VIRY.CZ

Dobry den, mam windows 7 64 bit. verziu, antivirus microsoft essentials a nikdy som zatial nenasla virus, ale pocitac vzdy po zapnuti vypisuje Runtime error 216 at 025493E6. Docitala som sa, ze to moze byt trojan. Mozete mi prosim poradit ako ho najst a odstranit? Dakujem.

Zdravim.
Vitaj:
1:Stiahni na plochu podla systému 32 alebo 64 bites,Farbar Recovery Scan Tool.
http://www.bleepingcomputer.com/downloa ... scan-tool/
Pravý klík a spustiť ako správca.
2:Zafajkovať všetko aj ovládače MD5 a Addition.txt.
3:Klikni na SCAN-o chvíľku sa ti otvoria logy.
4:obsah FRST.txt a Addition.txt, logov vlož ako,

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-07-2013 03
Ran by Luci (administrator) on 01-08-2013 14:35:15
Running from C:\Users\Luci\Documents\Farbar Recovery Scan Tool
Windows 7 Home Premium Service Pack 1 (X64) OS Language: 041B
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(ASUSTeK Computer Inc.) C:\Windows\system32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
() C:\Program Files\ATKGFNEX\GFNEXSrv.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(ASUS) C:\Program Files\ASUS\Net4Switch\Net4Switch.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
() C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 6\Monitor.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
(ATK) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
(AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(BitTorrent Inc.) C:\Users\Luci\Desktop\utorrent.exe
(Akamai Technologies, Inc.) C:\Users\Luci\AppData\Local\Akamai\netsession_win.exe
() C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
(Akamai Technologies, Inc.) C:\Users\Luci\AppData\Local\Akamai\netsession_win.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
() C:\Users\Luci\AppData\Local\GetBooks\GetBooks.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
(Dropbox, Inc.) C:\Users\Luci\AppData\Roaming\Dropbox\bin\Dropbox.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
(ASUS) C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
(ASUS) C:\Windows\AsScrPro.exe
() C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google Inc.) C:\Users\Luci\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Luci\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Luci\AppData\Local\Google\Chrome\Application\chrome.exe
(Lingea s.r.o.) C:\Program Files (x86)\Lingea\Lex2002\lexicon.exe
(Google Inc.) C:\Users\Luci\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Luci\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Luci\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Luci\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Luci\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [x]
HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [617856 2009-07-30] (ELAN Microelectronic Corp.)
HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-09-01] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-06-20] (Microsoft Corporation)
HKLM\...\InprocServer32: [Default-cscui] <==== ATTENTION!
HKCU\...\Run: [Google Update] - C:\Users\Luci\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2010-11-07] (Google Inc.)
HKCU\...\Run: [uTorrent] - C:\Users\Luci\Desktop\utorrent.exe [802136 2013-05-02] (BitTorrent Inc.)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Luci\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [GetBooks] - C:\Users\Luci\AppData\Local\GetBooks\GetBooks.exe [509440 2013-05-15] ()
HKCU\...\Run: [Advanced SystemCare 6] - C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe [491840 2013-01-15] (IObit)
MountPoints2: {13ae7729-e3b9-11df-934e-806e6f6e6963} - E:\InstAll.exe
MountPoints2: {6334e708-69c5-11e0-840b-20cf302aa77b} - F:\Startme.exe
MountPoints2: {fee2718c-80af-11e0-b528-20cf302aa77b} - "G:\WD SmartWare.exe" autoplay=true
HKLM-x32\...\Run: [HControlUser] - C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [ATKOSD2] - C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [6859392 2009-08-17] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe [170624 2009-08-19] (ASUS)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [DivX Download Manager] - "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start [x]
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
AppInit_DLLs: [0 ] ()
AppInit_DLLs-x32: [0 ] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SRS Premium Sound.lnk
ShortcutTarget: SRS Premium Sound.lnk -> C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe (Acresso Software Inc.)
Startup: C:\Users\Luci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Luci\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.imesh.net?appid=1157
URLSearchHook: (No Name) - {687578b9-7132-4a7a-80e4-30ee31099e03} - No File
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL = http://dts.search-results.com/sr?src=ie ... earchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL = http://dts.search-results.com/sr?src=ie ... earchTerms}
SearchScopes: HKLM-x32 - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL = http://dts.search-results.com/sr?src=ie ... earchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL = http://dts.search-results.com/sr?src=ie ... earchTerms}
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.as ... =CT3072253
SearchScopes: HKCU - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL = http://dts.search-results.com/sr?src=ie ... earchTerms}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/?q={searchTer ... f06d8ce164
SearchScopes: HKCU - {4B8C28A7-A9BC-45F8-990D-21499EED643C} URL = http://www.questscan.com/?prt=QstscanPB ... earchTerms}
SearchScopes: HKCU - {65DCECE6-824B-4CCE-8A79-15A9AB21DEA6} URL = http://search.yahoo.com/search?fr=chr-g ... earchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL = http://dts.search-results.com/sr?src=ie ... earchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.as ... =CT3072253
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Pomocník pri prihlasovaní v konte Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Luci\AppData\Roaming\Mozilla\Firefox\Profiles\g9rjekg0.default
FF user.js: detected! => C:\Users\Luci\AppData\Roaming\Mozilla\Firefox\Profiles\g9rjekg0.default\user.js
FF SelectedSearchEngine: Search Results
FF Homepage: hxxp://sk.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:sk:official
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Luci\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Luci\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\Luci\AppData\Roaming\Mozilla\Firefox\Profiles\g9rjekg0.default\searchplugins\conduit.xml
FF SearchPlugin: C:\Users\Luci\AppData\Roaming\Mozilla\Firefox\Profiles\g9rjekg0.default\searchplugins\Search_Results.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
FF Extension: No Name - C:\Users\Luci\AppData\Roaming\Mozilla\Extensions\MediaCoder
FF Extension: No Name - C:\Users\Luci\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: No Name - C:\Users\Luci\AppData\Roaming\Mozilla\Firefox\Profiles\g9rjekg0.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [ClickPotatoLite@ClickPotatoLite.com] C:\Program Files (x86)\ClickPotatoLite\bin\11.0.19.0\firefox\extensions
FF Extension: ClickPotatoLite Component - C:\Program Files (x86)\ClickPotatoLite\bin\11.0.19.0\firefox\extensions

Chrome:
=======
CHR HomePage: hxxp://search.imesh.net?appid=1157
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Users\Luci\AppData\Local\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Luci\AppData\Local\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Luci\AppData\Local\Google\Chrome\Application\28.0.1500.95\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U29) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (DivX OVS Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll No File
CHR Plugin: (DivX Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll No File
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\Luci\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (YouTube) - C:\Users\Luci\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Luci\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (AdBlock) - C:\Users\Luci\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.4_0
CHR Extension: (Gmail) - C:\Users\Luci\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM-x32\...\Chrome\Extension: [dednnpigldgdbpgcdpfppmlcnnbjciel] - C:\Users\Luci\AppData\Roaming\Media Finder\Extensions\gencrawler_gc.crx
CHR HKLM-x32\...\Chrome\Extension: [fnjbmmemklcjgepojigaapkoodmkgbae] - C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx
CHR HKLM-x32\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.0.crx
CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\errorassistant_1.1.crx
CHR HKLM-x32\...\Chrome\Extension: [kiplfnciaokpcennlkldkdaeaaomamof] - C:\Users\Luci\AppData\Local\Torch\Plugins\TorchPlugin.crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM-x32\...\Chrome\Extension: [lpmkgpnbiojfaoklbkpfneikocaobfai] - C:\Users\Luci\AppData\Roaming\Media Finder\Extensions\mf_plugin_gc.crx
CHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files (x86)\Common Files\Spigot\GC\coupons_2.4.crx
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx
CHR HKLM-x32\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\Luci\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx
CHR HKLM-x32\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx
CHR StartMenuInternet: Google Chrome - C:\Users\Luci\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

R2 AdvancedSystemCareService6; C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [465216 2013-01-15] (IObit)
R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] ()
S4 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\2.0.189\McCHSvc.exe [227232 2010-09-02] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-06-20] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-06-20] (Microsoft Corporation)
R3 spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [125496 2007-08-03] ()

==================== Drivers (Whitelisted) ====================

R2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()
R2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [279616 2012-01-01] (DT Soft Ltd)
R2 ghaio; C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [17464 2007-08-03] ()
R2 ghaio; C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [17464 2007-08-03] ()
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
S3 s1018bus; C:\Windows\System32\DRIVERS\s1018bus.sys [113704 2009-03-25] (MCCI Corporation)
S3 s1018mdfl; C:\Windows\System32\DRIVERS\s1018mdfl.sys [19496 2009-03-25] (MCCI Corporation)
S3 s1018mdm; C:\Windows\System32\DRIVERS\s1018mdm.sys [153128 2009-03-25] (MCCI Corporation)
S3 s1018mgmt; C:\Windows\System32\DRIVERS\s1018mgmt.sys [133160 2009-03-25] (MCCI Corporation)
S3 s1018nd5; C:\Windows\System32\DRIVERS\s1018nd5.sys [34856 2009-03-25] (MCCI Corporation)
S3 s1018obex; C:\Windows\System32\DRIVERS\s1018obex.sys [128552 2009-03-25] (MCCI Corporation)
S3 s1018unic; C:\Windows\System32\DRIVERS\s1018unic.sys [146472 2009-03-25] (MCCI Corporation)
S3 s1039bus; C:\Windows\System32\DRIVERS\s1039bus.sys [127600 2010-03-15] (MCCI Corporation)
S3 s1039mdfl; C:\Windows\System32\DRIVERS\s1039mdfl.sys [19568 2010-03-15] (MCCI Corporation)
S3 s1039mdm; C:\Windows\System32\DRIVERS\s1039mdm.sys [161904 2010-03-15] (MCCI Corporation)
S3 s1039mgmt; C:\Windows\System32\DRIVERS\s1039mgmt.sys [141424 2010-03-15] (MCCI Corporation)
S3 s1039nd5; C:\Windows\System32\DRIVERS\s1039nd5.sys [34416 2010-03-15] (MCCI Corporation)
S3 s1039obex; C:\Windows\System32\DRIVERS\s1039obex.sys [137328 2010-03-15] (MCCI Corporation)
S3 s1039unic; C:\Windows\System32\DRIVERS\s1039unic.sys [158320 2010-03-15] (MCCI Corporation)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1799680 2009-08-12] ()
S3 ipswuio; System32\DRIVERS\ipswuio.sys [x]
U3 tmlwf;
U3 tmwfp;

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 1C7857B62DE5994A75B054A9FD4C3825
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\System32\drivers\AmUStor.SYS 9C7F164B49CADC658D1B3C575782F346
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\Drivers\AsDsm.sys 88FBC8BEBFD38566235EAA5E4DBC4E05
C:\Program Files\ATKGFNEX\ASMMAP64.sys 2DB34EDD17D3A8DA7105A19C95A3DD68
C:\Program Files\ATKGFNEX\ASMMAP64.sys 2DB34EDD17D3A8DA7105A19C95A3DD68
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\athrx.sys A5E770426D18F8EF332A593F3289DA91
C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys AAFCB52FE0037207FB6FBEA070D25EFE
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\dtsoftbus01.sys 400582B09E0BB557D0EC28A945150EEB
C:\Windows\System32\drivers\dxgkrnl.sys AF2E16242AA723F68F461B6EAE2EAD3D
C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ETD.sys 1299D1EA00B7A4BF69C5869DCA31E0F6
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys 7D66EBDE8B7F9B4E00BEEFEEE82670D4
C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys 7D66EBDE8B7F9B4E00BEEFEEE82670D4
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\system32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHD64.sys EF75C94792187A143871FBB87611B0B7
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdclass.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbfiltr.sys E63EF8C3271D014F14E2469CE75FECB4
C:\Windows\System32\Drivers\ksecdd.sys 97A7070AEA4C058B6418519E869A63B4
C:\Windows\System32\Drivers\ksecpkg.sys 7EFB9333E4ECCE6AE4AE9D777D9E553E
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\system32\drivers\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\MpFilter.sys FC1D590039EF06A381768710E6C07E75
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ATK64AMD.sys 032D35C996F21D19A205A7C8F0B76F3C
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\NisDrvWFP.sys 8FB3C853E886E1E4D57271672486111C
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys B98F8C6E31CD07B2E6F71F7F648E38C0
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nvlddmkm.sys 617D98D19C636AEE80876938796E90B0
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\System32\DRIVERS\nvsmu.sys E58D81FB8616D0CB55C1E36AA0B213C9
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\System32\DRIVERS\nvstor64.sys 1978DD2EE567287D040B5A9468ECEB72
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt64win7.sys F65F171165FBB613F7AA3CC78E8CAB42
C:\Windows\System32\DRIVERS\s1018bus.sys 301FBA4594FB5C0A469299A65106B4AA
C:\Windows\System32\DRIVERS\s1018mdfl.sys D1D7C744F79710357E60FC04D125ED01
C:\Windows\System32\DRIVERS\s1018mdm.sys 7DBE12CCCD837D4266B2DDD80A329C09
C:\Windows\System32\DRIVERS\s1018mgmt.sys 065FF5E62D2D18A6D93FD925546CD549
C:\Windows\System32\DRIVERS\s1018nd5.sys 5101D815BDF0D667E3D5F0EA727CAAEE
C:\Windows\System32\DRIVERS\s1018obex.sys 13F220C65B444AC9BDA49DACFC3230BB
C:\Windows\System32\DRIVERS\s1018unic.sys CE7D8BCE80211D8A35F6BD7A87791860
C:\Windows\System32\DRIVERS\s1039bus.sys 0031DD0C5D4446DA0A3E02617DC6D642
C:\Windows\System32\DRIVERS\s1039mdfl.sys 98C7DBE2290D8CB0235E9528F6A1A53D
C:\Windows\System32\DRIVERS\s1039mdm.sys 7EF052A067D862ECD2A2335914611074
C:\Windows\System32\DRIVERS\s1039mgmt.sys BCC3F31F1FE1E78A5BA2CD6A0E44BA64
C:\Windows\System32\DRIVERS\s1039nd5.sys A0CF11BFFA41176CCD54E701CEB68921
C:\Windows\System32\DRIVERS\s1039obex.sys BD2DA968C5DCEF51BA8014FBAC7A0B6A
C:\Windows\System32\DRIVERS\s1039unic.sys 96B4051B65C1974258A8A33A03C0B082
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\snp2uvc.sys F06A6DE8438F7446BFF9E61F31356521
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 9849EA3843A2ADBDD1497E97A85D8CAE
C:\Windows\System32\DRIVERS\tcpip.sys 9849EA3843A2ADBDD1497E97A85D8CAE
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\tsusbflt.sys 17C6B51CBCCDED95B3CC14E22791F85E
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys 6F1A3157A1C89435352CEB543CDB359C
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys C025055FE7B87701EB042095DF1A2D7B
C:\Windows\System32\DRIVERS\usbhub.sys 287C6C9410B111B68B52CA298F7B8C24
C:\Windows\System32\DRIVERS\usbohci.sys 9840FC418B4CBD632D3D0A667A725C31
C:\Windows\system32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys 62069A34518BCF9C1FD9E74B3F6DB7CD
C:\Windows\System32\Drivers\usbvideo.sys 454800C2BC7F3927CE030141EE4F4C50
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys 442783E2CB0DA19873B7A63833FF4CB4
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wimfltr.sys 52DED146E4797E6CCF94799E8E22BB2A
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWow64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-01 14:34 - 2013-08-01 14:34 - 00000000 ____D C:\FRST
2013-08-01 14:33 - 2013-08-01 14:34 - 00000000 ____D C:\Users\Luci\Documents\Farbar Recovery Scan Tool
2013-07-29 22:45 - 2013-07-29 22:46 - 423392764 _____ C:\Users\Luci\Documents\PowerDirector_3026_GM6_Trial_Trial_VDE130619-02.tmp
2013-07-29 22:45 - 2013-07-29 22:45 - 00000000 ____D C:\ProgramData\CyberLink
2013-07-29 22:30 - 2013-07-29 22:30 - 00000000 ____D C:\Users\Luci\AppData\Roaming\Canneverbe Limited
2013-07-29 22:30 - 2013-07-29 22:30 - 00000000 ____D C:\ProgramData\Canneverbe Limited
2013-07-29 22:30 - 2013-07-29 22:30 - 00000000 ____D C:\Program Files (x86)\CDBurnerXP
2013-07-22 22:16 - 2013-08-01 11:23 - 00003166 _____ C:\Windows\System32\Tasks\P4GIntlCtrl
2013-07-22 11:04 - 2013-07-22 11:03 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-07-22 11:04 - 2013-07-22 11:03 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-07-22 11:04 - 2013-07-22 11:03 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-07-22 11:04 - 2013-07-22 11:03 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-07-22 11:03 - 2013-07-22 11:03 - 00000000 ____D C:\Program Files (x86)\Java
2013-07-20 22:48 - 2013-07-20 22:52 - 00000000 ____D C:\Windows\system32\MRT
2013-07-13 09:31 - 2013-07-13 09:33 - 00000000 ____D C:\Users\Luci\Documents\Knihy oblubene
2013-07-13 09:28 - 2013-07-13 09:28 - 00000000 ____D C:\Users\Luci\Documents\Serialy
2013-07-13 09:20 - 2013-07-13 09:26 - 00000000 ____D C:\Users\Luci\Documents\Metodka bilingval
2013-07-11 22:50 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-11 22:50 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-11 22:50 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-11 22:50 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-11 22:50 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-11 22:50 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-11 22:50 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-11 22:50 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-11 22:50 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-11 22:50 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-11 22:50 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-11 22:50 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-11 22:50 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-11 22:50 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-11 22:50 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-11 22:50 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-11 22:50 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-11 22:50 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-11 22:50 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-11 22:50 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-11 22:50 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-11 22:50 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-11 22:50 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-11 22:50 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-11 22:50 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-11 22:50 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-11 22:50 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-11 22:50 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-11 22:50 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-11 22:50 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-11 22:50 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-11 13:09 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-11 13:09 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-11 13:09 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-11 13:09 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-11 13:09 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-11 13:08 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-11 13:08 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-10 19:06 - 2013-07-19 15:20 - 00000000 ____D C:\Users\Luci\Documents\UK
2013-07-10 10:01 - 2013-07-15 14:19 - 00000000 ____D C:\Users\Luci\Documents\Nitra

==================== One Month Modified Files and Folders =======

2013-08-01 14:34 - 2013-08-01 14:34 - 00000000 ____D C:\FRST
2013-08-01 14:34 - 2013-08-01 14:33 - 00000000 ____D C:\Users\Luci\Documents\Farbar Recovery Scan Tool
2013-08-01 14:20 - 2013-04-17 21:06 - 00018606 _____ C:\Windows\setupact.log
2013-08-01 14:03 - 2010-11-07 18:33 - 00000942 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-494739936-1001001966-3522898868-1000UA.job
2013-08-01 11:34 - 2010-10-30 02:06 - 02013226 _____ C:\Windows\WindowsUpdate.log
2013-08-01 11:29 - 2009-07-14 06:45 - 00015008 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-01 11:29 - 2009-07-14 06:45 - 00015008 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-01 11:24 - 2011-02-11 13:36 - 00000000 ____D C:\Users\Luci\AppData\Roaming\Dropbox
2013-08-01 11:23 - 2013-07-22 22:16 - 00003166 _____ C:\Windows\System32\Tasks\P4GIntlCtrl
2013-08-01 11:23 - 2011-02-11 13:40 - 00000000 ___RD C:\Users\Luci\Dropbox
2013-08-01 11:22 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-31 17:54 - 2010-12-11 13:38 - 00000496 ____H C:\Windows\Tasks\Norton Security Scan for Luci.job
2013-07-31 16:12 - 2009-07-14 07:13 - 00730448 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-31 10:03 - 2010-11-07 18:33 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-494739936-1001001966-3522898868-1000Core.job
2013-07-29 22:46 - 2013-07-29 22:45 - 423392764 _____ C:\Users\Luci\Documents\PowerDirector_3026_GM6_Trial_Trial_VDE130619-02.tmp
2013-07-29 22:45 - 2013-07-29 22:45 - 00000000 ____D C:\ProgramData\CyberLink
2013-07-29 22:30 - 2013-07-29 22:30 - 00000000 ____D C:\Users\Luci\AppData\Roaming\Canneverbe Limited
2013-07-29 22:30 - 2013-07-29 22:30 - 00000000 ____D C:\ProgramData\Canneverbe Limited
2013-07-29 22:30 - 2013-07-29 22:30 - 00000000 ____D C:\Program Files (x86)\CDBurnerXP
2013-07-29 10:24 - 2010-11-13 15:24 - 00000000 ____D C:\Users\Luci\AppData\Roaming\Skype
2013-07-28 21:53 - 2011-05-07 08:17 - 00000000 ____D C:\Users\Luci\Desktop\Palo
2013-07-27 23:11 - 2010-11-13 15:03 - 00045056 _____ C:\Windows\system32\acovcnt.exe
2013-07-23 21:42 - 2012-10-01 14:42 - 00000000 ____D C:\Users\Luci\Documents\Knihy - prekladatelstvo
2013-07-23 17:09 - 2013-04-17 21:05 - 00009142 _____ C:\Windows\PFRO.log
2013-07-22 17:38 - 2011-01-25 23:00 - 00001912 _____ C:\Windows\epplauncher.mif
2013-07-22 17:16 - 2011-01-25 22:59 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-07-22 17:16 - 2011-01-25 22:59 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-07-22 17:09 - 2013-03-18 15:25 - 00003102 _____ C:\Windows\System32\Tasks\P4G Sidebar
2013-07-22 11:03 - 2013-07-22 11:04 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-07-22 11:03 - 2013-07-22 11:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-07-22 11:03 - 2013-07-22 11:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-07-22 11:03 - 2013-07-22 11:04 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-07-22 11:03 - 2013-07-22 11:03 - 00000000 ____D C:\Program Files (x86)\Java
2013-07-22 11:03 - 2013-03-20 18:41 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-07-22 11:03 - 2011-09-21 12:58 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-07-22 10:58 - 2010-12-10 22:30 - 00000000 ____D C:\Program Files (x86)\DivX
2013-07-22 10:58 - 2010-12-10 22:29 - 00000000 ____D C:\ProgramData\DivX
2013-07-22 10:57 - 2010-12-10 22:34 - 00000000 ____D C:\Program Files\DivX
2013-07-21 11:42 - 2012-03-08 21:34 - 00000000 ____D C:\Users\Luci\Documents\Audio Books
2013-07-20 22:52 - 2013-07-20 22:48 - 00000000 ____D C:\Windows\system32\MRT
2013-07-19 15:20 - 2013-07-10 19:06 - 00000000 ____D C:\Users\Luci\Documents\UK
2013-07-15 14:19 - 2013-07-10 10:01 - 00000000 ____D C:\Users\Luci\Documents\Nitra
2013-07-14 11:22 - 2010-10-29 20:56 - 00001950 _____ C:\Windows\system32\AutoRunFilter.ini
2013-07-13 15:18 - 2013-06-25 19:22 - 00000000 ____D C:\Users\Luci\Documents\M.A.S.H kniha
2013-07-13 15:16 - 2010-11-13 15:24 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-07-13 15:16 - 2010-11-13 15:24 - 00000000 ____D C:\ProgramData\Skype
2013-07-13 09:58 - 2010-11-07 18:33 - 00003910 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-494739936-1001001966-3522898868-1000UA
2013-07-13 09:58 - 2010-11-07 18:33 - 00003514 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-494739936-1001001966-3522898868-1000Core
2013-07-13 09:33 - 2013-07-13 09:31 - 00000000 ____D C:\Users\Luci\Documents\Knihy oblubene
2013-07-13 09:29 - 2011-02-27 15:13 - 00000000 ____D C:\Users\Luci\Documents\Recepty
2013-07-13 09:28 - 2013-07-13 09:28 - 00000000 ____D C:\Users\Luci\Documents\Serialy
2013-07-13 09:27 - 2010-11-10 16:21 - 00000000 ____D C:\Users\Luci\Documents\Texty
2013-07-13 09:27 - 2010-11-10 16:17 - 00000000 ____D C:\Users\Luci\Documents\Metodka osemročné
2013-07-13 09:26 - 2013-07-13 09:20 - 00000000 ____D C:\Users\Luci\Documents\Metodka bilingval
2013-07-13 09:26 - 2011-03-09 15:51 - 00000000 ____D C:\Users\Luci\Documents\Other
2013-07-13 09:21 - 2012-12-05 18:33 - 00000000 ____D C:\Users\Luci\Documents\foto stuzkova poslat
2013-07-13 09:17 - 2011-01-02 14:53 - 00000000 ____D C:\Users\Luci\Documents\Breviar
2013-07-12 14:27 - 2009-07-14 06:45 - 00454376 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-12 14:25 - 2013-03-15 01:00 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-12 14:25 - 2013-03-15 01:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-12 14:25 - 2009-07-14 09:54 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-12 14:25 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-12 14:25 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-11 23:03 - 2010-10-29 21:25 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-10 10:03 - 2012-09-02 14:09 - 00037376 ___SH C:\Users\Luci\Documents\Thumbs.db
2013-07-08 21:27 - 2011-05-28 20:32 - 00000000 ____D C:\Users\Luci\Documents\Maťa

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== BCD ================================

Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=\Device\HarddiskVolume1
description Windows Boot Manager
locale sk-SK
inherit {globalsettings}
default {current}
resumeobject {63635620-e3c1-11df-b35e-d8f166b986be}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30

Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale sk-SK
inherit {bootloadersettings}
recoverysequence {63635622-e3c1-11df-b35e-d8f166b986be}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {63635620-e3c1-11df-b35e-d8f166b986be}
nx OptIn

Windows Boot Loader
-------------------
identifier {63635622-e3c1-11df-b35e-d8f166b986be}
device ramdisk=[C:]\Recovery\63635622-e3c1-11df-b35e-d8f166b986be\Winre.wim,{63635623-e3c1-11df-b35e-d8f166b986be}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[C:]\Recovery\63635622-e3c1-11df-b35e-d8f166b986be\Winre.wim,{63635623-e3c1-11df-b35e-d8f166b986be}
systemroot \windows
nx OptIn
winpe Yes

Resume from Hibernate
---------------------
identifier {63635620-e3c1-11df-b35e-d8f166b986be}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale sk-SK
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {memdiag}
device partition=\Device\HarddiskVolume1
path \boot\memtest.exe
description Windows Memory Diagnostic
locale sk-SK
inherit {globalsettings}
badmemoryaccess Yes

EMS Settings
------------
identifier {emssettings}
bootems Yes

Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {badmemory}

Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}

Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}

Device options
--------------
identifier {63635623-e3c1-11df-b35e-d8f166b986be}
description Ramdisk Options
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\63635622-e3c1-11df-b35e-d8f166b986be\boot.sdi



LastRegBack: 2013-07-23 10:22

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-07-2013 03
Ran by Luci at 2013-08-01 14:36:44
Running from C:\Users\Luci\Documents\Farbar Recovery Scan Tool
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================


µTorrent (x32 Version: 3.1.3)
ACD/Labs Software in C:\ACDFREE12\ (x32 Version: v12.00, FREE)
Acrobat.com (x32 Version: 1.1.377)
Adobe AIR (x32 Version: 1.5.0.7220)
Adobe Flash Player 10 Plugin (x32 Version: 10.3.183.90)
Adobe Photoshop 7.0 (x32 Version: 7.0)
Adobe Reader XI (11.0.03) - Czech (x32 Version: 11.0.03)
Advanced SystemCare 6 (x32 Version: 6.1)
Akamai NetSession Interface (HKCU)
Akamai NetSession Interface Service (x32)
Alcor Micro USB Card Reader (x32 Version: 1.5.17.25482)
ASUS AI Recovery (x32 Version: 1.0.6)
ASUS Data Security Manager (x32 Version: 1.00.0013)
ASUS FancyStart (x32 Version: 1.0.6)
ASUS LifeFrame3 (x32 Version: 3.0.20)
ASUS Live Update (x32 Version: 2.5.9)
ASUS MultiFrame (x32 Version: 1.0.0019)
ASUS Power4Gear Hybrid (Version: 1.1.24)
ASUS SmartLogon (x32 Version: 1.0.0007)
ASUS Splendid Video Enhancement Technology (x32 Version: 1.02.0028)
ASUS Virtual Camera (x32 Version: 1.0.18)
ASUS_Screensaver (x32)
ATK Generic Function Service (x32 Version: 1.00.0008)
ATK Hotkey (x32 Version: 1.0.0052)
ATK Media (x32 Version: 2.0.0006)
ATKOSD2 (x32 Version: 7.0.0006)
CDBurnerXP (x32 Version: 4.5.2.4214)
ControlDeck (x32 Version: 1.0.3)
D3DX10 (x32 Version: 15.4.2368.0902)
DAEMON Tools Lite (x32 Version: 4.45.1.0236)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Dropbox (HKCU Version: 2.0.22)
ETDWare PS/2-x64 7.0.5.7_WHQL
Fast Boot (Version: 1.0.4)
File Type Assistant (x32)
Google Chrome (HKCU Version: 28.0.1500.95)
ID3 Tag Editor 1.0 (x32)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
Lingea Lexicon 2002 (x32)
McAfee Security Scan Plus (x32 Version: 2.0.189.1)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Antimalware Service SK-SK Language Pack (Version: 2.1.6805.0)
Microsoft Antimalware Service SK-SK Language Pack (Version: 3.0.8107.0)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Access MUI (Slovak) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (Slovak) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Groove MUI (Slovak) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (Slovak) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Language Pack 2010 - Slovak/Slovenčina (x32 Version: 14.0.7015.1000)
Microsoft Office O MUI (Slovak) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (Slovak) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (Slovak) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (Slovak) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Czech) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Hungarian) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Slovak) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (Slovak) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (Slovak) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (Slovak) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared MUI (Slovak) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (Slovak) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office X MUI (Slovak) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Security Client (Version: 4.3.0215.0)
Microsoft Security Client SK-SK Language Pack (Version: 2.0.0657.0)
Microsoft Security Essentials (Version: 4.3.215.0)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (x32 Version: 9.0.30411)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Mozilla Firefox 21.0 (x86 sk) (x32 Version: 21.0)
Mozilla Maintenance Service (x32 Version: 21.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
NB Probe (x32)
Net4Switch (x32 Version: 1.00.0019)
Norton Security Scan (x32 Version: 2.7.3.34)
NVIDIA Drivers (Version: 1.10)
Realtek Ethernet Controller Driver (x32 Version: 1.00.0008)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.5938)
S USB2.0 UVC VGA WebCam (Version: 5.8.53120.203)
Service Pack 2 for Microsoft Office 2010 Language Pack (KB2687449) 32-Bit Edition (x32)
Skype Click to Call (x32 Version: 6.9.12585)
Skype™ 6.6 (x32 Version: 6.6.106)
Sony PC Companion 2.10.065 (x32 Version: 2.10.065)
SRS Premium Sound Control Panel (Version: 1.8.1200)
The KMPlayer (remove only) (x32)
Total Commander (Remove or Repair) (x32 Version: 7.56a)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553092) (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3538.0513)
Windows Live Fotogaléria (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
WinFlash (x32 Version: 2.29.0)
WinRAR 4.01 (64-bit) (Version: 4.01.0)
Wireless Console 3 (x32 Version: 3.0.12)

==================== Restore Points =========================

23-07-2013 08:29:20 Plánovaný kontrolný bod
23-07-2013 14:10:36 Removed IObit Apps Toolbar v7.2.
24-07-2013 21:41:57 Windows Update
29-07-2013 07:07:50 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0B31F6E1-B2E2-4BCC-B9C8-6A20995FEA5B} - System32\Tasks\P4GIntlCtrl => C:\Program Files\P4G\IntlCtrl.exe [2009-08-11] (TODO: <Company name>)
Task: {1D48DC62-000F-4E5D-9598-74732B4C12FA} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-06-20] (Microsoft Corporation)
Task: {1FBF773E-0366-4CC6-A61E-9BF8E6C8B36D} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {2ABBA3DF-C6FB-4516-B484-7AD044C02743} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation)
Task: {400F240D-017E-49F6-B72B-3F2E65426416} - System32\Tasks\Net4Switch => C:\Program Files\ASUS\Net4Switch\Net4Switch.exe [2007-11-20] (ASUS)
Task: {4B8E687B-567C-4A9E-870D-6B0E9CAFB5BB} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()
Task: {53D15EEB-66A4-48F1-96E7-E9D5F14906AE} - System32\Tasks\P4G Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {64B3A0FE-4D40-48B0-8086-2576CA3B3A57} - System32\Tasks\{FACCC30A-A7BF-4DA1-B74F-595FF4DAAB92} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2013-06-21] (Skype Technologies S.A.)
Task: {66A9C07B-93F4-486F-8190-9DDDC9A83927} - System32\Tasks\Norton Security Scan for Luci => C:\Program Files (x86)\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-07-07] (Symantec Corporation)
Task: {78B779E2-85F9-411E-AB62-F405F5AB3CE3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-494739936-1001001966-3522898868-1000Core => C:\Users\Luci\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-07] (Google Inc.)
Task: {8714C3D1-9E2C-4034-8B14-8FDD2305DC3E} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-20] (Microsoft Corporation)
Task: {A40D5A05-3C5B-4C34-AE3A-E75F8912B7CA} - System32\Tasks\ASUSControlDeck => C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe [2009-09-03] ()
Task: {AB007912-3A61-428B-AA3E-EE06C40CB5C7} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2009-05-18] (ASUS)
Task: {B089A12F-7907-4046-8C40-7064DAAF33A4} - System32\Tasks\ASC6_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 6\Monitor.exe [2013-01-15] (IObit)
Task: {B0ADE132-4AEC-46D0-B166-2A7406DCDAF5} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2009-09-08] (ATK)
Task: {C535166E-E8E2-44CD-8E91-B4EF9FB32D7C} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2009-07-23] (ATK)
Task: {DBB8EA77-E12C-4D04-9AB8-BCB0967236F2} - System32\Tasks\RunAsStdUser Task => C:\Program Files (x86)\ClickPotatoLite\bin\11.0.19.0\ClickPotatoLiteSA.exe No File
Task: {E958CA05-AFD6-429B-B804-DD14E24F399A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-494739936-1001001966-3522898868-1000UA => C:\Users\Luci\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-07] (Google Inc.)
Task: {F1DDB0A4-B824-4FA1-8A81-A49AD0419892} - System32\Tasks\WC3 => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2009-09-15] ()
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-494739936-1001001966-3522898868-1000Core.job => C:\Users\Luci\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-494739936-1001001966-3522898868-1000UA.job => C:\Users\Luci\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Norton Security Scan for Luci.job => C:\Program Files (x86)\Norton Security Scan\Engine\2.7.3.34\Nss.exe

==================== Faulty Device Manager Devices =============

Name: VSO Software class ...
Description: VSO Software class ...
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/01/2013 00:37:01 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (08/01/2013 11:29:08 AM) (Source: Application Error) (User: )
Description: Názov chybovej aplikácie: GetBooks.exe, verzia: 0.0.0.0, časová značka: 0x51935c50
Názov chybového modulu: unknown, verzia: 0.0.0.0, časová značka: 0x00000000
Kód výnimky: 0xc0000005
Odstup chyby: 0x025493e6
Identifikácia chybného procesu: 0x398
Čas spustenia chybnej aplikácie: 0xGetBooks.exe0
Cesta chybnej aplikácie: GetBooks.exe1
Cesta chybného modulu: GetBooks.exe2
Identifikácia hlásenia: GetBooks.exe3

Error: (08/01/2013 11:23:08 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/01/2013 11:23:08 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/31/2013 04:12:25 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (07/31/2013 04:12:24 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (07/31/2013 03:53:20 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (07/31/2013 03:53:20 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (07/31/2013 00:09:45 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (07/31/2013 00:09:45 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.


System errors:
=============
Error: (07/31/2013 11:48:09 AM) (Source: Service Control Manager) (User: )
Description: Počas čakania na odpoveď transakcie od služby defragsvc bol dosiahnutý časový limit (30000 ms).

Error: (07/30/2013 02:25:41 PM) (Source: WMPNetworkSvc) (User: )
Description: 0x80004004-1

Error: (07/30/2013 11:22:53 AM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer ANDY-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{E3DA81CD-2601-4DD9-8A91-C7ECB7E523FD}.
The master browser is stopping or an election is being forced.

Error: (07/27/2013 09:18:02 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer ANDY-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{E3DA81CD-2601-4DD9-8A91-C7ECB7E523FD}.
The master browser is stopping or an election is being forced.

Error: (07/26/2013 07:03:23 PM) (Source: Service Control Manager) (User: )
Description: Počas čakania na odpoveď transakcie od služby ShellHWDetection bol dosiahnutý časový limit (30000 ms).

Error: (07/23/2013 10:22:51 AM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (07/22/2013 05:28:09 PM) (Source: Microsoft Antimalware) (User: )
Description: Pri pokuse o aktualizáciu podpisov program %NT AUTHORITY60 narazil na chybu.

Nová verzia podpisu:

Predchádzajúca verzia podpisu: 1.155.448.0

Zdroj aktualizácie: %NT AUTHORITY59

Fáza aktualizácie: 4.3.0215.00

Cesta k zdroju: 4.3.0215.01

Typ podpisu: %NT AUTHORITY602

Typ aktualizácie: %NT AUTHORITY604

Používateľ: NT AUTHORITY\SYSTEM

Aktuálna verzia stroja: %NT AUTHORITY605

Predchádzajúca verzia stroja: %NT AUTHORITY606

Kód chyby: %NT AUTHORITY607

Popis chyby: %NT AUTHORITY608

Error: (07/22/2013 05:28:09 PM) (Source: Microsoft Antimalware) (User: )
Description: Pri pokuse o aktualizáciu podpisov program %NT AUTHORITY60 narazil na chybu.

Nová verzia podpisu:

Predchádzajúca verzia podpisu: 1.155.448.0

Zdroj aktualizácie: %NT AUTHORITY59

Fáza aktualizácie: 4.3.0215.00

Cesta k zdroju: 4.3.0215.01

Typ podpisu: %NT AUTHORITY602

Typ aktualizácie: %NT AUTHORITY604

Používateľ: NT AUTHORITY\SYSTEM

Aktuálna verzia stroja: %NT AUTHORITY605

Predchádzajúca verzia stroja: %NT AUTHORITY606

Kód chyby: %NT AUTHORITY607

Popis chyby: %NT AUTHORITY608

Error: (07/22/2013 05:28:09 PM) (Source: Microsoft Antimalware) (User: )
Description: Pri pokuse o aktualizáciu podpisov program %NT AUTHORITY60 narazil na chybu.

Nová verzia podpisu:

Predchádzajúca verzia podpisu: 1.155.448.0

Zdroj aktualizácie: %NT AUTHORITY59

Fáza aktualizácie: 4.3.0215.00

Cesta k zdroju: 4.3.0215.01

Typ podpisu: %NT AUTHORITY602

Typ aktualizácie: %NT AUTHORITY604

Používateľ: NT AUTHORITY\SYSTEM

Aktuálna verzia stroja: %NT AUTHORITY605

Predchádzajúca verzia stroja: %NT AUTHORITY606

Kód chyby: %NT AUTHORITY607

Popis chyby: %NT AUTHORITY608

Error: (07/22/2013 08:41:59 AM) (Source: ACPI) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.


Microsoft Office Sessions:
=========================
Error: (08/01/2013 00:37:01 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (08/01/2013 11:29:08 AM) (Source: Application Error)(User: )
Description: GetBooks.exe0.0.0.051935c50unknown0.0.0.000000000c0000005025493e639801ce8e98b663d460C:\Users\Luci\AppData\Local\GetBooks\GetBooks.exeunknownd0a5ea60-fa8c-11e2-8701-20cf302aa77b

Error: (08/01/2013 11:23:08 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\P4G\MFC80U.DLL

Error: (08/01/2013 11:23:08 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\P4G\MFC80U.DLL

Error: (07/31/2013 04:12:25 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: 01B8020000002D010000

Error: (07/31/2013 04:12:24 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: 01B120200000000000000AF000000

Error: (07/31/2013 03:53:20 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: 01B8020000002D010000

Error: (07/31/2013 03:53:20 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: 01B120200000000000000AF000000

Error: (07/31/2013 00:09:45 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: 01B8020000002D010000

Error: (07/31/2013 00:09:45 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: 01B120200000000000000AF000000


==================== Memory info ===========================

Percentage of memory in use: 54%
Total physical RAM: 4095.27 MB
Available physical RAM: 1849.46 MB
Total Pagefile: 8188.72 MB
Available Pagefile: 5635.83 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:270.35 GB) (Free:43.33 GB) NTFS (Disk=0 Partition=3)
Drive d: () (Fixed) (Total:195.31 GB) (Free:8.17 GB) NTFS (Disk=0 Partition=2)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 447719A2)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=195 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=270 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Dakujem.

1:cez pridat/odobrat programy>>Odinstaluj program.
Rozbijaca systemu >>C:\Program Files (x86)\IObit\Advanced SystemCare 6
Tiez>>Odinstaluj program>>
Norton Security Scan (x32 Version: 2.7.3.34)

Dalej
Takto, Farbar recovery scan tool si dala sem.
C:\Users\Luci\Documents\Farbar Recovery Scan Tool
Takze stiahni aj prilohu a rozbal, fixlist.txt daj >> presne sem, vedla Farbar Recovery Scan Tool.

Spust znova ako spravca ,,Farbar Recovery Scan Tool .
Ale teraz klikni na Gombik=knoflik>>FIX
Po restarte FIXLog.txt vloz sem.

Potom pokracujeme dalej.

Vsetko som urobila, ked som pocitac restartovala ani mi nevypisal Runtime error ako predtym.
Tu je fixlog.



Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-07-2013 03
Ran by Luci at 2013-08-01 16:51:22 Run:1
Running from C:\Users\Luci\Documents\Farbar Recovery Scan Tool
Boot Mode: Normal
==============================================

HKLM\Software\Classes\CLSID\{750fdf10-2a26-11d1-a3ea-080036587f03}\InprocServer32\\Default => Value was restored successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GetBooks => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{13ae7729-e3b9-11df-934e-806e6f6e6963} => Key deleted successfully.
HKCR\CLSID\{13ae7729-e3b9-11df-934e-806e6f6e6963} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6334e708-69c5-11e0-840b-20cf302aa77b} => Key deleted successfully.
HKCR\CLSID\{6334e708-69c5-11e0-840b-20cf302aa77b} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fee2718c-80af-11e0-b528-20cf302aa77b} => Key deleted successfully.
HKCR\CLSID\{fee2718c-80af-11e0-b528-20cf302aa77b} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\\{687578b9-7132-4a7a-80e4-30ee31099e03} => Value deleted successfully.
HKCR\CLSID\{687578b9-7132-4a7a-80e4-30ee31099e03} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} => Key deleted successfully.
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key deleted successfully.
HKCR\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4B8C28A7-A9BC-45F8-990D-21499EED643C} => Key deleted successfully.
HKCR\CLSID\{4B8C28A7-A9BC-45F8-990D-21499EED643C} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{65DCECE6-824B-4CCE-8A79-15A9AB21DEA6} => Key deleted successfully.
HKCR\CLSID\{65DCECE6-824B-4CCE-8A79-15A9AB21DEA6} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} => Key deleted successfully.
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key deleted successfully.
HKCR\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key not found.
Firefox Keyword.URL deleted successfully.
C:\Users\Luci\AppData\Roaming\Mozilla\Firefox\Profiles\g9rjekg0.default\searchplugins\conduit.xml => Moved successfully.
C:\Users\Luci\AppData\Roaming\Mozilla\Firefox\Profiles\g9rjekg0.default\searchplugins\Search_Results.xml => Moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml => Moved successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\ClickPotatoLite@ClickPotatoLite.com => Value deleted successfully.
C:\Program Files (x86)\ClickPotatoLite\bin\11.0.19.0\firefox\extensions => Moved successfully.
CHR HomePage: hxxp://search.imesh.net?appid=1157 ==> The Chrome "Settings" can be used to fix the entry.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk => Key deleted successfully.
C:\Program Files (x86)\Common Files\Spigot\GC\coupons_2.4.crx => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc => Key deleted successfully.
C:\Users\Luci\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp => Key deleted successfully.
C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{66A9C07B-93F4-486F-8190-9DDDC9A83927} => Key not found.
C:\Windows\System32\Tasks\Norton Security Scan for Luci not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Security Scan for Luci => Key not found.
C:\Windows\Tasks\Norton Security Scan for Luci.job not found.
C:\Users\Luci\AppData\Local\GetBooks\GetBooks.exe => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.


The system needs a manual reboot.

==== End of Fixlog ====

ok, ideme dalej.
1:Pouzijes program ADWCLEANER>>Spustia ako admin a stlacis gombik DELETE>>Log vloz sem>
Navod v mojom blogu:
http://www.viruskasino.com/2012/09/adwcleaner.html

2:Pouzijes program Junkwareremovaltool>>log vloz sem>
http://www.viruskasino.com/2010/12/prog ... moval-tool

3:Stiahni na plochu OTL
http://oldtimer.geekstogo.com/OTL.exe
spust>ako admin>.zafajkni 64-bites, a allusers

do spodneho okna skopiruj tento text.
a klikni na gombik RUNFIX>.alebo OPRAVIT, log po restarte vloz sem. 4:Spustis podla navodu Combofix, a log vloz sem.
http://www.bleepingcomputer.com/combofi ... t-combofix

Vysledok 1:


# AdwCleaner v2.306 - Log vytvorený 01/08/2013 o 21:35:15
# Aktualizované 19/07/2013 Xplode
# Operaený systém : Windows 7 Home Premium Service Pack 1 (64 bits)
# Uživateľ : Luci - LUCI-PC
# Spustený systém : Normálny
# Spustené z : C:\Users\Luci\Documents\Farbar Recovery Scan Tool\adwcleaner.exe
# Voľba [Vymaza?]


***** [Služby] *****


***** [Súbory / Adresáre] *****

Adresár Vymazané : C:\Program Files (x86)\clickpotatolite
Adresár Vymazané : C:\Program Files (x86)\Common Files\spigot
Adresár Vymazané : C:\Program Files (x86)\Conduit
Adresár Vymazané : C:\Program Files (x86)\Free Offers from Freeze.com
Adresár Vymazané : C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
Adresár Vymazané : C:\ProgramData\Babylon
Adresár Vymazané : C:\ProgramData\ClickPotatoLiteSA
Adresár Vymazané : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\clickpotato
Adresár Vymazané : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
Adresár Vymazané : C:\Users\Luci\AppData\Local\Conduit
Adresár Vymazané : C:\Users\Luci\AppData\Local\PackageAware
Adresár Vymazané : C:\Users\Luci\AppData\Local\TempDir
Adresár Vymazané : C:\Users\Luci\AppData\LocalLow\boost_interprocess
Adresár Vymazané : C:\Users\Luci\AppData\LocalLow\Conduit
Adresár Vymazané : C:\Users\Luci\AppData\LocalLow\ShoppingReport2
Adresár Vymazané : C:\Users\Luci\AppData\Roaming\Babylon
Adresár Vymazané : C:\Users\Luci\AppData\Roaming\Media Finder
Adresár Vymazané : C:\Users\Luci\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com
Súbor Vymazané : C:\END
Súbor Vymazané : C:\Program Files (x86)\Mozilla FireFox\searchplugins\Search_Results.xml
Súbor Vymazané : C:\user.js
Súbor Vymazané : C:\Users\Luci\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage

***** [Registre] *****

Hodnota Vymazané : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Hodnota Vymazané : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]
Hodnota Vymazané : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]
Kľúe Vymazané : HKCU\Software\1ClickDownload
Kľúe Vymazané : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Kľúe Vymazané : HKCU\Software\AppDataLow\Software\Search Settings
Kľúe Vymazané : HKCU\Software\AppDataLow\Software\ShoppingReport2
Kľúe Vymazané : HKCU\Software\AppDataLow\Software\SmartBar
Kľúe Vymazané : HKCU\Software\Conduit
Kľúe Vymazané : HKCU\Software\Imesh
Kľúe Vymazané : HKCU\Software\MediaFinder
Kľúe Vymazané : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder
Kľúe Vymazané : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Kľúe Vymazané : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
Kľúe Vymazané : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Kľúe Vymazané : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Kľúe Vymazané : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{503E067F-2914-4EDD-8432-2D6C52635E23}
Kľúe Vymazané : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Kľúe Vymazané : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Kľúe Vymazané : HKCU\Software\Softonic
Kľúe Vymazané : HKLM\Software\Babylon
Kľúe Vymazané : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Kľúe Vymazané : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Kľúe Vymazané : HKLM\SOFTWARE\Classes\AppID\{D2083641-E57F-4EAB-BB85-0582424F4A29}
Kľúe Vymazané : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Kľúe Vymazané : HKLM\SOFTWARE\Classes\AppID\MenuButtonIE.DLL
Kľúe Vymazané : HKLM\SOFTWARE\Classes\MF
Kľúe Vymazané : HKLM\SOFTWARE\Classes\Prod.cap
Kľúe Vymazané : HKLM\Software\ClickPotatoLite
Kľúe Vymazané : HKLM\Software\Conduit
Kľúe Vymazané : HKLM\Software\DataMngr
Kľúe Vymazané : HKLM\Software\Freeze.com
Kľúe Vymazané : HKLM\Software\iMeshSRTB
Kľúe Vymazané : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Kľúe Vymazané : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Kľúe Vymazané : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Kľúe Vymazané : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE}
Kľúe Vymazané : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Kľúe Vymazané : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{503E067F-2914-4EDD-8432-2D6C52635E23}
Kľúe Vymazané : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Kľúe Vymazané : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Kľúe Vymazané : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Kľúe Vymazané : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
Kľúe Vymazané : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai
Kľúe Vymazané : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{503E067F-2914-4EDD-8432-2D6C52635E23}
Kľúe Vymazané : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Kľúe Vymazané : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Kľúe Vymazané : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Kľúe Vymazané : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
Kľúe Vymazané : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Kľúe Vymazané : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{4B8C28A7-A9BC-45F8-990D-21499EED643C}

***** [Internetové prehliadaee] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Registre sú eisté.

-\\ Mozilla Firefox v21.0 (sk)

Súbor : C:\Users\Luci\AppData\Roaming\Mozilla\Firefox\Profiles\g9rjekg0.default\prefs.js

C:\Users\Luci\AppData\Roaming\Mozilla\Firefox\Profiles\g9rjekg0.default\user.js ... Vymazané !

Vymazané : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Vymazané : user_pref("browser.search.defaultenginename", "Search Results");
Vymazané : user_pref("browser.search.defaultthis.engineName", "uTorrentControl2 Customized Web Search");
Vymazané : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&Sea[...]
Vymazané : user_pref("browser.search.order.1", "Search Results");
Vymazané : user_pref("browser.search.selectedEngine", "Search Results");
Vymazané : user_pref("extensions.BabylonToolbar.admin", false);
Vymazané : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Vymazané : user_pref("extensions.BabylonToolbar.babExt", "");
Vymazané : user_pref("extensions.BabylonToolbar.babTrack", "affID=111015&tt=060612_6_");
Vymazané : user_pref("extensions.BabylonToolbar.bbDpng", 12);
Vymazané : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Vymazané : user_pref("extensions.BabylonToolbar.dfltSrch", true);
Vymazané : user_pref("extensions.BabylonToolbar.hmpg", true);
Vymazané : user_pref("extensions.BabylonToolbar.id", "0cbda7cd00000000000072f06d8ce164");
Vymazané : user_pref("extensions.BabylonToolbar.instlDay", "15505");
Vymazané : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Vymazané : user_pref("extensions.BabylonToolbar.keyWordUrl", "hxxp://search.babylon.com/?affID=111015&tt=060612[...]
Vymazané : user_pref("extensions.BabylonToolbar.lastDP", 12);
Vymazané : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1712:56:44");
Vymazané : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "3.6");
Vymazané : user_pref("extensions.BabylonToolbar.newTab", true);
Vymazané : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");
Vymazané : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
Vymazané : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Vymazané : user_pref("extensions.BabylonToolbar.propectorlck", 109595905);
Vymazané : user_pref("extensions.BabylonToolbar.prtkHmpg", 1);
Vymazané : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Vymazané : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Vymazané : user_pref("extensions.BabylonToolbar.smplGrp", "azb");
Vymazané : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Vymazané : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Vymazané : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");
Vymazané : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1712:56:44");
Vymazané : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");
Vymazané : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Vymazané : user_pref("extensions.BabylonToolbar_i.babExt", "");
Vymazané : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=111015&tt=060612_6_");
Vymazané : user_pref("extensions.BabylonToolbar_i.hardId", "0cbda7cd00000000000072f06d8ce164");
Vymazané : user_pref("extensions.BabylonToolbar_i.id", "0cbda7cd00000000000072f06d8ce164");
Vymazané : user_pref("extensions.BabylonToolbar_i.instlDay", "15505");
Vymazané : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Vymazané : user_pref("extensions.BabylonToolbar_i.newTab", false);
Vymazané : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Vymazané : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Vymazané : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Vymazané : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Vymazané : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Vymazané : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Vymazané : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1712:56:44");
Vymazané : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Vymazané : user_pref("extensions.newAddons", "gencrawler@some.com");

-\\ Google Chrome v28.0.1500.95

Súbor : C:\Users\Luci\AppData\Local\Google\Chrome\User Data\Default\Preferences

Vymazané [l.2704] : homepage = "hxxp://search.imesh.net?appid=1157",

*************************

AdwCleaner[S1].txt - [10573 octets] - [01/08/2013 21:35:15]

########## EOF - C:\AdwCleaner[S1].txt - [10634 octets] ##########

Vysledok kroku 2:




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.2.9 (07.30.2013:1)
OS: Windows 7 Home Premium x64
Ran by Luci on çt 01. 08. 2013 at 21:44:08,87
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-494739936-1001001966-3522898868-1000\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\torch
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\torch
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\askpartnercobrandingtool_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\askpartnercobrandingtool_rasmancs



~~~ Files

Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.1049.txt
Successfully deleted: [File] C:\eula.2052.txt
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.1049.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Luci\appdata\local\{0EA356E4-7DEB-4EED-90AB-98B031B12A9F}
Successfully deleted: [Empty Folder] C:\Users\Luci\appdata\local\{1B887B1C-2EEB-4CCC-83E5-CA46BBE37B15}
Successfully deleted: [Empty Folder] C:\Users\Luci\appdata\local\{3C4C1F24-8E56-453E-897B-7C6B0263465F}
Successfully deleted: [Empty Folder] C:\Users\Luci\appdata\local\{687F752F-9A8E-46C3-8E96-A2B0454C67E8}
Successfully deleted: [Empty Folder] C:\Users\Luci\appdata\local\{A4929032-B47D-45C3-B627-438BFB651341}
Successfully deleted: [Empty Folder] C:\Users\Luci\appdata\local\{DC483AE0-402E-4E01-BB5B-0FE9AB0B2A2E}
Successfully deleted: [Empty Folder] C:\Users\Luci\appdata\local\{E1717FAE-66F8-4AEB-8ED9-2D7FE324D4D6}
Successfully deleted: [Empty Folder] C:\Users\Luci\appdata\local\{FAC1CB17-9C85-49C6-B4D7-09B723FF8309}



~~~ FireFox

Successfully deleted the following from C:\Users\Luci\AppData\Roaming\mozilla\firefox\profiles\g9rjekg0.default\prefs.js

user_pref("extensions.questscan.init", true);



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\kiplfnciaokpcennlkldkdaeaaomamof



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on çt 01. 08. 2013 at 21:54:33,05
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Vysledok kroku 3:





All processes killed
========== FILES ==========
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Luci\Desktop\cmd.bat deleted successfully.
C:\Users\Luci\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Luci
->Temp folder emptied: 101701877 bytes
->Temporary Internet Files folder emptied: 11979542 bytes
->Java cache emptied: 31917 bytes
->FireFox cache emptied: 352384340 bytes
->Google Chrome cache emptied: 312119881 bytes
->Flash cache emptied: 22644 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 133354989 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 68065 bytes
RecycleBin emptied: 29000651169 bytes

Total Files Cleaned = 28 527,00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 08012013_220014

Vysledok krorku 4:




ComboFix 13-08-01.01 - Luci . 08. 2013 22:20:29.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.4095.2721 [GMT 2:00]
Running from: c:\users\Luci\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\0eae135315d1490691e43864a6575df8_c
c:\users\Luci\AppData\Roaming\Local
c:\users\Luci\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi
c:\users\Luci\AppData\Roaming\Local\Temp\DDM\Settings\1.ddi
c:\users\Luci\AppData\Roaming\Local\Temp\DDM\Settings\Inception_Trailer_592.divx.ddr
c:\users\Luci\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\Luci\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592.divx
c:\users\Luci\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\vvbmablsxjfc.avi.ddp
c:\users\Luci\AppData\Roaming\Local\Temp\DDM\Settings\vvbmablsxjfc.avi.ddr
c:\users\Luci\Documents\PowerDirector_3026_GM6_Trial_Trial_VDE130619-02.tmp
c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-07-01 to 2013-08-01 )))))))))))))))))))))))))))))))
.
.
2013-08-01 20:00 . 2013-08-01 20:00 -------- d-----w- C:\_OTL
2013-08-01 19:56 . 2013-07-02 08:34 9460976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3AD25C1D-6597-4341-9F4F-58221BDF5AA0}\mpengine.dll
2013-08-01 19:44 . 2013-08-01 19:44 -------- d-----w- c:\windows\ERUNT
2013-08-01 14:48 . 2013-08-01 14:48 -------- d-----w- c:\users\Luci\AppData\Roaming\Apple Computer
2013-08-01 12:34 . 2013-08-01 14:51 -------- d-----w- C:\FRST
2013-07-31 10:00 . 2013-07-02 08:34 9460976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-07-29 20:45 . 2013-07-29 20:45 -------- d-----w- c:\programdata\CyberLink
2013-07-29 20:30 . 2013-07-29 20:30 -------- d-----w- c:\users\Luci\AppData\Roaming\Canneverbe Limited
2013-07-29 20:30 . 2013-07-29 20:30 -------- d-----w- c:\programdata\Canneverbe Limited
2013-07-29 20:30 . 2013-07-29 20:30 -------- d-----w- c:\program files (x86)\CDBurnerXP
2013-07-22 09:04 . 2013-07-22 09:03 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-22 09:03 . 2013-07-22 09:03 -------- d-----w- c:\program files (x86)\Java
2013-07-20 20:48 . 2013-07-20 20:52 -------- d-----w- c:\windows\system32\MRT
2013-07-17 16:33 . 2013-07-17 16:32 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{74CD26E6-4608-40DB-82A8-603ED3916DBD}\gapaengine.dll
2013-07-11 11:09 . 2013-05-27 05:50 1011712 ----a-w- c:\program files\Windows Defender\MpSvc.dll
2013-07-11 11:08 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-07-11 11:08 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-27 21:11 . 2010-11-13 13:03 45056 ----a-w- c:\windows\system32\acovcnt.exe
2013-07-22 09:03 . 2013-03-20 16:41 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-07-22 09:03 . 2011-09-21 10:58 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-06-23 22:57 . 2012-09-04 12:33 78277128 ----a-w- c:\windows\system32\MRT.exe
2013-06-22 08:12 . 2011-03-25 13:40 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-06-18 19:50 . 2013-06-18 19:50 247216 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-06-18 19:50 . 2010-10-24 20:25 139616 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2013-06-11 17:14 . 2013-06-11 17:14 405360 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-14 12:06 . 2011-03-28 17:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-13 05:51 . 2013-06-12 15:36 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-05-13 05:51 . 2013-06-12 15:36 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-05-13 05:51 . 2013-06-12 15:36 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-05-13 05:50 . 2013-06-12 15:36 52224 ----a-w- c:\windows\system32\certenc.dll
2013-05-13 04:45 . 2013-06-12 15:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-05-13 04:45 . 2013-06-12 15:36 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-05-13 04:45 . 2013-06-12 15:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-05-13 03:43 . 2013-06-12 15:36 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-12 15:36 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-05-13 03:08 . 2013-06-12 15:36 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2013-05-10 05:49 . 2013-06-12 15:37 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-05-10 03:20 . 2013-06-12 15:37 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-05-08 06:39 . 2013-06-12 15:37 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 15:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Luci\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Luci\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Luci\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\users\Luci\Desktop\utorrent.exe" [2013-05-02 802136]
"Akamai NetSession Interface"="c:\users\Luci\AppData\Local\Akamai\netsession_win.exe" [2013-06-04 4489472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-08-17 6859392]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-08-19 170624]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\Luci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Luci\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-12-9 113664]
FancyStart daemon.lnk - c:\windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe -d [2010-10-29 12862]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 ipswuio;ipswuio;c:\windows\system32\DRIVERS\ipswuio.sys;c:\windows\SYSNATIVE\DRIVERS\ipswuio.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys;c:\windows\SYSNATIVE\DRIVERS\s1018bus.sys [x]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys;c:\windows\SYSNATIVE\DRIVERS\s1018mdfl.sys [x]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys;c:\windows\SYSNATIVE\DRIVERS\s1018mdm.sys [x]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys;c:\windows\SYSNATIVE\DRIVERS\s1018mgmt.sys [x]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys;c:\windows\SYSNATIVE\DRIVERS\s1018nd5.sys [x]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys;c:\windows\SYSNATIVE\DRIVERS\s1018obex.sys [x]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys;c:\windows\SYSNATIVE\DRIVERS\s1018unic.sys [x]
R3 s1039bus;Sony Ericsson Device 1039 driver (WDM);c:\windows\system32\DRIVERS\s1039bus.sys;c:\windows\SYSNATIVE\DRIVERS\s1039bus.sys [x]
R3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1039mdfl.sys;c:\windows\SYSNATIVE\DRIVERS\s1039mdfl.sys [x]
R3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1039mdm.sys;c:\windows\SYSNATIVE\DRIVERS\s1039mdm.sys [x]
R3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1039mgmt.sys;c:\windows\SYSNATIVE\DRIVERS\s1039mgmt.sys [x]
R3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1039nd5.sys;c:\windows\SYSNATIVE\DRIVERS\s1039nd5.sys [x]
R3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1039obex.sys;c:\windows\SYSNATIVE\DRIVERS\s1039obex.sys [x]
R3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1039unic.sys;c:\windows\SYSNATIVE\DRIVERS\s1039unic.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.189\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\2.0.189\McCHSvc.exe [x]
R4 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys;c:\program files\ATKGFNEX\ASMMAP64.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-494739936-1001001966-3522898868-1000Core.job
- c:\users\Luci\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-07 16:33]
.
2013-08-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-494739936-1001001966-3522898868-1000UA.job
- c:\users\Luci\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-07 16:33]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 14:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Luci\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Luci\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Luci\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Luci\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-20 16413288]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-07-30 617856]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-01 323584]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-20 1356240]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{E3DA81CD-2601-4DD9-8A91-C7ECB7E523FD}\C616D69607: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Luci\AppData\Roaming\Mozilla\Firefox\Profiles\g9rjekg0.default\
FF - prefs.js: browser.startup.homepage - hxxp://sk.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:sk:official
FF - ExtSQL: 2013-07-13 15:17; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - ExtSQL: 2013-07-22 17:15; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Luci\AppData\Roaming\Mozilla\Firefox\Profiles\g9rjekg0.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-DivX Download Manager - c:\program files (x86)\DivX\DivX Plus Web Player\DDmService.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe /f=srs_premium_sound_nopreset.zip /h
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11,
d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54
"{F3FEE66E-E034-436A-86E4-9690573BEE8A}"=hex:51,66,7a,6c,4c,1d,38,12,00,e5,ed,
f7,06,ae,04,06,f9,f2,d5,d0,52,65,aa,9e
"{03EB0E9C-7A91-4381-A220-9B52B641CDB1}"=hex:51,66,7a,6c,4c,1d,38,12,f2,0d,f8,
07,a3,34,ef,06,dd,36,d8,12,b3,1f,89,a5
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
"{593DDEC6-7468-4CDD-90E1-42DADAA222E9}"=hex:51,66,7a,6c,4c,1d,38,12,a8,dd,2e,
5d,5a,3a,b3,09,ef,f7,01,9a,df,fc,66,fd
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:b0,91,ea,f8,39,44,ce,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,51,61,35,ac,4b,f8,72,4a,8b,41,63,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,51,61,35,ac,4b,f8,72,4a,8b,41,63,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\ASUS\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Hotkey\Atouch64.exe
c:\program files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Hotkey\WDC.exe
c:\program files\ASUS\Net4Switch\Net4Switch.exe
c:\program files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\program files\ASUS\NB Probe\SPM\spmgr.exe
.
**************************************************************************
.
Completion time: 2013-08-01 22:39:03 - machine was rebooted
ComboFix-quarantined-files.txt 2013-08-01 20:39
.
Pre-Run: 64 365 252 608 bytes free
Post-Run: 63 559 618 560 bytes free
.
- - End Of File - - 1F5EC4753329A3EF9B957589B4F4FD27
A36C5E4F47E84449FF07ED3517B43A31

Vdaka za vas cas.

Pri tejto akcii je nutné mať ComboFix na ploche.
Otvor Notepad (Poznámkový blok) a zkopíruj do nehocelý tex: Potom klik na Subor -> Uložiť ako.. .-> Ako je Názov souboru tak do toho riadku napiš:CFScript.txt
Typ súboru tak tam vyberies *]všetky súbory
A ulož ho na plochu> Pozor CFScript.txt>Neotvarat a nemoze byt ani>CFScript.txt.txt A Urobis Toto :


Po skonceni skenu vlož log .

Log z ComboFixu.



ComboFix 13-08-01.01 - Luci . 08. 2013 9:43.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.4095.2294 [GMT 2:00]
Running from: c:\users\Luci\Desktop\ComboFix.exe
Command switches used :: c:\users\Luci\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2013-07-02 to 2013-08-02 )))))))))))))))))))))))))))))))
.
.
2013-08-02 07:51 . 2013-08-02 07:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-01 20:44 . 2013-07-02 08:34 9460976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{60B26D18-5170-4938-AB45-E41C7809BA85}\mpengine.dll
2013-08-01 20:00 . 2013-08-01 20:00 -------- d-----w- C:\_OTL
2013-08-01 19:44 . 2013-08-01 19:44 -------- d-----w- c:\windows\ERUNT
2013-08-01 14:48 . 2013-08-01 14:48 -------- d-----w- c:\users\Luci\AppData\Roaming\Apple Computer
2013-08-01 12:34 . 2013-08-01 14:51 -------- d-----w- C:\FRST
2013-07-31 10:00 . 2013-07-02 08:34 9460976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-07-29 20:45 . 2013-07-29 20:45 -------- d-----w- c:\programdata\CyberLink
2013-07-29 20:30 . 2013-07-29 20:30 -------- d-----w- c:\users\Luci\AppData\Roaming\Canneverbe Limited
2013-07-29 20:30 . 2013-07-29 20:30 -------- d-----w- c:\programdata\Canneverbe Limited
2013-07-29 20:30 . 2013-07-29 20:30 -------- d-----w- c:\program files (x86)\CDBurnerXP
2013-07-22 09:04 . 2013-07-22 09:03 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-22 09:03 . 2013-07-22 09:03 -------- d-----w- c:\program files (x86)\Java
2013-07-20 20:48 . 2013-07-20 20:52 -------- d-----w- c:\windows\system32\MRT
2013-07-17 16:33 . 2013-07-17 16:32 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{74CD26E6-4608-40DB-82A8-603ED3916DBD}\gapaengine.dll
2013-07-11 11:09 . 2013-05-27 05:50 1011712 ----a-w- c:\program files\Windows Defender\MpSvc.dll
2013-07-11 11:08 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-07-11 11:08 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-27 21:11 . 2010-11-13 13:03 45056 ----a-w- c:\windows\system32\acovcnt.exe
2013-07-22 09:03 . 2013-03-20 16:41 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-07-22 09:03 . 2011-09-21 10:58 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-06-23 22:57 . 2012-09-04 12:33 78277128 ----a-w- c:\windows\system32\MRT.exe
2013-06-22 08:12 . 2011-03-25 13:40 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-06-18 19:50 . 2013-06-18 19:50 247216 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-06-18 19:50 . 2010-10-24 20:25 139616 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2013-06-11 17:14 . 2013-06-11 17:14 405360 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-14 12:06 . 2011-03-28 17:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-13 05:51 . 2013-06-12 15:36 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-05-13 05:51 . 2013-06-12 15:36 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-05-13 05:51 . 2013-06-12 15:36 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-05-13 05:50 . 2013-06-12 15:36 52224 ----a-w- c:\windows\system32\certenc.dll
2013-05-13 04:45 . 2013-06-12 15:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-05-13 04:45 . 2013-06-12 15:36 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-05-13 04:45 . 2013-06-12 15:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-05-13 03:43 . 2013-06-12 15:36 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-12 15:36 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-05-13 03:08 . 2013-06-12 15:36 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2013-05-10 05:49 . 2013-06-12 15:37 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-05-10 03:20 . 2013-06-12 15:37 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-05-08 06:39 . 2013-06-12 15:37 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 15:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Luci\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Luci\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Luci\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\users\Luci\Desktop\utorrent.exe" [2013-05-02 802136]
"Akamai NetSession Interface"="c:\users\Luci\AppData\Local\Akamai\netsession_win.exe" [2013-06-04 4489472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-08-17 6859392]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-08-19 170624]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\Luci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Luci\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-12-9 113664]
FancyStart daemon.lnk - c:\windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe -d [2010-10-29 12862]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 ipswuio;ipswuio;c:\windows\system32\DRIVERS\ipswuio.sys;c:\windows\SYSNATIVE\DRIVERS\ipswuio.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys;c:\windows\SYSNATIVE\DRIVERS\s1018bus.sys [x]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys;c:\windows\SYSNATIVE\DRIVERS\s1018mdfl.sys [x]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys;c:\windows\SYSNATIVE\DRIVERS\s1018mdm.sys [x]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys;c:\windows\SYSNATIVE\DRIVERS\s1018mgmt.sys [x]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys;c:\windows\SYSNATIVE\DRIVERS\s1018nd5.sys [x]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys;c:\windows\SYSNATIVE\DRIVERS\s1018obex.sys [x]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys;c:\windows\SYSNATIVE\DRIVERS\s1018unic.sys [x]
R3 s1039bus;Sony Ericsson Device 1039 driver (WDM);c:\windows\system32\DRIVERS\s1039bus.sys;c:\windows\SYSNATIVE\DRIVERS\s1039bus.sys [x]
R3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1039mdfl.sys;c:\windows\SYSNATIVE\DRIVERS\s1039mdfl.sys [x]
R3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1039mdm.sys;c:\windows\SYSNATIVE\DRIVERS\s1039mdm.sys [x]
R3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1039mgmt.sys;c:\windows\SYSNATIVE\DRIVERS\s1039mgmt.sys [x]
R3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1039nd5.sys;c:\windows\SYSNATIVE\DRIVERS\s1039nd5.sys [x]
R3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1039obex.sys;c:\windows\SYSNATIVE\DRIVERS\s1039obex.sys [x]
R3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1039unic.sys;c:\windows\SYSNATIVE\DRIVERS\s1039unic.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.189\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\2.0.189\McCHSvc.exe [x]
R4 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys;c:\program files\ATKGFNEX\ASMMAP64.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-494739936-1001001966-3522898868-1000Core.job
- c:\users\Luci\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-07 16:33]
.
2013-08-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-494739936-1001001966-3522898868-1000UA.job
- c:\users\Luci\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-07 16:33]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 14:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Luci\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Luci\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Luci\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Luci\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-20 16413288]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-07-30 617856]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-01 323584]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-20 1356240]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{E3DA81CD-2601-4DD9-8A91-C7ECB7E523FD}\C616D69607: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Luci\AppData\Roaming\Mozilla\Firefox\Profiles\g9rjekg0.default\
FF - prefs.js: browser.startup.homepage - hxxp://sk.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:sk:official
FF - ExtSQL: 2013-07-13 15:17; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - ExtSQL: 2013-07-22 17:15; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Luci\AppData\Roaming\Mozilla\Firefox\Profiles\g9rjekg0.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11,
d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54
"{F3FEE66E-E034-436A-86E4-9690573BEE8A}"=hex:51,66,7a,6c,4c,1d,38,12,00,e5,ed,
f7,06,ae,04,06,f9,f2,d5,d0,52,65,aa,9e
"{03EB0E9C-7A91-4381-A220-9B52B641CDB1}"=hex:51,66,7a,6c,4c,1d,38,12,f2,0d,f8,
07,a3,34,ef,06,dd,36,d8,12,b3,1f,89,a5
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
"{593DDEC6-7468-4CDD-90E1-42DADAA222E9}"=hex:51,66,7a,6c,4c,1d,38,12,a8,dd,2e,
5d,5a,3a,b3,09,ef,f7,01,9a,df,fc,66,fd
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:b0,91,ea,f8,39,44,ce,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,51,61,35,ac,4b,f8,72,4a,8b,41,63,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,51,61,35,ac,4b,f8,72,4a,8b,41,63,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\ASUS\Net4Switch\Net4Switch.exe
c:\program files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\ASUS\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Hotkey\Atouch64.exe
c:\program files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Hotkey\WDC.exe
c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\program files\ASUS\NB Probe\SPM\spmgr.exe
.
**************************************************************************
.
Completion time: 2013-08-02 10:00:40 - machine was rebooted
ComboFix-quarantined-files.txt 2013-08-02 08:00
ComboFix2.txt 2013-08-01 20:39
.
Pre-Run: 63 468 113 920 bytes free
Post-Run: 63 163 138 048 bytes free
.
- - End Of File - - 95EC3E649FAC34FE0D80363CC639D512
A36C5E4F47E84449FF07ED3517B43A31