Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

cannot get rid of gboxapp in my browser

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

cannot get rid of gboxapp in my browser

Unread postby gorf » October 28th, 2012, 10:58 pm

Dear helpers,

I saw in archive that you have helped to one guy who had similar problem as me. I was downloading torrent and wasnt carefull enough. Installed some program and now my chrome has always this http://search.gboxapp.com/ as a home page.

I will really appreciate if you could help me. I have tried some programs to remove it without success.

Thank you in advance.

My logs:DDS (Ver_2012-10-19.01) - NTFS_x86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
Run by Libecek at 2:08:59 on 2012-10-29
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.3583.2542 [GMT 1:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\PnkBstrA.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Users\Libecek\AppData\Local\Temp\156ADF11-CDE2-483D-9BD6-DD54495F65DC.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Users\Libecek\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Users\Libecek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Steam\SteamService.exe
C:\Users\Libecek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Libecek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Trillian\trillian.exe
C:\Windows\system32\DllHost.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.gboxapp.com/
mStart Page = hxxp://search.gboxapp.com/
uURLSearchHooks: GagetBox: {3B81079D-2AC9-425f-A494-A1C7D93AFA3C} - c:\program files\gadgetbox\gadgetBoxTB.dll
uURLSearchHooks: {687578b9-7132-4a7a-80e4-30ee31099e03} - <orphaned>
uURLSearchHooks: <No Name>: - LocalServer32 - <no file>
uURLSearchHooks: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - <orphaned>
mURLSearchHooks: <No Name>: - LocalServer32 - <no file>
mURLSearchHooks: GagetBox: {3B81079D-2AC9-425f-A494-A1C7D93AFA3C} - c:\program files\gadgetbox\gadgetBoxTB.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Incredibar.com Helper Object: {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - c:\program files\incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Incredibar Toolbar: {F9639E4A-801B-4843-AEE3-03D9DA199E77} - c:\program files\incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll
TB: GagetBox: {3B81079D-2AC9-425f-A494-A1C7D93AFA3C} - c:\program files\gadgetbox\gadgetBoxTB.dll
EB: GagetBox: {3B81079D-2AC9-425f-A494-A1C7D93AFA3C} - c:\program files\gadgetbox\gadgetBoxTB.dll
uRun: [Google Update] "c:\users\libecek\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [RTHDVCPL] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "c:\program files\amd avt\bin\kdbsync.exe" aml
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\gamers~1.lnk - c:\program files\gamersfirst\live!\Live.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvLsp.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
TCP: NameServer = 10.0.0.138
TCP: Interfaces\{ECFB1BEF-77A9-4F72-B5C3-C37E925F5088} : DHCPNameServer = 10.0.0.138
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
============= SERVICES / DRIVERS ===============
.
R1 appdrv01;Application Driver (01);c:\windows\system32\drivers\appdrv01.sys [2012-8-11 2627760]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-8-11 242240]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-7-28 217600]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-10-29 676936]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-10-29 399432]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2012-7-28 8758784]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2012-7-28 296448]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2012-5-14 86656]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-10-29 22856]
S2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\system32\appdrvrem01.exe svc --> c:\windows\system32\appdrvrem01.exe svc [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-6-21 250808]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 StorSvc;Služba úložiště;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-3-5 52224]
S3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\wat\WatAdminSvc.exe [2012-3-4 1343400]
.
=============== Created Last 30 ================
.
2012-10-29 00:54:49 -------- d-----w- C:\TDSSKiller_Quarantine
2012-10-29 00:37:49 -------- d-----w- C:\_OTL
2012-10-29 00:16:07 -------- d-----w- c:\users\libecek\appdata\roaming\Malwarebytes
2012-10-29 00:15:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-29 00:15:50 -------- d-----w- c:\programdata\Malwarebytes
2012-10-29 00:15:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-10-28 23:57:40 32768 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2012-10-28 19:22:02 -------- d-----w- c:\users\libecek\appdata\local\CRE
2012-10-28 19:12:10 -------- d-----w- c:\programdata\Premium
2012-10-28 19:11:59 -------- d-----w- c:\programdata\GadgetBox
2012-10-28 19:11:59 -------- d-----w- c:\program files\GadgetBox
2012-10-26 21:36:19 6918632 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{a7db7d3a-0cf5-41d7-a628-d9d67b550584}\mpengine.dll
2012-10-13 17:38:14 -------- d-----w- c:\users\libecek\appdata\local\Adobe
2012-10-11 11:19:59 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-10-11 11:19:59 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-09-29 08:04:29 -------- d-----w- c:\program files\AMD APP
.
==================== Find3M ====================
.
2012-10-08 19:15:41 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-08 19:15:41 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-30 08:49:06 139328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-09-30 08:48:52 281520 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-09-30 08:48:52 281520 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-09-30 08:48:27 280904 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-09-25 15:54:09 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-25 15:54:09 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-25 15:54:09 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-24 17:49:44 76888 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-09-23 20:37:59 138056 ----a-w- c:\users\libecek\appdata\roaming\PnkBstrK.sys
2012-09-14 18:28:53 2048 ----a-w- c:\windows\system32\tzres.dll
2012-08-31 17:18:09 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-08-24 16:57:48 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-08-24 06:59:17 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-22 17:16:54 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 17:16:46 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 17:16:46 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 17:16:36 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 20:12:27 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-08-20 17:40:31 169984 ----a-w- c:\windows\system32\winsrv.dll
2012-08-20 17:40:01 293376 ----a-w- c:\windows\system32\KernelBase.dll
2012-08-20 17:37:58 271360 ----a-w- c:\windows\system32\conhost.exe
2012-08-20 15:33:28 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33:28 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33:28 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33:28 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-08-11 18:52:56 2627760 ----a-w- c:\windows\system32\drivers\appdrv01.sys
2012-08-11 18:52:55 316888 ----a-w- c:\windows\system32\appdrvrem01.exe
2012-08-11 16:56:59 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-08-10 23:56:14 542208 ----a-w- c:\windows\system32\kerberos.dll
2012-08-02 16:57:20 490496 ----a-w- c:\windows\system32\d3d10level9.dll
.
============= FINISH: 2:09:44,10 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-10-19.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4.3.2012 15:10:26
System Uptime: 29.10.2012 1:55:26 (1 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P5N-E SLI
Processor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz | Socket 775 | 3000/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 43,354 GiB free.
D: is CDROM (UDF)
E: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP292: 8.10.2012 16:43:05 - Windows Update
RP293: 8.10.2012 23:00:18 - Windows Update
RP294: 9.10.2012 15:18:14 - Windows Update
RP295: 11.10.2012 14:19:47 - Windows Update
RP297: 12.10.2012 17:15:13 - Nainstalováno rozhraní DirectX
RP298: 13.10.2012 19:36:53 - Installed Adobe Reader X (10.1.0) - Czech.
RP299: 16.10.2012 14:21:44 - Windows Update
RP300: 23.10.2012 14:31:22 - Windows Update
RP301: 26.10.2012 23:35:50 - Windows Update
RP302: 29.10.2012 1:34:23 - odstranění malware
RP303: 29.10.2012 1:43:07 - Operace obnovení
.
==== Installed Programs ======================
.
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.0) - Czech
Altap Salamander 2.54
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Media Foundation Decoders
Apple Application Support
Apple Software Update
ASUS VGA Driver
ATI AVIVO Codecs
AutoHotkey 1.0.48.05
Battlefield 3™
Battlelog Web Plugins
BattlEye for OA Uninstall
BattlEye Uninstall
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Cool & Quiet
DAEMON Tools Lite
Dota 2
eReg
Fallout 3
Fraps (remove only)
GamersFirst LIVE!
Google Chrome
Guild Wars 2
Incredibar Toolbar on IE
IrfanView (remove only)
Java 7 Update 7
Java Auto Updater
JavaFX 2.1.1
Logitech SetPoint 6.32
Malwarebytes Anti-Malware verze 1.65.1.1000
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile CSY Language Pack
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager
PunkBuster Services
QuickTime
RagnrokOnline
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile CSY Language Pack (KB2518870)
Six Updater
Steam
TeamSpeak 3 Client
The KMPlayer (remove only)
TheBflix
Trillian
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Ventrilo Client
Windows Live ID Sign-in Assistant
WinRAR 4.11 (32-bit)
XCOM: Enemy Unknown
.
==== End Of File ===========================
gorf
Regular Member
 
Posts: 20
Joined: October 28th, 2012, 9:12 pm
Advertisement
Register to Remove

Re: cannot get rid of gboxapp in my browser

Unread postby pgmigg » October 29th, 2012, 12:09 pm

Hello gorf,

Welcome to the forum! :)

My nickname is pgmigg and I'll be helping you with any malware problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process until we are done as well as
    DO NOT Remove, or Scan with anything on your system unless I ask. This adds more items to be researched.
    Extra Additions and Removals of files make the analysis more difficult.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:
    Absence of symptoms does not mean that everything is clear.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions. In the meantime...

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start


Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: cannot get rid of gboxapp in my browser

Unread postby gorf » October 29th, 2012, 1:37 pm

Hello pgmigg,

and thanks for helping me. I have ready everything you have wrote and pationatelly wait for your first instructions.

I would like to mentioned that I have already tried few things.
Scan with spyware terminator - nothing found.
Scan with mbam - something found and I have deleted infected files.

Hope I didn't messed up things even more. Hope my additional info will be helpfull.

Regards,
Gorf
gorf
Regular Member
 
Posts: 20
Joined: October 28th, 2012, 9:12 pm

Re: cannot get rid of gboxapp in my browser

Unread postby pgmigg » October 29th, 2012, 6:50 pm

Hello gorf,
Hope I didn't messed up things even more. Hope my additional info will be helpfull.
Yes it is, but please DO NOT Remove, or Scan with anything on your system unless I ask. This adds more items to be researched. Extra Additions and Removals of files make the analysis more difficult.

Let start...

Step 0.
No Anti-virus Software Installed!
Looking over your logs... there is NO evidence of anti-virus software installed.. This puts you at serious risk.
Anti-virus software will help detect, cleanse, and erase harmful virus files on a computer, Web server, or network.
Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories.

To protect your computer from infection please download a (free for personal use) anti-virus program from one these reliable vendors.

  1. avast! Free Antivirus - Excellent detection, the freeware version includes email scanning.
  2. Microsoft Security Essentials ** - New, from Microsoft, with email scanning, easy to install, easy to use.
    ** Your PC must run genuine Windows to install Microsoft Security Essentials.

A good (pay for) Anti-virus program is ESET NOD32 Antivirus - 30 day free trial.

Installing a new AV product.
Do NOT uninstall any existing anti-virus product yet!
  1. Download the new Anti-virus product to your computer desktop.
  2. Save any work. Close all applications, especially your Internet connection.
  3. Uninstall any existing anti-virus product... Use the AV uninstall option if available.
  4. Reboot your computer, if not done during the uninstall.
  5. Install the new AV product, following installation instructions.
  6. Check for updates to the new AV product, if not done during install setup.
  7. Run a full scan of your computer.
It is strongly recommended that you run only one antivirus program at a time.
Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts.


Step 1.
Create a System Restore Point
  1. Right-click on Computer and select Properties.
  2. In the left pane under Tasks please click System protection.
    If UAC prompts for an administrator password or approval, type the password or give your "permission to continue".
  3. Select System Protection, then choose Create.
  4. In the System Restore dialog box, type a description for the restore point and then click Create again.
    A window will pop up with "The Restore Point was created successfully" confirmation message.
  5. Click OK, then close the System Restore dialog.

If you have successfully created a System Restore Point... we can proceed.
If you have NOT successfully created a System Restore Point... do not go any further!
Please post back so we can determine why it was unsuccessful.


Step 2.
WARNING: There are Serious Issues with PunkBuster

I noticed you have PunkBuster installed... read the "Published features" section.

Your computer has installed gaming tools.
Some of these, like Punkbuster, use spyware techniques to engage in the anti-piracy battle.
In the process, they take control of much of your PC, and they actually meet the definition of spyware/malware. The PunkBuster can take control over various aspects of your computer and some gaming tools not unlike PunkBuster, also hinder their removals. They are sometimes designed to prevent orderly removal or modification, and they have only very limited respect for retaining the overall security and integrity of your machine.

These programs are changed/updated often, and it is not possible to predict what effects they actually have on the Operating System.
It is not a certainty that your computer can be cleaned without breaking or removing some of these programs, and this could result in not being able to play the associated games, or corruption of your system.

If you want to continue using the machine in this way, you should consider using imaging software like Norton Ghost or Acronis TrueImage, or Terabyte Image, which can put your entire C: drive back into an earlier state whenever the infections or malfunctions get too severe.

If you really want to clean this machine, I will help, but if you so choose, understand there is NO assurance that the Punkbuster games or your PC system will be trouble-free afterwards.

By the definition we use, PunkBuster is actual spyware. Therefore, I'm asking you to choose one of the following options:
  1. We "try" to leave PunkBuster alone... however, there is no guarantee a spyware component doesn't "inadvertently" get taken out... so PunkBuster might fail. This will also prevent you from playing games using PunkBuster enabled servers.
  2. We can just remove PunkBuster. You can reinstall it afterwards if you wish, but please keep in mind that we do consider it spyware.
  3. We can not clean this computer at all. This ensures PunkBuster will continue to function.
If you choose to remove PunkBuster, please perform the uninstall steps below. Otherwise, let me know what other option you chose.

You should read this entire thread, as just one example of what is going on, then let me know what you want to do.

Uninstall PunkBuster and some other stuff
Remove Program(s)
  1. Click on Start, then click the Start Search box on the Start Menu.
  2. Copy and paste the value below without the word Code: into the open text entry box:
    Code: Select all
     appwiz.cpl 
    and press Enter - the Unistall or change a program list will be opened.
  3. Click each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:
    PunkBuster Services
    Battlefield 3
    Battlelog Web Plugins
    BattlEye for OA Uninstall
    BattlEye Uninstall
    Incredibar Toolbar on IE
  4. Take extra care in answering questions posed by any Uninstaller.
  5. When the program(s) have been uninstalled, please close Control Panel.

Please download PBSVC Setup Program. Save it to your desktop.
  1. Double click on pbsvc.exe to start it... then click Uninstall.
    Once that's finished...
  2. Click Start > Run and copy and paste the following into the open text box:
    Code: Select all
    cmd /c for %i in (A B K) do sc delete PnkBstr%i
  3. Click OK. A black box will flash very briefly, this is normal.

Show Hidden and System files
  1. Close all programs so that you are at your desktop.
  2. Press Image.
  3. Click the Start Search box on the Start Menu
  4. Copy and paste the following value, in the open text entry box:
    change search options for files and folders
    then press Enter button
  5. Click on the View tab, then under the "Hidden files and folders" section please
    • SELECT "Show hidden files and folders"
  6. Find below and
    • remove check mark from check box "Hide extensions for known file types"
    • remove check mark from check box "Hide protected operating system files"
  7. Press the Apply, then the OK buttons.

Then please locate the file: PnkBstrK.sys... if found delete it. Reboot you computer.

Let me know if you performed these steps successfully.

Step 3.
Disable CD Emulation drive by DeFogger
We need to use powerful tools to investigate your system. When you are are using a CD Emulator (Daemon Tools, Alcohol XXX%, Astroburn, AnyDVD) be aware that they use hidden drivers with rootkit-like techniques to hide from other applications. When dealing with a malware infections, CD Emulators can interfere with investigative tools producing misleading or inaccurate scan results, false detection of legitimate files, cause unexpected crashes, BSODs, and general 'dross' which often makes it hard to differentiate between malicious rootkits and the legitimate drivers used by Emulators. Since the hidden drivers from CD Emulators can be seen as a rootkit, we need to remove or disable them until disinfection is completed.

Please download DeFogger to your desktop.
Right click DeFogger And select "Run as administrator..." to run the tool.
  1. The application window will appear
  2. Click the Disable button to disable your CD Emulation drivers
  3. Click Yes to continue
  4. A 'Finished!' message will appear
  5. Click OK
  6. DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Note: Do not re-enable these drivers until otherwise instructed.

Step 4.
OTL - Download
Please download OTL.exe by Old Timer and save it to your Desktop.

Fresh OTL Scan
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Under Output, ensure that Standard Output is selected.
  3. Check the boxes labeled:
    • Scan All Users
    • LOP check
    • Purity check
    • Extra Registry > Use SafeList
  4. Click on Run Scan at the top left hand corner.
  5. When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  6. Please post the contents of both OTL.txt and Extras.txt files in your next reply.

Then,
Scan with mbam - something found and I have deleted infected files.
You mentioned that you run Malwarebytes' Anti-Malware (MBAM) Scan. I would like to see the most recent report from it, which can be found in
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Copy and paste the contents of that report in your next reply.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Your decision about Punk Buster and related stuff.
  3. Status of removing steps you made if you decided to clean this machine with me.
  4. Optional: If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.
  5. Contents of a OTL.txt log file
  6. Contents of a Extras.txt log file
  7. Contents of the most resent MBAM scan report.

Please do not hesitate to divide the post into multiple if it is too long...

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: cannot get rid of gboxapp in my browser

Unread postby gorf » October 30th, 2012, 2:15 pm

Working on all you wrote atm.

I'm not sure what report you actually want to see from mmbam. Would you like me to do new scan, or should I post you the last report which was generated after I've deleted those infected files?
gorf
Regular Member
 
Posts: 20
Joined: October 28th, 2012, 9:12 pm

Re: cannot get rid of gboxapp in my browser

Unread postby pgmigg » October 30th, 2012, 2:39 pm

Hello gorf,

I would like to see the report was generated by MBAM after your last scan when it deleted some infection. I need to know what it was...

I apologize for some delays are possible in the next couple days, because my area has no power after tropical storm Sandy.

Pgmigg
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: cannot get rid of gboxapp in my browser

Unread postby gorf » October 31st, 2012, 6:30 pm

Hello again,

not a problem for delay. It takes me some time to make all you wrote anyway.

So here is list of what I have done:
- I have installed Antivirus program and performed complete scan - nothing found
- I have created restore point
- I have uninstalled all programs which you have requested except of Battlefield as this one I cannot remove even if I have installed origin again and logged in. I click on uninstal, answer yes to question if want to remove it, but nothing happens.
- PunkBuster removed
- I have proceed through point where you wanted me to start this command cmd /c for %i in (A B K) do sc delete PnkBstr%i and saw the black table as you wrote
- I have failed proceed through this point where you want me to
remove check mark from check box "Hide extensions for known file types"
remove check mark from check box "Hide protected operating system files" as I couldnt find any of this commands under this. Unfortunatelly I have Czech OS, but I'm sure that non of those option was even close to ones zou have mentioned.
- I didn't proceed any further as I thought that it will be better to inform you.

Below you can see all the requested files in following order:
- mbam most current log

In case you want me to continue even without success of uninstalling battlefield and unmarking checbox for those two options, please let me know and I will do all the remaining points.

Thanks again for helping me.

You will most probably have problem with text which is in czech language.

Umístnění do karantény a smazání se zdařilo. = Moved into the carantene and deleted
Nalezené klíče v registru = Keys found in registry
Last edited by gorf on October 31st, 2012, 6:32 pm, edited 1 time in total.
gorf
Regular Member
 
Posts: 20
Joined: October 28th, 2012, 9:12 pm

Re: cannot get rid of gboxapp in my browser

Unread postby gorf » October 31st, 2012, 6:30 pm

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware) 1.65.1.1000
www.malwarebytes.org

Verze databáze: v2012.10.28.09

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Libecek :: LIBECEK-PC [administrátor]

Ochrana: Povolena

29.10.2012 1:16:54
mbam-log-2012-10-29 (01-16-54).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 190708
Uplynulý čas: 4 minut, 5 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 9
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37476589-E48E-439E-A706-56189E2ED4C4} (PUP.BFlix) -> Žádná instrukce nebyla provedena.
HKCR\CLSID\{48173CE5-D151-4B12-8265-C0209B41B449} (PUP.DownloadnSave) -> Umístnění do karantény a smazání se zdařilo.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{48173CE5-D151-4B12-8265-C0209B41B449} (PUP.DownloadnSave) -> Umístnění do karantény a smazání se zdařilo.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{48173CE5-D151-4B12-8265-C0209B41B449} (PUP.DownloadnSave) -> Umístnění do karantény a smazání se zdařilo.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{48173CE5-D151-4B12-8265-C0209B41B449} (PUP.DownloadnSave) -> Umístnění do karantény a smazání se zdařilo.
HKCR\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC} (PUP.DownloadnSave) -> Umístnění do karantény a smazání se zdařilo.
HKCR\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB} (PUP.DownloadnSave) -> Umístnění do karantény a smazání se zdařilo.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65bcd620-07dd-012f-819f-073cf1b8f7c6} (Adware.GamePlayLab) -> Umístnění do karantény a smazání se zdařilo.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Umístnění do karantény a smazání se zdařilo.

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 2
C:\ProgramData\TheBflix (PUP.BFlix) -> Žádná instrukce nebyla provedena.
C:\ProgramData\TheBflix\data (PUP.BFlix) -> Žádná instrukce nebyla provedena.

Nalezené soubory: 19
C:\Users\Libecek\AppData\Local\Temp\4ab8357b68eaecbeb1fde57836f62528\updater.exe (PUP.BitCoinMiner) -> Žádná instrukce nebyla provedena.
C:\ProgramData\TheBflix\background.html (PUP.BFlix) -> Žádná instrukce nebyla provedena.
C:\ProgramData\TheBflix\content.js (PUP.BFlix) -> Žádná instrukce nebyla provedena.
C:\ProgramData\TheBflix\joifgdlkhokekeaenpkaehbnjhncglbh.crx (PUP.BFlix) -> Žádná instrukce nebyla provedena.
C:\ProgramData\TheBflix\settings.ini (PUP.BFlix) -> Žádná instrukce nebyla provedena.
C:\ProgramData\TheBflix\uninstall.exe (PUP.BFlix) -> Žádná instrukce nebyla provedena.
C:\ProgramData\TheBflix\data\content.js (PUP.BFlix) -> Žádná instrukce nebyla provedena.
C:\ProgramData\TheBflix\data\jsondb.js (PUP.BFlix) -> Žádná instrukce nebyla provedena.
C:\ProgramData\TheBflix\bhoclass.dll (PUP.DownloadnSave) -> Umístnění do karantény a smazání se zdařilo.
C:\Users\Libecek\AppData\Local\Temp\IWantThis.exe (Adware.GamePlayLabs) -> Umístnění do karantény a smazání se zdařilo.
C:\Users\Libecek\AppData\Local\Temp\4ab8357b68eaecbeb1fde57836f62528\DirectDownloaderInstaller.exe (Adware.DirectDownloader) -> Umístnění do karantény a smazání se zdařilo.
C:\Users\Libecek\AppData\Local\Temp\4ab8357b68eaecbeb1fde57836f62528\downloaderDDLR.exe (Trojan.DirectDownloader) -> Umístnění do karantény a smazání se zdařilo.
C:\Users\Libecek\AppData\Local\Temp\4ab8357b68eaecbeb1fde57836f62528\downloaderOFFER0.exe (Trojan.DirectDownloader) -> Umístnění do karantény a smazání se zdařilo.
C:\Users\Libecek\AppData\Local\Temp\4ab8357b68eaecbeb1fde57836f62528\downloaderOFFER1.exe (Trojan.DirectDownloader) -> Umístnění do karantény a smazání se zdařilo.
C:\Users\Libecek\AppData\Local\Temp\4ab8357b68eaecbeb1fde57836f62528\downloaderOFFER2.exe (Trojan.DirectDownloader) -> Umístnění do karantény a smazání se zdařilo.
C:\Users\Libecek\AppData\Local\Temp\4ab8357b68eaecbeb1fde57836f62528\downloaderSTUB.exe (Trojan.DirectDownloader) -> Umístnění do karantény a smazání se zdařilo.
C:\Users\Libecek\AppData\Local\Temp\4ab8357b68eaecbeb1fde57836f62528\stub.exe (Trojan.Agent) -> Umístnění do karantény a smazání se zdařilo.
C:\Users\Libecek\Local Settings\Temporary Internet Files\Content.IE5\9IF3XPIO\agent_setup[1].exe (Affiliate.Downloader) -> Umístnění do karantény a smazání se zdařilo.
C:\Users\Libecek\Local Settings\Temporary Internet Files\Content.IE5\QKA9ZYAV\uninstaller[1].exe (Affiliate.Downloader) -> Umístnění do karantény a smazání se zdařilo.

(konec)
gorf
Regular Member
 
Posts: 20
Joined: October 28th, 2012, 9:12 pm

Re: cannot get rid of gboxapp in my browser

Unread postby pgmigg » November 1st, 2012, 4:23 pm

Hello gorf,
So here is list of what I have done:
- I have installed Antivirus program and performed complete scan - nothing found
- I have created restore point
- I have uninstalled all programs which you have requested except of Battlefield as this one I cannot remove even if I have installed origin again and logged in. I click on uninstal, answer yes to question if want to remove it, but nothing happens.
- PunkBuster removed
- I have proceed through point where you wanted me to start this command cmd /c for %i in (A B K) do sc delete PnkBstr%i and saw the black table as you wrote
- I have failed proceed through this point where you want me to
remove check mark from check box "Hide extensions for known file types"
remove check mark from check box "Hide protected operating system files" as I couldnt find any of this commands under this. Unfortunatelly I have Czech OS, but I'm sure that non of those option was even close to ones zou have mentioned.
- I didn't proceed any further as I thought that it will be better to inform you.
All of these are great news :) and you can proceed without resolving 'Hidden files visability' problem for now - we will return to this issue later.
In case you want me to continue even without success of uninstalling battlefield and unmarking checbox for those two options, please let me know and I will do all the remaining points.
Please continue and I am waiting for all requested logs...

My town is still without power... :(

Thanks,
pgmigg
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: cannot get rid of gboxapp in my browser

Unread postby gorf » November 1st, 2012, 6:00 pm

So I have finally managed to fine even those two checkbox. So I have done all you have wrote before and also managed to uninstall battlefield 3. It was quite difficult as even EA had to post official post how to remove their shitty game and I had to do some things in registry. Did not managed to delete everything, but it seems that it is not in my system anymore.

So to sum it up... all has been done.

- mbam report is above
- OTL and Extras reports are bellow

OTL Extras logfile created on: 1.11.2012 22:50:34 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Libecek\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,50 Gb Total Physical Memory | 2,09 Gb Available Physical Memory | 59,64% Memory free
7,00 Gb Paging File | 5,31 Gb Available in Paging File | 75,92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 75,01 Gb Free Space | 32,21% Space Free | Partition Type: NTFS
Drive D: | 1,26 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: LIBECEK-PC | User Name: Libecek | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10732066-5A0F-43DB-BBA7-E361F4B305C0}" = lport=10243 | protocol=6 | dir=in | app=system |
"{1B759AE4-9463-43D1-8345-F0462B488973}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1EC82421-80C9-44FC-9E97-CA7CAB5DCAB5}" = lport=445 | protocol=6 | dir=in | app=system |
"{233A9D3F-8D24-442D-982D-8C1F44ABE674}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{27A7D584-755E-485E-A4B4-9DFAD0122CF8}" = rport=138 | protocol=17 | dir=out | app=system |
"{27BDE703-E316-4F38-A481-FF60DC2FBC21}" = lport=139 | protocol=6 | dir=in | app=system |
"{2C1A2388-D688-4D95-B92D-A86307CA0980}" = lport=2869 | protocol=6 | dir=in | app=system |
"{34E53ECD-C4A9-4AD2-9E3C-BBCF25A0CA21}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{46A1B9EE-DB2C-4A32-A83C-33541936BAB4}" = lport=137 | protocol=17 | dir=in | app=system |
"{5B93382D-094D-49D3-86E1-DF02ABAEAFB8}" = rport=10243 | protocol=6 | dir=out | app=system |
"{89769A94-1083-43CF-9E55-51171A9A6244}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8C07761B-C5CE-4DF0-B3F8-B721A395C69A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9C81553C-DAEF-4860-B120-17B8C762169A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A47655E3-D4CC-45CA-9F57-9C68C5AB5027}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{AE0C7F58-F32E-4F0F-9B55-9C97E1076F34}" = rport=445 | protocol=6 | dir=out | app=system |
"{B354CEFB-F403-4966-8688-7BDF5C2CDE09}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BD8452A4-E3E3-4C7D-90F8-B55C3EBBBAF8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{C67F57A2-2A93-4C15-97C3-CE849956758D}" = rport=139 | protocol=6 | dir=out | app=system |
"{E6371907-269A-45E2-9AE8-BBC7547F4F0C}" = lport=138 | protocol=17 | dir=in | app=system |
"{ECEABB7B-C03B-4A9C-8806-10D9E094F9B7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F9C09700-E517-4DBF-940A-2E01F0A08360}" = rport=137 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05C6EBBC-F502-40BF-ADF0-D76A2FF8FF9C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{08108A8D-6488-4883-9877-AD31313D1564}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1070BB0F-6841-4E26-B84F-D12228F104E0}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{1F0B92E6-78E5-4AE1-A0ED-3AAE4F732D9F}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{2045D9C4-6225-462A-814F-D2488371BC42}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe |
"{20D18AC4-E838-4B69-A741-EB275C953570}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{30D7CDDC-357B-48B7-9DFE-7434E7C5774D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{396AB89D-088E-48B3-B315-DB736DCF7087}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\arma 2\arma2.exe |
"{3C84B704-B867-4F0A-B3A3-9DB5A8488DC5}" = protocol=6 | dir=out | app=system |
"{3F3CFB08-F8F1-454D-B3BB-1A96FC829E3D}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{407F7BE5-4804-4AB8-88E8-8CF528E7923D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{44E8ED62-B68C-486E-B233-A4FA75BDBEE6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{519A31FC-45D9-4AB7-8DA1-77710DBFA9EF}" = protocol=6 | dir=in | app=c:\program files\diablo iii beta\diablo iii.exe |
"{5AD89D12-B86C-4367-B3F2-0A62C4AF60FA}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{61F66156-847B-46D3-8515-30FD0C48EC6A}" = protocol=6 | dir=in | app=c:\program files\diablo iii\diablo iii.exe |
"{7138DCFE-3DA6-450C-8D1F-DFD808BD6995}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{79597CB3-88B4-4525-85ED-7735D01643FD}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe |
"{799BED5C-A4F0-496A-8DCB-CBCBCE07B2CE}" = protocol=6 | dir=in | app=c:\program files\origin games\battlefield 3\bf3.exe |
"{7AB77A5C-9661-4627-8736-5ED9868FBE0B}" = protocol=17 | dir=in | app=c:\program files\pandora.tv\panservice\pandoraservice.exe |
"{7AF31219-A3B1-4A85-918A-377F5C0C01D4}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe |
"{7C762DDD-D50F-4B71-9B63-9BE0E5E3C054}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{85F5C508-493B-48A4-9D42-4513DA8B02B1}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{86C2569F-D082-4FD6-B59A-95CFE72398EE}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{8E58D2BF-AED6-4C91-A393-860C0699F3BB}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{989B00D3-BF1E-45A4-B315-AB655C8A0489}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{99177D50-DD89-4045-8F7C-E3E8A1F618DB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9C25317B-1E3A-40DE-8074-972F991E751B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A0519D46-12CD-46C8-B76A-58260F9F4D5F}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe |
"{A5156422-AC4C-4902-8927-A3AC865B541D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe |
"{A549B04E-D3F4-4C02-8667-29FE5BF2F5F1}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.649\agent.exe |
"{A876870B-37E1-4CD7-9757-260B46186487}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe |
"{ACF12DE5-8D95-42BB-9F50-C70508E4D3EC}" = protocol=17 | dir=in | app=c:\program files\diablo iii beta\diablo iii.exe |
"{AF21F2B6-D584-4FB9-92EB-56F467B5BDEC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B2BFE08F-E543-408D-BFFD-1EDE8515F838}" = protocol=17 | dir=in | app=c:\program files\origin games\battlefield 3\bf3.exe |
"{B3A4E6BB-7C70-4C1D-ABAF-99D89522C0B6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B63B021E-C0F6-4813-8C23-5CE389AF8B8E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{C597E01C-9A9D-429A-BC66-C7D5B0718D52}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C70D03CF-61C3-4189-92FF-AA6816A8985E}" = protocol=6 | dir=in | app=c:\program files\pandora.tv\panservice\pandoraservice.exe |
"{C8BF2B63-ABB0-40B6-9F53-FD8CA5FF93E9}" = protocol=6 | dir=in | app=c:\program files\pandora.tv\panservice\pandoraservice.exe |
"{D5CC9981-0056-4ABD-AC8B-BE32A26B1607}" = protocol=17 | dir=in | app=c:\program files\pandora.tv\panservice\pandoraservice.exe |
"{DEAC0DEA-72E8-4031-A055-E9F4DA14C459}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.649\agent.exe |
"{E2E7EAD6-63D2-4896-8D95-0B22A27DCBC2}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\arma 2\arma2.exe |
"{E41105BB-F6CD-41FA-BE2C-1604FA1B8DD1}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{E801D2D0-4556-4055-A82B-72E782434637}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E831EEFF-D049-46C5-977A-5FD37FF7E1BB}" = protocol=17 | dir=in | app=c:\program files\diablo iii\diablo iii.exe |
"{EF021421-C19A-4F47-8716-EFC08CDE561E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{FB41AB74-4580-4D40-A489-76B487E0614B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{FD0076FF-5A3B-4C84-B5B6-9F420527A261}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"TCP Query User{0F9482D4-D6D6-453A-AC6C-60FB5ABB2033}C:\program files\funcom\age of conan\ageofconandx10.exe" = protocol=6 | dir=in | app=c:\program files\funcom\age of conan\ageofconandx10.exe |
"TCP Query User{1D937C91-388D-4FF6-9BD4-9B79D8F4CD1C}C:\users\libecek\appdata\local\temp\rar$exa0.402\dayzupdater\dayzupdater.exe" = protocol=6 | dir=in | app=c:\users\libecek\appdata\local\temp\rar$exa0.402\dayzupdater\dayzupdater.exe |
"TCP Query User{21F2D396-9D6C-4735-87CC-AE683D93A89B}C:\-=games=-\starcraft ii\starcraft ii.exe" = protocol=6 | dir=in | app=c:\-=games=-\starcraft ii\starcraft ii.exe |
"TCP Query User{23FF4096-8B80-4662-8494-884173E537D4}C:\program files\electronic arts\ultima online classic\client.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\ultima online classic\client.exe |
"TCP Query User{2B3D70B5-4884-4802-8468-6A81D704410A}C:\program files\funcom\age of conan\conanpatcher.exe" = protocol=6 | dir=in | app=c:\program files\funcom\age of conan\conanpatcher.exe |
"TCP Query User{3D599EDB-5E66-4036-AE13-6972188FEE20}C:\program files\tera\tera-launcher.exe" = protocol=6 | dir=in | app=c:\program files\tera\tera-launcher.exe |
"TCP Query User{506EFBD5-DEE6-40A3-9945-B358037966CB}C:\program files\six projects\six updater\tools\bin\rsync.exe" = protocol=6 | dir=in | app=c:\program files\six projects\six updater\tools\bin\rsync.exe |
"TCP Query User{666D79B8-A7A5-4AA6-A8AC-4A8A5B1C7227}C:\users\libecek\downloads\starcraft_2_eu_en-gb (1).exe" = protocol=6 | dir=in | app=c:\users\libecek\downloads\starcraft_2_eu_en-gb (1).exe |
"TCP Query User{76A6C9B0-0C97-4098-997A-45D481FCD062}C:\programdata\battle.net\agent\agent.749\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.749\agent.exe |
"TCP Query User{772E1AAD-9816-445A-83D5-1C87079C1BF7}C:\-=games=-\starcraft ii\versions\base21029\sc2.exe" = protocol=6 | dir=in | app=c:\-=games=-\starcraft ii\versions\base21029\sc2.exe |
"TCP Query User{7FB4A394-12E1-488A-8583-C46A4A0E248A}C:\program files\funcom\age of conan\ageofconan.exe" = protocol=6 | dir=in | app=c:\program files\funcom\age of conan\ageofconan.exe |
"TCP Query User{9309C185-9C2A-42E8-98E5-1E8ACDC6E2CE}C:\-=games=-\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\-=games=-\starcraft ii\support\blizzarddownloader.exe |
"TCP Query User{980EE3D3-047C-4C20-BBA0-DB0A633F8079}C:\program files\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"TCP Query User{9FA236AF-3C8C-4193-92B6-319AB2FBCC60}C:\users\libecek\appdata\local\temp\gw2.exe" = protocol=6 | dir=in | app=c:\users\libecek\appdata\local\temp\gw2.exe |
"TCP Query User{ACFBD322-756F-48CE-88CE-0830159A0C21}C:\-=games=-\eve\bin\exefile.exe" = protocol=6 | dir=in | app=c:\-=games=-\eve\bin\exefile.exe |
"TCP Query User{AEA58125-15A9-46E2-AE8F-0AC6AAEAA5E9}C:\users\libecek\desktop\dayzupdater\dayzupdater.exe" = protocol=6 | dir=in | app=c:\users\libecek\desktop\dayzupdater\dayzupdater.exe |
"TCP Query User{C79644A8-928C-4DC2-99F4-0AB6EB856B2F}C:\users\libecek\appdata\local\temp\rar$exa0.980\dayzupdater\dayzupdater.exe" = protocol=6 | dir=in | app=c:\users\libecek\appdata\local\temp\rar$exa0.980\dayzupdater\dayzupdater.exe |
"TCP Query User{CA8452A6-1A7D-4041-804A-DCA5AD8B5FE3}C:\program files\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files\trillian\trillian.exe |
"TCP Query User{CC6CE236-8EF6-449F-9AFC-5B6875A48613}C:\program files\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\program files\guild wars 2\gw2.exe |
"TCP Query User{D6687166-A9ED-47FA-97D4-C207D2456026}C:\users\libecek\downloads\starcraft_2_eu_en-gb.exe" = protocol=6 | dir=in | app=c:\users\libecek\downloads\starcraft_2_eu_en-gb.exe |
"UDP Query User{1019120B-6BE3-47C2-BE98-7DC6BC773C52}C:\users\libecek\appdata\local\temp\rar$exa0.980\dayzupdater\dayzupdater.exe" = protocol=17 | dir=in | app=c:\users\libecek\appdata\local\temp\rar$exa0.980\dayzupdater\dayzupdater.exe |
"UDP Query User{14751F0B-C384-409C-9E24-E9F21D6B325B}C:\program files\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"UDP Query User{1A2BAA1E-52BE-4764-949E-461D5CD8E732}C:\program files\funcom\age of conan\conanpatcher.exe" = protocol=17 | dir=in | app=c:\program files\funcom\age of conan\conanpatcher.exe |
"UDP Query User{49237BD1-7CE9-411D-BCD7-9F9CDED2A1CD}C:\users\libecek\downloads\starcraft_2_eu_en-gb.exe" = protocol=17 | dir=in | app=c:\users\libecek\downloads\starcraft_2_eu_en-gb.exe |
"UDP Query User{4B099CFE-5E1D-4DDF-9388-C414641CF786}C:\program files\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\program files\guild wars 2\gw2.exe |
"UDP Query User{62E5F54B-5D75-47B4-A9CE-2C8D5E292756}C:\program files\six projects\six updater\tools\bin\rsync.exe" = protocol=17 | dir=in | app=c:\program files\six projects\six updater\tools\bin\rsync.exe |
"UDP Query User{6654F9E5-1D85-42E4-AF2B-1A004311F105}C:\-=games=-\starcraft ii\versions\base21029\sc2.exe" = protocol=17 | dir=in | app=c:\-=games=-\starcraft ii\versions\base21029\sc2.exe |
"UDP Query User{6B82AABD-D46D-4C0F-B581-7FD5D4FF36D7}C:\program files\tera\tera-launcher.exe" = protocol=17 | dir=in | app=c:\program files\tera\tera-launcher.exe |
"UDP Query User{79283E8B-22B8-404D-AF8E-5281C02A3A9F}C:\users\libecek\appdata\local\temp\rar$exa0.402\dayzupdater\dayzupdater.exe" = protocol=17 | dir=in | app=c:\users\libecek\appdata\local\temp\rar$exa0.402\dayzupdater\dayzupdater.exe |
"UDP Query User{7C2F72CD-FF60-44B3-9386-B5A6CAD13525}C:\program files\electronic arts\ultima online classic\client.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\ultima online classic\client.exe |
"UDP Query User{80CEEE1D-9114-451C-B758-22B68244CC95}C:\-=games=-\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\-=games=-\starcraft ii\support\blizzarddownloader.exe |
"UDP Query User{95F880D9-75C6-4789-BABE-4B17124152CB}C:\-=games=-\starcraft ii\starcraft ii.exe" = protocol=17 | dir=in | app=c:\-=games=-\starcraft ii\starcraft ii.exe |
"UDP Query User{9DEE8303-A51B-4DCC-9B3B-4CE4D88830DD}C:\-=games=-\eve\bin\exefile.exe" = protocol=17 | dir=in | app=c:\-=games=-\eve\bin\exefile.exe |
"UDP Query User{A6074896-2FF8-4BC1-8E2D-FF4355491392}C:\program files\funcom\age of conan\ageofconandx10.exe" = protocol=17 | dir=in | app=c:\program files\funcom\age of conan\ageofconandx10.exe |
"UDP Query User{B497FBEF-FFD6-4AF0-A59E-A0F38A714034}C:\programdata\battle.net\agent\agent.749\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.749\agent.exe |
"UDP Query User{B9F99F07-1517-4867-AC28-55E3A8233F7C}C:\program files\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files\trillian\trillian.exe |
"UDP Query User{BA2E57D0-6BE3-4DE2-80E0-D357274EF4F5}C:\program files\funcom\age of conan\ageofconan.exe" = protocol=17 | dir=in | app=c:\program files\funcom\age of conan\ageofconan.exe |
"UDP Query User{DDC4FFCD-24E7-4B6B-AF9C-2ADE55345F74}C:\users\libecek\appdata\local\temp\gw2.exe" = protocol=17 | dir=in | app=c:\users\libecek\appdata\local\temp\gw2.exe |
"UDP Query User{DE64C4FE-E1F5-416C-94C1-9226F36A1242}C:\users\libecek\downloads\starcraft_2_eu_en-gb (1).exe" = protocol=17 | dir=in | app=c:\users\libecek\downloads\starcraft_2_eu_en-gb (1).exe |
"UDP Query User{EDFABDAF-9F87-4625-9114-7CCE22FF1994}C:\users\libecek\desktop\dayzupdater\dayzupdater.exe" = protocol=17 | dir=in | app=c:\users\libecek\desktop\dayzupdater\dayzupdater.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01496C89-6117-AD97-3CB3-98AF2026070C}" = CCC Help German
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0486991B-63F4-5106-06CE-404D7BA55041}" = CCC Help Italian
"{071E3D6A-79AB-0085-8CCF-EF52AEC6666F}" = AMD Accelerated Video Transcoding
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{12453E04-9738-4D16-8408-D726532C2C69}" = ASUS VGA Driver
"{177A3BC5-ECD3-BFF1-4D87-C4B417924DF2}" = CCC Help Russian
"{19D368B2-5601-007B-A296-535706E00D97}" = CCC Help English
"{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}" = Cool & Quiet
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{278FA289-F502-D888-A3BA-5FA10308AAAD}" = CCC Help Danish
"{33FFD86B-569C-9E8D-6659-A1F84D07CAD0}" = AMD Catalyst Install Manager
"{37476589-E48E-439E-A706-56189E2ED4C4}" = TheBflix
"{3A698498-6C55-8C4D-DCF4-840930FF990F}" = AMD Drag and Drop Transcoding
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{44F77218-4BBD-1B74-88B7-FC302868F2B3}" = CCC Help Japanese
"{489BC3B4-AEF9-E14A-11BC-B70FDE9D543D}" = CCC Help Chinese Traditional
"{48AF685A-8A78-86DE-52AD-A6B3EA0A83A6}" = ATI AVIVO Codecs
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A85AE1B-9727-261D-9EAF-07C1AECCF977}" = CCC Help Turkish
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{502699FF-F586-54B1-91E8-E85D9FAE0D6D}" = CCC Help Greek
"{53EF1C4D-0705-98F2-1889-A69BBF9F03F3}" = CCC Help Thai
"{548A4EF3-BD97-0813-B469-E1E2FC9DE487}" = CCC Help Korean
"{55533224-CAD0-39B5-6297-E1B2D1D8F176}" = Catalyst Control Center
"{590828E0-9BA6-3E4D-8491-A1D9CC3EB8CE}" = CCC Help French
"{63F9D765-E8DE-D921-1C6A-DF17C1DFDDA1}" = ccc-utility
"{64BFBE7A-886C-4CA2-A9B4-0C2B5A5942BC}" = Battlefield 3™
"{64FD7EED-E062-4AC0-82BE-C9340A79C59A}" = RagnrokOnline
"{6563FAF5-84F9-0A35-C032-182EBC4C3BDB}" = CCC Help Finnish
"{6D46F639-5F2F-90F3-4B60-EB2EF264B82E}" = CCC Help Spanish
"{70210CF8-CAB1-8FEB-D964-C33AFE18730B}" = CCC Help Czech
"{7036A6F4-5DAD-3908-956D-1752CD7F7E5A}" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{83C9E961-1A33-444E-B3A9-5CE3B941888A}" = Six Updater
"{8B1AEC85-4507-28BD-F3BA-4A5D732752E7}" = CCC Help Hungarian
"{8B7917E0-AF55-4E8A-9473-017F0AA03AC8}" = QuickTime
"{8C5ACED4-34D3-23BB-F90E-2F90420321BC}" = Catalyst Control Center Localization All
"{96A0DEB6-093D-B872-955C-BE865574C448}" = AMD Media Foundation Decoders
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A3DAD349-E48E-AE45-3F26-7B80A4FFCD26}" = Catalyst Control Center InstallProxy
"{AC76BA86-7AD7-1029-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Czech
"{B0B1A8A5-4711-BB6C-DD59-9794AD928368}" = CCC Help Dutch
"{B33D2348-2938-1A03-0CD3-E6F7101244E0}" = CCC Help Polish
"{B7C8D838-9C3A-1177-B80A-E3C512FD8AF5}" = CCC Help Swedish
"{DDCB737A-EEC8-3815-42DA-69011A55E3E5}" = Catalyst Control Center Graphics Previews Common
"{E170E984-6B20-79C2-1E9F-0256EC5ADFB4}" = CCC Help Chinese Standard
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E866E52C-1F56-4CCF-0071-CA915F8CFEDA}" = CCC Help Norwegian
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5D245CC-C332-1E8E-CCB1-75E0C3C4D6F1}" = CCC Help Portuguese
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Altap Salamander 2.54" = Altap Salamander 2.54
"AutoHotkey" = AutoHotkey 1.0.48.05
"Fraps" = Fraps (remove only)
"Guild Wars 2" = Guild Wars 2
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware verze 1.65.1.1000
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile CSY Language Pack" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Drivers" = NVIDIA Drivers
"Origin" = Origin
"sp6" = Logitech SetPoint 6.32
"Steam App 200510" = XCOM: Enemy Unknown
"Steam App 570" = Dota 2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"The KMPlayer" = The KMPlayer (remove only)
"Trillian" = Trillian
"WinRAR archiver" = WinRAR 4.11 (32-bit)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-618347355-2767662451-920019664-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6.10.2012 7:07:11 | Computer Name = Libecek-PC | Source = VSS | ID = 8194
Description =

Error - 7.10.2012 12:14:36 | Computer Name = Libecek-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: isuspm.exe, verze: 3.0.100.1131, časové
razítko: 0x40816c48 Název chybujícího modulu: isuspm.exe, verze: 3.0.100.1131, časové
razítko: 0x40816c48 Kód výjimky: 0xc0000005 Posun chyby: 0x00016501 ID chybujícího
procesu: 0x101c Čas spuštění chybující aplikace: 0x01cda4a6d04d1d4b Cesta k chybující
aplikaci: c:\program files\common files\installshield\updateservice\isuspm.exe Cesta
k chybujícímu modulu: c:\program files\common files\installshield\updateservice\isuspm.exe
ID
zprávy: 15ef18b4-109a-11e2-bb56-001e8c7e6c1e

Error - 12.10.2012 11:15:12 | Computer Name = Libecek-PC | Source = VSS | ID = 8194
Description =

Error - 13.10.2012 14:25:54 | Computer Name = Libecek-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: Dwm.exe, verze: 6.1.7600.16385, časové razítko:
0x4a5bc225 Název chybujícího modulu: FRAPS32.DLL_unloaded, verze: 0.0.0.0, časové
razítko: 0x4af2418c Kód výjimky: 0xc0000005 Posun chyby: 0x6358c6b4 ID chybujícího
procesu: 0x620 Čas spuštění chybující aplikace: 0x01cda91d4f3d7b6c Cesta k chybující
aplikaci: C:\Windows\system32\Dwm.exe Cesta k chybujícímu modulu: FRAPS32.DLL ID
zprávy: 6c406271-1563-11e2-b645-001e8c7e6c1e

Error - 14.10.2012 11:13:53 | Computer Name = Libecek-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: isuspm.exe, verze: 3.0.100.1131, časové
razítko: 0x40816c48 Název chybujícího modulu: isuspm.exe, verze: 3.0.100.1131, časové
razítko: 0x40816c48 Kód výjimky: 0xc0000005 Posun chyby: 0x000169bf ID chybujícího
procesu: 0x6f4 Čas spuštění chybující aplikace: 0x01cdaa1e7d859094 Cesta k chybující
aplikaci: c:\program files\common files\installshield\updateservice\isuspm.exe Cesta
k chybujícímu modulu: c:\program files\common files\installshield\updateservice\isuspm.exe
ID
zprávy: c39b7a55-1611-11e2-b5a4-001e8c7e6c1e

Error - 21.10.2012 12:45:53 | Computer Name = Libecek-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: isuspm.exe, verze: 3.0.100.1131, časové
razítko: 0x40816c48 Název chybujícího modulu: isuspm.exe, verze: 3.0.100.1131, časové
razítko: 0x40816c48 Kód výjimky: 0xc0000005 Posun chyby: 0x00016501 ID chybujícího
procesu: 0xf94 Čas spuštění chybující aplikace: 0x01cdafab80db9853 Cesta k chybující
aplikaci: c:\program files\common files\installshield\updateservice\isuspm.exe Cesta
k chybujícímu modulu: c:\program files\common files\installshield\updateservice\isuspm.exe
ID
zprávy: c6b574d9-1b9e-11e2-99de-001e8c7e6c1e

Error - 25.10.2012 12:49:06 | Computer Name = Libecek-PC | Source = Application Hang | ID = 1002
Description = Program Steam.exe verze 1.0.1446.623 přestal spolupracovat se systémem
Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto
problému, vyhledejte historii problému v ovládacím panelu Centrum akcí. ID procesu:
7cc Čas spuštění: 01cdb2d08c2724d7 Čas ukončení: 16 Cesta k aplikaci: C:\Program Files\Steam\Steam.exe

ID
hlášení: de86d756-1ec3-11e2-9e33-001e8c7e6c1e

Error - 26.10.2012 22:12:27 | Computer Name = Libecek-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: Steam.exe, verze: 1.0.1446.623, časové razítko:
0x5004ae1a Název chybujícího modulu: tier0_s.dll_unloaded, verze: 0.0.0.0, časové
razítko: 0x5085e8e8 Kód výjimky: 0xc0000005 Posun chyby: 0x5f6e7d40 ID chybujícího
procesu: 0xa30 Čas spuštění chybující aplikace: 0x01cdb3c050865acc Cesta k chybující
aplikaci: C:\Program Files\Steam\Steam.exe Cesta k chybujícímu modulu: tier0_s.dll
ID
zprávy: c0e91581-1fdb-11e2-99c8-001e8c7e6c1e

Error - 26.10.2012 22:12:34 | Computer Name = Libecek-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: Steam.exe, verze: 1.0.1446.623, časové razítko:
0x5004ae1a Název chybujícího modulu: tier0_s.dll_unloaded, verze: 0.0.0.0, časové
razítko: 0x5085e8e8 Kód výjimky: 0xc0000005 Posun chyby: 0x5f6ce40b ID chybujícího
procesu: 0xa30 Čas spuštění chybující aplikace: 0x01cdb3c050865acc Cesta k chybující
aplikaci: C:\Program Files\Steam\Steam.exe Cesta k chybujícímu modulu: tier0_s.dll
ID
zprávy: c50bf5e4-1fdb-11e2-99c8-001e8c7e6c1e

Error - 28.10.2012 11:45:46 | Computer Name = Libecek-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: isuspm.exe, verze: 3.0.100.1131, časové
razítko: 0x40816c48 Název chybujícího modulu: ieframe.dll, verze: 9.0.8112.16450,
časové razítko: 0x5037273b Kód výjimky: 0xc0000005 Posun chyby: 0x00083a6a ID chybujícího
procesu: 0xc04 Čas spuštění chybující aplikace: 0x01cdb52342df44f8 Cesta k chybující
aplikaci: c:\program files\common files\installshield\updateservice\isuspm.exe Cesta
k chybujícímu modulu: C:\Windows\System32\ieframe.dll ID zprávy: 89733f10-2116-11e2-9af1-001e8c7e6c1e

[ System Events ]
Error - 4.9.2012 6:49:15 | Computer Name = Libecek-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Instalace se nezdařila: Instalování následující aktualizace se nezdařilo
z důvodu chyby (0x800b0100): Aktualizace systému Windows 7 (KB2677070).

Error - 4.9.2012 16:18:59 | Computer Name = Libecek-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Instalace se nezdařila: Instalování následující aktualizace se nezdařilo
z důvodu chyby (0x800b0100): Aktualizace systému Windows 7 (KB2677070).

Error - 5.9.2012 4:42:32 | Computer Name = Libecek-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Instalace se nezdařila: Instalování následující aktualizace se nezdařilo
z důvodu chyby (0x800b0100): Aktualizace systému Windows 7 (KB2677070).

Error - 5.9.2012 6:43:14 | Computer Name = Libecek-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Instalace se nezdařila: Instalování následující aktualizace se nezdařilo
z důvodu chyby (0x800b0100): Aktualizace systému Windows 7 (KB2677070).

Error - 5.9.2012 12:32:51 | Computer Name = Libecek-PC | Source = Service Control Manager | ID = 7009
Description = Při čekání na připojení služby Steam Client Service bylo dosaženo
časového limitu (30000 ms).

Error - 5.9.2012 12:32:51 | Computer Name = Libecek-PC | Source = Service Control Manager | ID = 7000
Description = Služba Steam Client Service neuspěla při spuštění v důsledku následující
chyby: %%1053

Error - 5.9.2012 17:15:44 | Computer Name = Libecek-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Instalace se nezdařila: Instalování následující aktualizace se nezdařilo
z důvodu chyby (0x800b0100): Aktualizace systému Windows 7 (KB2677070).

Error - 6.9.2012 9:18:45 | Computer Name = Libecek-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Instalace se nezdařila: Instalování následující aktualizace se nezdařilo
z důvodu chyby (0x800b0100): Aktualizace systému Windows 7 (KB2677070).

Error - 6.9.2012 19:04:16 | Computer Name = Libecek-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Instalace se nezdařila: Instalování následující aktualizace se nezdařilo
z důvodu chyby (0x800b0100): Aktualizace systému Windows 7 (KB2677070).

Error - 7.9.2012 4:53:08 | Computer Name = Libecek-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Instalace se nezdařila: Instalování následující aktualizace se nezdařilo
z důvodu chyby (0x800b0100): Aktualizace systému Windows 7 (KB2677070).


< End of report >
gorf
Regular Member
 
Posts: 20
Joined: October 28th, 2012, 9:12 pm

Re: cannot get rid of gboxapp in my browser

Unread postby gorf » November 1st, 2012, 6:02 pm

OTL logfile created on: 1.11.2012 22:50:34 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Libecek\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,50 Gb Total Physical Memory | 2,09 Gb Available Physical Memory | 59,64% Memory free
7,00 Gb Paging File | 5,31 Gb Available in Paging File | 75,92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 75,01 Gb Free Space | 32,21% Space Free | Partition Type: NTFS
Drive D: | 1,26 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: LIBECEK-PC | User Name: Libecek | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.10.31 22:59:45 | 003,389,080 | ---- | M] (Electronic Arts) -- C:\Program Files\Origin\Origin.exe
PRC - [2012.10.29 01:29:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Libecek\Downloads\OTL.exe
PRC - [2012.10.25 07:34:44 | 000,529,744 | ---- | M] (Valve Corporation) -- C:\Program Files\Common Files\Steam\SteamService.exe
PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.12 17:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2012.09.12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012.09.12 17:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012.08.27 17:29:27 | 008,886,256 | ---- | M] (TeamSpeak Systems GmbH) -- C:\Program Files\TeamSpeak 3 Client\ts3client_win32.exe
PRC - [2012.08.04 07:47:09 | 001,353,080 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\Steam.exe
PRC - [2012.07.28 03:10:10 | 000,469,504 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2012.07.28 03:09:30 | 000,217,600 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2012.07.26 23:00:00 | 002,380,752 | ---- | M] (Cerulean Studios) -- C:\Program Files\Trillian\trillian.exe
PRC - [2011.10.07 10:40:42 | 001,387,288 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
PRC - [2011.09.27 20:05:24 | 000,149,784 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
PRC - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.01.21 01:52:14 | 000,167,528 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
PRC - [2010.01.21 01:52:12 | 000,370,792 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe


========== Modules (No Company Name) ==========

MOD - [2012.10.25 07:34:44 | 020,317,008 | ---- | M] () -- C:\Program Files\Steam\bin\libcef.dll
MOD - [2012.10.25 07:34:44 | 000,214,528 | ---- | M] () -- C:\Program Files\Steam\bin\mssvoice.asi
MOD - [2012.10.25 07:34:44 | 000,095,744 | ---- | M] () -- C:\Program Files\Steam\bin\mssmp3.asi
MOD - [2012.10.25 07:34:43 | 001,099,616 | ---- | M] () -- C:\Program Files\Steam\bin\avcodec-53.dll
MOD - [2012.10.25 07:34:43 | 000,902,480 | ---- | M] () -- C:\Program Files\Steam\bin\chromehtml.dll
MOD - [2012.10.25 07:34:43 | 000,190,816 | ---- | M] () -- C:\Program Files\Steam\bin\avformat-53.dll
MOD - [2012.10.25 07:34:43 | 000,123,232 | ---- | M] () -- C:\Program Files\Steam\bin\avutil-51.dll
MOD - [2012.10.10 11:06:15 | 000,460,312 | ---- | M] () -- C:\Users\Libecek\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppgooglenaclpluginchrome.dll
MOD - [2012.10.10 11:06:13 | 012,435,992 | ---- | M] () -- C:\Users\Libecek\AppData\Local\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll
MOD - [2012.10.10 11:06:12 | 004,005,912 | ---- | M] () -- C:\Users\Libecek\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll
MOD - [2012.10.10 11:04:57 | 000,578,072 | ---- | M] () -- C:\Users\Libecek\AppData\Local\Google\Chrome\Application\22.0.1229.94\libglesv2.dll
MOD - [2012.10.10 11:04:55 | 000,123,928 | ---- | M] () -- C:\Users\Libecek\AppData\Local\Google\Chrome\Application\22.0.1229.94\libegl.dll
MOD - [2012.10.10 11:04:44 | 000,156,712 | ---- | M] () -- C:\Users\Libecek\AppData\Local\Google\Chrome\Application\22.0.1229.94\avutil-51.dll
MOD - [2012.10.10 11:04:43 | 000,275,496 | ---- | M] () -- C:\Users\Libecek\AppData\Local\Google\Chrome\Application\22.0.1229.94\avformat-54.dll
MOD - [2012.10.10 11:04:42 | 002,168,360 | ---- | M] () -- C:\Users\Libecek\AppData\Local\Google\Chrome\Application\22.0.1229.94\avcodec-54.dll
MOD - [2012.08.27 17:29:27 | 000,426,480 | ---- | M] () -- C:\Program Files\TeamSpeak 3 Client\plugins\clientquery_plugin.dll
MOD - [2012.08.27 17:29:27 | 000,235,504 | ---- | M] () -- C:\Program Files\TeamSpeak 3 Client\soundbackends\windowsaudiosession_win32.dll
MOD - [2012.08.27 17:29:27 | 000,230,384 | ---- | M] () -- C:\Program Files\TeamSpeak 3 Client\soundbackends\directsound_win32.dll
MOD - [2012.08.27 17:29:27 | 000,159,216 | ---- | M] () -- C:\Program Files\TeamSpeak 3 Client\plugins\appscanner_plugin.dll
MOD - [2012.08.06 11:07:30 | 000,369,152 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2012.07.26 23:00:00 | 000,187,392 | ---- | M] () -- C:\Program Files\Trillian\libpng15.dll
MOD - [2012.07.26 23:00:00 | 000,065,536 | ---- | M] () -- C:\Program Files\Trillian\libungif.dll
MOD - [2012.07.26 23:00:00 | 000,059,904 | ---- | M] () -- C:\Program Files\Trillian\zlib1.dll
MOD - [2012.07.26 23:00:00 | 000,011,264 | ---- | M] () -- c:\Program Files\Trillian\languages\en\buddy.dll
MOD - [2012.07.26 23:00:00 | 000,007,168 | ---- | M] () -- c:\Program Files\Trillian\languages\en\talk.dll
MOD - [2012.07.26 23:00:00 | 000,006,656 | ---- | M] () -- c:\Program Files\Trillian\languages\en\trillian.dll
MOD - [2012.07.26 23:00:00 | 000,006,656 | ---- | M] () -- c:\Program Files\Trillian\languages\en\events.dll
MOD - [2012.07.26 23:00:00 | 000,003,584 | ---- | M] () -- c:\Program Files\Trillian\languages\en\toolkit.dll
MOD - [2012.06.14 15:53:09 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\50933f0a7ece72e717ba7d17559df5ef\WindowsFormsIntegration.ni.dll
MOD - [2012.06.14 13:07:18 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\2b07e726c1c19bb8440d82b200fb603b\System.Web.ni.dll
MOD - [2012.06.14 13:07:08 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
MOD - [2012.06.14 13:06:56 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\697251a50a103e3d047178c2ab710593\System.Windows.Forms.ni.dll
MOD - [2012.06.14 13:06:50 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012.06.14 13:06:49 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
MOD - [2012.05.10 18:40:46 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll
MOD - [2012.05.10 18:33:09 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
MOD - [2012.05.10 18:32:56 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012.05.10 18:32:30 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\ca2eff60beb3ba00a529a2d42dceca22\UIAutomationProvider.ni.dll
MOD - [2012.05.10 18:32:22 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012.05.10 18:32:18 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.10 18:32:15 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.05.10 18:32:14 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.10 18:32:07 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012.02.17 19:55:36 | 000,166,912 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2012.02.15 11:33:46 | 007,859,200 | ---- | M] () -- C:\Program Files\TeamSpeak 3 Client\QtGui4.dll
MOD - [2012.02.15 11:33:46 | 002,210,816 | ---- | M] () -- C:\Program Files\TeamSpeak 3 Client\QtCore4.dll
MOD - [2012.02.15 11:33:46 | 000,814,080 | ---- | M] () -- C:\Program Files\TeamSpeak 3 Client\QtNetwork4.dll
MOD - [2012.02.15 11:33:46 | 000,195,584 | ---- | M] () -- C:\Program Files\TeamSpeak 3 Client\imageformats\qjpeg4.dll
MOD - [2012.02.15 11:33:46 | 000,025,600 | ---- | M] () -- C:\Program Files\TeamSpeak 3 Client\imageformats\qgif4.dll
MOD - [2011.10.07 10:41:16 | 000,879,896 | ---- | M] () -- C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
MOD - [2010.11.13 03:37:08 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_cs_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2010.11.13 03:37:03 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_cs_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.05 02:53:44 | 000,237,568 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_cs_31bf3856ad364e35\PresentationFramework.resources.dll
MOD - [2010.11.05 02:53:33 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_cs_b77a5c561934e089\System.resources.dll


========== Services (SafeList) ==========

SRV - [2012.10.25 07:34:44 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.10.08 20:15:44 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.09.12 17:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.09.12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.08.11 19:52:55 | 000,316,888 | ---- | M] (Protection Technology) [Auto | Stopped] -- C:\Windows\System32\appdrvrem01.exe -- (appdrvrem01)
SRV - [2012.07.28 03:09:30 | 000,217,600 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.03.04 19:02:24 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011.09.27 20:03:28 | 000,295,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010.01.21 01:52:14 | 000,167,528 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2010.01.21 01:52:12 | 000,370,792 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)
SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.08.30 22:03:50 | 000,099,272 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012.08.11 19:52:56 | 002,627,760 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\Windows\System32\drivers\appdrv01.sys -- (appdrv01)
DRV - [2012.07.28 05:06:48 | 008,758,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2012.07.28 05:06:48 | 008,758,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2012.07.28 02:14:22 | 000,296,448 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2012.05.14 07:12:28 | 000,086,656 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2011.09.02 07:31:28 | 000,039,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2011.09.02 07:31:28 | 000,030,360 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2011.09.02 07:31:20 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2010.11.20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.04.09 02:32:36 | 000,215,656 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2010.03.04 18:26:56 | 000,296,936 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET)
DRV - [2009.09.30 02:33:56 | 000,104,976 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009.07.13 23:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009.05.13 18:11:34 | 000,006,504 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2007.12.17 16:14:06 | 000,012,400 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsIO.sys -- (AsIO)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.gboxapp.com/
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\URLSearchHook: {3B81079D-2AC9-425f-A494-A1C7D93AFA3C} - C:\Program Files\GadgetBox\gadgetBoxTB.dll (GadgetBox)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://search.gboxapp.com/?q={searchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-618347355-2767662451-920019664-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.gboxapp.com/
IE - HKU\S-1-5-21-618347355-2767662451-920019664-1001\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-618347355-2767662451-920019664-1001\..\URLSearchHook: {3B81079D-2AC9-425f-A494-A1C7D93AFA3C} - C:\Program Files\GadgetBox\gadgetBoxTB.dll (GadgetBox)
IE - HKU\S-1-5-21-618347355-2767662451-920019664-1001\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
IE - HKU\S-1-5-21-618347355-2767662451-920019664-1001\..\URLSearchHook: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - No CLSID value found
IE - HKU\S-1-5-21-618347355-2767662451-920019664-1001\..\SearchScopes,DefaultScope = {BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
IE - HKU\S-1-5-21-618347355-2767662451-920019664-1001\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://search.gboxapp.com/?q={searchTerms}
IE - HKU\S-1-5-21-618347355-2767662451-920019664-1001\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb119/?search={searchTerms}&loc=IB_DS&a=6R8oT117Mp&i=26
IE - HKU\S-1-5-21-618347355-2767662451-920019664-1001\..\SearchScopes\{F32AE9E6-5369-4DF2-A66F-C0950D694C41}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-618347355-2767662451-920019664-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Libecek\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Libecek\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)


[2012.10.28 20:22:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions
[2012.03.31 20:15:25 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2012.10.28 20:22:01 | 000,000,000 | ---D | M] (uTorrentControl_v2) -- C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}
[2012.04.04 12:25:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Libecek\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Libecek\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Libecek\AppData\Local\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Libecek\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Libecek\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Users\Libecek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Vyhled\u00E1v\u00E1n\u00ED Google = C:\Users\Libecek\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\Libecek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (GagetBox) - {3B81079D-2AC9-425f-A494-A1C7D93AFA3C} - C:\Program Files\GadgetBox\gadgetBoxTB.dll (GadgetBox)
O3 - HKU\S-1-5-21-618347355-2767662451-920019664-1001\..\Toolbar\WebBrowser: (no name) - {687578B9-7132-4A7A-80E4-30EE31099E03} - No CLSID value found.
O4 - HKLM..\Run: [AMD AVT] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-618347355-2767662451-920019664-1001..\Run: [EADM] C:\Program Files\Origin\Origin.exe (Electronic Arts)
O4 - HKU\S-1-5-21-618347355-2767662451-920019664-1001..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-618347355-2767662451-920019664-1001..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ECFB1BEF-77A9-4F72-B5C3-C37E925F5088}: DhcpNameServer = 10.0.0.138
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5eb70a0c-e31c-11e1-94ee-001e8c7e6c1e}\Shell - "" = AutoRun
O33 - MountPoints2\{5eb70a0c-e31c-11e1-94ee-001e8c7e6c1e}\Shell\AutoRun\command - "" = E:\FalloutLauncher.exe
O33 - MountPoints2\{91ec2317-7b12-11e1-aebc-001e8c7e6c1e}\Shell - "" = AutoRun
O33 - MountPoints2\{91ec2317-7b12-11e1-aebc-001e8c7e6c1e}\Shell\AutoRun\command - "" = E:\FalloutLauncher.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.10.31 23:00:01 | 000,000,000 | ---D | C] -- C:\Users\Libecek\AppData\Local\Origin
[2012.10.30 19:08:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012.10.29 01:54:49 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012.10.29 01:37:49 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.10.29 01:16:07 | 000,000,000 | ---D | C] -- C:\Users\Libecek\AppData\Roaming\Malwarebytes
[2012.10.29 01:15:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.29 01:15:50 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.10.29 01:15:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.10.29 01:15:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.10.28 20:22:02 | 000,000,000 | ---D | C] -- C:\Users\Libecek\AppData\Local\CRE
[2012.10.28 20:12:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium
[2012.10.28 20:11:59 | 000,000,000 | ---D | C] -- C:\ProgramData\GadgetBox
[2012.10.28 20:11:59 | 000,000,000 | ---D | C] -- C:\Program Files\GadgetBox
[2012.10.13 18:38:14 | 000,000,000 | ---D | C] -- C:\Users\Libecek\AppData\Local\Adobe
[2012.10.13 18:37:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012.10.13 18:37:16 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012.10.13 18:36:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012.10.11 12:20:10 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012.10.11 12:20:07 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2012.10.11 12:20:07 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012.10.11 12:20:06 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2012.10.11 12:20:06 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2012.10.11 12:20:06 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2012.10.11 12:20:06 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2012.10.11 12:20:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.10.11 12:20:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2012.10.11 12:20:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2012.10.11 12:20:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2012.10.11 12:20:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2012.10.11 12:20:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2012.10.11 12:20:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.10.11 12:20:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.10.11 12:20:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2012.10.11 12:20:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.11 12:20:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2012.10.11 12:20:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2012.10.11 12:20:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2012.10.11 12:20:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2012.10.11 12:20:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.10.11 12:20:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2012.10.11 12:20:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2012.10.11 12:20:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2012.10.11 12:20:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2012.10.11 12:20:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.10.11 12:20:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2012.10.11 12:20:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2012.10.11 12:20:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2012.10.11 12:20:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2012.10.11 12:19:59 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.10.11 12:19:59 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012.10.07 18:14:15 | 000,000,000 | ---D | C] -- C:\Users\Libecek\Desktop\tablet
[2012.10.06 12:08:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
[2012.10.06 10:02:43 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update

========== Files - Modified Within 30 Days ==========

[2012.11.01 22:46:40 | 000,000,000 | ---- | M] () -- C:\Users\Libecek\defogger_reenable
[2012.11.01 22:45:00 | 000,000,970 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-618347355-2767662451-920019664-1001UA.job
[2012.11.01 22:15:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.01 20:45:00 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-618347355-2767662451-920019664-1001Core.job
[2012.11.01 18:02:53 | 000,015,360 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.01 18:02:53 | 000,015,360 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.01 18:01:48 | 000,631,054 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2012.11.01 18:01:48 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.11.01 18:01:48 | 000,121,708 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2012.11.01 18:01:48 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.11.01 17:55:52 | 000,000,440 | -H-- | M] () -- C:\Windows\tasks\GadgetBox UpdaterUpdaterTask{15CEFCF4-3899-406F-89C8-6FF0534A62C1}.job
[2012.11.01 17:55:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.01 17:55:33 | 2817,433,600 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.30 19:08:27 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012.10.29 01:15:51 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.10.13 18:37:23 | 000,001,989 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.10.12 16:56:36 | 000,000,216 | ---- | M] () -- C:\Users\Libecek\Desktop\XCOM Enemy Unknown.url
[2012.10.11 12:46:33 | 000,002,495 | ---- | M] () -- C:\Users\Libecek\Desktop\Google Chrome.lnk
[2012.10.08 20:15:41 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.10.08 20:15:41 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.10.07 19:57:38 | 001,477,337 | ---- | M] () -- C:\Users\Libecek\Desktop\XCOM_EU_PC_MANUAL_ENG.pdf

========== Files Created - No Company Name ==========

[2012.11.01 22:46:40 | 000,000,000 | ---- | C] () -- C:\Users\Libecek\defogger_reenable
[2012.10.30 19:08:27 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012.10.30 19:08:22 | 000,002,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012.10.29 01:15:51 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.10.29 00:57:40 | 000,032,768 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2012.10.28 20:12:11 | 000,000,440 | -H-- | C] () -- C:\Windows\tasks\GadgetBox UpdaterUpdaterTask{15CEFCF4-3899-406F-89C8-6FF0534A62C1}.job
[2012.10.13 18:38:36 | 001,477,337 | ---- | C] () -- C:\Users\Libecek\Desktop\XCOM_EU_PC_MANUAL_ENG.pdf
[2012.10.13 18:37:23 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012.10.13 18:37:23 | 000,001,989 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.10.12 16:56:36 | 000,000,216 | ---- | C] () -- C:\Users\Libecek\Desktop\XCOM Enemy Unknown.url
[2012.10.06 12:08:22 | 000,001,338 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk
[2012.09.23 21:37:59 | 000,138,056 | ---- | C] () -- C:\Users\Libecek\AppData\Roaming\PnkBstrK.sys
[2012.07.27 21:47:36 | 000,159,232 | ---- | C] () -- C:\Windows\System32\clinfo.exe
[2012.04.15 14:38:51 | 000,024,576 | ---- | C] () -- C:\Windows\System32\AsIO.dll
[2012.04.15 14:38:51 | 000,012,400 | ---- | C] () -- C:\Windows\System32\drivers\AsIO.sys
[2012.04.15 14:38:49 | 000,011,832 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp64.sys
[2012.04.15 14:38:49 | 000,010,216 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp32.sys
[2012.04.15 14:38:37 | 000,006,504 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2012.04.12 20:30:10 | 000,637,743 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2012.03.29 23:22:03 | 000,000,600 | ---- | C] () -- C:\Users\Libecek\AppData\Roaming\winscp.rnd
[2012.03.09 13:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\System32\kdbsdk32.dll
[2012.03.08 18:24:59 | 000,087,254 | ---- | C] () -- C:\Users\Libecek\AppData\Roaming\icarus-dxdiag.xml
[2012.03.05 09:20:15 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012.03.04 17:14:09 | 000,200,468 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2012.03.04 16:16:03 | 000,010,084 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2012.03.04 16:06:37 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2012.03.04 15:23:36 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.02.15 03:28:34 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
[2012.02.15 03:28:32 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
[2011.09.28 16:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat

========== ZeroAccess Check ==========

[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012.04.01 09:20:49 | 000,000,000 | ---D | M] -- C:\Users\Libecek\AppData\Roaming\DAEMON Tools Lite
[2012.09.18 19:01:14 | 000,000,000 | ---D | M] -- C:\Users\Libecek\AppData\Roaming\EuroTalk
[2012.05.07 23:17:43 | 000,000,000 | ---D | M] -- C:\Users\Libecek\AppData\Roaming\IrfanView
[2012.03.04 16:02:16 | 000,000,000 | ---D | M] -- C:\Users\Libecek\AppData\Roaming\Leadertech
[2012.09.22 17:08:36 | 000,000,000 | ---D | M] -- C:\Users\Libecek\AppData\Roaming\Origin
[2012.03.30 16:20:52 | 000,000,000 | ---D | M] -- C:\Users\Libecek\AppData\Roaming\Razor
[2012.06.13 21:22:36 | 000,000,000 | ---D | M] -- C:\Users\Libecek\AppData\Roaming\six-updater
[2012.06.13 08:04:18 | 000,000,000 | ---D | M] -- C:\Users\Libecek\AppData\Roaming\six-zsync
[2012.06.13 15:49:16 | 000,000,000 | ---D | M] -- C:\Users\Libecek\AppData\Roaming\Spirited Machine
[2012.03.04 19:15:59 | 000,000,000 | ---D | M] -- C:\Users\Libecek\AppData\Roaming\TeamViewer
[2012.03.20 23:32:50 | 000,000,000 | ---D | M] -- C:\Users\Libecek\AppData\Roaming\Trillian
[2012.08.27 17:29:30 | 000,000,000 | ---D | M] -- C:\Users\Libecek\AppData\Roaming\TS3Client
[2012.03.08 21:14:12 | 000,000,000 | ---D | M] -- C:\Users\Libecek\AppData\Roaming\ts3overlay
[2012.10.29 01:14:04 | 000,000,000 | ---D | M] -- C:\Users\Libecek\AppData\Roaming\uTorrent

========== Purity Check ==========



< End of report >
gorf
Regular Member
 
Posts: 20
Joined: October 28th, 2012, 9:12 pm

Re: cannot get rid of gboxapp in my browser

Unread postby pgmigg » November 2nd, 2012, 11:19 am

Hello gorf,

Good job! :D Let continue our treatment...

Step 1.
TDSSKiller - Rootkit Removal Tool - Scan only
Please download the TDSSKiller.exe by Kaspersky and save it to your Desktop. <-Important!!!
  1. Right click on TDSSKiller.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
    If TDSSKiller does not run, please rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. zarodinu.com).
    If you don't see file extensions, please see: How to change the file extension.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. If the scan completes with nothing found, click Close to exit.
  4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Please select Skip instead of Cure (default).
  5. Then click Continue, then Close and then Close again.
  6. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory (usually Local Disk C:).
  7. Copy and paste the contents of that file in your next reply.

Step 2.
OTL - Run Fix Script
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Underneath Output at the top, make sure Standard Output is selected.
  3. Copy and Paste the following code into the Image text box. Do not include the word Code
    Code: Select all
    :OTL
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.gboxapp.com/
    IE - HKLM\..\URLSearchHook: - No CLSID value found
    IE - HKLM\..\URLSearchHook: {3B81079D-2AC9-425f-A494-A1C7D93AFA3C} - C:\Program Files\GadgetBox\gadgetBoxTB.dll (GadgetBox)
    IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://search.gboxapp.com/?q={searchTerms}
    IE - HKU\S-1-5-21-618347355-2767662451-920019664-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.gboxapp.com/
    IE - HKU\S-1-5-21-618347355-2767662451-920019664-1001\..\URLSearchHook: - No CLSID value found
    IE - HKU\S-1-5-21-618347355-2767662451-920019664-1001\..\URLSearchHook: {3B81079D-2AC9-425f-A494-A1C7D93AFA3C} - C:\Program Files\GadgetBox\gadgetBoxTB.dll (GadgetBox)
    IE - HKU\S-1-5-21-618347355-2767662451-920019664-1001\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
    IE - HKU\S-1-5-21-618347355-2767662451-920019664-1001\..\URLSearchHook: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - No CLSID value found
    IE - HKU\S-1-5-21-618347355-2767662451-920019664-1001\..\SearchScopes,DefaultScope = {BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
    IE - HKU\S-1-5-21-618347355-2767662451-920019664-1001\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://search.gboxapp.com/?q={searchTerms}
    IE - HKU\S-1-5-21-618347355-2767662451-920019664-1001\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb119/?search={searchTerms}&loc=IB_DS&a=6R8oT117Mp&i=26
    [2012.03.31 20:15:25 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
    O3 - HKLM\..\Toolbar: (GagetBox) - {3B81079D-2AC9-425f-A494-A1C7D93AFA3C} - C:\Program Files\GadgetBox\gadgetBoxTB.dll (GadgetBox)
    O3 - HKU\S-1-5-21-618347355-2767662451-920019664-1001\..\Toolbar\WebBrowser: (no name) - {687578B9-7132-4A7A-80E4-30EE31099E03} - No CLSID value found.
    O4 - HKU\S-1-5-21-618347355-2767662451-920019664-1001..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED File not found
    
    :Files
    C:\ProgramData\GadgetBox
    C:\Program Files\GadgetBox
    C:\Users\Libecek\AppData\Roaming\DAEMON Tools Lite
    C:\Users\Libecek\AppData\Roaming\uTorrent
    ipconfig /flushdns /c
    
    :Reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{1F0B92E6-78E5-4AE1-A0ED-3AAE4F732D9F}" =-
    "{3F3CFB08-F8F1-454D-B3BB-1A96FC829E3D}" =-
    "{5AD89D12-B86C-4367-B3F2-0A62C4AF60FA}" =-
    "{799BED5C-A4F0-496A-8DCB-CBCBCE07B2CE}" =-
    "{86C2569F-D082-4FD6-B59A-95CFE72398EE}" =-
    "{8E58D2BF-AED6-4C91-A393-860C0699F3BB}" =-
    "{A5156422-AC4C-4902-8927-A3AC865B541D}" =-
    "{A549B04E-D3F4-4C02-8667-29FE5BF2F5F1}" =-
    "{B2BFE08F-E543-408D-BFFD-1EDE8515F838}" =-
    "{DEAC0DEA-72E8-4031-A055-E9F4DA14C459}" =-
    "{E41105BB-F6CD-41FA-BE2C-1604FA1B8DD1}" =-
    "TCP Query User{76A6C9B0-0C97-4098-997A-45D481FCD062}C:\programdata\battle.net\agent\agent.749\agent.exe" =-
    "UDP Query User{B497FBEF-FFD6-4AF0-A59E-A0F38A714034}C:\programdata\battle.net\agent\agent.749\agent.exe" =-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{64BFBE7A-886C-4CA2-A9B4-0C2B5A5942BC}" =-
    
    :Commands
    [EMPTYTEMP]
    [EMPTYFLASH]
    [EMPTYJAVA]
    [CREATERESTOREPOINT]
    
  4. Click under the Custom Scan/Fixes box and paste the copied text.
  5. Click the Run Fix button. If prompted... click OK.
  6. OTL may ask to reboot the machine. Please do so if asked.
  7. Let the program run unhindered and reboot the PC when it is done.
    When the computer reboots, and you start your usual account, a Notepad text file will appear.
  8. Copy the contents of that file and post it in your next reply. The log can also be found, based on the date/time it was created, as C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log

Step 3.
SystemLook
Please download SystemLook_x64.exe by jpshortstuff and save it to your Desktop.
Alternate download site.
  1. Right click on SystemLook.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
    If you receive an "Open file - security warning"... asking "Do you want to run this file?", press the Run button.
  2. Highlight and copy the following entries into SystemLook's main text entry window:

    Code: Select all
    :filefind
    *uTorrent*
    *alotappbar*
    *Battlefield*
    *Battlelog*
    *BattlEye*
    *Bandoo*
    *Blekko*
    *Conduit*
    *datamngr*
    *Fun4IM*
    *Funmoods*
    *GadgetBox*
    *gboxapp*
    *iLivid*
    *Incredibar*
    *IObit*
    *PunkBuster*
    *Searchnu*
    *Searchqu*
    *trolltech*
    *Vuze*
    *whitesmoke*
    *Yontoo*
    
    :folderfind
    *uTorrent*
    *alotappbar*
    *Bandoo*
    *Battlefield*
    *Battlelog*
    *BattlEye*
    *Blekko*
    *Conduit*
    *datamngr*
    *Fun4IM*
    *Funmoods*
    *GadgetBox*
    *gboxapp*
    *iLivid*
    *Incredibar*
    *IObit*
    *PunkBuster*
    *Searchnu*
    *Searchqu*
    *trolltech*
    *Vuze*
    *whitesmoke*
    *Yontoo*
    
    :Regfind
    uTorrent
    alotappbar
    Bandoo
    Battlefield
    Battlelog
    BattlEye
    Blekko
    Conduit
    datamngr
    Fun4IM
    Funmoods
    GadgetBox
    gboxapp
    iLivid
    Incredibar
    IObit
    PunkBuster
    Searchnu
    Searchqu
    trolltech
    Vuze
    whitesmoke
    Yontoo
    
  3. Press the Look button to start the scan.
    When finished, a Notepad window will open with the results of the scan.
    A file will be created (on your Desktop) with the results of the scan, named SystemLook.txt
  4. Please post the contents of the SystemLook.txt file in your next reply.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt log file
  3. Contents of the C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log log file after OTL FixScript run
  4. Contents of the SystemLook.txt log file
  5. Do you see any changes in computer behavior?

Please do not hesitate to divide the post into multiple if it is too long...

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: cannot get rid of gboxapp in my browser

Unread postby gorf » November 3rd, 2012, 7:52 am

Hello,

no problems at all during all steps.

12:38:38.0583 1040 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
12:38:40.0192 1040 ============================================================
12:38:40.0192 1040 Current date / time: 2012/11/03 12:38:40.0192
12:38:40.0192 1040 SystemInfo:
12:38:40.0192 1040
12:38:40.0192 1040 OS Version: 6.1.7601 ServicePack: 1.0
12:38:40.0192 1040 Product type: Workstation
12:38:40.0192 1040 ComputerName: LIBECEK-PC
12:38:40.0192 1040 UserName: Libecek
12:38:40.0192 1040 Windows directory: C:\Windows
12:38:40.0192 1040 System windows directory: C:\Windows
12:38:40.0192 1040 Processor architecture: Intel x86
12:38:40.0192 1040 Number of processors: 2
12:38:40.0192 1040 Page size: 0x1000
12:38:40.0192 1040 Boot type: Normal boot
12:38:40.0192 1040 ============================================================
12:38:41.0067 1040 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:38:41.0067 1040 ============================================================
12:38:41.0067 1040 \Device\Harddisk0\DR0:
12:38:41.0067 1040 MBR partitions:
12:38:41.0067 1040 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C0681
12:38:41.0067 1040 ============================================================
12:38:41.0083 1040 C: <-> \Device\Harddisk0\DR0\Partition1
12:38:41.0083 1040 ============================================================
12:38:41.0083 1040 Initialize success
12:38:41.0083 1040 ============================================================
12:38:45.0098 4280 ============================================================
12:38:45.0098 4280 Scan started
12:38:45.0098 4280 Mode: Manual;
12:38:45.0098 4280 ============================================================
12:38:45.0301 4280 ================ Scan system memory ========================
12:38:45.0301 4280 System memory - ok
12:38:45.0301 4280 ================ Scan services =============================
12:38:45.0395 4280 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
12:38:45.0395 4280 1394ohci - ok
12:38:45.0426 4280 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
12:38:45.0426 4280 ACPI - ok
12:38:45.0442 4280 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
12:38:45.0442 4280 AcpiPmi - ok
12:38:45.0551 4280 [ 11A52CF7B265631DEEB24C6149309EFF ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
12:38:45.0551 4280 AdobeARMservice - ok
12:38:45.0614 4280 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:38:45.0614 4280 AdobeFlashPlayerUpdateSvc - ok
12:38:45.0661 4280 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
12:38:45.0661 4280 adp94xx - ok
12:38:45.0676 4280 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
12:38:45.0676 4280 adpahci - ok
12:38:45.0692 4280 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
12:38:45.0692 4280 adpu320 - ok
12:38:45.0723 4280 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
12:38:45.0723 4280 AeLookupSvc - ok
12:38:45.0770 4280 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
12:38:45.0770 4280 AFD - ok
12:38:45.0786 4280 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
12:38:45.0786 4280 agp440 - ok
12:38:45.0817 4280 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
12:38:45.0817 4280 aic78xx - ok
12:38:45.0848 4280 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
12:38:45.0848 4280 ALG - ok
12:38:45.0864 4280 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
12:38:45.0864 4280 aliide - ok
12:38:45.0911 4280 [ 87F8E98FCD859D2F0C291DCF9F1A5543 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
12:38:45.0911 4280 AMD External Events Utility - ok
12:38:45.0926 4280 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
12:38:45.0926 4280 amdagp - ok
12:38:45.0942 4280 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
12:38:45.0942 4280 amdide - ok
12:38:45.0973 4280 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
12:38:45.0973 4280 AmdK8 - ok
12:38:46.0161 4280 [ 6617FED21C91E821E3D00484741B302F ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
12:38:46.0286 4280 amdkmdag - ok
12:38:46.0317 4280 [ 0CD80C1ABE5507B4ADBFC8338E3698E0 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
12:38:46.0317 4280 amdkmdap - ok
12:38:46.0348 4280 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
12:38:46.0348 4280 AmdPPM - ok
12:38:46.0411 4280 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
12:38:46.0411 4280 amdsata - ok
12:38:46.0473 4280 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
12:38:46.0489 4280 amdsbs - ok
12:38:46.0567 4280 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
12:38:46.0567 4280 amdxata - ok
12:38:46.0661 4280 [ FBC2B15CD49B041B8A847F5E5932F005 ] appdrv01 C:\Windows\system32\Drivers\appdrv01.sys
12:38:46.0708 4280 appdrv01 - ok
12:38:46.0739 4280 appdrvrem01 - ok
12:38:46.0770 4280 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
12:38:46.0786 4280 AppID - ok
12:38:46.0817 4280 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
12:38:46.0817 4280 AppIDSvc - ok
12:38:46.0833 4280 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
12:38:46.0833 4280 Appinfo - ok
12:38:46.0864 4280 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
12:38:46.0864 4280 AppMgmt - ok
12:38:46.0911 4280 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
12:38:46.0911 4280 arc - ok
12:38:46.0926 4280 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
12:38:46.0926 4280 arcsas - ok
12:38:46.0973 4280 [ 2B4E66FAC6503494A2C6F32BB6AB3826 ] AsIO C:\Windows\system32\drivers\AsIO.sys
12:38:46.0973 4280 AsIO - ok
12:38:47.0036 4280 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
12:38:47.0051 4280 AsyncMac - ok
12:38:47.0098 4280 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
12:38:47.0098 4280 atapi - ok
12:38:47.0129 4280 [ 434192D027A6A11E32E1C74C7C43E1ED ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW73.sys
12:38:47.0129 4280 AtiHDAudioService - ok
12:38:47.0145 4280 [ 40A07E6916AC098E31A9E39AC202B8A1 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
12:38:47.0145 4280 AtiHdmiService - ok
12:38:47.0301 4280 [ 6617FED21C91E821E3D00484741B302F ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
12:38:47.0333 4280 atikmdag - ok
12:38:47.0379 4280 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:38:47.0379 4280 AudioEndpointBuilder - ok
12:38:47.0379 4280 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
12:38:47.0379 4280 Audiosrv - ok
12:38:47.0426 4280 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
12:38:47.0426 4280 AxInstSV - ok
12:38:47.0473 4280 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
12:38:47.0473 4280 b06bdrv - ok
12:38:47.0504 4280 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
12:38:47.0504 4280 b57nd60x - ok
12:38:47.0551 4280 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
12:38:47.0551 4280 BDESVC - ok
12:38:47.0551 4280 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
12:38:47.0551 4280 Beep - ok
12:38:47.0614 4280 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
12:38:47.0614 4280 BFE - ok
12:38:47.0645 4280 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
12:38:47.0645 4280 BITS - ok
12:38:47.0661 4280 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
12:38:47.0661 4280 blbdrive - ok
12:38:47.0692 4280 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
12:38:47.0692 4280 bowser - ok
12:38:47.0692 4280 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:38:47.0692 4280 BrFiltLo - ok
12:38:47.0708 4280 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:38:47.0708 4280 BrFiltUp - ok
12:38:47.0723 4280 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
12:38:47.0723 4280 Browser - ok
12:38:47.0754 4280 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
12:38:47.0754 4280 Brserid - ok
12:38:47.0754 4280 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
12:38:47.0754 4280 BrSerWdm - ok
12:38:47.0754 4280 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
12:38:47.0754 4280 BrUsbMdm - ok
12:38:47.0770 4280 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
12:38:47.0770 4280 BrUsbSer - ok
12:38:47.0770 4280 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
12:38:47.0770 4280 BTHMODEM - ok
12:38:47.0817 4280 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
12:38:47.0817 4280 bthserv - ok
12:38:47.0833 4280 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
12:38:47.0833 4280 cdfs - ok
12:38:47.0879 4280 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
12:38:47.0879 4280 cdrom - ok
12:38:47.0911 4280 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
12:38:47.0911 4280 CertPropSvc - ok
12:38:47.0926 4280 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
12:38:47.0926 4280 circlass - ok
12:38:47.0958 4280 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
12:38:47.0973 4280 CLFS - ok
12:38:48.0004 4280 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:38:48.0004 4280 clr_optimization_v2.0.50727_32 - ok
12:38:48.0067 4280 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:38:48.0083 4280 clr_optimization_v4.0.30319_32 - ok
12:38:48.0083 4280 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
12:38:48.0083 4280 CmBatt - ok
12:38:48.0098 4280 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
12:38:48.0098 4280 cmdide - ok
12:38:48.0129 4280 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
12:38:48.0129 4280 CNG - ok
12:38:48.0145 4280 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
12:38:48.0145 4280 Compbatt - ok
12:38:48.0176 4280 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
12:38:48.0176 4280 CompositeBus - ok
12:38:48.0192 4280 COMSysApp - ok
12:38:48.0208 4280 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
12:38:48.0208 4280 crcdisk - ok
12:38:48.0254 4280 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
12:38:48.0254 4280 CryptSvc - ok
12:38:48.0317 4280 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
12:38:48.0317 4280 CSC - ok
12:38:48.0364 4280 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
12:38:48.0364 4280 CscService - ok
12:38:48.0379 4280 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
12:38:48.0395 4280 DcomLaunch - ok
12:38:48.0411 4280 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
12:38:48.0411 4280 defragsvc - ok
12:38:48.0442 4280 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
12:38:48.0442 4280 DfsC - ok
12:38:48.0473 4280 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
12:38:48.0473 4280 Dhcp - ok
12:38:48.0489 4280 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
12:38:48.0489 4280 discache - ok
12:38:48.0520 4280 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
12:38:48.0520 4280 Disk - ok
12:38:48.0536 4280 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
12:38:48.0536 4280 Dnscache - ok
12:38:48.0598 4280 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
12:38:48.0614 4280 dot3svc - ok
12:38:48.0645 4280 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
12:38:48.0645 4280 DPS - ok
12:38:48.0661 4280 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
12:38:48.0661 4280 drmkaud - ok
12:38:48.0723 4280 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
12:38:48.0723 4280 DXGKrnl - ok
12:38:48.0739 4280 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
12:38:48.0739 4280 EapHost - ok
12:38:48.0817 4280 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
12:38:48.0848 4280 ebdrv - ok
12:38:48.0879 4280 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
12:38:48.0879 4280 EFS - ok
12:38:48.0926 4280 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
12:38:48.0926 4280 ehRecvr - ok
12:38:48.0958 4280 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
12:38:48.0958 4280 ehSched - ok
12:38:48.0989 4280 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
12:38:48.0989 4280 elxstor - ok
12:38:49.0036 4280 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
12:38:49.0036 4280 ErrDev - ok
12:38:49.0051 4280 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
12:38:49.0067 4280 EventSystem - ok
12:38:49.0083 4280 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
12:38:49.0083 4280 exfat - ok
12:38:49.0083 4280 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
12:38:49.0083 4280 fastfat - ok
12:38:49.0114 4280 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
12:38:49.0129 4280 Fax - ok
12:38:49.0145 4280 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
12:38:49.0145 4280 fdc - ok
12:38:49.0145 4280 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
12:38:49.0145 4280 fdPHost - ok
12:38:49.0161 4280 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
12:38:49.0161 4280 FDResPub - ok
12:38:49.0176 4280 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
12:38:49.0176 4280 FileInfo - ok
12:38:49.0192 4280 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
12:38:49.0192 4280 Filetrace - ok
12:38:49.0192 4280 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
12:38:49.0208 4280 flpydisk - ok
12:38:49.0223 4280 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
12:38:49.0223 4280 FltMgr - ok
12:38:49.0254 4280 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
12:38:49.0254 4280 FontCache - ok
12:38:49.0301 4280 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
12:38:49.0301 4280 FontCache3.0.0.0 - ok
12:38:49.0379 4280 [ 7DFF82ACDAB23414ABC2A95FEF8982F8 ] ForceWare Intelligent Application Manager (IAM) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
12:38:49.0379 4280 ForceWare Intelligent Application Manager (IAM) - ok
12:38:49.0395 4280 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
12:38:49.0395 4280 FsDepends - ok
12:38:49.0411 4280 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
12:38:49.0411 4280 Fs_Rec - ok
12:38:49.0442 4280 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
12:38:49.0442 4280 fvevol - ok
12:38:49.0473 4280 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
12:38:49.0489 4280 gagp30kx - ok
12:38:49.0504 4280 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
12:38:49.0520 4280 gpsvc - ok
12:38:49.0536 4280 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
12:38:49.0536 4280 hcw85cir - ok
12:38:49.0583 4280 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:38:49.0583 4280 HdAudAddService - ok
12:38:49.0614 4280 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
12:38:49.0614 4280 HDAudBus - ok
12:38:49.0629 4280 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
12:38:49.0629 4280 HidBatt - ok
12:38:49.0629 4280 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
12:38:49.0629 4280 HidBth - ok
12:38:49.0629 4280 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
12:38:49.0629 4280 HidIr - ok
12:38:49.0661 4280 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
12:38:49.0661 4280 hidserv - ok
12:38:49.0708 4280 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
12:38:49.0708 4280 HidUsb - ok
12:38:49.0739 4280 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
12:38:49.0739 4280 hkmsvc - ok
12:38:49.0754 4280 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:38:49.0770 4280 HomeGroupListener - ok
12:38:49.0786 4280 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:38:49.0786 4280 HomeGroupProvider - ok
12:38:49.0833 4280 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
12:38:49.0833 4280 HpSAMD - ok
12:38:49.0864 4280 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
12:38:49.0879 4280 HTTP - ok
12:38:49.0911 4280 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
12:38:49.0911 4280 hwpolicy - ok
12:38:49.0926 4280 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
12:38:49.0926 4280 i8042prt - ok
12:38:49.0942 4280 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
12:38:49.0958 4280 iaStorV - ok
12:38:50.0020 4280 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:38:50.0036 4280 idsvc - ok
12:38:50.0051 4280 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
12:38:50.0051 4280 iirsp - ok
12:38:50.0098 4280 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
12:38:50.0098 4280 IKEEXT - ok
12:38:50.0192 4280 [ 0DBEF9CD5A2CD71240DD5AFCEE56D073 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
12:38:50.0223 4280 IntcAzAudAddService - ok
12:38:50.0239 4280 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
12:38:50.0239 4280 intelide - ok
12:38:50.0270 4280 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
12:38:50.0270 4280 intelppm - ok
12:38:50.0286 4280 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
12:38:50.0286 4280 IPBusEnum - ok
12:38:50.0317 4280 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:38:50.0317 4280 IpFilterDriver - ok
12:38:50.0348 4280 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
12:38:50.0348 4280 iphlpsvc - ok
12:38:50.0379 4280 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
12:38:50.0379 4280 IPMIDRV - ok
12:38:50.0379 4280 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
12:38:50.0379 4280 IPNAT - ok
12:38:50.0411 4280 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
12:38:50.0411 4280 IRENUM - ok
12:38:50.0442 4280 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
12:38:50.0442 4280 isapnp - ok
12:38:50.0458 4280 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
12:38:50.0458 4280 iScsiPrt - ok
12:38:50.0473 4280 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
12:38:50.0489 4280 kbdclass - ok
12:38:50.0504 4280 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
12:38:50.0504 4280 kbdhid - ok
12:38:50.0520 4280 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
12:38:50.0520 4280 KeyIso - ok
12:38:50.0536 4280 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
12:38:50.0536 4280 KSecDD - ok
12:38:50.0536 4280 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
12:38:50.0551 4280 KSecPkg - ok
12:38:50.0567 4280 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
12:38:50.0567 4280 KtmRm - ok
12:38:50.0598 4280 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
12:38:50.0598 4280 LanmanServer - ok
12:38:50.0629 4280 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:38:50.0629 4280 LanmanWorkstation - ok
12:38:50.0708 4280 [ 910344E2A984010435AE84783B25E5EB ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
12:38:50.0708 4280 LBTServ - ok
12:38:50.0739 4280 [ 01CC7FB6E790EF044B411377F3A1FF41 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
12:38:50.0739 4280 LHidFilt - ok
12:38:50.0770 4280 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
12:38:50.0770 4280 lltdio - ok
12:38:50.0786 4280 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
12:38:50.0786 4280 lltdsvc - ok
12:38:50.0801 4280 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
12:38:50.0801 4280 lmhosts - ok
12:38:50.0833 4280 [ A2E7EAE8898D7B4B8C302B8F4E836BB5 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
12:38:50.0833 4280 LMouFilt - ok
12:38:50.0848 4280 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
12:38:50.0848 4280 LSI_FC - ok
12:38:50.0864 4280 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
12:38:50.0864 4280 LSI_SAS - ok
12:38:50.0879 4280 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:38:50.0879 4280 LSI_SAS2 - ok
12:38:50.0895 4280 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:38:50.0895 4280 LSI_SCSI - ok
12:38:50.0926 4280 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
12:38:50.0926 4280 luafv - ok
12:38:50.0973 4280 [ DDFA88E36D5F8DB5FBDBDDDC4969DB0A ] LUsbFilt C:\Windows\system32\Drivers\LUsbFilt.Sys
12:38:50.0973 4280 LUsbFilt - ok
12:38:51.0020 4280 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
12:38:51.0020 4280 MBAMProtector - ok
12:38:51.0067 4280 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
12:38:51.0067 4280 MBAMScheduler - ok
12:38:51.0083 4280 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
12:38:51.0098 4280 MBAMService - ok
12:38:51.0114 4280 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
12:38:51.0129 4280 Mcx2Svc - ok
12:38:51.0161 4280 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
12:38:51.0161 4280 megasas - ok
12:38:51.0176 4280 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
12:38:51.0192 4280 MegaSR - ok
12:38:51.0239 4280 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
12:38:51.0239 4280 MMCSS - ok
12:38:51.0239 4280 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
12:38:51.0239 4280 Modem - ok
12:38:51.0254 4280 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
12:38:51.0254 4280 monitor - ok
12:38:51.0286 4280 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
12:38:51.0286 4280 mouclass - ok
12:38:51.0286 4280 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
12:38:51.0286 4280 mouhid - ok
12:38:51.0301 4280 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
12:38:51.0301 4280 mountmgr - ok
12:38:51.0348 4280 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
12:38:51.0348 4280 MpFilter - ok
12:38:51.0379 4280 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
12:38:51.0379 4280 mpio - ok
12:38:51.0489 4280 [ A69630D039C38018689190234F866D77 ] MpKsl976cd6f4 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{29BCDBD4-D076-45DD-B135-1FC9E47B2004}\MpKsl976cd6f4.sys
12:38:51.0489 4280 MpKsl976cd6f4 - ok
12:38:51.0504 4280 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
12:38:51.0504 4280 mpsdrv - ok
12:38:51.0551 4280 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
12:38:51.0551 4280 MpsSvc - ok
12:38:51.0583 4280 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
12:38:51.0583 4280 MRxDAV - ok
12:38:51.0629 4280 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
12:38:51.0629 4280 mrxsmb - ok
12:38:51.0629 4280 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:38:51.0645 4280 mrxsmb10 - ok
12:38:51.0645 4280 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:38:51.0645 4280 mrxsmb20 - ok
12:38:51.0676 4280 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
12:38:51.0676 4280 msahci - ok
12:38:51.0692 4280 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
12:38:51.0708 4280 msdsm - ok
12:38:51.0723 4280 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
12:38:51.0723 4280 MSDTC - ok
12:38:51.0754 4280 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
12:38:51.0754 4280 Msfs - ok
12:38:51.0770 4280 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
12:38:51.0770 4280 mshidkmdf - ok
12:38:51.0786 4280 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
12:38:51.0786 4280 msisadrv - ok
12:38:51.0817 4280 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
12:38:51.0817 4280 MSiSCSI - ok
12:38:51.0817 4280 msiserver - ok
12:38:51.0848 4280 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
12:38:51.0848 4280 MSKSSRV - ok
12:38:51.0911 4280 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
12:38:51.0911 4280 MsMpSvc - ok
12:38:51.0926 4280 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
12:38:51.0926 4280 MSPCLOCK - ok
12:38:51.0942 4280 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
12:38:51.0942 4280 MSPQM - ok
12:38:51.0973 4280 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
12:38:51.0973 4280 MsRPC - ok
12:38:51.0989 4280 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
12:38:51.0989 4280 mssmbios - ok
12:38:51.0989 4280 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
12:38:51.0989 4280 MSTEE - ok
12:38:52.0004 4280 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
12:38:52.0020 4280 MTConfig - ok
12:38:52.0051 4280 [ 0F24624106D8042E7F27882D9D6FF5C0 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
12:38:52.0051 4280 MTsensor - ok
12:38:52.0067 4280 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
12:38:52.0067 4280 Mup - ok
12:38:52.0083 4280 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
12:38:52.0083 4280 napagent - ok
12:38:52.0129 4280 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
12:38:52.0129 4280 NativeWifiP - ok
12:38:52.0192 4280 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
12:38:52.0192 4280 NDIS - ok
12:38:52.0208 4280 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
12:38:52.0208 4280 NdisCap - ok
12:38:52.0223 4280 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
12:38:52.0223 4280 NdisTapi - ok
12:38:52.0254 4280 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
12:38:52.0254 4280 Ndisuio - ok
12:38:52.0286 4280 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
12:38:52.0286 4280 NdisWan - ok
12:38:52.0301 4280 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
12:38:52.0301 4280 NDProxy - ok
12:38:52.0333 4280 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
12:38:52.0333 4280 NetBIOS - ok
12:38:52.0348 4280 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
12:38:52.0348 4280 NetBT - ok
12:38:52.0364 4280 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
12:38:52.0364 4280 Netlogon - ok
12:38:52.0395 4280 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
12:38:52.0395 4280 Netman - ok
12:38:52.0395 4280 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
12:38:52.0395 4280 netprofm - ok
12:38:52.0426 4280 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:38:52.0442 4280 NetTcpPortSharing - ok
12:38:52.0458 4280 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
12:38:52.0458 4280 nfrd960 - ok
12:38:52.0520 4280 [ 2CD24A6AF497D0E9B9BF3DA924ED05E6 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
12:38:52.0520 4280 NisDrv - ok
12:38:52.0567 4280 [ 3B846434055F80D9E89D0742F3ADAD34 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
12:38:52.0567 4280 NisSrv - ok
12:38:52.0583 4280 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
12:38:52.0583 4280 NlaSvc - ok
12:38:52.0598 4280 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
12:38:52.0598 4280 Npfs - ok
12:38:52.0629 4280 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
12:38:52.0629 4280 nsi - ok
12:38:52.0645 4280 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
12:38:52.0645 4280 nsiproxy - ok
12:38:52.0676 4280 [ 198FF60A42802C319FBA58FDB13EEE49 ] nSvcIp C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
12:38:52.0676 4280 nSvcIp - ok
12:38:52.0708 4280 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
12:38:52.0723 4280 Ntfs - ok
12:38:52.0739 4280 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
12:38:52.0739 4280 Null - ok
12:38:52.0770 4280 [ B5E37E31C053BC9950455A257526514B ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x32.sys
12:38:52.0770 4280 NVENETFD - ok
12:38:52.0786 4280 [ 0219B05730635FCAB3A9925D3374C464 ] NVNET C:\Windows\system32\DRIVERS\nvmf6232.sys
12:38:52.0786 4280 NVNET - ok
12:38:52.0833 4280 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
12:38:52.0833 4280 nvraid - ok
12:38:52.0848 4280 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
12:38:52.0848 4280 nvstor - ok
12:38:52.0879 4280 [ 97778C3CB3AF6B2243648D0DCD4D8916 ] nvstor32 C:\Windows\system32\DRIVERS\nvstor32.sys
12:38:52.0879 4280 nvstor32 - ok
12:38:52.0895 4280 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
12:38:52.0895 4280 nv_agp - ok
12:38:52.0926 4280 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
12:38:52.0926 4280 ohci1394 - ok
12:38:52.0973 4280 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
12:38:52.0973 4280 p2pimsvc - ok
12:38:52.0973 4280 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
12:38:52.0989 4280 p2psvc - ok
12:38:53.0020 4280 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
12:38:53.0020 4280 Parport - ok
12:38:53.0051 4280 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
12:38:53.0051 4280 partmgr - ok
12:38:53.0051 4280 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
12:38:53.0051 4280 Parvdm - ok
12:38:53.0067 4280 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
12:38:53.0067 4280 PcaSvc - ok
12:38:53.0083 4280 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
12:38:53.0083 4280 pci - ok
12:38:53.0098 4280 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
12:38:53.0098 4280 pciide - ok
12:38:53.0114 4280 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
12:38:53.0114 4280 pcmcia - ok
12:38:53.0129 4280 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
12:38:53.0129 4280 pcw - ok
12:38:53.0161 4280 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
12:38:53.0161 4280 PEAUTH - ok
12:38:53.0192 4280 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
12:38:53.0208 4280 PeerDistSvc - ok
12:38:53.0254 4280 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
12:38:53.0270 4280 pla - ok
12:38:53.0317 4280 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
12:38:53.0317 4280 PlugPlay - ok
12:38:53.0333 4280 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
12:38:53.0333 4280 PNRPAutoReg - ok
12:38:53.0348 4280 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
12:38:53.0348 4280 PNRPsvc - ok
12:38:53.0379 4280 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
12:38:53.0395 4280 PolicyAgent - ok
12:38:53.0426 4280 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
12:38:53.0442 4280 Power - ok
12:38:53.0458 4280 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
12:38:53.0473 4280 PptpMiniport - ok
12:38:53.0473 4280 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
12:38:53.0473 4280 Processor - ok
12:38:53.0504 4280 [ 43CA4CCC22D52FB58E8988F0198851D0 ] ProfSvc C:\Windows\system32\profsvc.dll
12:38:53.0520 4280 ProfSvc - ok
12:38:53.0520 4280 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:38:53.0520 4280 ProtectedStorage - ok
12:38:53.0551 4280 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
12:38:53.0551 4280 Psched - ok
12:38:53.0598 4280 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
12:38:53.0614 4280 ql2300 - ok
12:38:53.0629 4280 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
12:38:53.0629 4280 ql40xx - ok
12:38:53.0676 4280 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
12:38:53.0676 4280 QWAVE - ok
12:38:53.0676 4280 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
12:38:53.0692 4280 QWAVEdrv - ok
12:38:53.0692 4280 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
12:38:53.0692 4280 RasAcd - ok
12:38:53.0723 4280 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
12:38:53.0723 4280 RasAgileVpn - ok
12:38:53.0723 4280 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
12:38:53.0739 4280 RasAuto - ok
12:38:53.0739 4280 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
12:38:53.0739 4280 Rasl2tp - ok
12:38:53.0786 4280 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
12:38:53.0786 4280 RasMan - ok
12:38:53.0801 4280 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
12:38:53.0801 4280 RasPppoe - ok
12:38:53.0801 4280 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
12:38:53.0801 4280 RasSstp - ok
12:38:53.0848 4280 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
12:38:53.0864 4280 rdbss - ok
12:38:53.0879 4280 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
12:38:53.0879 4280 rdpbus - ok
12:38:53.0895 4280 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
12:38:53.0895 4280 RDPCDD - ok
12:38:53.0911 4280 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
12:38:53.0926 4280 RDPDR - ok
12:38:53.0942 4280 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
12:38:53.0942 4280 RDPENCDD - ok
12:38:53.0958 4280 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
12:38:53.0958 4280 RDPREFMP - ok
12:38:53.0989 4280 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
12:38:53.0989 4280 RDPWD - ok
12:38:54.0036 4280 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
12:38:54.0036 4280 rdyboost - ok
12:38:54.0051 4280 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
12:38:54.0067 4280 RemoteAccess - ok
12:38:54.0083 4280 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
12:38:54.0083 4280 RemoteRegistry - ok
12:38:54.0114 4280 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
12:38:54.0114 4280 RpcEptMapper - ok
12:38:54.0114 4280 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
12:38:54.0114 4280 RpcLocator - ok
12:38:54.0129 4280 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
12:38:54.0145 4280 RpcSs - ok
12:38:54.0161 4280 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
12:38:54.0161 4280 rspndr - ok
12:38:54.0192 4280 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
12:38:54.0192 4280 s3cap - ok
12:38:54.0192 4280 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
12:38:54.0192 4280 SamSs - ok
12:38:54.0223 4280 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
12:38:54.0223 4280 sbp2port - ok
12:38:54.0254 4280 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
12:38:54.0254 4280 SCardSvr - ok
12:38:54.0254 4280 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
12:38:54.0254 4280 scfilter - ok
12:38:54.0286 4280 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
12:38:54.0301 4280 Schedule - ok
12:38:54.0317 4280 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
12:38:54.0317 4280 SCPolicySvc - ok
12:38:54.0333 4280 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
12:38:54.0333 4280 SDRSVC - ok
12:38:54.0364 4280 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
12:38:54.0364 4280 secdrv - ok
12:38:54.0364 4280 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
12:38:54.0379 4280 seclogon - ok
12:38:54.0395 4280 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
12:38:54.0411 4280 SENS - ok
12:38:54.0426 4280 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
12:38:54.0426 4280 SensrSvc - ok
12:38:54.0458 4280 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
12:38:54.0458 4280 Serenum - ok
12:38:54.0489 4280 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
12:38:54.0489 4280 Serial - ok
12:38:54.0520 4280 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
12:38:54.0520 4280 sermouse - ok
12:38:54.0551 4280 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
12:38:54.0551 4280 SessionEnv - ok
12:38:54.0567 4280 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
12:38:54.0567 4280 sffdisk - ok
12:38:54.0567 4280 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
12:38:54.0567 4280 sffp_mmc - ok
12:38:54.0583 4280 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
12:38:54.0583 4280 sffp_sd - ok
12:38:54.0598 4280 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
12:38:54.0598 4280 sfloppy - ok
12:38:54.0629 4280 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
12:38:54.0645 4280 SharedAccess - ok
12:38:54.0676 4280 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:38:54.0676 4280 ShellHWDetection - ok
12:38:54.0692 4280 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
12:38:54.0692 4280 sisagp - ok
12:38:54.0723 4280 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:38:54.0723 4280 SiSRaid2 - ok
12:38:54.0723 4280 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
12:38:54.0739 4280 SiSRaid4 - ok
12:38:54.0770 4280 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
12:38:54.0770 4280 Smb - ok
12:38:54.0801 4280 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
12:38:54.0801 4280 SNMPTRAP - ok
12:38:54.0817 4280 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
12:38:54.0817 4280 spldr - ok
12:38:54.0848 4280 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
12:38:54.0848 4280 Spooler - ok
12:38:54.0942 4280 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
12:38:54.0958 4280 sppsvc - ok
12:38:54.0989 4280 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
12:38:54.0989 4280 sppuinotify - ok
12:38:55.0020 4280 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
12:38:55.0020 4280 srv - ok
12:38:55.0036 4280 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
12:38:55.0036 4280 srv2 - ok
12:38:55.0067 4280 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
12:38:55.0067 4280 srvnet - ok
12:38:55.0083 4280 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
12:38:55.0083 4280 SSDPSRV - ok
12:38:55.0098 4280 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
12:38:55.0098 4280 SstpSvc - ok
12:38:55.0129 4280 Steam Client Service - ok
12:38:55.0145 4280 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
12:38:55.0161 4280 stexstor - ok
12:38:55.0176 4280 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
12:38:55.0192 4280 StiSvc - ok
12:38:55.0223 4280 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
12:38:55.0223 4280 storflt - ok
12:38:55.0239 4280 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll
12:38:55.0239 4280 StorSvc - ok
12:38:55.0254 4280 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
12:38:55.0254 4280 storvsc - ok
12:38:55.0286 4280 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
12:38:55.0286 4280 swenum - ok
12:38:55.0301 4280 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
12:38:55.0301 4280 swprv - ok
12:38:55.0333 4280 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
12:38:55.0348 4280 SysMain - ok
12:38:55.0364 4280 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:38:55.0364 4280 TabletInputService - ok
12:38:55.0395 4280 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
12:38:55.0395 4280 TapiSrv - ok
12:38:55.0426 4280 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
12:38:55.0426 4280 TBS - ok
12:38:55.0458 4280 [ A5EBB8F648000E88B7D9390B514976BF ] Tcpip C:\Windows\system32\drivers\tcpip.sys
12:38:55.0473 4280 Tcpip - ok
12:38:55.0504 4280 [ A5EBB8F648000E88B7D9390B514976BF ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
12:38:55.0504 4280 TCPIP6 - ok
12:38:55.0536 4280 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
12:38:55.0536 4280 tcpipreg - ok
12:38:55.0567 4280 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
12:38:55.0567 4280 TDPIPE - ok
12:38:55.0583 4280 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
12:38:55.0583 4280 TDTCP - ok
12:38:55.0614 4280 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
12:38:55.0614 4280 tdx - ok
12:38:55.0645 4280 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
12:38:55.0661 4280 TermDD - ok
12:38:55.0708 4280 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
12:38:55.0708 4280 TermService - ok
12:38:55.0739 4280 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
12:38:55.0739 4280 Themes - ok
12:38:55.0754 4280 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
12:38:55.0754 4280 THREADORDER - ok
12:38:55.0770 4280 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
12:38:55.0770 4280 TrkWks - ok
12:38:55.0801 4280 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:38:55.0801 4280 TrustedInstaller - ok
12:38:55.0817 4280 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
12:38:55.0817 4280 tssecsrv - ok
12:38:55.0848 4280 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
12:38:55.0848 4280 TsUsbFlt - ok
12:38:55.0879 4280 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
12:38:55.0879 4280 tunnel - ok
12:38:55.0911 4280 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
12:38:55.0911 4280 uagp35 - ok
12:38:55.0926 4280 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
12:38:55.0942 4280 udfs - ok
12:38:55.0958 4280 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
12:38:55.0958 4280 UI0Detect - ok
12:38:55.0989 4280 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
12:38:55.0989 4280 uliagpkx - ok
12:38:56.0004 4280 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys
12:38:56.0004 4280 umbus - ok
12:38:56.0020 4280 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
12:38:56.0020 4280 UmPass - ok
12:38:56.0051 4280 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
12:38:56.0051 4280 UmRdpService - ok
12:38:56.0067 4280 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
12:38:56.0067 4280 upnphost - ok
12:38:56.0098 4280 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\drivers\usbccgp.sys
12:38:56.0098 4280 usbccgp - ok
12:38:56.0114 4280 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
12:38:56.0114 4280 usbcir - ok
12:38:56.0129 4280 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
12:38:56.0145 4280 usbehci - ok
12:38:56.0176 4280 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
12:38:56.0176 4280 usbhub - ok
12:38:56.0176 4280 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
12:38:56.0192 4280 usbohci - ok
12:38:56.0192 4280 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
12:38:56.0192 4280 usbprint - ok
12:38:56.0223 4280 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:38:56.0223 4280 USBSTOR - ok
12:38:56.0239 4280 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
12:38:56.0239 4280 usbuhci - ok
12:38:56.0254 4280 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
12:38:56.0254 4280 UxSms - ok
12:38:56.0270 4280 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
12:38:56.0270 4280 VaultSvc - ok
12:38:56.0286 4280 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
12:38:56.0286 4280 vdrvroot - ok
12:38:56.0317 4280 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
12:38:56.0317 4280 vds - ok
12:38:56.0333 4280 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
12:38:56.0333 4280 vga - ok
12:38:56.0348 4280 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
12:38:56.0348 4280 VgaSave - ok
12:38:56.0364 4280 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
12:38:56.0364 4280 vhdmp - ok
12:38:56.0426 4280 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
12:38:56.0426 4280 viaagp - ok
12:38:56.0473 4280 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
12:38:56.0489 4280 ViaC7 - ok
12:38:56.0520 4280 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
12:38:56.0520 4280 viaide - ok
12:38:56.0583 4280 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
12:38:56.0583 4280 vmbus - ok
12:38:56.0598 4280 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
12:38:56.0598 4280 VMBusHID - ok
12:38:56.0614 4280 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
12:38:56.0614 4280 volmgr - ok
12:38:56.0661 4280 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
12:38:56.0661 4280 volmgrx - ok
12:38:56.0661 4280 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
12:38:56.0676 4280 volsnap - ok
12:38:56.0708 4280 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
12:38:56.0708 4280 vsmraid - ok
12:38:56.0739 4280 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
12:38:56.0739 4280 VSS - ok
12:38:56.0786 4280 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
12:38:56.0786 4280 vwifibus - ok
12:38:56.0801 4280 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
12:38:56.0801 4280 W32Time - ok
12:38:56.0817 4280 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
12:38:56.0817 4280 WacomPen - ok
12:38:56.0848 4280 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
12:38:56.0848 4280 WANARP - ok
12:38:56.0864 4280 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
12:38:56.0864 4280 Wanarpv6 - ok
12:38:56.0911 4280 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
12:38:56.0926 4280 WatAdminSvc - ok
12:38:56.0958 4280 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
12:38:56.0973 4280 wbengine - ok
12:38:56.0989 4280 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
12:38:57.0004 4280 WbioSrvc - ok
12:38:57.0036 4280 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
12:38:57.0036 4280 wcncsvc - ok
12:38:57.0051 4280 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:38:57.0051 4280 WcsPlugInService - ok
12:38:57.0083 4280 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
12:38:57.0083 4280 Wd - ok
12:38:57.0114 4280 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
12:38:57.0114 4280 Wdf01000 - ok
12:38:57.0145 4280 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
12:38:57.0145 4280 WdiServiceHost - ok
12:38:57.0145 4280 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
12:38:57.0145 4280 WdiSystemHost - ok
12:38:57.0176 4280 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
12:38:57.0176 4280 WebClient - ok
12:38:57.0192 4280 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
12:38:57.0192 4280 Wecsvc - ok
12:38:57.0223 4280 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
12:38:57.0223 4280 wercplsupport - ok
12:38:57.0254 4280 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
12:38:57.0254 4280 WerSvc - ok
12:38:57.0270 4280 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
12:38:57.0270 4280 WfpLwf - ok
12:38:57.0301 4280 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
12:38:57.0301 4280 WIMMount - ok
12:38:57.0348 4280 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
12:38:57.0364 4280 WinDefend - ok
12:38:57.0364 4280 WinHttpAutoProxySvc - ok
12:38:57.0411 4280 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
12:38:57.0411 4280 Winmgmt - ok
12:38:57.0473 4280 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
12:38:57.0473 4280 WinRM - ok
12:38:57.0504 4280 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
12:38:57.0504 4280 WinUsb - ok
12:38:57.0567 4280 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
12:38:57.0567 4280 Wlansvc - ok
12:38:57.0661 4280 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:38:57.0676 4280 wlidsvc - ok
12:38:57.0692 4280 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
12:38:57.0692 4280 WmiAcpi - ok
12:38:57.0723 4280 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
12:38:57.0723 4280 wmiApSrv - ok
12:38:57.0786 4280 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
12:38:57.0786 4280 WMPNetworkSvc - ok
12:38:57.0817 4280 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
12:38:57.0817 4280 WPCSvc - ok
12:38:57.0848 4280 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
12:38:57.0848 4280 WPDBusEnum - ok
12:38:57.0864 4280 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
12:38:57.0864 4280 ws2ifsl - ok
12:38:57.0895 4280 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
12:38:57.0895 4280 wscsvc - ok
12:38:57.0895 4280 WSearch - ok
12:38:57.0958 4280 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
12:38:57.0958 4280 wuauserv - ok
12:38:57.0989 4280 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
12:38:57.0989 4280 WudfPf - ok
12:38:58.0036 4280 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
12:38:58.0036 4280 WUDFRd - ok
12:38:58.0083 4280 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
12:38:58.0098 4280 wudfsvc - ok
12:38:58.0129 4280 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
12:38:58.0129 4280 WwanSvc - ok
12:38:58.0145 4280 ================ Scan global ===============================
12:38:58.0161 4280 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
12:38:58.0208 4280 [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\Windows\system32\winsrv.dll
12:38:58.0208 4280 [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\Windows\system32\winsrv.dll
12:38:58.0223 4280 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
12:38:58.0239 4280 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
12:38:58.0239 4280 [Global] - ok
12:38:58.0239 4280 ================ Scan MBR ==================================
12:38:58.0254 4280 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:38:58.0473 4280 \Device\Harddisk0\DR0 - ok
12:38:58.0473 4280 ================ Scan VBR ==================================
12:38:58.0473 4280 [ B67A4BE1FBD409FC44239E438160E8DD ] \Device\Harddisk0\DR0\Partition1
12:38:58.0489 4280 \Device\Harddisk0\DR0\Partition1 - ok
12:38:58.0489 4280 ============================================================
12:38:58.0489 4280 Scan finished
12:38:58.0489 4280 ============================================================
12:38:58.0489 4160 Detected object count: 0
12:38:58.0489 4160 Actual detected object count: 0
12:39:06.0536 1984 Deinitialize success
gorf
Regular Member
 
Posts: 20
Joined: October 28th, 2012, 9:12 pm

Re: cannot get rid of gboxapp in my browser

Unread postby gorf » November 3rd, 2012, 7:55 am

All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{3B81079D-2AC9-425f-A494-A1C7D93AFA3C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3B81079D-2AC9-425f-A494-A1C7D93AFA3C}\ deleted successfully.
C:\Program Files\GadgetBox\gadgetBoxTB.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ not found.
HKU\S-1-5-21-618347355-2767662451-920019664-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-618347355-2767662451-920019664-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-618347355-2767662451-920019664-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{3B81079D-2AC9-425f-A494-A1C7D93AFA3C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3B81079D-2AC9-425f-A494-A1C7D93AFA3C}\ not found.
File C:\Program Files\GadgetBox\gadgetBoxTB.dll not found.
Registry value HKEY_USERS\S-1-5-21-618347355-2767662451-920019664-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{687578b9-7132-4a7a-80e4-30ee31099e03} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578b9-7132-4a7a-80e4-30ee31099e03}\ not found.
Registry value HKEY_USERS\S-1-5-21-618347355-2767662451-920019664-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{7473b6bd-4691-4744-a82b-7854eb3d70b6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\ not found.
HKEY_USERS\S-1-5-21-618347355-2767662451-920019664-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-618347355-2767662451-920019664-1001\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ not found.
Registry key HKEY_USERS\S-1-5-21-618347355-2767662451-920019664-1001\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ not found.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\searchplugin folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\modules folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\META-INF folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\defaults folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\components folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\chrome folder moved successfully.
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03} folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{3B81079D-2AC9-425f-A494-A1C7D93AFA3C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3B81079D-2AC9-425f-A494-A1C7D93AFA3C}\ not found.
File C:\Program Files\GadgetBox\gadgetBoxTB.dll not found.
Registry value HKEY_USERS\S-1-5-21-618347355-2767662451-920019664-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{687578B9-7132-4A7A-80E4-30EE31099E03} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578B9-7132-4A7A-80E4-30EE31099E03}\ not found.
Registry value HKEY_USERS\S-1-5-21-618347355-2767662451-920019664-1001\Software\Microsoft\Windows\CurrentVersion\Run\\uTorrent deleted successfully.
========== FILES ==========
C:\ProgramData\GadgetBox\js folder moved successfully.
C:\ProgramData\GadgetBox\img folder moved successfully.
C:\ProgramData\GadgetBox\css folder moved successfully.
C:\ProgramData\GadgetBox folder moved successfully.
C:\Program Files\GadgetBox folder moved successfully.
C:\Users\Libecek\AppData\Roaming\DAEMON Tools Lite\MediaInfo\js\lib\jqplot folder moved successfully.
C:\Users\Libecek\AppData\Roaming\DAEMON Tools Lite\MediaInfo\js\lib\datejs folder moved successfully.
C:\Users\Libecek\AppData\Roaming\DAEMON Tools Lite\MediaInfo\js\lib folder moved successfully.
C:\Users\Libecek\AppData\Roaming\DAEMON Tools Lite\MediaInfo\js\app\MediaInfo\PageManager folder moved successfully.
C:\Users\Libecek\AppData\Roaming\DAEMON Tools Lite\MediaInfo\js\app\MediaInfo\Page folder moved successfully.
C:\Users\Libecek\AppData\Roaming\DAEMON Tools Lite\MediaInfo\js\app\MediaInfo folder moved successfully.
C:\Users\Libecek\AppData\Roaming\DAEMON Tools Lite\MediaInfo\js\app\DT folder moved successfully.
C:\Users\Libecek\AppData\Roaming\DAEMON Tools Lite\MediaInfo\js\app folder moved successfully.
C:\Users\Libecek\AppData\Roaming\DAEMON Tools Lite\MediaInfo\js folder moved successfully.
C:\Users\Libecek\AppData\Roaming\DAEMON Tools Lite\MediaInfo\img folder moved successfully.
C:\Users\Libecek\AppData\Roaming\DAEMON Tools Lite\MediaInfo\css folder moved successfully.
C:\Users\Libecek\AppData\Roaming\DAEMON Tools Lite\MediaInfo folder moved successfully.
C:\Users\Libecek\AppData\Roaming\DAEMON Tools Lite\ImageInfoCache folder moved successfully.
C:\Users\Libecek\AppData\Roaming\DAEMON Tools Lite\IconsCache folder moved successfully.
C:\Users\Libecek\AppData\Roaming\DAEMON Tools Lite folder moved successfully.
C:\Users\Libecek\AppData\Roaming\uTorrent\ie folder moved successfully.
C:\Users\Libecek\AppData\Roaming\uTorrent\dlimagecache folder moved successfully.
C:\Users\Libecek\AppData\Roaming\uTorrent\apps folder moved successfully.
C:\Users\Libecek\AppData\Roaming\uTorrent folder moved successfully.
< ipconfig /flushdns /c >
Konfigurace protokolu IP syst‚mu Windows
MezipamŘś pýekl d nˇ DNS byla ŁspŘçnŘ vypr zdnŘna.
C:\Users\Libecek\Desktop\cmd.bat deleted successfully.
C:\Users\Libecek\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1F0B92E6-78E5-4AE1-A0ED-3AAE4F732D9F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F0B92E6-78E5-4AE1-A0ED-3AAE4F732D9F}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3F3CFB08-F8F1-454D-B3BB-1A96FC829E3D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F3CFB08-F8F1-454D-B3BB-1A96FC829E3D}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5AD89D12-B86C-4367-B3F2-0A62C4AF60FA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5AD89D12-B86C-4367-B3F2-0A62C4AF60FA}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{799BED5C-A4F0-496A-8DCB-CBCBCE07B2CE} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{799BED5C-A4F0-496A-8DCB-CBCBCE07B2CE}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{86C2569F-D082-4FD6-B59A-95CFE72398EE} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{86C2569F-D082-4FD6-B59A-95CFE72398EE}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8E58D2BF-AED6-4C91-A393-860C0699F3BB} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E58D2BF-AED6-4C91-A393-860C0699F3BB}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A5156422-AC4C-4902-8927-A3AC865B541D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A5156422-AC4C-4902-8927-A3AC865B541D}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A549B04E-D3F4-4C02-8667-29FE5BF2F5F1} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A549B04E-D3F4-4C02-8667-29FE5BF2F5F1}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B2BFE08F-E543-408D-BFFD-1EDE8515F838} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B2BFE08F-E543-408D-BFFD-1EDE8515F838}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DEAC0DEA-72E8-4031-A055-E9F4DA14C459} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DEAC0DEA-72E8-4031-A055-E9F4DA14C459}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E41105BB-F6CD-41FA-BE2C-1604FA1B8DD1} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E41105BB-F6CD-41FA-BE2C-1604FA1B8DD1}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{76A6C9B0-0C97-4098-997A-45D481FCD062}C:\programdata\battle.net\agent\agent.749\agent.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{B497FBEF-FFD6-4AF0-A59E-A0F38A714034}C:\programdata\battle.net\agent\agent.749\agent.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{64BFBE7A-886C-4CA2-A9B4-0C2B5A5942BC} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64BFBE7A-886C-4CA2-A9B4-0C2B5A5942BC}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Libecek
->Temp folder emptied: 893942440 bytes
->Temporary Internet Files folder emptied: 39454885 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 176331720 bytes
->Flash cache emptied: 926 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 80094 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 1220608 bytes

Total Files Cleaned = 1 060,00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Libecek
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Libecek
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 11032012_124755

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
gorf
Regular Member
 
Posts: 20
Joined: October 28th, 2012, 9:12 pm

Re: cannot get rid of gboxapp in my browser

Unread postby gorf » November 3rd, 2012, 8:05 am

SystemLook 30.07.11 by jpshortstuff
Log created at 12:58 on 03/11/2012 by Libecek
Administrator - Elevation successful

========== filefind ==========

Searching for "*uTorrent*"
C:\Users\Libecek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_bar.utorrent.com_0.localstorage --a---- 3072 bytes [19:15 31/03/2012] [19:15 31/03/2012] CC5921EF33CF5FC94F8B7860131E41F7
C:\Users\Libecek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_toolbar.utorrent.com_0.localstorage --a---- 3072 bytes [19:22 28/10/2012] [19:23 28/10/2012] EF466D74CF7C29AEBAB324FE96C83B96
C:\Users\Libecek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_toolbar.utorrent.com_0.localstorage-journal --a---- 3608 bytes [19:22 28/10/2012] [19:23 28/10/2012] 35FF8E43580DAFADE1909BE70EAD7A7D
C:\Users\Libecek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_utorrent.cz_0.localstorage --a---- 3072 bytes [19:11 28/10/2012] [19:11 28/10/2012] 031F3543DC76667732C97BD764C69D76
C:\Users\Libecek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_utorrent.cz_0.localstorage-journal --a---- 3608 bytes [19:11 28/10/2012] [19:11 28/10/2012] 736CE6578D15D039A03DD58CDB10F82B
C:\Users\Libecek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.utorrent.com_0.localstorage --a---- 3072 bytes [19:15 31/03/2012] [19:22 28/10/2012] 66B0A5A8CAEF4D9807E4A23189E76462
C:\Users\Libecek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.utorrent.com_0.localstorage-journal --a---- 3608 bytes [19:22 28/10/2012] [19:22 28/10/2012] F8685EDF727D74CA02145F1F7BF943A9
C:\Users\Libecek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.utorrent.cz_0.localstorage --a---- 3072 bytes [19:17 31/03/2012] [19:17 31/03/2012] 690B7AC843B8DF40AD6EF813498F8AF9
C:\Users\Libecek\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\PJGYPJ5I\bar.utorrent[1].xml --a---- 84 bytes [08:42 01/04/2012] [08:43 01/04/2012] F048F21F94DE74F8C0FB0290EAA91A7E
C:\Users\Libecek\AppData\Roaming\Microsoft\Windows\Recent\utorrent-setup (1).lnk --a---- 622 bytes [19:15 31/03/2012] [19:15 31/03/2012] 61D71033488DF2F4DDB14A653702DC79
C:\Users\Libecek\AppData\Roaming\Microsoft\Windows\Recent\utorrent-setup.lnk --a---- 512 bytes [19:13 31/03/2012] [19:19 28/10/2012] 1E06F5B901A96989A4374F156EDF4165
C:\Users\Libecek\Downloads\utorrent-setup.zip --a---- 901385 bytes [19:19 28/10/2012] [19:19 28/10/2012] 8C0C3CD397975E1FABE971F45B00BF9F
C:\_OTL\MovedFiles\11032012_124755\C_Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\chrome\utorrentcontrol2.jar --a---- 713528 bytes [19:15 31/03/2012] [10:46 07/03/2012] 99BD2EF4098E97629E7B743334391221
C:\_OTL\MovedFiles\11032012_124755\C_Users\Libecek\AppData\Roaming\uTorrent\utorrent.lng --a---- 56132 bytes [13:12 20/10/2012] [13:12 20/10/2012] 384A64A417AB98EC284C3A365A3DFEF5

Searching for "*alotappbar*"
No files found.

Searching for "*Battlefield*"
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3\Battlefield 3.lnk --a---- 1146 bytes [20:38 23/09/2012] [20:38 23/09/2012] 12B202F4FAD7F6081690F1BD4C0FA0AA
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Battlefield 3™.lnk --a---- 206 bytes [20:38 23/09/2012] [20:38 23/09/2012] 444F0CBDE0C9153237B26610451816C9
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Battlefield 3\Battlefield 3.lnk --a---- 1146 bytes [20:38 23/09/2012] [20:38 23/09/2012] 12B202F4FAD7F6081690F1BD4C0FA0AA
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Games\Battlefield 3™.lnk --a---- 206 bytes [20:38 23/09/2012] [20:38 23/09/2012] 444F0CBDE0C9153237B26610451816C9
C:\Users\Libecek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_battlelog.battlefield.com_0.localstorage --a---- 2272256 bytes [14:38 24/09/2012] [22:10 31/10/2012] 4A709610FA788AE5508A47D7A24B7F87
C:\Users\Libecek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_battlelog.battlefield.com_0.localstorage-journal --a---- 16384 bytes [14:38 24/09/2012] [22:10 31/10/2012] 550B4C783F19F654EE360D61CC573F72
C:\Users\Public\Desktop\Battlefield 3.lnk --a---- 1128 bytes [20:38 23/09/2012] [20:38 23/09/2012] 78925D08FCF97DFEF051F40E5D9943E8

Searching for "*Battlelog*"
C:\Users\Libecek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_battlelog.battlefield.com_0.localstorage --a---- 2272256 bytes [14:38 24/09/2012] [22:10 31/10/2012] 4A709610FA788AE5508A47D7A24B7F87
C:\Users\Libecek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_battlelog.battlefield.com_0.localstorage-journal --a---- 16384 bytes [14:38 24/09/2012] [22:10 31/10/2012] 550B4C783F19F654EE360D61CC573F72
C:\Users\Libecek\Downloads\battlelog-web-plugins-1.132.0-retail-prod.exe --a---- 3878360 bytes [16:56 24/09/2012] [16:56 24/09/2012] 5B7641335EF419600D9CE8C77DE7E5D1

Searching for "*BattlEye*"
C:\Program Files\Steam\steamapps\common\arma 2 operation arrowhead\Expansion\beta\setup_battleyearma2oa.exe --a---- 3783816 bytes [07:07 13/06/2012] [07:07 13/06/2012] C089D3E9AFE1AA93C97E9303E1A26FB7
C:\Program Files\Steam\steamapps\common\arma 2 operation arrowhead\Expansion\beta\setup_battleyearma2rft.exe --a---- 3755144 bytes [07:07 13/06/2012] [07:07 13/06/2012] 98E55B122720B342AF5D95D225C90E96
C:\Program Files\Steam\steamapps\common\arma 2 operation arrowhead\Expansion\beta\.rsync\.pack\setup_battleyearma2oa.exe.gz --a---- 1927733 bytes [07:07 13/06/2012] [16:06 24/04/2012] E8C9A358E9E1052FAF5BC21F203855B1
C:\Program Files\Steam\steamapps\common\arma 2 operation arrowhead\Expansion\beta\.rsync\.pack\setup_battleyearma2rft.exe.gz --a---- 1912483 bytes [07:07 13/06/2012] [16:06 24/04/2012] 1EAC27FB99FB68D0D0D107B7D7BC7DEF

Searching for "*Bandoo*"
No files found.

Searching for "*Blekko*"
No files found.

Searching for "*Conduit*"
C:\Users\Libecek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_apps.conduit.com_0.localstorage --a---- 3072 bytes [19:19 31/03/2012] [19:19 31/03/2012] 0324BD9051F32C53F820E0BA755D1B52
C:\Users\Libecek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_facebook.conduitapps.com_0.localstorage --a---- 3072 bytes [19:15 31/03/2012] [19:23 28/10/2012] 59AD8273E24EA317475E089B265E50DA
C:\Users\Libecek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_facebook.conduitapps.com_0.localstorage-journal --a---- 3608 bytes [19:22 28/10/2012] [19:23 28/10/2012] 731D705EF898EFEA193A7FBBCE8D98E0
C:\Users\Libecek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_youtube.conduitapps.com_0.localstorage --a---- 3072 bytes [19:15 31/03/2012] [19:23 28/10/2012] 59AD8273E24EA317475E089B265E50DA
C:\Users\Libecek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_youtube.conduitapps.com_0.localstorage-journal --a---- 3608 bytes [19:22 28/10/2012] [19:23 28/10/2012] EE64025D7638FECBF61CCAA34BC052DC
C:\Users\Libecek\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1463702_1459356_CZ.xml --a---- 192 bytes [08:43 01/04/2012] [13:20 02/04/2012] F159884E3BCD46C383F9086F4BF788C1
C:\Users\Libecek\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\FGSE5H6Z\youtube.conduitapps[1].xml --a---- 13 bytes [08:42 01/04/2012] [08:42 01/04/2012] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\Libecek\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\NS24HMH5\facebook.conduitapps[1].xml --a---- 13 bytes [08:42 01/04/2012] [08:42 01/04/2012] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\ConduitAbstractionLayer.js ------- 30362 bytes [19:22 28/10/2012] [20:10 27/08/2012] 3A48E45ABF3AA24C74640AFA9EDB7B14
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\aboutBox\images\conduit-logo-OLD.png ------- 1305 bytes [19:22 28/10/2012] [20:10 27/08/2012] 5F8EF9A0B050532B90B2645E9627E3F9
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\aboutBox\images\conduit-logo.png ------- 3926 bytes [19:22 28/10/2012] [20:10 27/08/2012] 04EC2FEFD3A417F86E983508778A00DD
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\skin\conduitToolBarStyle.css ------- 3 bytes [19:22 28/10/2012] [20:10 27/08/2012] ECAA88F7FA0BF610A5A26CF545DCD3AA
C:\Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\lib\log4conduit.jsm ------- 760 bytes [19:22 28/10/2012] [20:10 27/08/2012] 93898FE6A232C5FCD838D8168F65D802
C:\_OTL\MovedFiles\11032012_124755\C_Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\components\ConduitAutoCompleteSearch.js --a---- 9052 bytes [19:15 31/03/2012] [10:46 07/03/2012] AF98421711C6CFA73D6720C455D92DAC
C:\_OTL\MovedFiles\11032012_124755\C_Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\components\ConduitAutoCompleteSearch.xpt --a---- 166 bytes [19:15 31/03/2012] [10:46 07/03/2012] 806EA6CC4DCBF88A20AA3331BCDC9918
C:\_OTL\MovedFiles\11032012_124755\C_Users\Libecek\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\searchplugin\conduit.xml --a---- 935 bytes [19:15 31/03/2012] [10:46 07/03/2012] 9680591A24B87500B3F9FD45ACD250E8

Searching for "*datamngr*"
No files found.

Searching for "*Fun4IM*"
No files found.

Searching for "*Funmoods*"
No files found.

Searching for "*GadgetBox*"
C:\Windows\System32\Tasks\GadgetBox UpdaterUpdaterTask{15CEFCF4-3899-406F-89C8-6FF0534A62C1} --a---- 2734 bytes [19:12 28/10/2012] [19:12 28/10/2012] 7B80DCBD7AD151A93F12EBBC9C6809A7
C:\Windows\Tasks\GadgetBox UpdaterUpdaterTask{15CEFCF4-3899-406F-89C8-6FF0534A62C1}.job --ah--- 440 bytes [19:12 28/10/2012] [11:49 03/11/2012] 95D873CD377BA2DD79550E642331C946
C:\_OTL\MovedFiles\11032012_124755\C_Program Files\GadgetBox\gadgetBoxTB.dll --a---- 306688 bytes [19:11 28/10/2012] [20:33 09/12/2011] 6F781A30F3168C80D00BA0A199D1CBD9
C:\_OTL\MovedFiles\11032012_124755\C_Program Files\GadgetBox\gadgetBoxTB_new.dll --a---- 306688 bytes [20:33 09/12/2011] [20:33 09/12/2011] 6F781A30F3168C80D00BA0A199D1CBD9
C:\_OTL\MovedFiles\11032012_124755\C_ProgramData\GadgetBox\js\gadgetbox.js --a---- 4284 bytes [15:27 26/12/2011] [15:27 26/12/2011] 8829C3D14E814EB1CBC393BE960E1360

Searching for "*gboxapp*"
C:\Users\Libecek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.gboxapp.com_0.localstorage --a---- 3072 bytes [19:12 28/10/2012] [19:20 02/11/2012] 348385F4136DD453682274653C1E497B
C:\Users\Libecek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.gboxapp.com_0.localstorage-journal --a---- 3608 bytes [19:12 28/10/2012] [19:20 02/11/2012] 99A109562136D7248C741B8F657A67DB

Searching for "*iLivid*"
No files found.

Searching for "*Incredibar*"
No files found.

Searching for "*IObit*"
No files found.

Searching for "*PunkBuster*"
No files found.

Searching for "*Searchnu*"
No files found.

Searching for "*Searchqu*"
No files found.

Searching for "*trolltech*"
No files found.

Searching for "*Vuze*"
No files found.

Searching for "*whitesmoke*"
No files found.

Searching for "*Yontoo*"
No files found.

========== folderfind ==========

Searching for "*uTorrent*"
C:\Users\Libecek\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppHang_utorrent.exe_2e199c6b83d0beef206c8626cd88643d7c54d724_12d5b6a3 d----c- [19:15 31/03/2012]
C:\Users\Libecek\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppHang_utorrent.exe_2e199c6b83d0beef206c8626cd88643d7c54d724_14ca4537 d----c- [19:15 31/03/2012]
C:\_OTL\MovedFiles\11032012_124755\C_Users\Libecek\AppData\Roaming\uTorrent d------ [19:14 31/03/2012]

Searching for "*alotappbar*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Battlefield*"
C:\Program Files\Common Files\EAInstaller\Battlefield 3 d--h--- [20:38 23/09/2012]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3 d------ [20:38 23/09/2012]
C:\ProgramData\Origin\LocalContent\Battlefield 3 d------ [16:09 22/09/2012]
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Battlefield 3 d------ [20:38 23/09/2012]
C:\Users\All Users\Origin\LocalContent\Battlefield 3 d------ [16:09 22/09/2012]

Searching for "*Battlelog*"
No folders found.

Searching for "*BattlEye*"
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive\ArmA 2\BattlEye d------ [21:04 12/06/2012]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive\Arma 2 Operation Arrowhead\BattlEye d------ [06:42 13/06/2012]
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive\ArmA 2\BattlEye d------ [21:04 12/06/2012]
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive\Arma 2 Operation Arrowhead\BattlEye d------ [06:42 13/06/2012]
C:\Users\Libecek\AppData\Local\ArmA 2 OA\BattlEye d------ [07:19 13/06/2012]

Searching for "*Blekko*"
No folders found.

Searching for "*Conduit*"
C:\Program Files\Conduit d------ [19:15 31/03/2012]
C:\Users\Libecek\AppData\Local\Conduit d------ [19:15 31/03/2012]
C:\Users\Libecek\AppData\LocalLow\Conduit d------ [19:15 31/03/2012]

Searching for "*datamngr*"
No folders found.

Searching for "*Fun4IM*"
No folders found.

Searching for "*Funmoods*"
No folders found.

Searching for "*GadgetBox*"
C:\Program Files\Windows Sidebar\Shared Gadgets\gadgetbox.gadget d------ [19:11 28/10/2012]
C:\_OTL\MovedFiles\11032012_124755\C_Program Files\GadgetBox d------ [19:11 28/10/2012]
C:\_OTL\MovedFiles\11032012_124755\C_ProgramData\GadgetBox d------ [19:11 28/10/2012]

Searching for "*gboxapp*"
No folders found.

Searching for "*iLivid*"
No folders found.

Searching for "*Incredibar*"
C:\Users\Libecek\AppData\LocalLow\Incredibar.com d------ [01:09 29/10/2012]
C:\Users\Libecek\AppData\LocalLow\Incredibar.com\incredibar d------ [01:09 29/10/2012]

Searching for "*IObit*"
No folders found.

Searching for "*PunkBuster*"
C:\Users\Libecek\AppData\Local\PunkBuster d------ [17:02 24/09/2012]
C:\Windows\System32\LogFiles\PunkBuster d------ [20:37 23/09/2012]

Searching for "*Searchnu*"
No folders found.

Searching for "*Searchqu*"
No folders found.

Searching for "*trolltech*"
No folders found.

Searching for "*Vuze*"
No folders found.

Searching for "*whitesmoke*"
No folders found.

Searching for "*Yontoo*"
No folders found.

========== Regfind ==========

Searching for "uTorrent"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\utorrent.com]
[HKEY_CURRENT_USER\Software\WinRAR\ArcHistory]
"1"="C:\Users\Libecek\Downloads\utorrent-setup.zip"
[HKEY_CURRENT_USER\Software\Classes\Applications\uTorrent.exe]
[HKEY_CURRENT_USER\Software\Classes\Applications\uTorrent.exe\shell\open\command]
@=""C:\Program Files\uTorrent\uTorrent.exe" "%1""
[HKEY_CURRENT_USER\Software\Classes\btdna\DefaultIcon]
@=""C:\Program Files\uTorrent\uTorrent.exe" ",0"
[HKEY_CURRENT_USER\Software\Classes\btdna\shell\open\command]
@=""C:\Program Files\uTorrent\uTorrent.exe" "/DNA""
[HKEY_LOCAL_MACHINE\SOFTWARE\Conduit\AppPaths\client]
"AppPath"="C:\Program Files\uTorrent\uTorrent.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\utorrent_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\utorrent_RASMANCS]
[HKEY_USERS\S-1-5-21-618347355-2767662451-920019664-1001\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\utorrent.com]
[HKEY_USERS\S-1-5-21-618347355-2767662451-920019664-1001\Software\WinRAR\ArcHistory]
"1"="C:\Users\Libecek\Downloads\utorrent-setup.zip"
[HKEY_USERS\S-1-5-21-618347355-2767662451-920019664-1001\Software\Classes\Applications\uTorrent.exe]
[HKEY_USERS\S-1-5-21-618347355-2767662451-920019664-1001\Software\Classes\Applications\uTorrent.exe\shell\open\command]
@=""C:\Program Files\uTorrent\uTorrent.exe" "%1""
[HKEY_USERS\S-1-5-21-618347355-2767662451-920019664-1001\Software\Classes\btdna\DefaultIcon]
@=""C:\Program Files\uTorrent\uTorrent.exe" ",0"
[HKEY_USERS\S-1-5-21-618347355-2767662451-920019664-1001\Software\Classes\btdna\shell\open\command]
@=""C:\Program Files\uTorrent\uTorrent.exe" "/DNA""
[HKEY_USERS\S-1-5-21-618347355-2767662451-920019664-1001_Classes\Applications\uTorrent.exe]
[HKEY_USERS\S-1-5-21-618347355-2767662451-920019664-1001_Classes\Applications\uTorrent.exe\shell\open\command]
@=""C:\Program Files\uTorrent\uTorrent.exe" "%1""
[HKEY_USERS\S-1-5-21-618347355-2767662451-920019664-1001_Classes\btdna\DefaultIcon]
@=""C:\Program Files\uTorrent\uTorrent.exe" ",0"
[HKEY_USERS\S-1-5-21-618347355-2767662451-920019664-1001_Classes\btdna\shell\open\command]
@=""C:\Program Files\uTorrent\uTorrent.exe" "/DNA""

Searching for "alotappbar"
No data found.

Searching for "Bandoo"
No data found.

Searching for "Battlefield"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\9ad7d59e_0]
@="{0.0.0.00000000}.{56df8135-814c-4a11-887e-b9aae5dbb8e5}|\Device\HarddiskVolume1\Program Files\Origin Games\Battlefield 3\bf3.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{F92227AA-6DFB-482D-A820-74FB991FBBDF}]
"ConfigApplicationPath"="C:\Program Files\Origin Games\Battlefield 3\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{F92227AA-6DFB-482D-A820-74FB991FBBDF}]
"ConfigGDFBinaryPath"="C:\Program Files\Origin Games\Battlefield 3\GDFBinary_ru_RU.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{F92227AA-6DFB-482D-A820-74FB991FBBDF}]
"AppExePath"="C:\Program Files\Origin Games\Battlefield 3\bf3.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{F92227AA-6DFB-482D-A820-74FB991FBBDF}]
"Title"="Battlefield 3™"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{F92227AA-6DFB-482D-A820-74FB991FBBDF}]
"Description"="Battlefield 3™"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{64BFBE7A-886C-4CA2-A9B4-0C2B5A5942BC}]
"DisplayName"="Battlefield 3™"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{64BFBE7A-886C-4CA2-A9B4-0C2B5A5942BC}]
"DisplayIcon"=""C:\Program Files\Origin Games\Battlefield 3\bf3.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{64BFBE7A-886C-4CA2-A9B4-0C2B5A5942BC}]
"UninstallString"=""C:\Program Files\Common Files\EAInstaller\Battlefield 3\Cleanup.exe" uninstall_game -autologging"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{64BFBE7A-886C-4CA2-A9B4-0C2B5A5942BC}]
"InstallLocation"="C:\Program Files\Origin Games\Battlefield 3\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{64BFBE7A-886C-4CA2-A9B4-0C2B5A5942BC}]
"HelpLink"="C:\Program Files\Origin Games\Battlefield 3\Support\EA Help\Electronic_Arts_Technical_Support.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{64BFBE7A-886C-4CA2-A9B4-0C2B5A5942BC}]
"Readme"="C:\Program Files\Origin Games\Battlefield 3\Support\Readme.lnk"
[HKEY_USERS\S-1-5-21-618347355-2767662451-920019664-1001\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\9ad7d59e_0]
@="{0.0.0.00000000}.{56df8135-814c-4a11-887e-b9aae5dbb8e5}|\Device\HarddiskVolume1\Program Files\Origin Games\Battlefield 3\bf3.exe%b{00000000-0000-0000-0000-000000000000}"

Searching for "Battlelog"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7AEFE841-DCA1-4A95-80CB-BE935D018400}\InprocServer32]
@="C:\Program Files\Battlelog Web Plugins\1.132.0\ESNLaunchAx.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7AEFE841-DCA1-4A95-80CB-BE935D018400}\ToolboxBitmap32]
@="C:\Program Files\Battlelog Web Plugins\1.132.0\ESNLaunchAx.ocx, 1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D65F2511-B60B-4AA3-8563-E8DFD1303132}\InprocServer32]
@="C:\Program Files\Battlelog Web Plugins\1.132.0\ESNLaunchAx.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{33616ACD-BF93-4F0E-97EB-A2A8D3018400}\1.0\0\win32]
@="C:\Program Files\Battlelog Web Plugins\1.132.0\ESNLaunchAx.ocx"

Searching for "BattlEye"
No data found.

Searching for "Blekko"
No data found.

Searching for "Conduit"
[HKEY_CURRENT_USER\Software\Conduit]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}]
@="Conduit Community Alerts"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}\InprocServer32]
@="C:\Program Files\Conduit\Community Alerts\Alert.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Conduit]
[HKEY_LOCAL_MACHINE\SOFTWARE\Conduit\Community Alerts]
"Path"="C:\Program Files\Conduit\Community Alerts\Alert.dll"
[HKEY_USERS\S-1-5-21-618347355-2767662451-920019664-1001\Software\Conduit]

Searching for "datamngr"
No data found.

Searching for "Fun4IM"
No data found.

Searching for "Funmoods"
No data found.

Searching for "GadgetBox"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CCA8F2AB-BE4E-41F0-A289-4D960CEA58EA}\1.0\0\win32]
@="C:\Program Files\GadgetBox\gadgetBoxTB.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CCA8F2AB-BE4E-41F0-A289-4D960CEA58EA}\1.0\HELPDIR]
@="C:\Program Files\GadgetBox"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D4D2CEBF-BBC4-4C63-96B8-D7ADBABC1A2B}]
"Path"="\GadgetBox UpdaterUpdaterTask{15CEFCF4-3899-406F-89C8-6FF0534A62C1}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GadgetBox UpdaterUpdaterTask{15CEFCF4-3899-406F-89C8-6FF0534A62C1}]

Searching for "gboxapp"
No data found.

Searching for "iLivid"
No data found.

Searching for "Incredibar"
[HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Incredibar.com]
[HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Incredibar.com\incredibar]
[HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Incredibar.com\incredibar\Instl]
"InstallDir"="C:\Program Files\Incredibar.com\incredibar\1.5.11.14"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\incredibar_install_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\incredibar_install_RASMANCS]
[HKEY_USERS\S-1-5-21-618347355-2767662451-920019664-1001\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Incredibar.com]
[HKEY_USERS\S-1-5-21-618347355-2767662451-920019664-1001\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Incredibar.com\incredibar]
[HKEY_USERS\S-1-5-21-618347355-2767662451-920019664-1001\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Incredibar.com\incredibar\Instl]
"InstallDir"="C:\Program Files\Incredibar.com\incredibar\1.5.11.14"
[HKEY_USERS\S-1-5-21-618347355-2767662451-920019664-1001_Classes\VirtualStore\MACHINE\SOFTWARE\Incredibar.com]
[HKEY_USERS\S-1-5-21-618347355-2767662451-920019664-1001_Classes\VirtualStore\MACHINE\SOFTWARE\Incredibar.com\incredibar]
[HKEY_USERS\S-1-5-21-618347355-2767662451-920019664-1001_Classes\VirtualStore\MACHINE\SOFTWARE\Incredibar.com\incredibar\Instl]
"InstallDir"="C:\Program Files\Incredibar.com\incredibar\1.5.11.14"

Searching for "IObit"
No data found.

Searching for "PunkBuster"
No data found.

Searching for "Searchnu"
No data found.

Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"

Searching for "trolltech"
[HKEY_CURRENT_USER\Software\Trolltech]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QTextCodecFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-618347355-2767662451-920019664-1001\Software\Trolltech]
[HKEY_USERS\S-1-5-21-618347355-2767662451-920019664-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-618347355-2767662451-920019664-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QTextCodecFactoryInterface:]
[HKEY_USERS\S-1-5-21-618347355-2767662451-920019664-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]

Searching for "Vuze"
No data found.

Searching for "whitesmoke"
No data found.

Searching for "Yontoo"
No data found.

-= EOF =-
gorf
Regular Member
 
Posts: 20
Joined: October 28th, 2012, 9:12 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 299 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware