6B55EC395B5F9D80439B8 ] LMS C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
20:15:40.0978 0400 LMS - ok
20:15:40.0994 0400 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
20:15:40.0994 0400 LSI_FC - ok
20:15:41.0021 0400 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
20:15:41.0023 0400 LSI_SAS - ok
20:15:41.0036 0400 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:15:41.0038 0400 LSI_SAS2 - ok
20:15:41.0052 0400 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:15:41.0055 0400 LSI_SCSI - ok
20:15:41.0074 0400 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
20:15:41.0076 0400 luafv - ok
20:15:41.0106 0400 [ 77030525CD86A93F1AF34FA9B96D33CE ] LUsbFilt C:\Windows\system32\Drivers\LUsbFilt.Sys
20:15:41.0108 0400 LUsbFilt - ok
20:15:41.0160 0400 [ 1A7DB7A00A4B0D8DA24CD691A4547291 ] LVPr2Mon C:\Windows\system32\DRIVERS\LVPr2Mon.sys
20:15:41.0161 0400 LVPr2Mon - ok
20:15:41.0199 0400 [ 0DDFDCAA92C7F553328DB06BA599BEA9 ] LVPrcSrv C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
20:15:41.0202 0400 LVPrcSrv - ok
20:15:41.0237 0400 [ B895839B8743E400D7C7DAE156F74E7E ] LVRS C:\Windows\system32\DRIVERS\lvrs.sys
20:15:41.0246 0400 LVRS - ok
20:15:41.0272 0400 [ 23F8EF78BB9553E465A476F3CEE5CA18 ] LVUSBSta C:\Windows\system32\drivers\LVUSBSta.sys
20:15:41.0273 0400 LVUSBSta - ok
20:15:41.0302 0400 [ E2B0887816ED336685954E3D8FDAA51D ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:15:41.0306 0400 Mcx2Svc - ok
20:15:41.0328 0400 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
20:15:41.0330 0400 megasas - ok
20:15:41.0343 0400 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
20:15:41.0347 0400 MegaSR - ok
20:15:41.0356 0400 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
20:15:41.0359 0400 MMCSS - ok
20:15:41.0368 0400 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
20:15:41.0370 0400 Modem - ok
20:15:41.0383 0400 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:15:41.0384 0400 monitor - ok
20:15:41.0411 0400 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:15:41.0412 0400 mouclass - ok
20:15:41.0417 0400 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:15:41.0418 0400 mouhid - ok
20:15:41.0443 0400 [ 921C18727C5920D6C0300736646931C2 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
20:15:41.0444 0400 mountmgr - ok
20:15:41.0461 0400 [ 2AF5997438C55FB79D33D015C30E1974 ] mpio C:\Windows\system32\DRIVERS\mpio.sys
20:15:41.0464 0400 mpio - ok
20:15:41.0479 0400 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:15:41.0481 0400 mpsdrv - ok
20:15:41.0508 0400 [ 5CD996CECF45CBC3E8D109C86B82D69E ] MpsSvc C:\Windows\system32\mpssvc.dll
20:15:41.0517 0400 MpsSvc - ok
20:15:41.0530 0400 [ B1BE47008D20E43DA3ADC37C24CDB89D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:15:41.0533 0400 MRxDAV - ok
20:15:41.0561 0400 [ CA7570E42522E24324A12161DB14EC02 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:15:41.0564 0400 mrxsmb - ok
20:15:41.0580 0400 [ F965C3AB2B2AE5C378F4562486E35051 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:15:41.0584 0400 mrxsmb10 - ok
20:15:41.0596 0400 [ 25C38264A3C72594DD21D355D70D7A5D ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:15:41.0598 0400 mrxsmb20 - ok
20:15:41.0604 0400 [ 4326D168944123F38DD3B2D9C37A0B12 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
20:15:41.0605 0400 msahci - ok
20:15:41.0617 0400 [ 455029C7174A2DBB03DBA8A0D8BDDD9A ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
20:15:41.0619 0400 msdsm - ok
20:15:41.0634 0400 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
20:15:41.0638 0400 MSDTC - ok
20:15:41.0655 0400 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:15:41.0656 0400 Msfs - ok
20:15:41.0661 0400 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
20:15:41.0662 0400 mshidkmdf - ok
20:15:41.0667 0400 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
20:15:41.0667 0400 msisadrv - ok
20:15:41.0687 0400 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:15:41.0691 0400 MSiSCSI - ok
20:15:41.0696 0400 msiserver - ok
20:15:41.0711 0400 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:15:41.0713 0400 MSKSSRV - ok
20:15:41.0724 0400 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:15:41.0726 0400 MSPCLOCK - ok
20:15:41.0732 0400 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:15:41.0734 0400 MSPQM - ok
20:15:41.0749 0400 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:15:41.0752 0400 MsRPC - ok
20:15:41.0765 0400 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
20:15:41.0766 0400 mssmbios - ok
20:15:41.0782 0400 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:15:41.0784 0400 MSTEE - ok
20:15:41.0797 0400 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
20:15:41.0799 0400 MTConfig - ok
20:15:41.0811 0400 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
20:15:41.0812 0400 Mup - ok
20:15:41.0833 0400 [ 80284F1985C70C86F0B5F86DA2DFE1DF ] napagent C:\Windows\system32\qagentRT.dll
20:15:41.0840 0400 napagent - ok
20:15:41.0857 0400 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:15:41.0861 0400 NativeWifiP - ok
20:15:41.0881 0400 [ 23759D175A0A9BAAF04D05047BC135A8 ] NDIS C:\Windows\system32\drivers\ndis.sys
20:15:41.0891 0400 NDIS - ok
20:15:41.0909 0400 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
20:15:41.0912 0400 NdisCap - ok
20:15:41.0932 0400 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:15:41.0933 0400 NdisTapi - ok
20:15:41.0940 0400 [ B30AE7F2B6D7E343B0DF32E6C08FCE75 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:15:41.0942 0400 Ndisuio - ok
20:15:41.0957 0400 [ 267C415EADCBE53C9CA873DEE39CF3A4 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:15:41.0960 0400 NdisWan - ok
20:15:41.0974 0400 [ AF7E7C63DCEF3F8772726F86039D6EB4 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:15:41.0976 0400 NDProxy - ok
20:15:41.0981 0400 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:15:41.0982 0400 NetBIOS - ok
20:15:41.0997 0400 [ DD52A733BF4CA5AF84562A5E2F963B91 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
20:15:42.0000 0400 NetBT - ok
20:15:42.0001 0400 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] Netlogon C:\Windows\system32\lsass.exe
20:15:42.0001 0400 Netlogon - ok
20:15:42.0048 0400 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
20:15:42.0064 0400 Netman - ok
20:15:42.0077 0400 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
20:15:42.0083 0400 netprofm - ok
20:15:42.0101 0400 [ FE2AA5A684B0DD9B1FAE57B7817C198B ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:15:42.0104 0400 NetTcpPortSharing - ok
20:15:42.0201 0400 [ 58218EC6B61B1169CF54AAB0D00F5FE2 ] netw5v32 C:\Windows\system32\DRIVERS\netw5v32.sys
20:15:42.0283 0400 netw5v32 - ok
20:15:42.0299 0400 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
20:15:42.0300 0400 nfrd960 - ok
20:15:42.0316 0400 [ 2226496E34BD40734946A054B1CD657F ] NlaSvc C:\Windows\System32\nlasvc.dll
20:15:42.0319 0400 NlaSvc - ok
20:15:42.0333 0400 NMIndexingService - ok
20:15:42.0375 0400 [ 48FB907B069524F2DC7BA62A0762850C ] nmwcd C:\Windows\system32\drivers\ccdcmb.sys
20:15:42.0377 0400 nmwcd - ok
20:15:42.0403 0400 [ 2914CEB789964141AC6E22C6BC980C42 ] nmwcdc C:\Windows\system32\drivers\ccdcmbo.sys
20:15:42.0405 0400 nmwcdc - ok
20:15:42.0449 0400 [ 28D40797BCB050321FA6674B08A620C0 ] nmwcdnsu C:\Windows\system32\drivers\nmwcdnsu.sys
20:15:42.0452 0400 nmwcdnsu - ok
20:15:42.0460 0400 [ 7804E9747BC27EDDC6A8382BBF35CF25 ] nmwcdnsuc C:\Windows\system32\drivers\nmwcdnsuc.sys
20:15:42.0462 0400 nmwcdnsuc - ok
20:15:42.0472 0400 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:15:42.0473 0400 Npfs - ok
20:15:42.0483 0400 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
20:15:42.0486 0400 nsi - ok
20:15:42.0506 0400 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:15:42.0508 0400 nsiproxy - ok
20:15:42.0543 0400 [ 3795DCD21F740EE799FB7223234215AF ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:15:42.0569 0400 Ntfs - ok
20:15:42.0581 0400 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
20:15:42.0582 0400 Null - ok
20:15:42.0603 0400 [ 70A7EA12501F003383578D6203FACEDD ] NVHDA C:\Windows\system32\drivers\nvhda32v.sys
20:15:42.0604 0400 NVHDA - ok
20:15:42.0764 0400 [ DA01D176B25FF27BEEF20A0717350051 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:15:42.0798 0400 nvlddmkm - ok
20:15:42.0828 0400 [ 3F3D04B1D08D43C16EA7963954EC768D ] nvraid C:\Windows\system32\DRIVERS\nvraid.sys
20:15:42.0830 0400 nvraid - ok
20:15:42.0847 0400 [ C99F251A5DE63C6F129CF71933ACED0F ] nvstor C:\Windows\system32\DRIVERS\nvstor.sys
20:15:42.0851 0400 nvstor - ok
20:15:42.0878 0400 [ 548A928C618D62640BB404C0C2CD8EE1 ] nvsvc C:\Windows\system32\nvvsvc.exe
20:15:42.0882 0400 nvsvc - ok
20:15:42.0894 0400 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
20:15:42.0896 0400 nv_agp - ok
20:15:42.0910 0400 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
20:15:42.0912 0400 ohci1394 - ok
20:15:42.0932 0400 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
20:15:42.0937 0400 p2pimsvc - ok
20:15:42.0946 0400 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
20:15:42.0951 0400 p2psvc - ok
20:15:42.0975 0400 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
20:15:42.0977 0400 Parport - ok
20:15:42.0988 0400 [ FF4218952B51DE44FE910953A3E686B9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:15:42.0989 0400 partmgr - ok
20:15:42.0998 0400 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
20:15:42.0999 0400 Parvdm - ok
20:15:43.0014 0400 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
20:15:43.0018 0400 PcaSvc - ok
20:15:43.0057 0400 [ FD2041E9BA03DB7764B2248F02475079 ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfd.sys
20:15:43.0057 0400 pccsmcfd - ok
20:15:43.0072 0400 [ C858CB77C577780ECC456A892E7E7D0F ] pci C:\Windows\system32\DRIVERS\pci.sys
20:15:43.0072 0400 pci - ok
20:15:43.0104 0400 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\DRIVERS\pciide.sys
20:15:43.0104 0400 pciide - ok
20:15:43.0104 0400 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
20:15:43.0120 0400 pcmcia - ok
20:15:43.0125 0400 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
20:15:43.0126 0400 pcw - ok
20:15:43.0150 0400 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:15:43.0158 0400 PEAUTH - ok
20:15:43.0190 0400 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
20:15:43.0205 0400 PeerDistSvc - ok
20:15:43.0222 0400 [ B4D92797D295807D6739637538D01CCB ] pelmouse C:\Windows\system32\DRIVERS\pelmouse.sys
20:15:43.0223 0400 pelmouse - ok
20:15:43.0234 0400 [ 55B3783EBB36B3A64D66279399A555ED ] pelusblf C:\Windows\system32\DRIVERS\pelusblf.sys
20:15:43.0235 0400 pelusblf - ok
20:15:43.0251 0400 [ A05F0D7419CF4680EEDD5736E6549E7B ] pepifilter C:\Windows\system32\DRIVERS\lv302af.sys
20:15:43.0252 0400 pepifilter - ok
20:15:43.0330 0400 [ 4BB5AC2DD485B8EEFCCB977EE66A68AD ] PID_PEPI C:\Windows\system32\DRIVERS\LV302V32.SYS
20:15:43.0377 0400 PID_PEPI - ok
20:15:43.0408 0400 [ 9C1BFF7910C89A1D12E57343475840CB ] pla C:\Windows\system32\pla.dll
20:15:43.0434 0400 pla - ok
20:15:43.0474 0400 [ 71DEF5EC79774C798342D0EA16E41780 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:15:43.0479 0400 PlugPlay - ok
20:15:43.0488 0400 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
20:15:43.0491 0400 PNRPAutoReg - ok
20:15:43.0507 0400 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
20:15:43.0510 0400 PNRPsvc - ok
20:15:43.0535 0400 [ 48E1B75C6DC0232FD92BAAE4BD344721 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:15:43.0540 0400 PolicyAgent - ok
20:15:43.0564 0400 [ DBFF83F709A91049621C1D35DD45C92C ] Power C:\Windows\system32\umpo.dll
20:15:43.0568 0400 Power - ok
20:15:43.0595 0400 [ 2E069A57306B34C6354EE485CF49FEA9 ] Power Manager DBC Service C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
20:15:43.0597 0400 Power Manager DBC Service - ok
20:15:43.0626 0400 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:15:43.0630 0400 PptpMiniport - ok
20:15:43.0668 0400 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
20:15:43.0669 0400 Processor - ok
20:15:43.0682 0400 [ 630CF26F0227498B7D5A92B12548960F ] ProfSvc C:\Windows\system32\profsvc.dll
20:15:43.0684 0400 ProfSvc - ok
20:15:43.0695 0400 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:15:43.0696 0400 ProtectedStorage - ok
20:15:43.0712 0400 [ 72DE205CD4006DC45B1401859C506679 ] psadd C:\Windows\system32\DRIVERS\psadd.sys
20:15:43.0712 0400 psadd - ok
20:15:43.0721 0400 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
20:15:43.0722 0400 Psched - ok
20:15:43.0746 0400 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
20:15:43.0764 0400 ql2300 - ok
20:15:43.0782 0400 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
20:15:43.0784 0400 ql40xx - ok
20:15:43.0801 0400 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
20:15:43.0804 0400 QWAVE - ok
20:15:43.0813 0400 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:15:43.0814 0400 QWAVEdrv - ok
20:15:43.0825 0400 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:15:43.0826 0400 RasAcd - ok
20:15:43.0832 0400 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
20:15:43.0834 0400 RasAgileVpn - ok
20:15:43.0840 0400 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
20:15:43.0843 0400 RasAuto - ok
20:15:43.0850 0400 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:15:43.0851 0400 Rasl2tp - ok
20:15:43.0863 0400 [ 0CE66EC736B7FC526D78F7624C7D2A94 ] RasMan C:\Windows\System32\rasmans.dll
20:15:43.0867 0400 RasMan - ok
20:15:43.0872 0400 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:15:43.0873 0400 RasPppoe - ok
20:15:43.0885 0400 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:15:43.0887 0400 RasSstp - ok
20:15:43.0894 0400 [ 835D7E81BF517A3B72384BDCC85E1CE6 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:15:43.0897 0400 rdbss - ok
20:15:43.0908 0400 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
20:15:43.0909 0400 rdpbus - ok
20:15:43.0922 0400 [ 1E016846895B15A99F9A176A05029075 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:15:43.0923 0400 RDPCDD - ok
20:15:43.0938 0400 [ C5FF95883FFEF704D50C40D21CFB3AB5 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
20:15:43.0940 0400 RDPDR - ok
20:15:43.0950 0400 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:15:43.0951 0400 RDPENCDD - ok
20:15:43.0961 0400 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
20:15:43.0962 0400 RDPREFMP - ok
20:15:44.0003 0400 [ 0399C725A9C95A6F1862B93F008DDF4A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:15:44.0007 0400 RDPWD - ok
20:15:44.0024 0400 [ 4EA225BF1CF05E158853F30A99CA29A7 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
20:15:44.0027 0400 rdyboost - ok
20:15:44.0052 0400 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
20:15:44.0055 0400 RemoteAccess - ok
20:15:44.0080 0400 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:15:44.0084 0400 RemoteRegistry - ok
20:15:44.0107 0400 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
20:15:44.0110 0400 RFCOMM - ok
20:15:44.0111 0400 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
20:15:44.0127 0400 RpcEptMapper - ok
20:15:44.0142 0400 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
20:15:44.0142 0400 RpcLocator - ok
20:15:44.0158 0400 [ B82CD39E336973359D7C9BF911E8E84F ] RpcSs C:\Windows\system32\rpcss.dll
20:15:44.0158 0400 RpcSs - ok
20:15:44.0197 0400 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:15:44.0198 0400 rspndr - ok
20:15:44.0247 0400 [ 030129520D4C75CBA170E0F0C6040C68 ] RTL8192su C:\Windows\system32\DRIVERS\RTL8192su.sys
20:15:44.0253 0400 RTL8192su - ok
20:15:44.0265 0400 [ 5423D8437051E89DD34749F242C98648 ] s3cap C:\Windows\system32\DRIVERS\vms3cap.sys
20:15:44.0267 0400 s3cap - ok
20:15:44.0279 0400 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] SamSs C:\Windows\system32\lsass.exe
20:15:44.0281 0400 SamSs - ok
20:15:44.0297 0400 [ 34EE0C44B724E3E4CE2EFF29126DE5B5 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
20:15:44.0300 0400 sbp2port - ok
20:15:44.0323 0400 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:15:44.0327 0400 SCardSvr - ok
20:15:44.0339 0400 [ A95C54B2AC3CC9C73FCDF9E51A1D6B51 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
20:15:44.0340 0400 scfilter - ok
20:15:44.0380 0400 [ DF1E5C82E4D09CF8105CC644980C4803 ] Schedule C:\Windows\system32\schedsvc.dll
20:15:44.0392 0400 Schedule - ok
20:15:44.0402 0400 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] SCPolicySvc C:\Windows\System32\certprop.dll
20:15:44.0403 0400 SCPolicySvc - ok
20:15:44.0423 0400 [ 7B48CFF3A475FE849DEA65EC4D35C425 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
20:15:44.0425 0400 sdbus - ok
20:15:44.0441 0400 [ 5FD90ABDBFAEE85986802622CBB03446 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:15:44.0446 0400 SDRSVC - ok
20:15:44.0468 0400 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:15:44.0470 0400 secdrv - ok
20:15:44.0484 0400 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
20:15:44.0488 0400 seclogon - ok
20:15:44.0504 0400 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
20:15:44.0508 0400 SENS - ok
20:15:44.0513 0400 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
20:15:44.0516 0400 SensrSvc - ok
20:15:44.0531 0400 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
20:15:44.0532 0400 Serenum - ok
20:15:44.0553 0400 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
20:15:44.0555 0400 Serial - ok
20:15:44.0562 0400 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
20:15:44.0564 0400 sermouse - ok
20:15:44.0624 0400 [ 7D3903AF48E6C1DC2704EAFCB608D031 ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
20:15:44.0634 0400 ServiceLayer - ok
20:15:44.0655 0400 [ 8F55CE568C543D5ADF45C409D16718FC ] SessionEnv C:\Windows\system32\sessenv.dll
20:15:44.0659 0400 SessionEnv - ok
20:15:44.0666 0400 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
20:15:44.0668 0400 sffdisk - ok
20:15:44.0676 0400 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
20:15:44.0678 0400 sffp_mmc - ok
20:15:44.0685 0400 [ 4F1E5B0FE7C8050668DBFADE8999AEFB ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
20:15:44.0687 0400 sffp_sd - ok
20:15:44.0691 0400 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
20:15:44.0692 0400 sfloppy - ok
20:15:44.0706 0400 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:15:44.0710 0400 SharedAccess - ok
20:15:44.0728 0400 [ CD2E48FA5B29EE2B3B5858056D246EF2 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:15:44.0733 0400 ShellHWDetection - ok
20:15:44.0749 0400 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\DRIVERS\sisagp.sys
20:15:44.0751 0400 sisagp - ok
20:15:44.0764 0400 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:15:44.0766 0400 SiSRaid2 - ok
20:15:44.0776 0400 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
20:15:44.0778 0400 SiSRaid4 - ok
20:15:44.0856 0400 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
20:15:44.0859 0400 SkypeUpdate - ok
20:15:44.0875 0400 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:15:44.0878 0400 Smb - ok
20:15:44.0902 0400 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:15:44.0905 0400 SNMPTRAP - ok
20:15:44.0913 0400 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
20:15:44.0914 0400 spldr - ok
20:15:44.0957 0400 [ D1BB750EB51694DE183E08B9C33BE5B2 ] Spooler C:\Windows\System32\spoolsv.exe
20:15:44.0963 0400 Spooler - ok
20:15:45.0027 0400 [ 4C287F9069FEDBD791178876EE9DE536 ] sppsvc C:\Windows\system32\sppsvc.exe
20:15:45.0082 0400 sppsvc - ok
20:15:45.0107 0400 [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7 ] sppuinotify C:\Windows\system32\sppuinotify.dll
20:15:45.0110 0400 sppuinotify - ok
20:15:45.0147 0400 [ CDDDEC541BC3C96F91ECB48759673505 ] sptd C:\Windows\System32\Drivers\sptd.sys
20:15:45.0157 0400 sptd - ok
20:15:45.0183 0400 [ D2F4F32B59440011174B4F8137AF4E0C ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
20:15:45.0183 0400 SQLWriter - ok
20:15:45.0235 0400 [ C4A027B8C0BD3FC0699F41FA5E9E0C87 ] srv C:\Windows\system32\DRIVERS\srv.sys
20:15:45.0240 0400 srv - ok
20:15:45.0253 0400 [ 414BB592CAD8A79649D01F9D94318FB3 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:15:45.0257 0400 srv2 - ok
20:15:45.0282 0400 [ E00FDFAFF025E94F9821153750C35A6D ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL3.SYS
20:15:45.0286 0400 SrvHsfHDA - ok
20:15:45.0309 0400 [ CEB4E3B6890E1E42DCA6694D9E59E1A0 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV3.SYS
20:15:45.0325 0400 SrvHsfV92 - ok
20:15:45.0349 0400 [ BC0C7EA89194C299F051C24119000E17 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
20:15:45.0359 0400 SrvHsfWinac - ok
20:15:45.0389 0400 [ FF207D67700AA18242AAF985D3E7D8F4 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:15:45.0392 0400 srvnet - ok
20:15:45.0409 0400 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:15:45.0414 0400 SSDPSRV - ok
20:15:45.0424 0400 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:15:45.0428 0400 SstpSvc - ok
20:15:45.0441 0400 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
20:15:45.0443 0400 stexstor - ok
20:15:45.0467 0400 [ A22825E7BB7018E8AF3E229A5AF17221 ] StiSvc C:\Windows\System32\wiaservc.dll
20:15:45.0474 0400 StiSvc - ok
20:15:45.0493 0400 [ 957E346CA948668F2496A6CCF6FF82CC ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
20:15:45.0494 0400 storflt - ok
20:15:45.0501 0400 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll
20:15:45.0504 0400 StorSvc - ok
20:15:45.0517 0400 [ D5751969DC3E4B88BF482AC8EC9FE019 ] storvsc C:\Windows\system32\DRIVERS\storvsc.sys
20:15:45.0519 0400 storvsc - ok
20:15:45.0565 0400 [ 6EA2F517373771CAC5188E82617C9C0B ] SUService C:\Program Files\Lenovo\System Update\SUService.exe
20:15:45.0566 0400 SUService - ok
20:15:45.0573 0400 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
20:15:45.0574 0400 swenum - ok
20:15:45.0588 0400 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
20:15:45.0594 0400 swprv - ok
20:15:45.0625 0400 [ 04105C8DA62353589C29BDAEB8D88BD8 ] SysMain C:\Windows\system32\sysmain.dll
20:15:45.0651 0400 SysMain - ok
20:15:45.0673 0400 [ FCFB6C552FBC0DA299799CBD50AD9FD4 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:15:45.0678 0400 TabletInputService - ok
20:15:45.0689 0400 [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF ] TapiSrv C:\Windows\System32\tapisrv.dll
20:15:45.0695 0400 TapiSrv - ok
20:15:45.0710 0400 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
20:15:45.0714 0400 TBS - ok
20:15:45.0763 0400 [ 56C198AC82EFA622DD93E9E43575F79C ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:15:45.0789 0400 Tcpip - ok
20:15:45.0830 0400 [ 56C198AC82EFA622DD93E9E43575F79C ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
20:15:45.0841 0400 TCPIP6 - ok
20:15:45.0865 0400 [ E64444523ADD154F86567C469BC0B17F ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:15:45.0867 0400 tcpipreg - ok
20:15:45.0876 0400 [ 1875C1490D99E70E449E3AFAE9FCBADF ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:15:45.0877 0400 TDPIPE - ok
20:15:45.0920 0400 [ 7156308896D34EA75A582F9A09E50C17 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:15:45.0922 0400 TDTCP - ok
20:15:45.0934 0400 [ CB39E896A2A83702D1737BFD402B3542 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:15:45.0936 0400 tdx - ok
20:15:46.0019 0400 [ 0F0FEDEB1BEF118CF676B1E5BBB0FE9A ] TeamViewer6 C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
20:15:46.0038 0400 TeamViewer6 - ok
20:15:46.0052 0400 [ C36F41EE20E6999DBF4B0425963268A5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
20:15:46.0053 0400 TermDD - ok
20:15:46.0072 0400 [ A01E50A04D7B1960B33E92B9080E6A94 ] TermService C:\Windows\System32\termsrv.dll
20:15:46.0080 0400 TermService - ok
20:15:46.0087 0400 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
20:15:46.0090 0400 Themes - ok
20:15:46.0146 0400 [ 39AC444E07FDBD8C2E8E291A65D515D3 ] ThinkVantage Registry Monitor Service C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
20:15:46.0157 0400 ThinkVantage Registry Monitor Service - ok
20:15:46.0168 0400 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
20:15:46.0169 0400 THREADORDER - ok
20:15:46.0188 0400 [ 5AD05191DC8B444A7BA4D79B76C42A30 ] TPM C:\Windows\system32\drivers\tpm.sys
20:15:46.0189 0400 TPM - ok
20:15:46.0195 0400 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
20:15:46.0198 0400 TrkWks - ok
20:15:46.0222 0400 [ 41A4C781D2286208D397D72099304133 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:15:46.0238 0400 TrustedInstaller - ok
20:15:46.0238 0400 [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:15:46.0238 0400 tssecsrv - ok
20:15:46.0253 0400 [ 3E461D890A97F9D4C168F5FDA36E1D00 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:15:46.0253 0400 tunnel - ok
20:15:46.0315 0400 [ B56DA1AA776C15043D10F82B32AA000D ] TVT Backup Service C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
20:15:46.0341 0400 TVT Backup Service - ok
20:15:46.0368 0400 [ 3078906E991F29305E8066911153717E ] TVTI2C C:\Windows\system32\DRIVERS\Tvti2c.sys
20:15:46.0369 0400 TVTI2C - ok
20:15:46.0384 0400 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
20:15:46.0387 0400 uagp35 - ok
20:15:46.0399 0400 [ 09CC3E16F8E5EE7168E01CF8FCBE061A ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:15:46.0403 0400 udfs - ok
20:15:46.0421 0400 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:15:46.0423 0400 UI0Detect - ok
20:15:46.0446 0400 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
20:15:46.0447 0400 uliagpkx - ok
20:15:46.0454 0400 [ 049B3A50B3D646BAEEEE9EEC9B0668DC ] umbus C:\Windows\system32\DRIVERS\umbus.sys
20:15:46.0455 0400 umbus - ok
20:15:46.0465 0400 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
20:15:46.0467 0400 UmPass - ok
20:15:46.0481 0400 [ 8ECACA5454844F66386F7BE4AE0D7CD1 ] UmRdpService C:\Windows\System32\umrdp.dll
20:15:46.0485 0400 UmRdpService - ok
20:15:46.0533 0400 [ 40C7C20D2D1798EEB68EEFD606C20689 ] UNS C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
20:15:46.0568 0400 UNS - ok
20:15:46.0580 0400 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
20:15:46.0584 0400 upnphost - ok
20:15:46.0619 0400 [ E526A166E6ACAFD0A9B3841D3941669E ] upperdev C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
20:15:46.0621 0400 upperdev - ok
20:15:46.0636 0400 [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
20:15:46.0638 0400 USBAAPL - ok
20:15:46.0665 0400 [ 2436A42AAB4AD48A9B714E5B0F344627 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
20:15:46.0667 0400 usbaudio - ok
20:15:46.0691 0400 [ 8455C4ED038EFD09E99327F9D2D48FFA ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:15:46.0693 0400 usbccgp - ok
20:15:46.0712 0400 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
20:15:46.0714 0400 usbcir - ok
20:15:46.0729 0400 [ 1C333BFD60F2FED2C7AD5DAF533CB742 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
20:15:46.0731 0400 usbehci - ok
20:15:46.0741 0400 [ EE6EF93CCFA94FAE8C6AB298273D8AE2 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:15:46.0745 0400 usbhub - ok
20:15:46.0753 0400 [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
20:15:46.0754 0400 usbohci - ok
20:15:46.0772 0400 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
20:15:46.0773 0400 usbprint - ok
20:15:46.0800 0400 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
20:15:46.0802 0400 usbscan - ok
20:15:46.0842 0400 [ 88701ECA76145E2C011C0EEFF0F7B70E ] usbser C:\Windows\system32\DRIVERS\usbser.sys
20:15:46.0844 0400 usbser - ok
20:15:46.0861 0400 [ 6F3E3C6811B930D2414552A2E4A40F36 ] UsbserFilt C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
20:15:46.0863 0400 UsbserFilt - ok
20:15:46.0869 0400 [ D8889D56E0D27E57ED4591837FE71D27 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:15:46.0871 0400 USBSTOR - ok
20:15:46.0881 0400 [ 78780C3EBCE17405B1CCD07A3A8A7D72 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
20:15:46.0883 0400 usbuhci - ok
20:15:46.0897 0400 [ F642A7E4BF78CFA359CCA0A3557C28D7 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
20:15:46.0899 0400 usbvideo - ok
20:15:46.0922 0400 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
20:15:46.0925 0400 UxSms - ok
20:15:46.0934 0400 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] VaultSvc C:\Windows\system32\lsass.exe
20:15:46.0936 0400 VaultSvc - ok
20:15:46.0951 0400 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
20:15:46.0952 0400 vdrvroot - ok
20:15:46.0964 0400 [ 8C4E7C49D3641BC9E299E466A7F8867D ] vds C:\Windows\System32\vds.exe
20:15:46.0971 0400 vds - ok
20:15:46.0984 0400 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:15:46.0986 0400 vga - ok
20:15:46.0994 0400 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
20:15:46.0995 0400 VgaSave - ok
20:15:47.0008 0400 [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
20:15:47.0011 0400 vhdmp - ok
20:15:47.0036 0400 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\DRIVERS\viaagp.sys
20:15:47.0039 0400 viaagp - ok
20:15:47.0053 0400 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
20:15:47.0055 0400 ViaC7 - ok
20:15:47.0070 0400 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\DRIVERS\viaide.sys
20:15:47.0071 0400 viaide - ok
20:15:47.0080 0400 [ 379B349F65F453D2A6E75EA6B7448E49 ] vmbus C:\Windows\system32\DRIVERS\vmbus.sys
20:15:47.0084 0400 vmbus - ok
20:15:47.0095 0400 [ EC2BBAB4B84D0738C6C83D2234DC36FE ] VMBusHID C:\Windows\system32\DRIVERS\VMBusHID.sys
20:15:47.0097 0400 VMBusHID - ok
20:15:47.0109 0400 [ 384E5A2AA49934295171E499F86BA6F3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
20:15:47.0110 0400 volmgr - ok
20:15:47.0117 0400 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:15:47.0120 0400 volmgrx - ok
20:15:47.0126 0400 [ 58DF9D2481A56EDDE167E51B334D44FD ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
20:15:47.0129 0400 volsnap - ok
20:15:47.0147 0400 [ 33E74DF34753FCAAB06F6F2BDC8CABF5 ] vpcbus C:\Windows\system32\DRIVERS\vpchbus.sys
20:15:47.0149 0400 vpcbus - ok
20:15:47.0171 0400 [ 5F04362CEB5FB5901037E9D9EADD3760 ] vpcnfltr C:\Windows\system32\DRIVERS\vpcnfltr.sys
20:15:47.0172 0400 vpcnfltr - ok
20:15:47.0192 0400 [ 625088D6EE9EDE977FD03CF18D1CD5C5 ] vpcusb C:\Windows\system32\DRIVERS\vpcusb.sys
20:15:47.0194 0400 vpcusb - ok
20:15:47.0212 0400 [ B21E23C100D6D5162B95CF6F05B4E035 ] vpcvmm C:\Windows\system32\drivers\vpcvmm.sys
20:15:47.0215 0400 vpcvmm - ok
20:15:47.0238 0400 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
20:15:47.0241 0400 vsmraid - ok
20:15:47.0277 0400 [ 7EA2BCD94D9CFAF4C556F5CC94532A6C ] VSS C:\Windows\system32\vssvc.exe
20:15:47.0277 0400 VSS - ok
20:15:47.0292 0400 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
20:15:47.0292 0400 vwifibus - ok
20:15:47.0323 0400 [ 7090D3436EEB4E7DA3373090A23448F7 ] VWiFiFlt C:\Windows\system32\DRIVERS\vwififlt.sys
20:15:47.0323 0400 VWiFiFlt - ok
20:15:47.0340 0400 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
20:15:47.0341 0400 vwifimp - ok
20:15:47.0365 0400 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
20:15:47.0370 0400 W32Time - ok
20:15:47.0385 0400 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
20:15:47.0387 0400 WacomPen - ok
20:15:47.0407 0400 [ 692A712062146E96D28BA0B7D75DE31B ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
20:15:47.0409 0400 WANARP - ok
20:15:47.0412 0400 [ 692A712062146E96D28BA0B7D75DE31B ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:15:47.0413 0400 Wanarpv6 - ok
20:15:47.0477 0400 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
20:15:47.0501 0400 WatAdminSvc - ok
20:15:47.0536 0400 [ 7790B77FE1E5EE47DCC66247095BB4C9 ] wbengine C:\Windows\system32\wbengine.exe
20:15:47.0562 0400 wbengine - ok
20:15:47.0574 0400 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
20:15:47.0578 0400 WbioSrvc - ok
20:15:47.0587 0400 [ D0F88AA11EE1A62BCC6D6A8A7783CA11 ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:15:47.0592 0400 wcncsvc - ok
20:15:47.0600 0400 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:15:47.0603 0400 WcsPlugInService - ok
20:15:47.0622 0400 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
20:15:47.0624 0400 Wd - ok
20:15:47.0644 0400 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:15:47.0649 0400 Wdf01000 - ok
20:15:47.0663 0400 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:15:47.0667 0400 WdiServiceHost - ok
20:15:47.0670 0400 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:15:47.0672 0400 WdiSystemHost - ok
20:15:47.0686 0400 [ D87C7D2C517F82A5AB7A73E203063D9E ] WebClient C:\Windows\System32\webclnt.dll
20:15:47.0691 0400 WebClient - ok
20:15:47.0697 0400 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:15:47.0701 0400 Wecsvc - ok
20:15:47.0705 0400 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:15:47.0708 0400 wercplsupport - ok
20:15:47.0723 0400 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
20:15:47.0726 0400 WerSvc - ok
20:15:47.0743 0400 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
20:15:47.0745 0400 WfpLwf - ok
20:15:47.0752 0400 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
20:15:47.0753 0400 WIMMount - ok
20:15:47.0808 0400 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
20:15:47.0817 0400 WinDefend - ok
20:15:47.0823 0400 WinHttpAutoProxySvc - ok
20:15:47.0855 0400 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:15:47.0858 0400 Winmgmt - ok
20:15:47.0899 0400 [ C4F5D3901D1B41D602DDC196E0B95B51 ] WinRM C:\Windows\system32\WsmSvc.dll
20:15:47.0924 0400 WinRM - ok
20:15:47.0978 0400 [ 30FC6E5448D0CBAAA95280EEEF7FEDAE ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
20:15:47.0981 0400 WinUsb - ok
20:15:48.0006 0400 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
20:15:48.0017 0400 Wlansvc - ok
20:15:48.0037 0400 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
20:15:48.0038 0400 WmiAcpi - ok
20:15:48.0052 0400 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:15:48.0054 0400 wmiApSrv - ok
20:15:48.0100 0400 [ 77FBD400984CF72BA0FC4B3489D65F74 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
20:15:48.0127 0400 WMPNetworkSvc - ok
20:15:48.0132 0400 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:15:48.0135 0400 WPCSvc - ok
20:15:48.0148 0400 [ B7F658A2EBC07129538AD9AB35212637 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:15:48.0152 0400 WPDBusEnum - ok
20:15:48.0171 0400 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:15:48.0173 0400 ws2ifsl - ok
20:15:48.0183 0400 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
20:15:48.0186 0400 wscsvc - ok
20:15:48.0190 0400 WSearch - ok
20:15:48.0247 0400 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
20:15:48.0281 0400 wuauserv - ok
20:15:48.0295 0400 [ 6F9B6C0C93232CFF47D0F72D6DB1D21E ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:15:48.0297 0400 WudfPf - ok
20:15:48.0314 0400 [ F91FF1E51FCA30B3C3981DB7D5924252 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:15:48.0316 0400 WUDFRd - ok
20:15:48.0321 0400 [ DDEE3682FE97037C45F4D7AB467CB8B6 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:15:48.0324 0400 wudfsvc - ok
20:15:48.0332 0400 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
20:15:48.0332 0400 WwanSvc - ok
20:15:48.0348 0400 ================ Scan global ===============================
20:15:48.0379 0400 [ 9A595DF601070DA78C40481120DD2C06 ] C:\Windows\system32\basesrv.dll
20:15:48.0411 0400 [ 008F51AE989C3DF1CBAF8B39DC423CCC ] C:\Windows\system32\winsrv.dll
20:15:48.0421 0400 [ 008F51AE989C3DF1CBAF8B39DC423CCC ] C:\Windows\system32\winsrv.dll
20:15:48.0444 0400 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
20:15:48.0462 0400 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
20:15:48.0467 0400 [Global] - ok
20:15:48.0467 0400 ================ Scan MBR ==================================
20:15:48.0478 0400 [ C3C1D61778E5FF92FA3C9EEFB5D5238C ] \Device\Harddisk0\DR0
20:15:48.0589 0400 \Device\Harddisk0\DR0 - ok
20:15:48.0590 0400 ================ Scan VBR ==================================
20:15:48.0592 0400 [ CD8E851C16072BE46381D44FDA90A6C6 ] \Device\Harddisk0\DR0\Partition1
20:15:48.0594 0400 \Device\Harddisk0\DR0\Partition1 - ok
20:15:48.0617 0400 [ 57EFF0CFD5EC258F935C57EFD5D672B2 ] \Device\Harddisk0\DR0\Partition2
20:15:48.0619 0400 \Device\Harddisk0\DR0\Partition2 - ok
20:15:48.0646 0400 [ C0C976F124E439D3ECEE4F642A07DF5F ] \Device\Harddisk0\DR0\Partition3
20:15:48.0649 0400 \Device\Harddisk0\DR0\Partition3 - ok
20:15:48.0650 0400 ============================================================
20:15:48.0650 0400 Scan finished
20:15:48.0650 0400 ============================================================
20:15:48.0661 3936 Detected object count: 1
20:15:48.0661 3936 Actual detected object count: 1
20:17:20.0863 3936 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
20:17:20.0863 3936 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip

[Jintan]

Better to never delete folders/files until you are very sure the program is not still active - it may cripple things. We will deal with Norton as we go.

20:17:20.0863 3936 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
20:17:20.0863 3936 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip

Yes, that was a good choice you made. Let's see what we have missed.

Be sure to continue to temporarily disable any protective software when running the scan tools we use here.


Download ComboFix.exe from here to your desktop, then click that to run that scan. Agree to any warnings you might receive.


A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt.

[GoGe]

The ComboFix log:
ComboFix 12-09-27.03 - Mateja 27.09.2012 18:12:55.1.4 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1250.386.1060.18.3006.1804 [GMT 2:00]
Running from: c:\users\Mateja\Downloads\Chrome\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\Thumbs.db
c:\windows\TEMP\logishrd\LVPrcInj01.dll
Q:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2012-08-27 to 2012-09-27 )))))))))))))))))))))))))))))))
.
.
2012-09-06 18:31 . 2012-09-06 18:31 -------- d-----w- c:\users\Mateja\AppData\Local\LogiShrd
2012-08-29 11:44 . 2012-08-29 11:44 -------- d-----w- C:\_SMA
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"Akamai NetSession Interface"="c:\users\Mateja\AppData\Local\Akamai\netsession_win.exe" [2012-08-10 4440896]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-11-09 7866912]
"IMSS"="c:\program files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2009-12-09 111640]
"Mouse Suite 98 Daemon"="c:\program files\Lenovo\Mouse Suite\ICO.EXE" [2009-11-04 98304]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2009-09-21 622592]
"Power Manager Power Agenda"="c:\progra~1\ThinkPad\UTILIT~1\DPMHost.exe" [2009-10-16 72256]
"Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-28 49976]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"AutoEJCD_0ACE20FF"="c:\program files\AutoInstall\ZD1211B_Auto_Install_CD_Only_Gen_0ACE20FF\AutoEJCD.EXE" [2011-07-30 40960]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg&inst=NzctNjMxNDM2NDI3LVRCOSsyLUZMKzktRjEwTSs1LVgyMDEwKzItUUlYMSs0LUxJQys3Ny1TUDErMS1GTDEwKzEtVFVHKzMtU1AxUzIrMS1TVUQrMS1TMUkrMS1TVTMrMS1ERFQrMzM2MTItTFNEKzItREQxMEYrMS1TVDEwRkFQUCsxLUYxME0xMkROKzEtVEIrMS1VMTArMS1GMTBUQisyLVNUMTBUQkYrMS1GMTBNMTJUQSsxLVZJUDEyKzEtVEwrMS1GMTBNMTJSKzE&prod=90&ver=10.0.1427" [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 10:28 72208 ----a-w- c:\program files\Common Files\logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-03-23 20:02 136176 ----atw- c:\users\Mateja\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-06-07 15:51 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 12:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrusb.sys [x]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [x]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [x]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
R3 WatAdminSvc;Storitev tehnologije za aktiviranje sistema Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [x]
S2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [x]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [x]
S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1043056270-1798009061-3640862498-1004Core.job
- c:\users\Mateja\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-23 20:02]
.
2012-09-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1043056270-1798009061-3640862498-1004UA.job
- c:\users\Mateja\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-23 20:02]
.
2011-12-14 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\pcdlauncher.exe [2009-11-20 10:12]
.
2012-09-11 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\pcdr5cuiw32.exe [2010-02-18 00:15]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.si/
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
FF - ProfilePath - c:\users\Mateja\AppData\Roaming\Mozilla\Firefox\Profiles\rfmwrfe8.default\
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Ba09b7265-a9b3-4f3d-80d6-6389feff1f5b%7D&mid=827c94f3b953c2161707c680c17db71e-1fd6ce85b3ccfa0cc5a4b477c3b5ffcb610695e7&ds=AVG&v=11.1.0.12&lang=us&pr=fr&d=2011-12-08%2011%3A24%3A48&sap=ku&q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-ROC_roc_dec12 - c:\program files\AVG Secure Search\ROC_roc_dec12.exe
MSConfigStartUp-Acrobat Assistant 8 - c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
MSConfigStartUp-Adobe Acrobat Speed Launcher - c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe
MSConfigStartUp-Adobe ARM - c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
MSConfigStartUp-AdobeCS4ServiceManager - c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
MSConfigStartUp-NeroFilterCheck - c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
MSConfigStartUp-Windows - c:\users\Public\Public Documents\Windows Movie Player\players.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_5891ae0.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1043056270-1798009061-3640862498-1004\Software\SecuROM\License information*]
"datasecu"=hex:8b,66,1e,8b,ef,6d,d1,0c,f5,fa,fc,4b,77,21,f4,f6,46,cb,1f,c5,34,
52,d5,ec,76,a8,4a,55,7c,7f,65,4e,2b,30,8d,d6,f0,2a,77,88,b7,d1,c7,b6,a6,6f,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\System32\rundll32.exe
c:\program files\ThinkPad\Utilities\SCHTASK.EXE
c:\windows\system32\WerFault.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
.
**************************************************************************
.
Completion time: 2012-09-27 18:22:05 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-27 16:22
.
Pre-Run: 198.429.941.760 bytes free
Post-Run: 200.963.641.344 bytes free
.
- - End Of File - - F5EDE9EE867AE5CA5A073BDD86E6EFDF