Jump to content


Photo
- - - - -

208.73.210.29 blocked by M.Anti-Malvare, cannot open some sites in any browser

208.73.210.29 cannot open sites isohunt

  • This topic is locked This topic is locked
79 replies to this topic

#1 DejanS

DejanS

    Regular Member

  • Honorary Members
  • PipPip
  • 54 posts

Posted 14 April 2012 - 06:53 PM

Hi :)
During the last few days M.Anti-Malware often blocked access to malicious address 208.73.210.29.
It didn’t happen before. At the same time, I have noticed that I cannot open Yahoo email page from messenger.
Also, I can't send any file in Yahoo messenger - every time I try, upload is stoped at the end.
Then it started making jokes with Isohunt site.
I can open their home page just if I cleaned cash/browsing history.
Every later attempt finishes with "Problem accessing page...".
No matter which browser I used (Mozilla, Chrome, IE..) I can’t get to that site, and often to some other where Isohunt is mentioned.
I attached friend’s laptop to my internet cable and there are no any similar problems, so it seems problem is in my PC.
I scanned it with Spybot S&D, with my AV (NOD32), with Ad-Aware... No infections.
Latest warning from NOD32 said that it blocked svchost.exe from connecting to malicious site.
Please, can you help me to find 'alien' or 'aliens'? Why I can't get to some sites?
Thanks, in advance :)
Dejan

P.S. I checked out "Hosts" file in windows, (I use XP) and its clean - no any entries there.

Attached Files



#2 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 15 April 2012 - 04:05 AM

Hello Dejan and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:
  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Step 1

I see you are running Teatimer.
I suggest you to disable it because it can interfere with the changes you'll make on your system.
When everything is done and your log is clean again, you can enable it again.
If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.
How to disable TeaTimer <== click me for instructions.

After you disabled Teatimer, download ResetTeaTimer.exe to your desktop.
Then run ResetTeaTimer.exe.
This will only take a few seconds.


Step 2

Please uninstall µTorrent, because is against our policy:
http://forums.malwar...showtopic=97700

Anti-Virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash. I suggest you to uninstall Ad-Aware and to leave ESET Smart Security.

Finally, reboot your PC.


Step 3

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


Step 4

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.


In your next reply, post the following log files:

  • TDSSKiller log
  • Malwarebytes' Anti-Malware log
  • a new fresh DDS log file

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#3 DejanS

DejanS

    Regular Member

  • Honorary Members
  • PipPip
  • 54 posts

Posted 15 April 2012 - 07:41 AM

Hi :)
First, thank you so much for help with this problem.
I already had battles against viruses, and always succeed to remove those...
But, this one seems to be some stubborn beast :)

In first post I forgot to mention that my net-surf goes slower. For example, youtube videos need 10-15 sec to start (3-4 sec earlier) in all browsers.
I noticed that M.Anti-Malware didnt find anything suspicious. TDSSKiller found 35 suspicious processes, but I am sure some of those are quite harmless (like some processes connected to AMD processor).
I uninstalled uTorrent and Ad-Aware, adn did everythng else, as proposed.
I hope that attached fiels will help you to track down what could be problem here.
Thanks, again! :*
Dejan

Attached Files



#4 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 15 April 2012 - 07:43 AM

Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.


Please copy and paste its contents on your next reply.


In your next reply, post the following log files:


My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#5 DejanS

DejanS

    Regular Member

  • Honorary Members
  • PipPip
  • 54 posts

Posted 15 April 2012 - 09:41 AM

I am sorry for missunderstanding...

TDSSKiller log:

13:58:41.0843 3792 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
13:58:42.0062 3792 ============================================================
13:58:42.0062 3792 Current date / time: 2012/04/15 13:58:42.0062
13:58:42.0062 3792 SystemInfo:
13:58:42.0062 3792
13:58:42.0062 3792 OS Version: 5.1.2600 ServicePack: 2.0
13:58:42.0062 3792 Product type: Workstation
13:58:42.0062 3792 ComputerName: MOBILE
13:58:42.0062 3792 UserName: User
13:58:42.0062 3792 Windows directory: C:\WINDOWS
13:58:42.0062 3792 System windows directory: C:\WINDOWS
13:58:42.0062 3792 Processor architecture: Intel x86
13:58:42.0062 3792 Number of processors: 2
13:58:42.0062 3792 Page size: 0x1000
13:58:42.0062 3792 Boot type: Normal boot
13:58:42.0062 3792 ============================================================
13:58:43.0531 3792 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
13:58:43.0562 3792 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
13:58:43.0562 3792 \Device\Harddisk0\DR0:
13:58:43.0562 3792 MBR used
13:58:43.0562 3792 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x61A7927
13:58:43.0578 3792 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x61A79A5, BlocksNum 0x17018D1B
13:58:43.0578 3792 \Device\Harddisk1\DR1:
13:58:43.0578 3792 MBR used
13:58:43.0578 3792 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F00, BlocksNum 0x1869E559
13:58:43.0578 3792 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x186A2459, BlocksNum 0x1869E598
13:58:43.0578 3792 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x30D409F1, BlocksNum 0x9644250
13:58:43.0984 3792 Initialize success
13:58:43.0984 3792 ============================================================
13:59:14.0125 0596 ============================================================
13:59:14.0125 0596 Scan started
13:59:14.0125 0596 Mode: Manual; SigCheck; TDLFS;
13:59:14.0125 0596 ============================================================
13:59:14.0515 0596 Abiosdsk - ok
13:59:14.0531 0596 abp480n5 - ok
13:59:14.0578 0596 acedrv10 (b253d403cf527ff11921ceee193ef465) C:\WINDOWS\system32\drivers\acedrv10.sys
13:59:14.0875 0596 acedrv10 - ok
13:59:14.0921 0596 acehlp10 (77507733dc5e2953960c88da59a5c94b) C:\WINDOWS\system32\drivers\acehlp10.sys
13:59:15.0109 0596 acehlp10 - ok
13:59:15.0156 0596 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:59:15.0328 0596 ACPI - ok
13:59:15.0359 0596 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
13:59:15.0515 0596 ACPIEC - ok
13:59:15.0546 0596 ACS (276a114fd1de8232211f299e90da8e3a) C:\WINDOWS\system32\acs.exe
13:59:15.0562 0596 ACS ( UnsignedFile.Multi.Generic ) - warning
13:59:15.0562 0596 ACS - detected UnsignedFile.Multi.Generic (1)
13:59:15.0609 0596 Adobe LM Service (c1eb9968ec89fba5f3a264e2e57923ab) C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
13:59:15.0625 0596 Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
13:59:15.0625 0596 Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
13:59:15.0640 0596 adpu160m - ok
13:59:15.0656 0596 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
13:59:16.0078 0596 aec - ok
13:59:16.0109 0596 AegisP (91f3df93f40a74d222cd166fe95db633) C:\WINDOWS\system32\DRIVERS\AegisP.sys
13:59:16.0125 0596 AegisP ( UnsignedFile.Multi.Generic ) - warning
13:59:16.0125 0596 AegisP - detected UnsignedFile.Multi.Generic (1)
13:59:16.0156 0596 AFD (6a0397376853e604de8e1e7a87fc08ac) C:\WINDOWS\System32\drivers\afd.sys
13:59:16.0203 0596 AFD - ok
13:59:16.0203 0596 Aha154x - ok
13:59:16.0218 0596 aic78u2 - ok
13:59:16.0234 0596 aic78xx - ok
13:59:16.0250 0596 Alerter (c7ae0fd3867db0d42b03b73c18f3d671) C:\WINDOWS\system32\alrsvc.dll
13:59:16.0359 0596 Alerter - ok
13:59:16.0390 0596 ALG (f1958fbf86d5c004cf19a5951a9514b7) C:\WINDOWS\System32\alg.exe
13:59:16.0500 0596 ALG - ok
13:59:16.0500 0596 AliIde - ok
13:59:16.0578 0596 ALSysIO - ok
13:59:16.0625 0596 AmdK8 (0a4d13b388c814560bd69c3a496ecfa8) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
13:59:16.0671 0596 AmdK8 ( UnsignedFile.Multi.Generic ) - warning
13:59:16.0671 0596 AmdK8 - detected UnsignedFile.Multi.Generic (1)
13:59:16.0687 0596 AmdLLD (ad8fa28d8ed0d0a689a0559085ce0f18) C:\WINDOWS\system32\DRIVERS\AmdLLD.sys
13:59:16.0765 0596 AmdLLD - ok
13:59:16.0781 0596 AMDPCI - ok
13:59:16.0796 0596 amdtools - ok
13:59:16.0828 0596 Amfilter (d716473c4f66c1173d3ca4e679f68743) C:\WINDOWS\system32\DRIVERS\Amfilter.sys
13:59:16.0859 0596 Amfilter ( UnsignedFile.Multi.Generic ) - warning
13:59:16.0859 0596 Amfilter - detected UnsignedFile.Multi.Generic (1)
13:59:16.0875 0596 Amps2prt (f0f3c6865acf65971b9570201dfae68f) C:\WINDOWS\system32\DRIVERS\Amps2prt.sys
13:59:16.0906 0596 Amps2prt ( UnsignedFile.Multi.Generic ) - warning
13:59:16.0906 0596 Amps2prt - detected UnsignedFile.Multi.Generic (1)
13:59:16.0906 0596 amsint - ok
13:59:16.0921 0596 Amusbprt (0e264a9acb592f3fd91e742983db6a96) C:\WINDOWS\system32\DRIVERS\Amusbprt.sys
13:59:16.0953 0596 Amusbprt ( UnsignedFile.Multi.Generic ) - warning
13:59:16.0953 0596 Amusbprt - detected UnsignedFile.Multi.Generic (1)
13:59:16.0968 0596 AppMgmt (9c3c12975c97119412802b181fbeeffe) C:\WINDOWS\System32\appmgmts.dll
13:59:17.0078 0596 AppMgmt - ok
13:59:17.0125 0596 AR5211 (3cb8e72b7c9887b42b90000e8cb1e7be) C:\WINDOWS\system32\DRIVERS\ar5211.sys
13:59:17.0187 0596 AR5211 ( UnsignedFile.Multi.Generic ) - warning
13:59:17.0187 0596 AR5211 - detected UnsignedFile.Multi.Generic (1)
13:59:17.0187 0596 asc - ok
13:59:17.0203 0596 asc3350p - ok
13:59:17.0203 0596 asc3550 - ok
13:59:17.0234 0596 ASNDIS5 (05a56c3156e1b6cc7bbd8e1d54d491f2) C:\WINDOWS\system32\ASNDIS5.SYS
13:59:17.0265 0596 ASNDIS5 ( UnsignedFile.Multi.Generic ) - warning
13:59:17.0265 0596 ASNDIS5 - detected UnsignedFile.Multi.Generic (1)
13:59:17.0328 0596 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
13:59:17.0343 0596 aspnet_state - ok
13:59:17.0390 0596 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:59:17.0515 0596 AsyncMac - ok
13:59:17.0546 0596 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:59:17.0671 0596 atapi - ok
13:59:17.0671 0596 Atdisk - ok
13:59:17.0703 0596 atksgt (3c4b9850a2631c2263507400d029057b) C:\WINDOWS\system32\DRIVERS\atksgt.sys
13:59:17.0765 0596 atksgt - ok
13:59:17.0796 0596 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:59:17.0937 0596 Atmarpc - ok
13:59:17.0953 0596 AudioSrv (db66db626e4882ebef55f136f12c1829) C:\WINDOWS\System32\audiosrv.dll
13:59:18.0078 0596 AudioSrv - ok
13:59:18.0109 0596 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:59:18.0265 0596 audstub - ok
13:59:18.0296 0596 BCM43XX (e7debb46b9ef1f28932e533be4a3d1a9) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
13:59:18.0375 0596 BCM43XX - ok
13:59:18.0406 0596 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:59:18.0562 0596 Beep - ok
13:59:18.0625 0596 BITS (2c69ec7e5a311334d10dd95f338fccea) C:\WINDOWS\system32\qmgr.dll
13:59:18.0890 0596 BITS - ok
13:59:18.0953 0596 BlueletAudio (852a1bd08e7dfeb9e30b5440881c0501) C:\WINDOWS\system32\DRIVERS\blueletaudio.sys
13:59:18.0968 0596 BlueletAudio - ok
13:59:19.0000 0596 BlueletSCOAudio (8fc27b12a02b43947787f0ef1885df9b) C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys
13:59:19.0015 0596 BlueletSCOAudio - ok
13:59:19.0062 0596 Bonjour Service (73686fe0b2e0469f89fd2075be724704) C:\Program Files\Bonjour\mDNSResponder.exe
13:59:19.0078 0596 Bonjour Service ( UnsignedFile.Multi.Generic ) - warning
13:59:19.0078 0596 Bonjour Service - detected UnsignedFile.Multi.Generic (1)
13:59:19.0093 0596 Browser (39128b5a743545baedd3984c210f00a8) C:\WINDOWS\System32\browser.dll
13:59:19.0531 0596 Browser - ok
13:59:19.0546 0596 BT (c5cce2b26f73f8cf7f3c82159e79aa08) C:\WINDOWS\system32\DRIVERS\btnetdrv.sys
13:59:19.0562 0596 BT - ok
13:59:19.0593 0596 Btcsrusb (da473d279420234170da795f1cad4479) C:\WINDOWS\system32\Drivers\btcusb.sys
13:59:19.0593 0596 Btcsrusb - ok
13:59:19.0625 0596 BTHidEnum (ce643d0918123d76a5caab008fca9663) C:\WINDOWS\system32\Drivers\vbtenum.sys
13:59:19.0625 0596 BTHidEnum - ok
13:59:19.0640 0596 BTHidMgr (dfca4fe4c8aec786b4d0f432eb730f48) C:\WINDOWS\system32\Drivers\BTHidMgr.sys
13:59:19.0656 0596 BTHidMgr - ok
13:59:19.0671 0596 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:59:19.0843 0596 cbidf2k - ok
13:59:19.0843 0596 cd20xrnt - ok
13:59:19.0875 0596 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:59:20.0031 0596 Cdaudio - ok
13:59:20.0046 0596 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
13:59:20.0156 0596 Cdfs - ok
13:59:20.0171 0596 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:59:20.0328 0596 Cdrom - ok
13:59:20.0328 0596 Changer - ok
13:59:20.0343 0596 CiSvc (3192bd04d032a9c4a85a3278c268a13a) C:\WINDOWS\system32\cisvc.exe
13:59:20.0468 0596 CiSvc - ok
13:59:20.0484 0596 ClipSrv (c8dec22c4137d7a90f8bdf41ca4b82ae) C:\WINDOWS\system32\clipsrv.exe
13:59:20.0593 0596 ClipSrv - ok
13:59:20.0640 0596 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:59:20.0734 0596 clr_optimization_v2.0.50727_32 - ok
13:59:20.0765 0596 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:59:20.0828 0596 clr_optimization_v4.0.30319_32 - ok
13:59:20.0828 0596 CmdIde - ok
13:59:20.0843 0596 COMSysApp - ok
13:59:20.0859 0596 Cpqarray - ok
13:59:20.0890 0596 CryptSvc (87f3e2d2a3231f820f9248db90090f42) C:\WINDOWS\System32\cryptsvc.dll
13:59:21.0343 0596 CryptSvc - ok
13:59:21.0359 0596 dac2w2k - ok
13:59:21.0359 0596 dac960nt - ok
13:59:21.0390 0596 DcomLaunch (24b5d53b9accc1e2edcf0a878d6659d4) C:\WINDOWS\system32\rpcss.dll
13:59:21.0484 0596 DcomLaunch - ok
13:59:21.0500 0596 Dhcp (3f15a1dbd86f7bdaf404648282d11ece) C:\WINDOWS\System32\dhcpcsvc.dll
13:59:21.0984 0596 Dhcp - ok
13:59:22.0000 0596 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
13:59:22.0125 0596 Disk - ok
13:59:22.0140 0596 dmadmin - ok
13:59:22.0171 0596 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
13:59:22.0359 0596 dmboot - ok
13:59:22.0406 0596 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
13:59:22.0531 0596 dmio - ok
13:59:22.0562 0596 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:59:22.0718 0596 dmload - ok
13:59:22.0734 0596 dmserver (1639d9964c9e1b2ecca95c8217d3e70d) C:\WINDOWS\System32\dmserver.dll
13:59:22.0843 0596 dmserver - ok
13:59:22.0875 0596 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
13:59:22.0984 0596 DMusic - ok
13:59:23.0015 0596 Dnscache (6333c7e182e5b6247500188d28214def) C:\WINDOWS\System32\dnsrslvr.dll
13:59:23.0468 0596 Dnscache - ok
13:59:23.0515 0596 Dot4 (ad7fc1963b152b3728e3c4f83554a576) C:\WINDOWS\system32\DRIVERS\Dot4.sys
13:59:23.0640 0596 Dot4 - ok
13:59:23.0656 0596 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
13:59:23.0812 0596 Dot4Print - ok
13:59:23.0828 0596 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
13:59:24.0000 0596 dot4usb - ok
13:59:24.0000 0596 dpti2o - ok
13:59:24.0031 0596 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
13:59:24.0156 0596 drmkaud - ok
13:59:24.0156 0596 dtscsi - ok
13:59:24.0203 0596 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
13:59:24.0218 0596 dtsoftbus01 - ok
13:59:24.0250 0596 eamon (d42dd9021acd47683b33adf21bca49aa) C:\WINDOWS\system32\DRIVERS\eamon.sys
13:59:24.0265 0596 eamon - ok
13:59:24.0296 0596 ehdrv (fe7824239d132ad9ebd8645fe1199b30) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
13:59:24.0328 0596 ehdrv - ok
13:59:24.0390 0596 EhttpSrv (68d91a34ce51cf15c45dd68f7f1257e8) C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
13:59:24.0390 0596 EhttpSrv - ok
13:59:24.0437 0596 ekrn (191d8eccc40f05b52fac0513f35ba01d) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
13:59:24.0640 0596 ekrn - ok
13:59:24.0687 0596 epfw (73411c14a8c6062bb6a510772cf2f38c) C:\WINDOWS\system32\DRIVERS\epfw.sys
13:59:24.0703 0596 epfw - ok
13:59:24.0718 0596 Epfwndis (490329bf80f333e788df9596a752a915) C:\WINDOWS\system32\DRIVERS\Epfwndis.sys
13:59:24.0765 0596 Epfwndis - ok
13:59:24.0796 0596 epfwtdi (bdde7dd8fcdb1de7e879bb320b0605c0) C:\WINDOWS\system32\DRIVERS\epfwtdi.sys
13:59:24.0828 0596 epfwtdi - ok
13:59:24.0859 0596 ERSvc (67dff7bbbd0e80aab7b3cf061448db8a) C:\WINDOWS\System32\ersvc.dll
13:59:24.0953 0596 ERSvc - ok
13:59:24.0984 0596 Eventlog (4712531ab7a01b7ee059853ca17d39bd) C:\WINDOWS\system32\services.exe
13:59:25.0046 0596 Eventlog - ok
13:59:25.0078 0596 EventSystem (a4ab3dca4a383f0df4988abdeb84f9a4) C:\WINDOWS\system32\es.dll
13:59:25.0109 0596 EventSystem - ok
13:59:25.0125 0596 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
13:59:25.0250 0596 Fastfat - ok
13:59:25.0281 0596 FastUserSwitchingCompatibility (53d9184a21c5cbf600d918e51ef3a7e5) C:\WINDOWS\System32\shsvcs.dll
13:59:25.0765 0596 FastUserSwitchingCompatibility - ok
13:59:25.0812 0596 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
13:59:25.0953 0596 Fdc - ok
13:59:25.0984 0596 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
13:59:26.0109 0596 Fips - ok
13:59:26.0156 0596 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
13:59:26.0218 0596 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
13:59:26.0218 0596 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
13:59:26.0234 0596 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
13:59:26.0359 0596 Flpydisk - ok
13:59:26.0390 0596 FltMgr (5a85cd3d07273e3f6fe72ee9c6431632) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
13:59:26.0875 0596 FltMgr - ok
13:59:26.0953 0596 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
13:59:26.0953 0596 FontCache3.0.0.0 - ok
13:59:27.0015 0596 FreshIO (caac750e6d27866c28494e0de9fa802a) C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys
13:59:27.0031 0596 FreshIO ( UnsignedFile.Multi.Generic ) - warning
13:59:27.0031 0596 FreshIO - detected UnsignedFile.Multi.Generic (1)
13:59:27.0046 0596 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:59:27.0187 0596 Fs_Rec - ok
13:59:27.0187 0596 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:59:27.0343 0596 Ftdisk - ok
13:59:27.0406 0596 GarenaPEngine - ok
13:59:27.0453 0596 GGSAFERDriver - ok
13:59:27.0468 0596 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
13:59:27.0484 0596 giveio ( UnsignedFile.Multi.Generic ) - warning
13:59:27.0484 0596 giveio - detected UnsignedFile.Multi.Generic (1)
13:59:27.0484 0596 GMSIPCI - ok
13:59:27.0500 0596 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:59:27.0625 0596 Gpc - ok
13:59:27.0703 0596 gupdate1ca146cd430540 (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
13:59:27.0703 0596 gupdate1ca146cd430540 - ok
13:59:27.0718 0596 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
13:59:27.0718 0596 gupdatem - ok
13:59:27.0765 0596 gusvc (5467f1ff0af264566740f67e8b810735) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
13:59:27.0781 0596 gusvc - ok
13:59:27.0812 0596 ham50 (28449537b39572d5af6defd34ad509b7) C:\WINDOWS\system32\DRIVERS\IntelH51.sys
13:59:27.0859 0596 ham50 ( UnsignedFile.Multi.Generic ) - warning
13:59:27.0859 0596 ham50 - detected UnsignedFile.Multi.Generic (1)
13:59:27.0937 0596 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
13:59:28.0000 0596 HDAudBus - ok
13:59:28.0015 0596 helpsvc (8827911a8c37e40c027cbfc88e69d967) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
13:59:28.0125 0596 helpsvc - ok
13:59:28.0125 0596 HidServ - ok
13:59:28.0156 0596 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:59:28.0296 0596 HidUsb - ok
13:59:28.0312 0596 hpn - ok
13:59:28.0421 0596 hpqcxs08 (58d4765ab87347db835d5693adf652c1) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
13:59:28.0437 0596 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
13:59:28.0437 0596 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
13:59:28.0453 0596 hpqddsvc (99ed733f614660eb32199bf889dfb7e2) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
13:59:28.0468 0596 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
13:59:28.0468 0596 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
13:59:28.0500 0596 HTTP (261bf53e1d1c21f04b4e748a6ed3d055) C:\WINDOWS\system32\Drivers\HTTP.sys
13:59:28.0562 0596 HTTP - ok
13:59:28.0578 0596 HTTPFilter (064d8581adf77c25133e7d751d917d83) C:\WINDOWS\System32\w3ssl.dll
13:59:28.0703 0596 HTTPFilter - ok
13:59:28.0734 0596 hwdatacard (60aec3f4ec355d9f46d545a0fa08ce87) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
13:59:28.0812 0596 hwdatacard - ok
13:59:28.0843 0596 hwusbdev (b93d3c81ef1d372dc5bd5e6275362e1a) C:\WINDOWS\system32\DRIVERS\ewusbdev.sys
13:59:28.0890 0596 hwusbdev - ok
13:59:28.0890 0596 i2omgmt - ok
13:59:28.0906 0596 i2omp - ok
13:59:28.0921 0596 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:59:29.0078 0596 i8042prt - ok
13:59:29.0140 0596 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
13:59:29.0156 0596 IDriverT ( UnsignedFile.Multi.Generic ) - warning
13:59:29.0156 0596 IDriverT - detected UnsignedFile.Multi.Generic (1)
13:59:29.0250 0596 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:59:29.0312 0596 idsvc - ok
13:59:29.0375 0596 Imapi (12c59b8929121ace2f55acc86682cf12) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:59:29.0828 0596 Imapi - ok
13:59:29.0843 0596 ImapiService (fa788520bcac0f5d9d5cde5615c0d931) C:\WINDOWS\system32\imapi.exe
13:59:29.0968 0596 ImapiService - ok
13:59:29.0984 0596 ini910u - ok
13:59:30.0109 0596 IntcAzAudAddService (a799e941c3d19bcf6f93cbe12b55bc17) C:\WINDOWS\system32\drivers\RtkHDAud.sys
13:59:30.0375 0596 IntcAzAudAddService - ok
13:59:30.0375 0596 IntelIde - ok
13:59:30.0406 0596 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
13:59:30.0562 0596 Ip6Fw - ok
13:59:30.0578 0596 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:59:30.0765 0596 IpFilterDriver - ok
13:59:30.0781 0596 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:59:30.0906 0596 IpInIp - ok
13:59:30.0937 0596 IpNat (472c75f85e631f8aa87d21c9fee6238d) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:59:31.0406 0596 IpNat - ok
13:59:31.0421 0596 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:59:31.0546 0596 IPSec - ok
13:59:31.0578 0596 irda (86c204836feec22510d434982d4221b8) C:\WINDOWS\system32\DRIVERS\irda.sys
13:59:31.0703 0596 irda - ok
13:59:31.0718 0596 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:59:31.0859 0596 IRENUM - ok
13:59:31.0875 0596 Irmon (a02512c315c84f475bd89f847048b27b) C:\WINDOWS\System32\irmon.dll
13:59:31.0984 0596 Irmon - ok
13:59:32.0000 0596 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:59:32.0156 0596 isapnp - ok
13:59:32.0203 0596 JavaQuickStarterService (44ffba62f0f426b581759c49aafec2e2) C:\Program Files\Java\jre6\bin\jqs.exe
13:59:32.0203 0596 JavaQuickStarterService - ok
13:59:32.0234 0596 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:59:32.0375 0596 Kbdclass - ok
13:59:32.0406 0596 kmixer (8531438246ce9474e41ee1599904c0c7) C:\WINDOWS\system32\drivers\kmixer.sys
13:59:32.0875 0596 kmixer - ok
13:59:32.0906 0596 KSecDD (1be7cc2535d760ae4d481576eb789f24) C:\WINDOWS\system32\drivers\KSecDD.sys
13:59:32.0984 0596 KSecDD - ok
13:59:33.0015 0596 lanmanserver (76b15ac51a74be936ea86ea6e08817cf) C:\WINDOWS\System32\srvsvc.dll
13:59:33.0515 0596 lanmanserver - ok
13:59:33.0531 0596 lanmanworkstation (4c79d9c38dc98cf1c035ec8470b7d1d5) C:\WINDOWS\System32\wkssvc.dll
13:59:33.0578 0596 lanmanworkstation - ok
13:59:33.0578 0596 Lbd - ok
13:59:33.0593 0596 lbrtfdc - ok
13:59:33.0625 0596 lirsgt (4127e8b6ddb4090e815c1f8852c277d3) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
13:59:33.0640 0596 lirsgt - ok
13:59:33.0656 0596 LmHosts (b3eff6d938c572e90a07b3d87a3c7657) C:\WINDOWS\System32\lmhsvc.dll
13:59:33.0781 0596 LmHosts - ok
13:59:33.0859 0596 ltmodem5 (9ee18a5a45552673a67532ea37370377) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
13:59:34.0000 0596 ltmodem5 - ok
13:59:34.0000 0596 MagicTune - ok
13:59:34.0031 0596 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
13:59:34.0046 0596 MBAMProtector - ok
13:59:34.0109 0596 MBAMService (de199f3aa9c541a349af95a5c72a71af) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
13:59:34.0140 0596 MBAMService - ok
13:59:34.0203 0596 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
13:59:34.0218 0596 McComponentHostService - ok
13:59:34.0234 0596 MEMSWEEP2 - ok
13:59:34.0265 0596 Messenger (95fd808e4ac22aba025a7b3eac0375d2) C:\WINDOWS\System32\msgsvc.dll
13:59:34.0390 0596 Messenger - ok
13:59:34.0406 0596 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:59:34.0578 0596 mnmdd - ok
13:59:34.0593 0596 mnmsrvc (f6415361201915b9fe3896b0e4e724ff) C:\WINDOWS\system32\mnmsrvc.exe
13:59:34.0703 0596 mnmsrvc - ok
13:59:34.0734 0596 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
13:59:34.0875 0596 Modem - ok
13:59:34.0906 0596 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
13:59:35.0046 0596 MODEMCSA - ok
13:59:35.0078 0596 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:59:35.0203 0596 Mouclass - ok
13:59:35.0234 0596 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:59:35.0375 0596 mouhid - ok
13:59:35.0390 0596 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
13:59:35.0500 0596 MountMgr - ok
13:59:35.0515 0596 mraid35x - ok
13:59:35.0546 0596 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:59:36.0015 0596 MRxDAV - ok
13:59:36.0046 0596 MRxSmb (3500e756812e716351f2d341ae1d5623) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:59:36.0093 0596 MRxSmb - ok
13:59:36.0125 0596 MSDTC (c7c3d89eb0a6f3dba622ea737fa335b1) C:\WINDOWS\system32\msdtc.exe
13:59:36.0234 0596 MSDTC - ok
13:59:36.0265 0596 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
13:59:36.0375 0596 Msfs - ok
13:59:36.0406 0596 MSIRCOMM (ee55f5c64417cc369866d7eafe9b07ab) C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys
13:59:36.0531 0596 MSIRCOMM - ok
13:59:36.0531 0596 MSIServer - ok
13:59:36.0562 0596 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:59:36.0687 0596 MSKSSRV - ok
13:59:36.0703 0596 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:59:36.0843 0596 MSPCLOCK - ok
13:59:36.0921 0596 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
13:59:37.0031 0596 MSPQM - ok
13:59:37.0062 0596 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:59:37.0187 0596 mssmbios - ok
13:59:37.0218 0596 MSSQL$SQLEXPRESS - ok
13:59:37.0265 0596 MSSQLServerADHelper100 (f1761c8fb2b25a32c6d63e36bb88c3ae) C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
13:59:37.0265 0596 MSSQLServerADHelper100 - ok
13:59:37.0281 0596 Mup (f66b6b1cddee6ca87cefc016eb7a0d8e) C:\WINDOWS\system32\drivers\Mup.sys
13:59:37.0718 0596 Mup - ok
13:59:37.0812 0596 NBService (7db7924793b9bd0ec991ad321664c486) C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
13:59:37.0828 0596 NBService ( UnsignedFile.Multi.Generic ) - warning
13:59:37.0828 0596 NBService - detected UnsignedFile.Multi.Generic (1)
13:59:37.0843 0596 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
13:59:37.0968 0596 NDIS - ok
13:59:37.0984 0596 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:59:38.0109 0596 NdisTapi - ok
13:59:38.0125 0596 Ndisuio (77d9bf86b912104c229d4f0d25be3c12) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:59:38.0625 0596 Ndisuio - ok
13:59:38.0640 0596 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:59:38.0781 0596 NdisWan - ok
13:59:38.0781 0596 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
13:59:38.0937 0596 NDProxy - ok
13:59:38.0937 0596 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
13:59:39.0062 0596 NetBIOS - ok
13:59:39.0078 0596 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
13:59:39.0218 0596 NetBT - ok
13:59:39.0234 0596 NetDDE (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe
13:59:39.0343 0596 NetDDE - ok
13:59:39.0359 0596 NetDDEdsdm (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe
13:59:39.0453 0596 NetDDEdsdm - ok
13:59:39.0484 0596 Netlogon (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
13:59:39.0593 0596 Netlogon - ok
13:59:39.0609 0596 Netman (3516d8a18b36784b1005b950b84232e1) C:\WINDOWS\System32\netman.dll
13:59:40.0093 0596 Netman - ok
13:59:40.0156 0596 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:59:40.0187 0596 NetTcpPortSharing - ok
13:59:40.0218 0596 Nla (1dfca7713ea5a70d5d93b436aea0317a) C:\WINDOWS\System32\mswsock.dll
13:59:40.0281 0596 Nla - ok
13:59:40.0296 0596 nmwcd - ok
13:59:40.0312 0596 nmwcdc - ok
13:59:40.0312 0596 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
13:59:40.0421 0596 Npfs - ok
13:59:40.0468 0596 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
13:59:40.0953 0596 Ntfs - ok
13:59:40.0953 0596 NtLmSsp (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
13:59:41.0062 0596 NtLmSsp - ok
13:59:41.0093 0596 NtmsSvc (b62f29c00ac55a761b2e45877d85ea0f) C:\WINDOWS\system32\ntmssvc.dll
13:59:41.0234 0596 NtmsSvc - ok
13:59:41.0265 0596 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
13:59:41.0421 0596 Null - ok
13:59:41.0578 0596 nv (ba1b732c1a70cfea0c1b64f2850bf44f) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
13:59:41.0796 0596 nv - ok
13:59:41.0812 0596 NVSvc (0febe37db6650faa5965c00545009d1d) C:\WINDOWS\system32\nvsvc32.exe
13:59:41.0828 0596 NVSvc - ok
13:59:41.0859 0596 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:59:42.0015 0596 NwlnkFlt - ok
13:59:42.0031 0596 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:59:42.0187 0596 NwlnkFwd - ok
13:59:42.0218 0596 nxsIO32 (f77e1270169604c87da56038dce99603) C:\WINDOWS\System32\DRIVERS\nxsIO32.sys
13:59:42.0234 0596 nxsIO32 ( UnsignedFile.Multi.Generic ) - warning
13:59:42.0234 0596 nxsIO32 - detected UnsignedFile.Multi.Generic (1)
13:59:42.0281 0596 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:59:42.0296 0596 ose - ok
13:59:42.0328 0596 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
13:59:42.0468 0596 Parport - ok
13:59:42.0500 0596 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
13:59:42.0625 0596 PartMgr - ok
13:59:42.0656 0596 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
13:59:42.0812 0596 ParVdm - ok
13:59:42.0843 0596 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
13:59:42.0875 0596 pccsmcfd - ok
13:59:42.0890 0596 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
13:59:43.0000 0596 PCI - ok
13:59:43.0015 0596 PCIDump - ok
13:59:43.0031 0596 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
13:59:43.0187 0596 PCIIde - ok
13:59:43.0203 0596 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
13:59:43.0343 0596 Pcmcia - ok
13:59:43.0359 0596 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
13:59:43.0406 0596 pcouffin ( UnsignedFile.Multi.Generic ) - warning
13:59:43.0406 0596 pcouffin - detected UnsignedFile.Multi.Generic (1)
13:59:43.0406 0596 PDCOMP - ok
13:59:43.0421 0596 PDFRAME - ok
13:59:43.0437 0596 PDRELI - ok
13:59:43.0437 0596 PDRFRAME - ok
13:59:43.0453 0596 perc2 - ok
13:59:43.0453 0596 perc2hib - ok
13:59:43.0500 0596 pfc (957b82ec80ad7ead64e5e47df6b0dc40) C:\WINDOWS\system32\drivers\pfc.sys
13:59:43.0515 0596 pfc ( UnsignedFile.Multi.Generic ) - warning
13:59:43.0515 0596 pfc - detected UnsignedFile.Multi.Generic (1)
13:59:43.0531 0596 PlugPlay (4712531ab7a01b7ee059853ca17d39bd) C:\WINDOWS\system32\services.exe
13:59:43.0609 0596 PlugPlay - ok
13:59:43.0609 0596 Pml Driver HPZ12 - ok
13:59:43.0640 0596 PnkBstrA (1713d9de407313138118d501b0e3c05b) C:\WINDOWS\system32\PnkBstrA.exe
13:59:43.0656 0596 PnkBstrA - ok
13:59:43.0671 0596 PolicyAgent (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
13:59:43.0781 0596 PolicyAgent - ok
13:59:43.0859 0596 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:59:44.0000 0596 PptpMiniport - ok
13:59:44.0015 0596 ProtectedStorage (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
13:59:44.0109 0596 ProtectedStorage - ok
13:59:44.0125 0596 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
13:59:44.0265 0596 PSched - ok
13:59:44.0328 0596 PSI_SVC_2 (543a4ef0923bf70d126625b034ef25af) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
13:59:44.0328 0596 PSI_SVC_2 - ok
13:59:44.0343 0596 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:59:44.0484 0596 Ptilink - ok
13:59:44.0515 0596 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
13:59:44.0515 0596 PxHelp20 - ok
13:59:44.0515 0596 ql1080 - ok
13:59:44.0531 0596 Ql10wnt - ok
13:59:44.0546 0596 ql12160 - ok
13:59:44.0546 0596 ql1240 - ok
13:59:44.0562 0596 ql1280 - ok
13:59:44.0578 0596 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:59:44.0734 0596 RasAcd - ok
13:59:44.0765 0596 RasAuto (44db7a9bdd2fb58747d123fbf1d35adb) C:\WINDOWS\System32\rasauto.dll
13:59:44.0875 0596 RasAuto - ok
13:59:44.0906 0596 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
13:59:44.0984 0596 Rasirda - ok
13:59:45.0000 0596 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:59:45.0140 0596 Rasl2tp - ok
13:59:45.0156 0596 RasMan (ed5e89dedb0111e2869cb37d62b46c7a) C:\WINDOWS\System32\rasmans.dll
13:59:45.0656 0596 RasMan - ok
13:59:45.0671 0596 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:59:45.0796 0596 RasPppoe - ok
13:59:45.0812 0596 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:59:45.0968 0596 Raspti - ok
13:59:45.0984 0596 Rdbss (b48441a6dc703ee4c36db14ee51a189c) C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:59:46.0484 0596 Rdbss - ok
13:59:46.0500 0596 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:59:46.0656 0596 RDPCDD - ok
13:59:46.0671 0596 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:59:46.0812 0596 rdpdr - ok
13:59:46.0843 0596 RDPWD (047bea21274c8a4a233674a76c958c2c) C:\WINDOWS\system32\drivers\RDPWD.sys
13:59:47.0312 0596 RDPWD - ok
13:59:47.0328 0596 RDSessMgr (729798e0933076b8fcfcd9934698f164) C:\WINDOWS\system32\sessmgr.exe
13:59:47.0453 0596 RDSessMgr - ok
13:59:47.0468 0596 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:59:47.0609 0596 redbook - ok
13:59:47.0625 0596 RemoteAccess (3046db917e3cfa040632799dd9b14865) C:\WINDOWS\System32\mprdim.dll
13:59:47.0765 0596 RemoteAccess - ok
13:59:47.0781 0596 RemoteRegistry (3151427db7d87107d1c5be58fac53960) C:\WINDOWS\system32\regsvc.dll
13:59:47.0906 0596 RemoteRegistry - ok
13:59:47.0968 0596 RichVideo (bd517c7fb119997effbe39d5e4b37b05) C:\Program Files\CyberLink\Shared files\RichVideo.exe
13:59:47.0968 0596 RichVideo ( UnsignedFile.Multi.Generic ) - warning
13:59:47.0968 0596 RichVideo - detected UnsignedFile.Multi.Generic (1)
13:59:48.0015 0596 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
13:59:48.0156 0596 ROOTMODEM - ok
13:59:48.0187 0596 RpcLocator (793f04a09b15e7c6c11dbdffaf06c0ab) C:\WINDOWS\system32\locator.exe
13:59:48.0296 0596 RpcLocator - ok
13:59:48.0328 0596 RpcSs (24b5d53b9accc1e2edcf0a878d6659d4) C:\WINDOWS\system32\rpcss.dll
13:59:48.0390 0596 RpcSs - ok
13:59:48.0421 0596 RsFx0102 (fedd2710b75be3ecf078adace790c423) C:\WINDOWS\system32\DRIVERS\RsFx0102.sys
13:59:48.0437 0596 RsFx0102 - ok
13:59:48.0500 0596 rspndr (0e11b35e972796042044bc27ce13b065) C:\WINDOWS\system32\DRIVERS\rspndr.sys
13:59:48.0984 0596 rspndr - ok
13:59:49.0000 0596 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
13:59:49.0125 0596 RSVP - ok
13:59:49.0156 0596 RTLE8023xp (25be98c05808c57e4d8d26477dc12d39) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
13:59:49.0218 0596 RTLE8023xp - ok
13:59:49.0234 0596 SamSs (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
13:59:49.0328 0596 SamSs - ok
13:59:49.0343 0596 SANDRA - ok
13:59:49.0375 0596 SASDIFSV (bfbc4be8d6ac6d33ad93f3f5f2e11499) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
13:59:49.0421 0596 SASDIFSV ( UnsignedFile.Multi.Generic ) - warning
13:59:49.0421 0596 SASDIFSV - detected UnsignedFile.Multi.Generic (1)
13:59:49.0421 0596 SASENUM (e9c2d75c748c3f0a4c34d6cf2ae1d754) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
13:59:49.0453 0596 SASENUM ( UnsignedFile.Multi.Generic ) - warning
13:59:49.0453 0596 SASENUM - detected UnsignedFile.Multi.Generic (1)
13:59:49.0484 0596 SASKUTIL (c7d81c10d3befeee41f3408714637438) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
13:59:49.0500 0596 SASKUTIL ( UnsignedFile.Multi.Generic ) - warning
13:59:49.0500 0596 SASKUTIL - detected UnsignedFile.Multi.Generic (1)
13:59:49.0531 0596 SAVRKBootTasks (0aef47e0a6b0cba8c9833d55298b2791) C:\WINDOWS\system32\SAVRKBootTasks.sys
13:59:49.0546 0596 SAVRKBootTasks ( UnsignedFile.Multi.Generic ) - warning
13:59:49.0546 0596 SAVRKBootTasks - detected UnsignedFile.Multi.Generic (1)
13:59:49.0562 0596 SCardSvr (25d8de134df108e3dbc8d7d23b1aa58e) C:\WINDOWS\System32\SCardSvr.exe
13:59:49.0671 0596 SCardSvr - ok
13:59:49.0718 0596 Schedule (92360854316611f6cc471612213c3d92) C:\WINDOWS\system32\schedsvc.dll
13:59:49.0828 0596 Schedule - ok
13:59:49.0859 0596 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:59:50.0312 0596 Secdrv - ok
13:59:50.0343 0596 seclogon (b1e0ce09895376871746f36dc5773b4f) C:\WINDOWS\System32\seclogon.dll
13:59:50.0453 0596 seclogon - ok
13:59:50.0468 0596 SENS (dfd9870cf39c791d86c4c209da9fa919) C:\WINDOWS\system32\sens.dll
13:59:50.0562 0596 SENS - ok
13:59:50.0578 0596 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
13:59:50.0718 0596 serenum - ok
13:59:50.0734 0596 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
13:59:50.0875 0596 Serial - ok
13:59:50.0906 0596 ServiceLayer (2d841b7b7f6dec32162edfcc69d61f42) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
13:59:50.0968 0596 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
13:59:50.0968 0596 ServiceLayer - detected UnsignedFile.Multi.Generic (1)
13:59:51.0015 0596 sfdrv01 (9e7dee11fd5a4355941a45f13c0ed59a) C:\WINDOWS\system32\drivers\sfdrv01.sys
13:59:51.0015 0596 sfdrv01 ( UnsignedFile.Multi.Generic ) - warning
13:59:51.0015 0596 sfdrv01 - detected UnsignedFile.Multi.Generic (1)
13:59:51.0046 0596 sfhlp02 (ecefb59d2206d281e6d317af0ea0d8bd) C:\WINDOWS\system32\drivers\sfhlp02.sys
13:59:51.0062 0596 sfhlp02 ( UnsignedFile.Multi.Generic ) - warning
13:59:51.0062 0596 sfhlp02 - detected UnsignedFile.Multi.Generic (1)
13:59:51.0078 0596 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
13:59:51.0218 0596 Sfloppy - ok
13:59:51.0218 0596 sfsync04 (05e3038180cd846b0bca0e915163606a) C:\WINDOWS\system32\drivers\sfsync04.sys
13:59:51.0234 0596 sfsync04 ( UnsignedFile.Multi.Generic ) - warning
13:59:51.0234 0596 sfsync04 - detected UnsignedFile.Multi.Generic (1)
13:59:51.0250 0596 sfvfs02 (d5a7e09d2c6a702809e49190d52adc9f) C:\WINDOWS\system32\drivers\sfvfs02.sys
13:59:51.0250 0596 sfvfs02 ( UnsignedFile.Multi.Generic ) - warning
13:59:51.0250 0596 sfvfs02 - detected UnsignedFile.Multi.Generic (1)
13:59:51.0281 0596 SharedAccess (36cc8c01b5e50163037bef56cb96deff) C:\WINDOWS\System32\ipnathlp.dll
13:59:51.0406 0596 SharedAccess - ok
13:59:51.0421 0596 ShellHWDetection (53d9184a21c5cbf600d918e51ef3a7e5) C:\WINDOWS\System32\shsvcs.dll
13:59:51.0937 0596 ShellHWDetection - ok
13:59:51.0953 0596 Simbad - ok
13:59:51.0968 0596 Sparrow - ok
13:59:51.0984 0596 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\WINDOWS\system32\speedfan.sys
13:59:51.0984 0596 speedfan ( UnsignedFile.Multi.Generic ) - warning
13:59:51.0984 0596 speedfan - detected UnsignedFile.Multi.Generic (1)
13:59:52.0031 0596 splitter (9bb1dd670cb7505a90fc4e61d4aa8227) C:\WINDOWS\system32\drivers\splitter.sys
13:59:52.0515 0596 splitter - ok
13:59:52.0578 0596 Spooler (ad3d9d191aea7b5445fe1d82ffbb4788) C:\WINDOWS\system32\spoolsv.exe
13:59:53.0078 0596 Spooler - ok
13:59:53.0125 0596 sptd (d390675b8ce45e5fb359338e5e649329) C:\WINDOWS\system32\Drivers\sptd.sys
13:59:53.0125 0596 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: d390675b8ce45e5fb359338e5e649329
13:59:53.0125 0596 sptd ( LockedFile.Multi.Generic ) - warning
13:59:53.0125 0596 sptd - detected LockedFile.Multi.Generic (1)
13:59:53.0203 0596 SQLAgent$SQLEXPRESS (eb2fd937449b7aceb39372f875eb8e78) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
13:59:53.0234 0596 SQLAgent$SQLEXPRESS - ok
13:59:53.0265 0596 SQLBrowser (99de6acfa5ca83fad6a765c81c6f129f) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
13:59:53.0281 0596 SQLBrowser - ok
13:59:53.0312 0596 SQLWriter (637a0f23f9012358e92e6f99835494d1) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
13:59:53.0312 0596 SQLWriter - ok
13:59:53.0328 0596 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
13:59:53.0468 0596 sr - ok
13:59:53.0484 0596 srservice (92bdf74f12d6cbec43c94d4b7f804838) C:\WINDOWS\system32\srsvc.dll
13:59:53.0593 0596 srservice - ok
13:59:53.0625 0596 Srv (d4af9861c3b6a2163d26dc6b9cf05e2a) C:\WINDOWS\system32\DRIVERS\srv.sys
13:59:53.0687 0596 Srv - ok
13:59:53.0718 0596 sscdbus (2d4027c46b4c6e45875e3c4ba3f67492) C:\WINDOWS\system32\DRIVERS\sscdbus.sys
13:59:53.0781 0596 sscdbus - ok
13:59:53.0796 0596 sscdmdfl (f548f1eba107bc19e91189e6a460bd0e) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
13:59:53.0859 0596 sscdmdfl - ok
13:59:53.0875 0596 sscdmdm (71d348d53597379dfe1de255d70af13c) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
13:59:53.0937 0596 sscdmdm - ok
13:59:53.0953 0596 SSDPSRV (4b8d61792f7175bed48859cc18ce4e38) C:\WINDOWS\System32\ssdpsrv.dll
13:59:54.0078 0596 SSDPSRV - ok
13:59:54.0109 0596 ss_bus (bd15182e9d2d3fabc1d1313badbd2415) C:\WINDOWS\system32\DRIVERS\ss_bus.sys
13:59:54.0156 0596 ss_bus - ok
13:59:54.0187 0596 ss_mdfl (67d1144f249a3c5e03ebd7a2304dee11) C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys
13:59:54.0250 0596 ss_mdfl - ok
13:59:54.0265 0596 ss_mdm (954b7ce2d54c703d6a8471d6b05a5e13) C:\WINDOWS\system32\DRIVERS\ss_mdm.sys
13:59:54.0296 0596 ss_mdm - ok
13:59:54.0328 0596 StarOpen (306521935042fc0a6988d528643619b3) C:\WINDOWS\system32\drivers\StarOpen.sys
13:59:54.0328 0596 StarOpen ( UnsignedFile.Multi.Generic ) - warning
13:59:54.0328 0596 StarOpen - detected UnsignedFile.Multi.Generic (1)
13:59:54.0343 0596 Steam Client Service - ok
13:59:54.0375 0596 STIrUsb (a1a16662c6b1a665d965d61b9eecc5a7) C:\WINDOWS\system32\DRIVERS\irstusb.sys
13:59:54.0453 0596 STIrUsb - ok
13:59:54.0484 0596 stisvc (b6763f8534ac547cf1af98afdff2edc8) C:\WINDOWS\system32\wiaservc.dll
13:59:54.0968 0596 stisvc - ok
13:59:55.0062 0596 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:59:55.0187 0596 swenum - ok
13:59:55.0218 0596 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
13:59:55.0375 0596 swmidi - ok
13:59:55.0375 0596 SwPrv - ok
13:59:55.0390 0596 symc810 - ok
13:59:55.0390 0596 symc8xx - ok
13:59:55.0406 0596 sym_hi - ok
13:59:55.0421 0596 sym_u3 - ok
13:59:55.0453 0596 SynasUSB (418bd80a7fefaa3fcbd3dcfc021cb294) C:\WINDOWS\system32\drivers\SynasUSB.sys
13:59:55.0484 0596 SynasUSB ( UnsignedFile.Multi.Generic ) - warning
13:59:55.0484 0596 SynasUSB - detected UnsignedFile.Multi.Generic (1)
13:59:55.0500 0596 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
13:59:55.0609 0596 sysaudio - ok
13:59:55.0640 0596 SysmonLog (8b54aa346d1b1b113ffaa75501b8b1b2) C:\WINDOWS\system32\smlogsvc.exe
13:59:55.0750 0596 SysmonLog - ok
13:59:55.0781 0596 TapiSrv (1418a3a6e76e5a2e3f5e43866e793a8b) C:\WINDOWS\System32\tapisrv.dll
13:59:56.0281 0596 TapiSrv - ok
13:59:56.0312 0596 Tcpip (744e57c99232201ae98c49168b918f48) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:59:56.0406 0596 Tcpip - ok
13:59:56.0437 0596 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:59:56.0562 0596 TDPIPE - ok
13:59:56.0578 0596 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
13:59:56.0718 0596 TDTCP - ok
13:59:56.0734 0596 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:59:56.0875 0596 TermDD - ok
13:59:56.0906 0596 TermService (c29a5286e64d97385178452d5f307b98) C:\WINDOWS\System32\termsrv.dll
13:59:57.0390 0596 TermService - ok
13:59:57.0421 0596 Themes (53d9184a21c5cbf600d918e51ef3a7e5) C:\WINDOWS\System32\shsvcs.dll
13:59:57.0921 0596 Themes - ok
13:59:57.0937 0596 TlntSvr (37db0a7d097310e8b4de803fc3119c78) C:\WINDOWS\system32\tlntsvr.exe
13:59:58.0046 0596 TlntSvr - ok
13:59:58.0062 0596 TosIde - ok
13:59:58.0078 0596 TrkWks (6d9ac544b30f96c57f8206566c1fb6a1) C:\WINDOWS\system32\trkwks.dll
13:59:58.0187 0596 TrkWks - ok
13:59:58.0203 0596 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
13:59:58.0328 0596 Udfs - ok
13:59:58.0390 0596 UleadBurningHelper (45dc49296c70bc7990863aca79b7d907) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
13:59:58.0406 0596 UleadBurningHelper - ok
13:59:58.0406 0596 ultra - ok
13:59:58.0437 0596 Update (a4815a4884898f355a3513e60843a4fd) C:\WINDOWS\system32\DRIVERS\update.sys
13:59:58.0921 0596 Update - ok
13:59:58.0953 0596 upnphost (aca5d98663d879c6baafcea7e2f1b710) C:\WINDOWS\System32\upnphost.dll
13:59:59.0484 0596 upnphost - ok
13:59:59.0484 0596 upperdev - ok
13:59:59.0500 0596 UPS (3f5df65b0758675f95a2d43918a740a3) C:\WINDOWS\System32\ups.exe
13:59:59.0625 0596 UPS - ok
13:59:59.0656 0596 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:59:59.0781 0596 usbccgp - ok
13:59:59.0796 0596 usbehci (a45ea1550ea4b368c4fba7ca9d056bc9) C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:00:00.0265 0596 usbehci - ok
14:00:00.0281 0596 usbhub (6d46b1f89134892a862ac56b00ac11fe) C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:00:00.0812 0596 usbhub - ok
14:00:00.0875 0596 usbohci (555b2b2108c5085cc203202fec702d08) C:\WINDOWS\system32\DRIVERS\usbohci.sys
14:00:01.0359 0596 usbohci - ok
14:00:01.0406 0596 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:00:01.0531 0596 usbprint - ok
14:00:01.0562 0596 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:00:01.0687 0596 usbscan - ok
14:00:01.0718 0596 usbser (49106ee29074e6a3d3ac9e24c6d791d8) C:\WINDOWS\system32\drivers\usbser.sys
14:00:01.0859 0596 usbser - ok
14:00:01.0875 0596 UsbserFilt - ok
14:00:01.0906 0596 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:00:02.0031 0596 USBSTOR - ok
14:00:02.0093 0596 usnjsvc (9d19b042a4fd5c02195071ea2fe0c821) C:\Program Files\Windows Live\Messenger\usnsvc.exe
14:00:02.0109 0596 usnjsvc - ok
14:00:02.0125 0596 VComm (51750b0539986186c6931fc40d171521) C:\WINDOWS\system32\DRIVERS\VComm.sys
14:00:02.0140 0596 VComm - ok
14:00:02.0156 0596 VcommMgr (6d9c891c0a761afed1f3609c2e56f2b9) C:\WINDOWS\system32\Drivers\VcommMgr.sys
14:00:02.0171 0596 VcommMgr - ok
14:00:02.0203 0596 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
14:00:02.0328 0596 VgaSave - ok
14:00:02.0328 0596 ViaIde - ok
14:00:02.0359 0596 vmm (817da66b1b889fad1dbf669e0e2f3228) C:\WINDOWS\system32\Drivers\vmm.sys
14:00:02.0390 0596 vmm - ok
14:00:02.0406 0596 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
14:00:02.0531 0596 VolSnap - ok
14:00:02.0562 0596 VPCNetS2 (2abe8281db609d8bb1bd1b2f93800d5f) C:\WINDOWS\system32\DRIVERS\VMNetSrv.sys
14:00:02.0593 0596 VPCNetS2 - ok
14:00:02.0593 0596 vsc32 - ok
14:00:02.0625 0596 VSS (3ee00364ae0fd8d604f46cbaf512838a) C:\WINDOWS\System32\vssvc.exe
14:00:02.0765 0596 VSS - ok
14:00:02.0781 0596 W32Time (2b281958f5d0cf99ed626e3ef39d5c8d) C:\WINDOWS\system32\w32time.dll
14:00:02.0890 0596 W32Time - ok
14:00:02.0921 0596 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:00:03.0046 0596 Wanarp - ok
14:00:03.0078 0596 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
14:00:03.0125 0596 Wdf01000 - ok
14:00:03.0140 0596 WDICA - ok
14:00:03.0171 0596 wdmaud (0bfa8203b8148fb4e54bc212c41ce497) C:\WINDOWS\system32\drivers\wdmaud.sys
14:00:03.0640 0596 wdmaud - ok
14:00:03.0656 0596 WebClient (346e7d636adfe4e3b1b32af8326220ff) C:\WINDOWS\System32\webclnt.dll
14:00:04.0125 0596 WebClient - ok
14:00:04.0187 0596 winmgmt (f399242a80c4066fd155efa4cf96658e) C:\WINDOWS\system32\wbem\WMIsvc.dll
14:00:04.0296 0596 winmgmt - ok
14:00:04.0343 0596 WLSetupSvc (94a85e956a065e23e0010a6a7826243b) C:\Program Files\Windows Live\installer\WLSetupSvc.exe
14:00:04.0375 0596 WLSetupSvc - ok
14:00:04.0437 0596 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
14:00:04.0484 0596 WmdmPmSN - ok
14:00:04.0531 0596 Wmi (e8e57b0f9eb03d1aabec28d550c75116) C:\WINDOWS\System32\advapi32.dll
14:00:04.0593 0596 Wmi - ok
14:00:04.0625 0596 WmiApSrv (ba8cecc3e813e1f7c441b20393d4f86c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
14:00:04.0750 0596 WmiApSrv - ok
14:00:04.0859 0596 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
14:00:04.0875 0596 WpdUsb - ok
14:00:04.0984 0596 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
14:00:05.0062 0596 WPFFontCache_v0400 - ok
14:00:05.0093 0596 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
14:00:05.0265 0596 WS2IFSL - ok
14:00:05.0296 0596 wscsvc (478995b4555958e52388496618d9c678) C:\WINDOWS\system32\wscsvc.dll
14:00:05.0781 0596 wscsvc - ok
14:00:05.0828 0596 wuauserv (b72508649dad03bcb5d708edb1e3e57e) C:\WINDOWS\system32\wuauserv.dll
14:00:05.0828 0596 wuauserv - ok
14:00:05.0859 0596 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:00:05.0890 0596 WudfPf - ok
14:00:05.0921 0596 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:00:05.0937 0596 WudfRd - ok
14:00:05.0953 0596 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
14:00:05.0984 0596 WudfSvc - ok
14:00:06.0000 0596 WZCSVC (b1f190a2bf52b8f4601c677f475ce5e5) C:\WINDOWS\System32\wzcsvc.dll
14:00:06.0484 0596 WZCSVC - ok
14:00:06.0515 0596 xmlprov (eef46dab68229a14da3d8e73c99e2959) C:\WINDOWS\System32\xmlprov.dll
14:00:06.0765 0596 xmlprov - ok
14:00:06.0843 0596 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
14:00:06.0890 0596 YahooAUService - ok
14:00:07.0046 0596 zlportio - ok
14:00:07.0093 0596 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
14:00:07.0484 0596 \Device\Harddisk0\DR0 - ok
14:00:07.0500 0596 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
14:00:07.0609 0596 \Device\Harddisk1\DR1 - ok
14:00:07.0609 0596 Boot (0x1200) (f080bfb11453d9239f44d8d11d9c9930) \Device\Harddisk0\DR0\Partition0
14:00:07.0609 0596 \Device\Harddisk0\DR0\Partition0 - ok
14:00:07.0625 0596 Boot (0x1200) (431936025c5368b7cb95fc68f3e828a6) \Device\Harddisk0\DR0\Partition1
14:00:07.0625 0596 \Device\Harddisk0\DR0\Partition1 - ok
14:00:07.0640 0596 Boot (0x1200) (61b9a9bef0afb031df34ff25c480574b) \Device\Harddisk1\DR1\Partition0
14:00:07.0640 0596 \Device\Harddisk1\DR1\Partition0 - ok
14:00:07.0656 0596 Boot (0x1200) (bde42611e843c716384ec8a064bf457e) \Device\Harddisk1\DR1\Partition1
14:00:07.0671 0596 \Device\Harddisk1\DR1\Partition1 - ok
14:00:07.0687 0596 Boot (0x1200) (c6bfb3efae585498776d12724c5dd66e) \Device\Harddisk1\DR1\Partition2
14:00:07.0687 0596 \Device\Harddisk1\DR1\Partition2 - ok
14:00:07.0687 0596 ============================================================
14:00:07.0687 0596 Scan finished
14:00:07.0687 0596 ============================================================
14:00:07.0796 2424 Detected object count: 35
14:00:07.0796 2424 Actual detected object count: 35
14:02:11.0453 2424 ACS ( UnsignedFile.Multi.Generic ) - skipped by user
14:02:11.0453 2424 ACS ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:02:11.0453 2424 Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
14:02:11.0453 2424 Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:02:11.0468 2424 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
14:02:11.0468 2424 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:02:11.0468 2424 AmdK8 ( UnsignedFile.Multi.Generic ) - skipped by user
14:02:11.0468 2424 AmdK8 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:02:11.0468 2424 Amfilter ( UnsignedFile.Multi.Generic ) - skipped by user
14:02:11.0468 2424 Amfilter ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:02:11.0468 2424 Amps2prt ( UnsignedFile.Multi.Generic ) - skipped by user
14:02:11.0468 2424 Amps2prt ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:02:11.0468 2424 Amusbprt ( UnsignedFile.Multi.Generic ) - skipped by user
14:02:11.0468 2424 Amusbprt ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:02:11.0468 2424 AR5211 ( UnsignedFile.Multi.Generic ) - skipped by user
14:02:11.0468 2424 AR5211 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:02:11.0468 2424 ASNDIS5 ( UnsignedFile.Multi.Generic ) - skipped by user
14:02:11.0468 2424 ASNDIS5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:02:11.0484 2424 Bonjour Service ( UnsignedFile.Multi.Generic ) - skipped by user
14:02:11.0484 2424 Bonjour Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:02:11.0484 2424 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
14:02:11.0484 2424 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:02:11.0484 2424 FreshIO ( UnsignedFile.Multi.Generic ) - skipped by user
14:02:11.0484 2424 FreshIO ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:02:11.0484 2424 giveio ( UnsignedFile.Multi.Generic ) - skipped by user
14:02:11.0484 2424 giveio ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:02:11.0484 2424 ham50 ( UnsignedFile.Multi.Generic ) - skipped by user
14:02:11.0484 2424 ham50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:02:11.0484 2424 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
14:02:11.0484 2424 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:02:11.0484 2424 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
14:02:11.0484 2424 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:02:11.0484 2424 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
14:02:11.0484 2424 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:02:11.0500 2424 NBService ( UnsignedFile.Multi.Generic ) - skipped by user
14:02:11.0500 2424 NBService ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:02:11.0500 2424 nxsIO32 ( UnsignedFile.Multi.Generic ) - skipped by user
14:02:11.0500 2424 nxsIO32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:02:11.0500 2424 pcouffin ( UnsignedFile.Multi.Generic ) - skipped by user
14:02:11.0500 2424 pcouffin ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:02:11.0500 2424 pfc ( UnsignedFile.Multi.Generic ) - skipped by user
14:02:11.0500 2424 pfc ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:02:11.0500 2424 RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
14:02:11.0500 2424 RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:02:11.0500 2424 SASDIFSV ( UnsignedFile.Multi.Generic ) - skipped by user
14:02:11.0500 2424 SASDIFSV ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:02:11.0500 2424 SASENUM ( UnsignedFile.Multi.Generic ) - skipped by user
14:02:11.0500 2424 SASENUM ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:02:11.0500 2424 SASKUTIL ( UnsignedFile.Multi.Generic ) - skipped by user
14:02:11.0500 2424 SASKUTIL ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:02:11.0515 2424 SAVRKBootTasks ( UnsignedFile.Multi.Generic ) - skipped by user
14:02:11.0515 2424 SAVRKBootTasks ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:02:11.0515 2424 ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
14:02:11.0515 2424 ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:02:11.0515 2424 sfdrv01 ( UnsignedFile.Multi.Generic ) - skipped by user
14:02:11.0515 2424 sfdrv01 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:02:11.0515 2424 sfhlp02 ( UnsignedFile.Multi.Generic ) - skipped by user
14:02:11.0515 2424 sfhlp02 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:02:11.0515 2424 sfsync04 ( UnsignedFile.Multi.Generic ) - skipped by user
14:02:11.0515 2424 sfsync04 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:02:11.0515 2424 sfvfs02 ( UnsignedFile.Multi.Generic ) - skipped by user
14:02:11.0515 2424 sfvfs02 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:02:11.0515 2424 speedfan ( UnsignedFile.Multi.Generic ) - skipped by user
14:02:11.0515 2424 speedfan ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:02:11.0515 2424 sptd ( LockedFile.Multi.Generic ) - skipped by user
14:02:11.0515 2424 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
14:02:11.0531 2424 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
14:02:11.0531 2424 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:02:11.0531 2424 SynasUSB ( UnsignedFile.Multi.Generic ) - skipped by user
14:02:11.0531 2424 SynasUSB ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:02:51.0125 2292 Deinitialize success

--------------------------------------------------------------------------------------------------------------------

Mbam log:

Malwarebytes Anti-Malware (PRO) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.04.14.04

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 6.0.2900.2180
User :: MOBILE [administrator]

Protection: Enabled

15.4.2012 14:04:34
mbam-log-2012-04-15 (14-04-34).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 210424
Time elapsed: 6 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

--------------------------------------------------------------------------------------------------------------------

dds log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_14
Run by User at 14:17:30 on 2012-04-15
Microsoft Windows XP Professional 5.1.2600.2.1251.381.1033.18.2047.994 [GMT 2:00]
.
AV: ESET Smart Security 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
svchost.exe
C:\Program Files\Google\Update\1.3.21.111\GoogleCrashHandler.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\TP-LINK\TWCU\TWCU.exe
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Free Desktop Clock\DesktopClock.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil_.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\msiexec.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.rs/
uSearch Page =
uSearch Bar =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = local;*.local
mSearchAssistant =
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\smart web printing\hpswp_printenhancer.dll
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {C11483F7-D7D8-4804-98D8-6055470BB989} - No File
TB: {8C550565-107B-4FEE-B2CC-9B6B12CE53F6} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [SkinClock] c:\program files\free desktop clock\DesktopClock.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [TWCU] "c:\program files\tp-link\twcu\TWCU.exe" -nogui
mRun: [hpbdfawep] c:\program files\hp\dfawep\bin\hpbdfawep.exe 1
mRun: [WheelMouse] c:\program files\a4tech\mouse\Amoumain.exe
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [Bonus.SSR.FR10] "c:\program files\abbyy finereader 10\Bonus.ScreenshotReader.exe" /autorun
mRun: [Smart File Advisor] "c:\program files\smart file advisor\sfa.exe" /checkassoc
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueso~1.lnk - c:\program files\ivt corporation\bluesoleil\BlueSoleil.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office11\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office11\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://test.catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1315113466093
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} - hxxp://pcpitstop.com/antivirus/PitPav.cab
TCP: DhcpNameServer = 82.117.194.2 82.117.194.3
TCP: Interfaces\{0E0A5C03-2F42-4E86-933C-CC9403ED7B2A} : DhcpNameServer = 82.117.194.2 82.117.194.3
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 c:\windows\system32\fccdaAtt
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\dm5592b1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/cse?cx=partner-pub-9609672093949948%3A2pdkvfm6u5y&ie=ISO-8859-1&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/
FF - prefs.js: keyword.URL - hxxp://www.google.com/cse?cx=partner-pub-5528014799800033:cevktqnfrvl&ie=ISO-8859-1&q=
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\user\application data\mozilla\firefox\profiles\dm5592b1.default\extensions\{1bc9ba34-1eed-42ca-a505-6d2f1a935bbb}\plugins\npietab2.dll
FF - plugin: c:\documents and settings\user\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\common files\parallelgraphics\cortona\npCortona.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\2.0.40115.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCortona.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\opera\program\plugins\NPEvery.dll
FF - plugin: c:\program files\opera\program\plugins\NPExpFTP.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\windows\system32\npmirage.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - plugin: c:\windows\system32\npwmsdrm.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-2-18 218688]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-12-21 115008]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-5-28 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-5-28 74480]
R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [2011-7-2 18816]
R2 acedrv10;acedrv10;c:\windows\system32\drivers\ACEDRV10.sys [2007-7-24 328824]
R2 acehlp10;acehlp10;c:\windows\system32\drivers\acehlp10.sys [2007-7-11 201848]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2011-1-12 810144]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-4-27 652872]
R2 nxsIO32;NextSensor Kernel I/O Driver;c:\windows\system32\drivers\nxsIO32.sys [2007-10-7 2208]
R3 ham50;Intel V92 HaM Data Fax Voice;c:\windows\system32\drivers\IntelH51.sys [2007-10-6 454815]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-4-27 20464]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1ca146cd430540;Услуга Google Update (gupdate1ca146cd430540);c:\program files\google\update\GoogleUpdate.exe [2009-8-3 133104]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\user\locals~1\temp\alsysio.sys --> c:\docume~1\user\locals~1\temp\ALSysIO.sys [?]
S3 amdtools;AMD Special Tools Driver;c:\windows\system32\drivers\amdtools.sys --> c:\windows\system32\drivers\AmdTools.sys [?]
S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [2007-5-14 14336]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\user\locals~1\temp\yfh31bf.tmp --> c:\docume~1\user\locals~1\temp\YFH31BF.tmp [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\garena\safedrv.sys --> c:\program files\garena\safedrv.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-8-3 133104]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [2011-5-19 100480]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\1151.tmp --> c:\windows\system32\1151.tmp [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-5-28 7408]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [2011-7-28 18432]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\windows live\messenger\usnsvc.exe [2007-10-18 98328]
S3 vsc32;Virtual Sound Canvas 3.2;c:\windows\system32\drivers\vsc.sys --> c:\windows\system32\drivers\vsc.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 zlportio;zlportio;\??\d:\igrice\ultrastar deluxe\zlportio.sys --> d:\igrice\ultrastar deluxe\zlportio.sys [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-7-11 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2008-7-11 369688]
.
=============== File Associations ===============
.
.reg=Regedit.Document
.
=============== Created Last 30 ================
.
2012-04-14 16:35:35 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-14 16:14:07 1409 ----a-w- c:\windows\QTFont.for
2012-04-05 20:39:15 -------- d-----w- c:\program files\Freemake
2012-03-25 21:36:11 -------- d-----w- c:\program files\Smart File Advisor
2012-03-24 14:37:21 -------- d-----w- c:\program files\PITCH
2012-03-21 18:29:22 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
2012-03-21 18:29:22 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll
2012-03-19 20:21:19 -------- d-----w- c:\program files\SopCast
.
==================== Find3M ====================
.
2011-03-23 14:05:20 92281056 --sh--w- c:\windows\setupa.exe
2006-05-03 10:06:54 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 11:47:16 31232 --sha-r- c:\windows\system32\msfDX.dll
2008-03-16 13:30:52 216064 --sha-r- c:\windows\system32\nbDX.dll
2010-01-06 22:00:00 107520 --sha-r- c:\windows\system32\TAKDSDecoder.dll
.
============= FINISH: 14:18:29,40 ===============

--------------------------------------------------------------------------------------------------------------------

Thanks for fast answer, and again - I apologize for misunderstanding.
All the best :)
Dejan

#6 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 16 April 2012 - 06:07 AM

It is okay, Dejan! :)

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#7 DejanS

DejanS

    Regular Member

  • Honorary Members
  • PipPip
  • 54 posts

Posted 16 April 2012 - 03:21 PM

Hi!
ComboFix finished its job, and after restart Anti-Malware gave me the same warning about blocked IP.
I tried to leave log file here, but from my pc it is impossible-I tried, but replying doesn't work in any browser...
I have no idea what happened...
I took neighbours laptop and I will try to do it from here.


ComboFix 12-04-16.01 - User 16.04.2012 21:12:23.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1251.381.1033.18.2047.1168 [GMT 2:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
AV: ESET Smart Security 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *Disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\DFC5A2B2.TMP
c:\documents and settings\All Users\Application Data\xml11.tmp
c:\documents and settings\All Users\Application Data\xml2BD.tmp
c:\documents and settings\All Users\Application Data\xml2C2.tmp
c:\documents and settings\All Users\Application Data\xml5AF.tmp
c:\documents and settings\All Users\Application Data\xml5B4.tmp
c:\documents and settings\All Users\Application Data\xml5B8.tmp
c:\documents and settings\All Users\Application Data\xml715.tmp
c:\documents and settings\All Users\Application Data\xml716.tmp
c:\documents and settings\All Users\Application Data\xml717.tmp
c:\documents and settings\All Users\Application Data\xml718.tmp
c:\documents and settings\All Users\Application Data\xml719.tmp
c:\documents and settings\All Users\Application Data\xml71A.tmp
c:\documents and settings\All Users\Application Data\xml71F.tmp
c:\documents and settings\All Users\Application Data\xml720.tmp
c:\documents and settings\All Users\Application Data\xml721.tmp
c:\documents and settings\All Users\Application Data\xml725.tmp
c:\documents and settings\All Users\Application Data\xml726.tmp
c:\documents and settings\All Users\Application Data\xml727.tmp
c:\documents and settings\All Users\Application Data\xml869.tmp
c:\documents and settings\User\Application Data\.#
c:\documents and settings\User\Application Data\bsplayer_pro251.1022.exe
c:\documents and settings\User\Application Data\DVDSubEditLastFile0.txt
c:\documents and settings\User\Application Data\DVDSubEditLastFile1.txt
c:\documents and settings\User\Application Data\FFSJ
c:\documents and settings\User\Application Data\FFSJ\FFSJ.cfg
c:\documents and settings\User\Application Data\Toolbar4
c:\documents and settings\User\Local Settings\~GLH000b.TMP
c:\documents and settings\User\Local Settings\Application Data\ConduitInstaller.exe
c:\documents and settings\User\My Documents\~WRL2799.tmp
c:\documents and settings\User\My Documents\Readiris.DUS
c:\documents and settings\User\WINDOWS
C:\LOG430.tmp
C:\Win
c:\windows\system32\8A719877A1.dll
c:\windows\system32\tmp1408.tmp
c:\windows\system32\tmp1409.tmp
c:\windows\system32\tmp887.tmp
c:\windows\system32\tmp888.tmp
c:\windows\XSxS
c:\windows\ZIPDLL.DLL
H:\install.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_USNJSVC
-------\Service_usnjsvc
.
.
((((((((((((((((((((((((( Files Created from 2012-03-16 to 2012-04-16 )))))))))))))))))))))))))))))))
.
.
2012-04-15 16:30 . 2012-04-15 16:30 -------- d-----w- c:\program files\Perfect Uninstaller
2012-04-14 16:35 . 2012-04-14 16:35 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-14 16:14 . 2012-04-14 16:14 1409 ----a-w- c:\windows\QTFont.for
2012-04-05 20:39 . 2012-04-05 20:39 -------- d-----w- c:\program files\Freemake
2012-03-25 21:36 . 2012-03-25 21:36 -------- d-----w- c:\program files\Smart File Advisor
2012-03-25 21:36 . 2012-03-25 21:36 -------- d-----w- c:\program files\Smart Projects
2012-03-25 01:51 . 2012-04-16 11:57 -------- d-----w- c:\documents and settings\User\Application Data\vlc
2012-03-24 14:37 . 2012-03-24 14:37 -------- d-----w- c:\program files\PITCH
2012-03-21 18:29 . 2012-03-21 18:29 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-21 18:29 . 2012-03-21 18:29 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-03-19 20:21 . 2012-03-19 20:21 -------- d-----w- c:\program files\SopCast
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-21 18:29 . 2011-11-15 18:09 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-03-23 14:05 92281056 --sh--w- c:\windows\setupa.exe
2006-05-03 10:06 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 31232 --sha-r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 216064 --sha-r- c:\windows\system32\nbDX.dll
2010-01-06 22:00 107520 --sha-r- c:\windows\system32\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"SkinClock"="c:\program files\Free Desktop Clock\DesktopClock.exe" [2010-11-21 1113600]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"Steam"="c:\program files\Steam\Steam.exe" [2011-11-02 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-10 16342528]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"TWCU"="c:\program files\TP-LINK\TWCU\TWCU.exe" [2006-03-29 364544]
"hpbdfawep"="c:\program files\HP\Dfawep\bin\hpbdfawep.exe" [2007-04-25 954368]
"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2007-05-15 204800]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-06-01 273544]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-01-12 2219184]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-07-11 74752]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
"Bonus.SSR.FR10"="c:\program files\ABBYY FineReader 10\Bonus.ScreenshotReader.exe" [2010-09-23 941320]
"Smart File Advisor"="c:\program files\Smart File Advisor\sfa.exe" [2011-04-04 280824]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-5-17 24576]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-09 12:18 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^The Matrix_ Path of Neo Registration.lnk]
path=c:\documents and settings\User\Start Menu\Programs\Startup\The Matrix_ Path of Neo Registration.lnk
backup=c:\windows\pss\The Matrix_ Path of Neo Registration.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amd_dc_opt]
2008-07-22 11:53 77824 -c--a-w- c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"d:\\IGRICE\\Valve\\hl.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\ECR Tool\\ECRSrvAPI.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"d:\\IGRICE\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"d:\\IGRICE\\Midway Home Entertainment\\Stranglehold\\Binaries\\Retail-Stranglehold.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1006MC.EXE"=
"d:\\IGRICE\\Valve\\hltv.exe"=
"d:\\IGRICE\\Valve\\hlds.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"d:\\IGRICE\\Warcraft III\\Warcraft III.exe"=
"d:\\IGRICE\\Warcraft III\\War3.exe"=
"d:\\IGRICE\\Farkle\\farkle.exe"=
"d:\\IGRICE\\EA GAMES\\MOHAA\\MOHAA.exe"=
"d:\\IGRICE\\Deep Silver\\Sacred 2 - Fallen Angel\\system\\s2gs.exe"=
"d:\\IGRICE\\Deep Silver\\Sacred 2 - Fallen Angel\\system\\sacred2.exe"=
"h:\\IGRICE\\2K Sports\\NBA 2K10\\nba2k10.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil_.exe"=
"h:\\IGRICE\\Encore\\Hoyle Card Games 2009\\Hoyle Card Games.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"h:\\IGRICE\\Sports Interactive\\Football Manager 2010\\fm.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"h:\\IGRICE\\League of Legends\\Air\\LolClient.exe"=
"h:\\IGRICE\\League of Legends\\Game\\League of Legends.exe"=
"h:\\IGRICE\\Empire of Sports\\EmpireOfSports.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"h:\\IGRICE\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Game.exe"=
"h:\\IGRICE\\NeutronGames\\HC Trainingscamp\\HCTrainingscamp.exe"=
"h:\\IGRICE\\NeutronGames\\HC Trainingscamp\\updater\\Updater.exe"=
"h:\\IGRICE\\KONAMI\\Pro Evolution Soccer 2011\\pes2011.exe"=
"h:\\IGRICE\\2K Sports\\NBA 2K11\\nba2k11.exe"=
"h:\\IGRICE\\KONAMI\\Pro Evolution Soccer 2011\\JSL-2011.exe"=
"h:\\IGRICE\\Atari\\Test Drive Unlimited\\TestDriveUnlimited.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"h:\\IGRICE\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"h:\\IGRICE\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"h:\\IGRICE\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\program files\Security Task Manager\TaskMan.exe"= c:\program files\Security Task Manager\TaskMan.exe:192.168.111.200/255.255.255.255:Enabled:Security Task Manager
"h:\\IGRICE\\Yu Gi Oh PoC Joey the Passion\\Yu-Gi-Oh! Power of Chaos JOEY THE PASSION\\joey_pc.exe"=
"c:\\Documents and Settings\\User\\Application Data\\GameRanger\\GameRanger\\GameRanger.exe"=
"h:\\IGRICE\\KONAMI\\Pro Evolution Soccer 2012\\pes2012.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"h:\\IGRICE\\2K Sports\\NBA 2K12\\nba2k12.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12799:TCP"= 12799:TCP:BitTorrent port
"57220:TCP"= 57220:TCP:Pando Media Booster
"57220:UDP"= 57220:UDP:Pando Media Booster
"8394:TCP"= 8394:TCP:League of Legends Launcher
"8394:UDP"= 8394:UDP:League of Legends Launcher
"6994:TCP"= 6994:TCP:League of Legends Launcher
"6994:UDP"= 6994:UDP:League of Legends Launcher
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [30.12.2007 17:21 685816]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [18.2.2011 16:12 218688]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [21.12.2010 15:04 115008]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [28.5.2008 10:33 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [28.5.2008 10:33 74480]
R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [2.7.2011 4:38 18816]
R2 acedrv10;acedrv10;c:\windows\system32\drivers\ACEDRV10.sys [24.7.2007 9:45 328824]
R2 acehlp10;acehlp10;c:\windows\system32\drivers\acehlp10.sys [11.7.2007 10:20 201848]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [12.1.2011 16:41 810144]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [27.4.2011 0:52 652872]
R2 nxsIO32;NextSensor Kernel I/O Driver;c:\windows\system32\drivers\nxsIO32.sys [7.10.2007 5:23 2208]
R3 ham50;Intel V92 HaM Data Fax Voice;c:\windows\system32\drivers\IntelH51.sys [6.10.2007 2:09 454815]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [27.4.2011 0:52 20464]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [9.6.2009 0:13 47360]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S2 gupdate1ca146cd430540;ÓńëÓăŕ Google Update (gupdate1ca146cd430540);c:\program files\Google\Update\GoogleUpdate.exe [3.8.2009 20:56 133104]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\User\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\User\LOCALS~1\Temp\ALSysIO.sys [?]
S3 amdtools;AMD Special Tools Driver;c:\windows\system32\DRIVERS\AmdTools.sys --> c:\windows\system32\DRIVERS\AmdTools.sys [?]
S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [14.5.2007 23:40 14336]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\User\LOCALS~1\Temp\YFH31BF.tmp --> c:\docume~1\User\LOCALS~1\Temp\YFH31BF.tmp [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena\safedrv.sys --> c:\program files\Garena\safedrv.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3.8.2009 20:56 133104]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [19.5.2011 19:57 100480]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15.1.2010 14:49 227232]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\1151.tmp --> c:\windows\system32\1151.tmp [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [28.5.2008 10:33 7408]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [28.7.2011 16:08 18432]
S3 vsc32;Virtual Sound Canvas 3.2;c:\windows\system32\DRIVERS\vsc.sys --> c:\windows\system32\DRIVERS\vsc.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
S3 zlportio;zlportio;\??\d:\igrice\UltraStar Deluxe\zlportio.sys --> d:\igrice\UltraStar Deluxe\zlportio.sys [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [11.7.2008 2:28 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [10.7.2008 3:49 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [11.7.2008 2:28 369688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-16 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-28 00:50]
.
2012-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-03 18:55]
.
2012-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-03 18:55]
.
2012-04-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-527237240-725345543-1003Core.job
- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-29 21:18]
.
2012-04-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-527237240-725345543-1003UA.job
- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-29 21:18]
.
2012-02-24 c:\windows\Tasks\photostageShakeIcon.job
- c:\program files\NCH Software\PhotoStage\photostage.exe [2012-02-18 00:39]
.
2012-04-16 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1275210071-527237240-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 08:47]
.
2012-04-16 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1275210071-527237240-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 08:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.rs/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = local;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
TCP: DhcpNameServer = 82.117.194.2 82.117.194.3
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/cse?cx=partner-pub-9609672093949948%3A2pdkvfm6u5y&ie=ISO-8859-1&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/
FF - prefs.js: keyword.URL - hxxp://www.google.com/cse?cx=partner-pub-5528014799800033:cevktqnfrvl&ie=ISO-8859-1&q=
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
------- File Associations -------
.
.reg=Regedit.Document
.
- - - - ORPHANS REMOVED - - - -
.
Notify-WgaLogon - (no file)
MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe
MSConfigStartUp-UpdateReminder - c:\program files\Eset\UpdateReminder.exe
AddRemove-Adobe Flash Player ActiveX - c:\windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe
AddRemove-Falling In Between Screensaver - c:\program files\Toto
AddRemove-HijackThis - f:\arhiva stari kompjuter\A L A T I\hijackthis_199\HijackThis.exe
AddRemove-Macromedia Shockwave Player - c:\windows\system32\Macromed\SHOCKW~1\UNWISE.EXE
AddRemove-Napoleon_is1 - h:\igrice\Napoleon\unins000.exe
AddRemove-Pandora's Box 1.0 - c:\program files\Microsoft Games\Pandora's Box\setup
AddRemove-PRIMATRON - Multimedijalni kurs za Excel - c:\primatron\Multimedijalni kurs za Excel\Uklanjanje\Uklanjanje.exe
AddRemove-StyleXP - c:\program files\TGTSoft\StyleXP\StyleXP-uninstall.exe
AddRemove-Testovi Srpski - h:\testovi srpski\Uninstal.exe
AddRemove-vis_milk.dllWinamp - c:\program files\Winamp\uninst-vis_milk.dll.exe
AddRemove-{13C85860-61FD-4110-892F-1EF2A80F066B}_is1 - h:\zip password recovery\unins000.exe
AddRemove-{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk - c:\program files\Google\Google Talk\uninstall.exe
AddRemove-{6A1DC8D4-9FA4-43C3-00B3-5993B4BBE7D4} - h:\igrice\FIFA 2003 { Pc Game } Full version\EAUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-16 21:27
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\User\LOCALS~1\Temp\YFH31BF.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\1151.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1612)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
- - - - - - - > 'explorer.exe'(2084)
c:\program files\CyberLink\PowerDVD\deskband.dll
c:\program files\Free Desktop Clock\Clock.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Microsoft Virtual PC\VPCShExH.DLL
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\browselc.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
c:\program files\Common Files\Ahead\Lib\NeroDigitalExt.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\acs.exe
c:\program files\Google\Update\1.3.21.111\GoogleCrashHandler.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\RTHDCPL.EXE
c:\program files\IVT Corporation\BlueSoleil\BlueSoleil_.exe
c:\progra~1\Yahoo!\Messenger\ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2012-04-16 21:35:29 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-16 19:35
.
Pre-Run: 3.343.396.864 bytes free
Post-Run: 3.364.167.680 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - E2117EF37A3540C18D84C09832DC5F9E

#8 DejanS

DejanS

    Regular Member

  • Honorary Members
  • PipPip
  • 54 posts

Posted 16 April 2012 - 03:26 PM

It seems I can reply from neighbor's pc, but not from mine (just the same cable -connection to internet).
I tried to open sites which I couldn't open before. No success.
I really don't know what's going on.
Is it possible that ComboFix did something so I can't leave here posts anymore?

#9 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 16 April 2012 - 03:29 PM

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#10 DejanS

DejanS

    Regular Member

  • Honorary Members
  • PipPip
  • 54 posts

Posted 16 April 2012 - 04:47 PM

Ok. I will post here EsetOnlineScanners's log file.
Thank you very much.

#11 DejanS

DejanS

    Regular Member

  • Honorary Members
  • PipPip
  • 54 posts

Posted 16 April 2012 - 04:48 PM

P.S. I succeed to post last reply by using my own PC. Strange :)

#12 DejanS

DejanS

    Regular Member

  • Honorary Members
  • PipPip
  • 54 posts

Posted 16 April 2012 - 10:35 PM

Eset Scanner finished its job.
Here is log file:


ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=b152f9db6c0671488130b1b770d0fc60
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-04-17 02:40:30
# local_time=2012-04-17 04:40:30 (+0100, Central Europe Daylight Time)
# country="Serbia and Montenegro"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=8201 39157077 100 100 18280 39773356 0 0
# scanned=653505
# found=5
# cleaned=5
# scan_time=17522
# nod_component=V3 Build:0x30000000
C:\Documents and Settings\User\Desktop\Eset_Login_Viewer_v1.4\Eset Login Viewer v1.4.exe Win32/RiskWare.HackAV.FI application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Ubisoft\Ubisoft Game Launcher\ubiorbitapi_r2.dll a variant of Win32/Packed.VMProtect.AAA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
D:\NEW DOWNLOADS 5\Portable Flash4D v5.1 Pro Edition\Portable Flash4D v5.1 Pro Edition\Flash4D v5 - Flash Intro Builder.exe probably a variant of Win32/Agent.LWMQUCE trojan (deleted - quarantined) 00000000000000000000000000000000 C
D:\VJ\VJ\Virtually Jenna v2.029.002.exe probably a variant of Win32/Agent.DLCXJGL trojan (deleted - quarantined) 00000000000000000000000000000000 C
H:\IGRICE\KONAMI\Pro Evolution Soccer 2012\rld.dll a variant of Win32/Packed.VMProtect.AAH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

PC is in same state - after restart I got the same warning from M.Anti-Malware, and I cannot get to same sites...
I couldn't post this bz mz PC, I again have problem to replz here...
Any ideas?
Thanks in advance :)

#13 DejanS

DejanS

    Regular Member

  • Honorary Members
  • PipPip
  • 54 posts

Posted 16 April 2012 - 10:39 PM

PS Sorry for typing mistakes (z, y...)

#14 DejanS

DejanS

    Regular Member

  • Honorary Members
  • PipPip
  • 54 posts

Posted 16 April 2012 - 11:43 PM

Adittional info - I can ping those sites which I cannot reach by browsers.
I reinstalled mozilla, but no difference...
I have no idea what is blocking my surfing...

#15 DejanS

DejanS

    Regular Member

  • Honorary Members
  • PipPip
  • 54 posts

Posted 17 April 2012 - 01:15 AM

One question... Do you think I could 'move' my PC to normal (previous) state by using restore points?
Funny thing is that it seems Eset (NOD32) deleted old restore points so I now have just 12, 13, 14 15 and 16th April available...
I have noticed that problem about 3 days ago, so...

Also, maybe Hijack This log will help....

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:09:04, on 17.4.2012
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Google\Update\1.3.21.111\GoogleCrashHandler.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\TP-LINK\TWCU\TWCU.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Free Desktop Clock\DesktopClock.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil_.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\HostsMan\hm.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.rs/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TWCU] "C:\Program Files\TP-LINK\TWCU\TWCU.exe" -nogui
O4 - HKLM\..\Run: [hpbdfawep] C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe 1
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Bonus.SSR.FR10] "C:\Program Files\ABBYY FineReader 10\Bonus.ScreenshotReader.exe" /autorun
O4 - HKLM\..\Run: [Smart File Advisor] "C:\Program Files\Smart File Advisor\sfa.exe" /checkassoc
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Free Desktop Clock\DesktopClock.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://test.catalog....b?1315113466093
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset...lineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://pcpitstop.com...irus/PitPav.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: TP-LINK Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ÓńëÓăŕ Google Update (gupdate1ca146cd430540) (gupdate1ca146cd430540) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\WINDOWS\system32\HPZipm12.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 12351 bytes

Bye

#16 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 17 April 2012 - 10:31 AM

I reinstalled mozilla, but no difference...


Don't make any changes to your system without my instructions. I can't control the whole cleaning process when you don't let me.

Do you think I could 'move' my PC to normal (previous) state by using restore points?


This is not a complete solution - no.

Funny thing is that it seems Eset (NOD32) deleted old restore points so I now have just 12, 13, 14 15 and 16th April available...


There is nothing fun about it. Restore points were infected and NOD32 has prevented return to it.

Also, maybe Hijack This log will help....


Don't run anything without my instructions.

Do not cause problems with downloading pirated software.

C:\Documents and Settings\User\Desktop\Eset_Login_Viewer_v1.4\Eset Login Viewer v1.4.exe Win32/RiskWare.HackAV.FI application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C


If you don't want to buy NOD32 antivirus software, there are enough free alternatives that are also very good option. If you want, let me know.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#17 DejanS

DejanS

    Regular Member

  • Honorary Members
  • PipPip
  • 54 posts

Posted 17 April 2012 - 10:58 AM

<p> </p>
<div>MiniToolBox by Farbar  Version: 18-01-2012</div>
<div>Ran by User (administrator) on 17-04-2012 at 17:45:29</div>
<div>Microsoft Windows XP Professional Service Pack 2 (X86)</div>
<div>Boot Mode: Normal</div>
<div>***************************************************************************</div>
<div> </div>
<div>========================= Flush DNS: ===================================</div>
<div> </div>
<div> </div>
<div>Windows IP Configuration</div>
<div> </div>
<div> </div>
<div> </div>
<div>Successfully flushed the DNS Resolver Cache.</div>
<div> </div>
<div> </div>
<div>========================= IE Proxy Settings: ============================== </div>
<div> </div>
<div>Proxy is not enabled.</div>
<div>No Proxy Server is set.</div>
<div> </div>
<div>&quot;Reset IE Proxy Settings&quot;: IE Proxy Settings were reset.</div>
<div> </div>
<div>========================= FF Proxy Settings: ============================== </div>
<div> </div>
<div> </div>
<div>&quot;Reset FF Proxy Settings&quot;: Firefox Proxy settings were reset.</div>
<div> </div>
<div>========================= Hosts content: =================================</div>
<div> </div>
<div>127.0.0.1       localhost</div>
<div> </div>
<div>========================= IP Configuration: ================================</div>
<div> </div>
<div>Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC = Local Area Connection (Connected)</div>
<div>Bluetooth PAN Network Adapter = Local Area Connection 2 (Media disconnected)</div>
<div> </div>
<div> </div>
<div># ---------------------------------- </div>
<div># Interface IP Configuration         </div>
<div># ---------------------------------- </div>
<div>pushd interface ip</div>
<div> </div>
<div> </div>
<div># Interface IP Configuration for &quot;Local Area Connection 2&quot;</div>
<div> </div>
<div>set address name=&quot;Local Area Connection 2&quot; source=dhcp </div>
<div>set dns name=&quot;Local Area Connection 2&quot; source=dhcp register=PRIMARY</div>
<div>set wins name=&quot;Local Area Connection 2&quot; source=dhcp</div>
<div> </div>
<div># Interface IP Configuration for &quot;Local Area Connection&quot;</div>
<div> </div>
<div>set address name=&quot;Local Area Connection&quot; source=dhcp </div>
<div>set dns name=&quot;Local Area Connection&quot; source=dhcp register=PRIMARY</div>
<div>set wins name=&quot;Local Area Connection&quot; source=dhcp</div>
<div> </div>
<div> </div>
<div>popd</div>
<div># End of interface IP configuration</div>
<div> </div>
<div> </div>
<div> </div>
<div> </div>
<div>Windows IP Configuration</div>
<div> </div>
<div> </div>
<div> </div>
<div>        Host Name . . . . . . . . . . . . : mobile</div>
<div> </div>
<div>        Primary Dns Suffix  . . . . . . . : </div>
<div> </div>
<div>        Node Type . . . . . . . . . . . . : Unknown</div>
<div> </div>
<div>        IP Routing Enabled. . . . . . . . : No</div>
<div> </div>
<div>        WINS Proxy Enabled. . . . . . . . : No</div>
<div> </div>
<div> </div>
<div> </div>
<div>Ethernet adapter Local Area Connection 2:</div>
<div> </div>
<div> </div>
<div> </div>
<div>        Media State . . . . . . . . . . . : Media disconnected</div>
<div> </div>
<div>        Description . . . . . . . . . . . : Bluetooth PAN Network Adapter</div>
<div> </div>
<div>        Physical Address. . . . . . . . . : 10-11-11-11-11-11</div>
<div> </div>
<div> </div>
<div> </div>
<div>Ethernet adapter Local Area Connection:</div>
<div> </div>
<div> </div>
<div> </div>
<div>        Connection-specific DNS Suffix  . : </div>
<div> </div>
<div>        Description . . . . . . . . . . . : Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC</div>
<div> </div>
<div>        Physical Address. . . . . . . . . : 00-19-DB-CB-D1-5B</div>
<div> </div>
<div>        Dhcp Enabled. . . . . . . . . . . : Yes</div>
<div> </div>
<div>        Autoconfiguration Enabled . . . . : Yes</div>
<div> </div>
<div>        IP Address. . . . . . . . . . . . : 192.168.2.150</div>
<div> </div>
<div>        Subnet Mask . . . . . . . . . . . : 255.255.255.0</div>
<div> </div>
<div>        Default Gateway . . . . . . . . . : 192.168.2.1</div>
<div> </div>
<div>        DHCP Server . . . . . . . . . . . : 192.168.2.1</div>
<div> </div>
<div>        DNS Servers . . . . . . . . . . . : 82.117.194.2</div>
<div> </div>
<div>                                            82.117.194.3</div>
<div> </div>
<div>        Lease Obtained. . . . . . . . . . : 17. ŕďđčë 2012 17:01:54</div>
<div> </div>
<div>        Lease Expires . . . . . . . . . . : 17. ŕďđčë 2012 19:01:54</div>
<div> </div>
<div>Server:  dns1.sbb.rs</div>
<div>Address:  82.117.194.2</div>
<div> </div>
<div>Name:    google.com</div>
<div>Addresses:  74.125.79.101, 74.125.79.102, 74.125.79.113, 74.125.79.138</div>
<div> 74.125.79.139, 74.125.79.100</div>
<div> </div>
<div> </div>
<div> </div>
<div>Pinging google.com [74.125.79.100] with 32 bytes of data:</div>
<div> </div>
<div> </div>
<div> </div>
<div>Reply from 74.125.79.100: bytes=32 time=49ms TTL=51</div>
<div> </div>
<div>Reply from 74.125.79.100: bytes=32 time=115ms TTL=51</div>
<div> </div>
<div> </div>
<div> </div>
<div>Ping statistics for 74.125.79.100:</div>
<div> </div>
<div>    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),</div>
<div> </div>
<div>Approximate round trip times in milli-seconds:</div>
<div> </div>
<div>    Minimum = 49ms, Maximum = 115ms, Average = 82ms</div>
<div> </div>
<div>Server:  dns1.sbb.rs</div>
<div>Address:  82.117.194.2</div>
<div> </div>
<div>Name:    yahoo.com</div>
<div>Addresses:  209.191.122.70, 72.30.38.140, 98.139.183.24</div>
<div> </div>
<div> </div>
<div> </div>
<div>Pinging yahoo.com [98.139.183.24] with 32 bytes of data:</div>
<div> </div>
<div> </div>
<div> </div>
<div>Reply from 98.139.183.24: bytes=32 time=695ms TTL=37</div>
<div> </div>
<div>Reply from 98.139.183.24: bytes=32 time=656ms TTL=37</div>
<div> </div>
<div> </div>
<div> </div>
<div>Ping statistics for 98.139.183.24:</div>
<div> </div>
<div>    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),</div>
<div> </div>
<div>Approximate round trip times in milli-seconds:</div>
<div> </div>
<div>    Minimum = 656ms, Maximum = 695ms, Average = 675ms</div>
<div> </div>
<div>Server:  dns1.sbb.rs</div>
<div>Address:  82.117.194.2</div>
<div> </div>
<div>Name:    bleepingcomputer.com</div>
<div>Address:  208.43.87.2</div>
<div> </div>
<div> </div>
<div> </div>
<div>Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:</div>
<div> </div>
<div> </div>
<div> </div>
<div>Request timed out.</div>
<div> </div>
<div>Request timed out.</div>
<div> </div>
<div> </div>
<div> </div>
<div>Ping statistics for 208.43.87.2:</div>
<div> </div>
<div>    Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),</div>
<div> </div>
<div> </div>
<div> </div>
<div>Pinging 127.0.0.1 with 32 bytes of data:</div>
<div> </div>
<div> </div>
<div> </div>
<div>Reply from 127.0.0.1: bytes=32 time&lt;1ms TTL=128</div>
<div> </div>
<div>Reply from 127.0.0.1: bytes=32 time&lt;1ms TTL=128</div>
<div> </div>
<div> </div>
<div> </div>
<div>Ping statistics for 127.0.0.1:</div>
<div> </div>
<div>    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),</div>
<div> </div>
<div>Approximate round trip times in milli-seconds:</div>
<div> </div>
<div>    Minimum = 0ms, Maximum = 0ms, Average = 0ms</div>
<div> </div>
<div>===========================================================================</div>
<div>Interface List</div>
<div>0x1 ........................... MS TCP Loopback interface</div>
<div>0x3 ...10 11 11 11 11 11 ...... Bluetooth PAN Network Adapter - Packet Scheduler Miniport</div>
<div>0x20002 ...00 19 db cb d1 5b ...... Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC - Packet Scheduler Miniport</div>
<div>===========================================================================</div>
<div>===========================================================================</div>
<div>Active Routes:</div>
<div>Network Destination        Netmask          Gateway       Interface  Metric</div>
<div>          0.0.0.0          0.0.0.0      192.168.2.1   192.168.2.150<span class="Apple-tab-span" style="white-space:pre"> </span>  20</div>
<div>        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1<span class="Apple-tab-span" style="white-space:pre"> </span>  1</div>
<div>      169.254.0.0      255.255.0.0    192.168.2.150   192.168.2.150<span class="Apple-tab-span" style="white-space:pre"> </span>  30</div>
<div>      192.168.2.0    255.255.255.0    192.168.2.150   192.168.2.150<span class="Apple-tab-span" style="white-space:pre"> </span>  20</div>
<div>    192.168.2.150  255.255.255.255        127.0.0.1       127.0.0.1<span class="Apple-tab-span" style="white-space:pre"> </span>  20</div>
<div>    192.168.2.255  255.255.255.255    192.168.2.150   192.168.2.150<span class="Apple-tab-span" style="white-space:pre"> </span>  20</div>
<div>        224.0.0.0        240.0.0.0    192.168.2.150   192.168.2.150<span class="Apple-tab-span" style="white-space:pre"> </span>  20</div>
<div>  255.255.255.255  255.255.255.255    192.168.2.150   192.168.2.150<span class="Apple-tab-span" style="white-space:pre"> </span>  1</div>
<div>  255.255.255.255  255.255.255.255    192.168.2.150               3<span class="Apple-tab-span" style="white-space:pre"> </span>  1</div>
<div>Default Gateway:       192.168.2.1</div>
<div>===========================================================================</div>
<div>Persistent Routes:</div>
<div>  None</div>
<div>========================= Winsock entries =====================================</div>
<div> </div>
<div>Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)</div>
<div>Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)</div>
<div>Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)</div>
<div>Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.)</div>
<div>Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)</div>
<div>Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)</div>
<div>Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)</div>
<div>Catalog9 04 C:\Windows\system32\rsvpsp.dll [90112] (Microsoft Corporation)</div>
<div>Catalog9 05 C:\Windows\system32\rsvpsp.dll [90112] (Microsoft Corporation)</div>
<div>Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)</div>
<div>Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)</div>
<div>Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)</div>
<div>Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)</div>
<div>Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)</div>
<div>Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)</div>
<div>Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)</div>
<div>Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)</div>
<div>Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)</div>
<div>Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)</div>
<div>Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)</div>
<div>Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)</div>
<div>Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)</div>
<div>Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)</div>
<div>Catalog9 20 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)</div>
<div> </div>
<div>========================= Event log errors: ===============================</div>
<div> </div>
<div>Application errors:</div>
<div>==================</div>
<div>Error: (04/17/2012 04:53:58 PM) (Source: MsiInstaller) (User: User)User</div>
<div>Description: Product: ABBYY FineReader 10 Corporate Edition -- ABBYY Licensing Service is unavailable: The RPC server is unavailable.</div>
<div> </div>
<div>Error: (04/15/2012 00:35:56 PM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM</div>
<div>Description: Product: dj_sf_ProductContext -- Error 1719. The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance.</div>
<div> </div>
<div>Error: (04/14/2012 04:00:19 PM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM</div>
<div>Description: Product: dj_sf_ProductContext -- Error 1719. The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance.</div>
<div> </div>
<div>Error: (04/14/2012 01:32:26 PM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM</div>
<div>Description: Product: dj_sf_ProductContext -- Error 1719. The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance.</div>
<div> </div>
<div>Error: (04/14/2012 07:33:09 AM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM</div>
<div>Description: Product: dj_sf_ProductContext -- Error 1719. The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance.</div>
<div> </div>
<div>Error: (04/14/2012 05:43:10 AM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM</div>
<div>Description: Product: dj_sf_ProductContext -- Error 1719. The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance.</div>
<div> </div>
<div>Error: (04/13/2012 00:24:18 PM) (Source: Lavasoft Ad-Aware Service) (User: )</div>
<div>Description: Only one instance of service process is allowed.</div>
<div> </div>
<div>Error: (04/12/2012 04:38:29 PM) (Source: crypt32) (User: )</div>
<div>Description: Failed auto update retrieval of third-party root list sequence number from: &lt;http://www.download....ootseq.txt&#62; with error: This operation returned because the timeout period expired.</div>
<div> </div>
<div>Error: (04/11/2012 05:42:04 AM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM</div>
<div>Description: Product: dj_sf_ProductContext -- Error 1719. The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance.</div>
<div> </div>
<div> </div>
<div>System errors:</div>
<div>=============</div>
<div>Error: (04/17/2012 04:27:18 PM) (Source: Service Control Manager) (User: )</div>
<div>Description: The following boot-start or system-start driver(s) failed to load: </div>
<div>Lbd</div>
<div> </div>
<div>Error: (04/17/2012 01:46:58 PM) (Source: Service Control Manager) (User: )</div>
<div>Description: The following boot-start or system-start driver(s) failed to load: </div>
<div>Lbd</div>
<div> </div>
<div>Error: (04/17/2012 01:46:56 PM) (Source: Service Control Manager) (User: )</div>
<div>Description: The NVIDIA Display Driver Service service failed to start due to the following error: </div>
<div>%%1053</div>
<div> </div>
<div>Error: (04/17/2012 01:46:56 PM) (Source: Service Control Manager) (User: )</div>
<div>Description: Timeout (30000 milliseconds) waiting for the NVIDIA Display Driver Service service to connect.</div>
<div> </div>
<div>Error: (04/17/2012 05:24:58 AM) (Source: 0) (User: )</div>
<div>Description: 192.168.2.1504C:80:93:5E:86:39</div>
<div> </div>
<div>Error: (04/17/2012 05:24:58 AM) (Source: 0) (User: )</div>
<div>Description: 192.168.2.1504C:80:93:5E:86:39</div>
<div> </div>
<div>Error: (04/17/2012 05:24:58 AM) (Source: 0) (User: )</div>
<div>Description: 192.168.2.1504C:80:93:5E:86:39</div>
<div> </div>
<div>Error: (04/17/2012 05:24:58 AM) (Source: 0) (User: )</div>
<div>Description: 192.168.2.1504C:80:93:5E:86:39</div>
<div> </div>
<div>Error: (04/17/2012 04:53:00 AM) (Source: Service Control Manager) (User: )</div>
<div>Description: The following boot-start or system-start driver(s) failed to load: </div>
<div>Lbd</div>
<div> </div>
<div>Error: (04/16/2012 10:00:59 PM) (Source: Service Control Manager) (User: )</div>
<div>Description: The following boot-start or system-start driver(s) failed to load: </div>
<div>Lbd</div>
<div> </div>
<div> </div>
<div>Microsoft Office Sessions:</div>
<div>=========================</div>
<div>Error: (04/17/2012 04:53:58 PM) (Source: MsiInstaller)(User: User)User</div>
<div>Description: Product: ABBYY FineReader 10 Corporate Edition -- ABBYY Licensing Service is unavailable: The RPC server is unavailable.</div>
<div>(NULL)(NULL)(NULL)(NULL)</div>
<div> </div>
<div>Error: (04/15/2012 00:35:56 PM) (Source: MsiInstaller)(User: SYSTEM)SYSTEM</div>
<div>Description: Product: dj_sf_ProductContext -- Error 1719. The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance.(NULL)(NULL)(NULL)(NULL)</div>
<div> </div>
<div>Error: (04/14/2012 04:00:19 PM) (Source: MsiInstaller)(User: SYSTEM)SYSTEM</div>
<div>Description: Product: dj_sf_ProductContext -- Error 1719. The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance.(NULL)(NULL)(NULL)(NULL)</div>
<div> </div>
<div>Error: (04/14/2012 01:32:26 PM) (Source: MsiInstaller)(User: SYSTEM)SYSTEM</div>
<div>Description: Product: dj_sf_ProductContext -- Error 1719. The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance.(NULL)(NULL)(NULL)(NULL)</div>
<div> </div>
<div>Error: (04/14/2012 07:33:09 AM) (Source: MsiInstaller)(User: SYSTEM)SYSTEM</div>
<div>Description: Product: dj_sf_ProductContext -- Error 1719. The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance.(NULL)(NULL)(NULL)(NULL)</div>
<div> </div>
<div>Error: (04/14/2012 05:43:10 AM) (Source: MsiInstaller)(User: SYSTEM)SYSTEM</div>
<div>Description: Product: dj_sf_ProductContext -- Error 1719. The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance.(NULL)(NULL)(NULL)(NULL)</div>
<div> </div>
<div>Error: (04/13/2012 00:24:18 PM) (Source: Lavasoft Ad-Aware Service)(User: )</div>
<div>Description: Only one instance of service process is allowed.</div>
<div> </div>
<div>Error: (04/12/2012 04:38:29 PM) (Source: crypt32)(User: )</div>
<div>Description: http://www.download....rootseq.txtThis operation returned because the timeout period expired.</div>
<div> </div>
<div>Error: (04/11/2012 05:42:04 AM) (Source: MsiInstaller)(User: SYSTEM)SYSTEM</div>
<div>Description: Product: dj_sf_ProductContext -- Error 1719. The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance.(NULL)(NULL)(NULL)(NULL)</div>
<div> </div>
<div> </div>
<div>=========================== Installed Programs ============================</div>
<div> </div>
<div>100% Free Rummy 7.30 (Version: 7.30)</div>
<div>18 WoS Extreme Trucker 2 (v.1.0) (Version: 1.0)</div>
<div>1st Free Solitaire 1.7.1 (Version: 1.7.1)</div>
<div>3D Flash Animator 4.9.8.7</div>
<div>3D Live Pool</div>
<div>7-Zip 4.65</div>
<div>7art Antic Clock ©  7art-screensavers.com (Version: 3.1)</div>
<div>Abdio PDF Editor v7.1 (Corporation License) (Version: Abdio PDF Editor)</div>
<div>AC3Filter (remove only)</div>
<div>ACDSee 9 Photo Manager (Version: 9.0.55)</div>
<div>Acoustica CD/DVD Label Maker</div>
<div>Add or Remove Adobe Creative Suite 3 Design Premium (Version: 1.0)</div>
<div>Adobe Anchor Service CS3 (Version: 1.0)</div>
<div>Adobe Asset Services CS3 (Version: 3)</div>
<div>Adobe Bridge 1.0 (Version: 001.000.004)</div>
<div>Adobe Bridge CS3 (Version: 2)</div>
<div>Adobe Bridge Start Meeting (Version: 1.0)</div>
<div>Adobe BridgeTalk Plugin CS3 (Version: 1.0)</div>
<div>Adobe Camera Raw 4.0 (Version: 4.0)</div>
<div>Adobe CMaps (Version: 1.0)</div>
<div>Adobe Color - Photoshop Specific (Version: 1.0)</div>
<div>Adobe Color Common Settings (Version: 1.0.1)</div>
<div>Adobe Color EU Extra Settings (Version: 1.0)</div>
<div>Adobe Color JA Extra Settings (Version: 1.0)</div>
<div>Adobe Color NA Recommended Settings (Version: 1.0)</div>
<div>Adobe Common File Installer (Version: 1.00.0000)</div>
<div>Adobe Default Language CS3 (Version: 1.0)</div>
<div>Adobe Device Central CS3 (Version: 1.0)</div>
<div>Adobe ExtendScript Toolkit 2 (Version: 2.0.2)</div>
<div>Adobe Extension Manager CS3 (Version: 1.8)</div>
<div>Adobe Flash CS3</div>
<div>Adobe Flash CS3 (Version: 9.0)</div>
<div>Adobe Flash Player 10 Plugin (Version: 10.3.183.10)</div>
<div>Adobe Flash Player 9 ActiveX (Version: 9.0.45.0)</div>
<div>Adobe Fonts All (Version: 1.0)</div>
<div>Adobe Help Center 1.0 (Version: 001.000.000)</div>
<div>Adobe Help Viewer CS3 (Version: 1)</div>
<div>Adobe InDesign CS3 Icon Handler (Version: 5.0)</div>
<div>Adobe Linguistics CS3 (Version: 3.0.0)</div>
<div>Adobe MotionPicture Color Files (Version: 1.0)</div>
<div>Adobe PDF Library Files (Version: 8.0)</div>
<div>Adobe Photoshop CS2 (Version: 9.0)</div>
<div>Adobe Reader 8.3.1 (Version: 8.3.1)</div>
<div>Adobe Setup (Version: 1.0)</div>
<div>Adobe Shockwave Player 11.6 (Version: 11.6.3.633)</div>
<div>Adobe SING CS3 (Version: 0.1)</div>
<div>Adobe Stock Photos 1.0 (Version: 001.000.000)</div>
<div>Adobe Stock Photos CS3 (Version: 1.5)</div>
<div>Adobe Type Support (Version: 1.0)</div>
<div>Adobe Update Manager CS3 (Version: 5.1.0)</div>
<div>Adobe Version Cue CS3 Client (Version: 3)</div>
<div>Adobe WAS CS3 (Version: 1.0)</div>
<div>Adobe WinSoft Linguistics Plugin (Version: 1.0)</div>
<div>Adobe XMP Panels CS3 (Version: 1.0)</div>
<div>Adorable Pets #6 Animated Wallpaper (Version: 1.0.0)</div>
<div>AHV content for Acrobat and Flash (Version: 1)</div>
<div>Air Conflicts</div>
<div>Air Guard Full</div>
<div>AKVIS Chameleon (Version: 6.0)</div>
<div>AKVIS Coloriage (Version: 7.5.906.6958)</div>
<div>AKVIS Retoucher (Version: 3.5)</div>
<div>Al´s Home</div>
<div>AllToAVI v4 r5394 (Version: v4 r5394)</div>
<div>Alpha Prime DEMO (Version: 0.01.000)</div>
<div>AMR to MP3 Converter 1.4</div>
<div>Amsterdam Street Racer 1.0 (Version: 1.0)</div>
<div>Angry Birds Space (Version: 1.0.0)</div>
<div>Animated Tropical Beaches</div>
<div>Animated Wallpaper - Space Journey 3D (Version: 1.30)</div>
<div>AniTuner 1.1 (Version: 1.1.0.0)</div>
<div>Antenna Magus (Evaluation) (Version: 3.2.1)</div>
<div>Anvil Studio 2011 (Version: 11.07.11)</div>
<div>AnyTV Free 2.14</div>
<div>Apple Software Update (Version: 2.1.1.116)</div>
<div>Are You Smarter Than A 5th Grader? - Make The Grade (Version: 1.00.0000)</div>
<div>ArtRage (Version: 3)</div>
<div>Astro Gemini Screensaver Manager 2.0</div>
<div>Attack on Pearl Harbor</div>
<div>Audacity 1.3.13 (Unicode)</div>
<div>Avi To MPEG Scout (Version: 1.00)</div>
<div>Aztec Bricks (Version: 1.0)</div>
<div>Back To The Future 1 Screen Saver</div>
<div>Back to the Future The Game - Episode 2 (Version: 1.0.0.0)</div>
<div>BackgammonMasters Client</div>
<div>Banner Maker Pro Version 7</div>
<div>Basic Card Set Pack 12.3 (Version: 12.3.0)</div>
<div>Battle for the Pacific (Version: 1.0.4)</div>
<div>BattleFleet:PACIFIC WAR</div>
<div>Beowulf TM (Version: 1.00)</div>
<div>BFE1 (Version: RePack)</div>
<div>BHODemon 1.0</div>
<div>Bluesoleil2.6.0.8 Release 070517 (Version: 2.6.0.8 Release 070517)</div>
<div>Boxing Manager</div>
<div>Bridge Builder</div>
<div>Bridge Building Game</div>
<div>BS.Player PRO (Version: 2.57.1049)</div>
<div>BufferChm (Version: 90.0.146.000)</div>
<div>CalendarPainter</div>
<div>Call of Duty® 2 (Version: 1.00.0000)</div>
<div>CCleaner (remove only)</div>
<div>CDCheck (remove only)</div>
<div>Champions Online</div>
<div>ChaosPro 3.3 (Version: 3.3 (Build 215))</div>
<div>CheMax 9.2 (Version: 9.2)</div>
<div>Chess Commander 1.24 (Version: 1.24)</div>
<div>Chess3D 2.6</div>
<div>Chessmaster 10th Edition (Version: 1.0.0)</div>
<div>Chessmaster Challenge</div>
<div>Cheveree V2.1</div>
<div>Chinese Simplified Fonts Support For Adobe Reader 8 (Version: 8.0.0)</div>
<div>CinemaForge</div>
<div>City Bus Simulator 2010 - New York (Version: 1.3)</div>
<div>CLUE Classic (Version: 1.0.0.0)</div>
<div>Comical 0.8</div>
<div>Command &amp; Conquer Generals (Version: 0.50.0000)</div>
<div>Command and ConquerTM Generals Zero Hour (Version: 1.00.0000)</div>
<div>Commandos Strike Force (Version: 1.00.0000)</div>
<div>Common (Version: 14.0.0.342)</div>
<div>Compatibility Pack for the 2007 Office system (Version: 12.0.6514.5001)</div>
<div>Contents (Version: 14.0.0.342)</div>
<div>Contrast PlanPlus 2003</div>
<div>Contrast PlanPlus MMI</div>
<div>Convert DOC to PDF For Word 2.00</div>
<div>ConvertXtoDVD 3.0.0.7 (Version: 3.0.0.7)</div>
<div>Corel VideoStudio Pro X4 (Version: 14.0.0.342)</div>
<div>CorelDRAW Graphics Suite 12 (Version: 12.0.0.458)</div>
<div>Cortona® VRML Client (Version: 5.1.0.167)</div>
<div>Counter-Strike 1.6 (Version: 1.6)</div>
<div>Crazy Machines II (Version: 1.03)</div>
<div>Crysis WARHEAD®</div>
<div>Crysis WARHEAD® (Version: 1.0)</div>
<div>CursorXP</div>
<div>CustomerResearchQFolder (Version: 1.00.0000)</div>
<div>CZ-Pdf2Txt Simple for acrobat reader V1.1 Demo</div>
<div>DAEMON Tools Lite (Version: 4.40.2.0131)</div>
<div>Deep In Space Screensaver 1.0</div>
<div>DemonLisher</div>
<div>DeviceDiscovery (Version: 90.0.146.000)</div>
<div>DeviceIO (Version: 14.0.0.342)</div>
<div>DeviceManagementQFolder (Version: 1.00.0000)</div>
<div>Devil May Cry 3 Special Edition (Version: 1.00.000)</div>
<div>dj_sf_software (Version: 90.0.200.000)</div>
<div>dj_sf_software_req (Version: 90.0.200.000)</div>
<div>DkZ Studio</div>
<div>DMS DJ Promixer Full (Version: 1.0)</div>
<div>DOSShell 1.5 (Version: 1.5)</div>
<div>Dragon UnPACKer 5 (Version: 5.6.0 Exedra)</div>
<div>Draw Poker Gold Edition</div>
<div>Dual-Core Optimizer (Version: 1.1.4.0169)</div>
<div>Dungeon Rider (Version: 1.1)</div>
<div>DVD Catalyst 4.0.2 (Version: 4.0.2)</div>
<div>DVD Shrink 3.2</div>
<div>DXtris 1.5</div>
<div>E.M. Magic Swf2Avi V6.80</div>
<div>EA Download Manager (Version: 4.0.0.462)</div>
<div>EA SPORTS online 2007</div>
<div>Easy CD and DVD Cover Creator 4.13 (Version: 4.13)</div>
<div>EAX Unified</div>
<div>ECR Tool 1.15</div>
<div>El Dorado Quest</div>
<div>Empire of Sports</div>
<div>Enchanted Forest</div>
<div>ESET Online Scanner v3</div>
<div>ESET Smart Security (Version: 4.2.71.2)</div>
<div>eSupportQFolder (Version: 1.00.0000)</div>
<div>Eurobattle.net (Version: 1.26)</div>
<div>Evil days of Luckless John</div>
<div>Far Cry 2 (Version: 1.00.00)</div>
<div>Farkle 3.0.8.7</div>
<div>Farming-Simulator 2009</div>
<div>Fashion Cents 1.6.2 (Version: 1.60.2000)</div>
<div>FIFA 09 (Version: 1.0.1.1)</div>
<div>FIFA 10 (Version: 1.0.0.0)</div>
<div>File Splitter and Joiner (FFSJ v3.3)</div>
<div>FingerPower! Vol. 1</div>
<div>Fishdom 2 - Premium Edition (Version: 1.0.2905)</div>
<div>Flac Ripper 4.0.1</div>
<div>FlatOut2 (Version: 1.00.0000)</div>
<div>FLV Player 1.3.3</div>
<div>Football Manager 2010 (Version: 10.0.0.0)</div>
<div>Ford Racing 3</div>
<div>Fraps</div>
<div>Free Desktop Clock</div>
<div>Free Natural Text to Speech Reader 2008 (Version: 7.0)</div>
<div>Free PDF to Word Doc Converter v1.1 (Version: 1.1)</div>
<div>Free Video Joiner 1.0</div>
<div>Free&amp;Easy Font Viewer 1.2</div>
<div>Freemake Video Converter version 1.3.0</div>
<div>FreshDiagnose</div>
<div>GameRanger</div>
<div>GameShadow (Version: 2.00.0000)</div>
<div>GameSpy Arcade</div>
<div>Garena (Version: 3.2)</div>
<div>Gish Demo 1.52</div>
<div>GNU Backgammon (MAIN branch, 20111003 code)</div>
<div>Google Chrome (Version: 9.0.597.98)</div>
<div>Google Earth (Version: 6.1.0.5001)</div>
<div>Google SketchUp 7 (Version: 2.0.10247)</div>
<div>Google Update Helper (Version: 1.3.21.111)</div>
<div>Google Updater (Version: 2.4.1536.6592)</div>
<div>Governor of Poker (Version: 1.0)</div>
<div>gPhotoShow v1.6.3</div>
<div>Grammatica</div>
<div>Grand Master Chess OnLine</div>
<div>Grand Theft Auto Vice City (Version: 1.00.000)</div>
<div>GTA San Andreas (Version: 1.00.00001)</div>
<div>GTAIII</div>
<div>Guitar Hero III (Version: 1.00.0000)</div>
<div>Guitar Pro 5.2</div>
<div>GUN ™ (Version: 1.00.0000)</div>
<div>Handball-Simulator: European Tournament 2010</div>
<div>Handball Challenge Trainingscamp</div>
<div>Handball Manager 2.0.1  (Version: 2.0.1)</div>
<div>Harry Potter and the Half-Blood Prince™ (Version: 1.0.0.0)</div>
<div>Helldorado</div>
<div>Heroes of Newerth (Version: 2.0.33)</div>
<div>Hidden Expedition - Titanic (Version: 1.0.0)</div>
<div>HijackThis 2.0.2 (Version: 2.0.2)</div>
<div>Hornil StylePix (Version: 1.6.9.2355)</div>
<div>HostsMan 3.2.73 (Version: 3.2.73)</div>
<div>Hoyle Board Games 2005 (Version: 1.0.0.0)</div>
<div>Hoyle Card Games</div>
<div>HP Customer Participation Program 9.0 (Version: 9.0)</div>
<div>HP Deskjet Printer Driver Software 9.0 (Version: 9.0)</div>
<div>HP Imaging Device Functions 9.0 (Version: 9.0)</div>
<div>HP LaserJet P1000 series</div>
<div>HP Photosmart Essential 2.01 (Version: 2.01)</div>
<div>HP Photosmart Essential2.01 (Version: 1.01.0000)</div>
<div>HP Smart Web Printing (Version: 2.15.7.0)</div>
<div>HP Solution Center 9.0 (Version: 9.0)</div>
<div>HP Update (Version: 4.000.006.002)</div>
<div>HPCarePackCore (Version: 10.0.0.1)</div>
<div>HPCarePackProducts (Version: 1.0.0.1)</div>
<div>hppMSRedist (Version: 1.00.0000)</div>
<div>HPProductAssistant (Version: 90.0.146.000)</div>
<div>hppusgP1000 (Version: 000.000.00003)</div>
<div>HPSSupply (Version: 2.2.0.0000)</div>
<div>Hunting Unlimited 2009 1.0 (Version: 1.0)</div>
<div>ICA (Version: 14.0.0.342)</div>
<div>Icon Restore 1.0</div>
<div>IconArt (Version: 1.4)</div>
<div>Ignite</div>
<div>IL-2 Sturmovik: Forgotten Battles (Version: 1.00.0000)</div>
<div>Inside The Beast (Version: 1.0.0)</div>
<div>InstantStorm 1.5 (Version: 1.5.3)</div>
<div>Intelore - Millions of Light Years v1.6 (remove only)</div>
<div>International Volleyball 2010</div>
<div>Internet Jamb 2006</div>
<div>IPM_VS_Pro (Version: 13.0)</div>
<div>Ipref 2.59</div>
<div>IrfanView (remove only)</div>
<div>ISCOM (Version: 14.0.0.342)</div>
<div>IsoBuster 2.8.5 (Version: 2.8.5)</div>
<div>Java™ 6 Update 14 (Version: 6.0.140)</div>
<div>JDownloader (Version: 0.89)</div>
<div>jetAudio (Version: 6.1)</div>
<div>John Deere Drive Green (Version: 1.00.0000)</div>
<div>K-Lite Codec Pack 2.82 Standard (Version: 2.82)</div>
<div>KGB Archiver 2 (Version: 2.0.2)</div>
<div>Knights Of Honor (Version: 1.00)</div>
<div>Kudos Rock Legend</div>
<div>Kung Fu Panda™ (Version: 1.00.0000)</div>
<div>LAME v3.98.3 for Audacity</div>
<div>League of Legends</div>
<div>Little Fighter 2 1.9c (Version: 1.9c)</div>
<div>LockHunter version 1.0 beta 3, 32 bit edition</div>
<div>LOTR The Return of the King tm</div>
<div>Madden NFL 08</div>
<div>Mafia Game</div>
<div>Mail Commander Deluxe 10.6</div>
<div>MailWasher Pro</div>
<div>Majestic Chess (Version: 1.01.0003)</div>
<div>Malwarebytes Anti-Malware version 1.60.0.1800 (Version: 1.60.0.1800)</div>
<div>Mario Forever 4.0 (Version: 4.0)</div>
<div>MarketResearch (Version: 90.0.146.000)</div>
<div>Mastermind Version 1.01</div>
<div>Max Payne 2 (Version: 1.0.97)</div>
<div>McAfee Security Scan Plus (Version: 2.0.181.2)</div>
<div>Medal of Honor Allied Assault</div>
<div>MediaCoder 0.6.0 (Version: 0.6.0)</div>
<div>MediaJoin</div>
<div>MediaJoin (Version: 2.0)</div>
<div>MeggieSoft Games Rummy 500 (Version: Version 16.4)</div>
<div>Metal Slug Complete PC 1.0 (Version: 1.0)</div>
<div>Microsoft .NET Framework 1.1 (Version: 1.1.4322)</div>
<div>Microsoft .NET Framework 1.1 Security Update (KB979906)</div>
<div>Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)</div>
<div>Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)</div>
<div>Microsoft .NET Framework 3.5 SP1</div>
<div>Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)</div>
<div>Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)</div>
<div>Microsoft .NET Framework 4 Extended (Version: 4.0.30319)</div>
<div>Microsoft Application Error Reporting (Version: 12.0.6012.5000)</div>
<div>Microsoft Game Studios Common Redistributables Pack 1 (Version: 1.0.0)</div>
<div>Microsoft Games for Windows - LIVE (Version: 3.0.86.0)</div>
<div>Microsoft Games for Windows - LIVE Redistributable (Version: 3.0.17.0)</div>
<div>Microsoft Kernel-Mode Driver Framework Feature Pack 1.9</div>
<div>Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)</div>
<div>Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)</div>
<div>Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014)</div>
<div>Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)</div>
<div>Microsoft Office Visual Web Developer 2007 (Version: 12.0.4518.1066)</div>
<div>Microsoft Office Visual Web Developer MUI (English) 2007 (Version: 12.0.4518.1066)</div>
<div>Microsoft Reader</div>
<div>Microsoft Reader Text-to-Speech for English (Version: 01.00.0000)</div>
<div>Microsoft Silverlight (Version: 2.0.40115.0)</div>
<div>Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)</div>
<div>Microsoft SQL Server 2008</div>
<div>Microsoft SQL Server 2008 Browser (Version: 10.0.1600.22)</div>
<div>Microsoft SQL Server 2008 Common Files (Version: 10.0.1600.22)</div>
<div>Microsoft SQL Server 2008 Database Engine Services (Version: 10.0.1600.22)</div>
<div>Microsoft SQL Server 2008 Database Engine Shared (Version: 10.0.1600.22)</div>
<div>Microsoft SQL Server 2008 Management Objects (Version: 10.0.1600.22)</div>
<div>Microsoft SQL Server 2008 Native Client (Version: 10.0.1600.22)</div>
<div>Microsoft SQL Server 2008 RsFx Driver (Version: 10.0.1600.22)</div>
<div>Microsoft SQL Server 2008 Setup Support Files (English) (Version: 10.0.1600.22)</div>
<div>Microsoft SQL Server Compact 3.5 SP1 Design Tools English (Version: 3.5.5692.0)</div>
<div>Microsoft SQL Server Compact 3.5 SP1 English (Version: 3.5.5692.0)</div>
<div>Microsoft SQL Server Database Publishing Wizard 1.3 (Version: 10.0.1600.22)</div>
<div>Microsoft SQL Server VSS Writer (Version: 10.0.1600.22)</div>
<div>Microsoft User-Mode Driver Framework Feature Pack 1.0</div>
<div>Microsoft Virtual PC 2007 SP1 (Version: 6.0.192.0)</div>
<div>Microsoft Visual C# 2008 Express Edition with SP1 - ENU</div>
<div>Microsoft Visual C# 2008 Express Edition with SP1 - ENU (Version: 9.0.30729)</div>
<div>Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)</div>
<div>Microsoft Visual C++ 2005 Redistributable - KB2467175 (Version: 8.0.51011)</div>
<div>Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)</div>
<div>Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)</div>
<div>Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)</div>
<div>Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)</div>
<div>Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)</div>
<div>Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)</div>
<div>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)</div>
<div>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)</div>
<div>Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (Version: 10.0.30319)</div>
<div>Microsoft Visual Studio Web Authoring Component (Version: 12.0.4518.1066)</div>
<div>Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU</div>
<div>Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (Version: 9.0.30729)</div>
<div>Microsoft Web Publishing Wizard 1.52</div>
<div>Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu (Version: 3.5.30729)</div>
<div>Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Web - enu (Version: 3.5.30729)</div>
<div>Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32 (Version: 6.1.5295.17011)</div>
<div>Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)</div>
<div>Microsoft XML Parser (Version: 8.20.8730.4)</div>
<div>Mini Ninjas Demo 1.0 (Version: 1.0)</div>
<div>MIT MathML Fonts 1.0 (Version: 1.0.0)</div>
<div>MKV Converter Studio V2.0.1 (Version: 2.0.1)</div>
<div>MKV TO AVI CONVERTER version 3.2</div>
<div>MKVtoolnix 2.9.0 (Version: 2.9.0)</div>
<div>MMANA-GAL_Basic version 3 (Version: 3)</div>
<div>Monopoly</div>
<div>Mortimer Beckett And The Secrets Of Spooky Manor (Version: 1.0.0)</div>
<div>Mount&amp;Blade</div>
<div>Mount&amp;Blade Warband</div>
<div>Mount&amp;Blade With Fire and Sword</div>
<div>MovieSpot 0.7</div>
<div>Mozilla Firefox 11.0 (x86 en-US) (Version: 11.0)</div>
<div>Mp3tag v2.46a (Version: v2.46a)</div>
<div>MrvlUsgTracking (Version: 1.0.0)</div>
<div>MSVC80_x86_v2 (Version: 1.0.3.0)</div>
<div>MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)</div>
<div>MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)</div>
<div>MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)</div>
<div>MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)</div>
<div>MSXML 6 Service Pack 2 (KB973686) (Version: 6.20.2003.0)</div>
<div>MSXML4 Parser (Version: 1.0.0)</div>
<div>Mystery Case Files - Ravenhearst</div>
<div>Mystery Case Files Prime Suspects</div>
<div>Mystery In London</div>
<div>Mystical 2.0</div>
<div>Mystick v1.05</div>
<div>NBA 2K10 (Version: 1.0.0)</div>
<div>NBA 2K11 (Version: 1.0.0)</div>
<div>NBA 2K12 (Version: 1.0.0)</div>
<div>Need for Speed Underground 2</div>
<div>Need for Speed Underground 2 Demo</div>
<div>Need For Speed™ World (Version: 1.0.0.776)</div>
<div>Neighbours From Hell (Version: 1.0)</div>
<div>Neighbours From Hell 2 (Version: 1.0)</div>
<div>Nero 7 Premium (Version: 7.01.4029)</div>
<div>Network Play System (Patching)</div>
<div>Neverball 1.5.3 (Version: 1.5.3)</div>
<div>Nicktoons Basketball</div>
<div>NickToons Racing</div>
<div>Nitro PDF Professional (Version: 4.91.0007)</div>
<div>nLite 1.4.9.1 (Version: 1.4.9.1)</div>
<div>Nokia Series 40 Theme Studio 2.2 (Version: 2.20.0000)</div>
<div>NokiaFREE Unlock Codes Calculator</div>
<div>NRadioBox (Version: 1.0.0)</div>
<div>NVIDIA Drivers</div>
<div>NVIDIA PhysX (Version: 9.09.0814)</div>
<div>NVIDIA PhysX (Version: 9.10.0513)</div>
<div>Oblivion (Version: 1.00.0000)</div>
<div>OJOsoft MKV Converter (Version: 1,5,3,0118)</div>
<div>OMSI - Der Omnibussimulator (Version: 1.00)</div>
<div>OpenAL</div>
<div>Opera 10.00 (Version: 10.00)</div>
<div>Opsta Uplatnica 1.00</div>
<div>OtsTurntables Free 1.00.012</div>
<div>Oxelon Media Converter 1.1</div>
<div>P2PFilter 3.0.5 (Version: 3.0.5)</div>
<div>PAK Explorer (Version: 1.3.0.0)</div>
<div>Pando Media Booster (Version: 2.3.4.1)</div>
<div>PanoStandAlone (Version: 90.0.146.000)</div>
<div>PC Connectivity Solution (Version: 10.24.0.0)</div>
<div>PC Inspector File Recovery (Version: 4.0)</div>
<div>PCPitstop Panda AntiVirus Scan (remove only)</div>
<div>Pcsx2 0.9.6 (Version: 1.0.0)</div>
<div>PDF Settings (Version: 1.0)</div>
<div>Perfect Uninstaller v6.3.3.8</div>
<div>Persian Puzzle (Version: 1.0)</div>
<div>Pharaoh&#39;s Mystery (Version: 1.0)</div>
<div>PhotoKit Color 2 Plug-in Module</div>
<div>PhotoKit Plug-in Module</div>
<div>PhotoKit Sharpener Plug-in Module</div>
<div>PhotoStage Slideshow Producer</div>
<div>Pidgin-Musictracker plugin (remove only)</div>
<div>Pidgin (Version: 2.7.2)</div>
<div>Pirates of the Caribbean</div>
<div>PITCH 1.1.2.1</div>
<div>Pizza Morgana Episode 1</div>
<div>Pontifex</div>
<div>Pontifex II</div>
<div>PowerDVD (Version: 7.0.1702.0)</div>
<div>Pretty Good Solitaire version 13.0.0 (Version: 13.0.0)</div>
<div>Pro Evolution Soccer 2011 (Version: 1.01.0000)</div>
<div>Pro Evolution Soccer 2012 (Version: 1.00.0000)</div>
<div>ProtectDisc Helper Driver 10 (Version: 10.0.0.1)</div>
<div>PSSWCORE (Version: 2.01.0000)</div>
<div>PunkBuster Services (Version: 0.986)</div>
<div>Pure Sudoku 1.51</div>
<div>PureHD (Version: 14.0.0.342)</div>
<div>PySol Fan Club edition v.1.1</div>
<div>Quick Solitaire (remove only)</div>
<div>QuickSnooker</div>
<div>QuickTime (Version: 7.2.0.240)</div>
<div>RAR Password Cracker 4.12</div>
<div>Readiris Pro 11 Corporate Edition (Version: 11.00.4787)</div>
<div>Readon TV Movie Radio Player 7.4.0.0 (Version: 7.4.0)</div>
<div>Real Backgammon (Version: 1.0)</div>
<div>Real Pool (Version: 1.0)</div>
<div>RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)</div>
<div>RealPlayer</div>
<div>Realtek High Definition Audio Driver (Version: 5.10.0.5413)</div>
<div>RealUpgrade 1.1 (Version: 1.1.0)</div>
<div>Retail Virtual EVE (Version: 1.0.0)</div>
<div>Rhapsody Player Engine (Version: 1.1.0)</div>
<div>Road To El Dorado</div>
<div>Robin Hood - Defender of the Crown</div>
<div>Robin Hood: The Legend Of Sherwood</div>
<div>Rock Tour (Version: 1.0)</div>
<div>Rockstar Games Social Club (Version: 1.00.0000)</div>
<div>Room Arranger (Version: 5.02)</div>
<div>RummyRoyal.com (Version: 20.1)</div>
<div>RUNAWAY - A road adventure</div>
<div>Sacred 2 (Version: 2.0.2.0)</div>
<div>Safari (Version: 4.28.16.0)</div>
<div>Safecracker 1.00  Patriot Games</div>
<div>SAMSUNG CDMA Modem Driver Set</div>
<div>Samsung Mobile phone USB driver Software</div>
<div>SAMSUNG Mobile USB Modem 1.0 Software</div>
<div>SAMSUNG Mobile USB Modem Software</div>
<div>Samsung PC Studio (Version: 3.0.0.61111)</div>
<div>Samsung PC Studio (Version: 3.2.3.90502)</div>
<div>Sandlot Connect Version 1.2.6</div>
<div>Security Task Manager 1.7h (Version: 1.7h)</div>
<div>SereneScreen Marine Aquarium 2 (Version: 2.0)</div>
<div>SereneScreen Marine Aquarium 3 (Version: 3.0)</div>
<div>Serious Sam 2</div>
<div>Setup (Version: 14.0.0.342)</div>
<div>Sexy Poker 5</div>
<div>Shank (Version: RePack)</div>
<div>Share (Version: 14.0.0.342)</div>
<div>Showoff Home Design 1.0 (Version: 1.0)</div>
<div>Sid Meier&#39;s Pirates! (Version: 1.00.0000)</div>
<div>Simon3D</div>
<div>SimpleOCR 3.1</div>
<div>SizeFixer XL (Version: 1.0.0001)</div>
<div>Skotovi (Version: 1.00.0000)</div>
<div>Sky Battle</div>
<div>Skype Click to Call (Version: 5.6.8442)</div>
<div>Skype Launcher (Version: 1.6.3)</div>
<div>Skype™ 5.5 (Version: 5.5.124)</div>
<div>Slot Machine 98 v5.2</div>
<div>Smart-X7 7.80</div>
<div>Smart File Advisor 1.1.1 (Version: 1.1.1)</div>
<div>SmartSound Common Data (Version: 1.1.0)</div>
<div>SmartSound Quicktracks 5 (Version: 5.1.6)</div>
<div>SmartSound Quicktracks Plugin (Version: 3.0.2.6)</div>
<div>Snowboarding Championship 2004</div>
<div>Software Update for Web Folders (Version: 9.60.6715.0)</div>
<div>Solar System 3D Screensaver 1.4</div>
<div>Solitaire Plus! version 2.4.3 (Version: 2.4.3)</div>
<div>SolutionCenter (Version: 90.0.146.000)</div>
<div>Sony Ericsson Themes Creator 1.92 (Version: 1.92)</div>
<div>SopCast 3.5.0 (Version: 3.5.0)</div>
<div>Sophos Anti-Rootkit 1.5.4 (Version: 1.5.4)</div>
<div>Sothink SWF Quicker (Version: 4.7)</div>
<div>Space Interceptor (remove only)</div>
<div>SpeedFan (remove only)</div>
<div>Spybot - Search &amp; Destroy (Version: 1.6.0)</div>
<div>Sql Server Customer Experience Improvement Program (Version: 10.0.1600.22)</div>
<div>SQL Server System CLR Types (Version: 10.0.1600.22)</div>
<div>Star Wars 3D Screensaver 1.3</div>
<div>Status (Version: 90.0.146.000)</div>
<div>Steam (Version: 1.0.0.0)</div>
<div>Steinberg Cubase 5 (Version: 5.1.0)</div>
<div>Steinberg Drum Loop Expansion 01 (Version: 1.0.0.1)</div>
<div>Steinberg Groove Agent ONE Content (Version: 1.0.0.003)</div>
<div>Steinberg HALionOne (Version: 1.1.0.457)</div>
<div>Steinberg HALionOne Additional Content Set 01 (Version: 1.0.0.001)</div>
<div>Steinberg HALionOne Expression Set (Version: 1.0.1.0)</div>
<div>Steinberg HALionOne GM Drum Set (Version: 1.0.1.457)</div>
<div>Steinberg HALionOne GM Set (Version: 1.0.1.457)</div>
<div>Steinberg HALionOne Pro Set (Version: 1.0.1.457)</div>
<div>Steinberg HALionOne Studio Drum Set (Version: 1.0.1.457)</div>
<div>Steinberg HALionOne Studio Set (Version: 1.0.1.457)</div>
<div>Steinberg LoopMash Content (Version: 1.0.0.005)</div>
<div>Steinberg REVerence Content 01 (Version: 1.0.0.006)</div>
<div>StyleBuilder (remove only)</div>
<div>Subtitle Workshop 2.51</div>
<div>SUPER © v2011.build.49 (July 1st, 2011) version v2011.build.49 (Version: v2011.build.49)</div>
<div>SUPERAntiSpyware Free Edition (Version: 4.15.0.1000)</div>
<div>SWAT 4 (Version: 1.0.31763)</div>
<div>SWF &amp; FLV Toolbox 3.5 (build 3.5.25.503) (Version: 3.5.25.503)</div>
<div>swMSM (Version: 12.0.0.1)</div>
<div>Syberia</div>
<div>Sylvester &amp; Tweety Screen Saver</div>
<div>Syncrosoft License Control</div>
<div>Synthesia (remove only)</div>
<div>Telenor Internet (Version: 11.030.01.13.208)</div>
<div>Tennis Titans</div>
<div>Test Drive Unlimited (Version: 0.10.0000)</div>
<div>The Gladiators of Rome</div>
<div>The Incredibles (Version: 1.00.0000)</div>
<div>THE KING OF FIGHTERS XIII 1.00</div>
<div>The KMPlayer (remove only)</div>
<div>The Mystery of the Crystal Portal (Version: 1.0.0)</div>
<div>The Print Shop 21 (Version: 21.00.0000)</div>
<div>The Shadow of Zorro</div>
<div>The Simpsons Hit &amp; Run™ (Version: 1.00.000)</div>
<div>The Sum of All Fears</div>
<div>The Weather Channel Screensaver</div>
<div>Theme Maker</div>
<div>Thief - Deadly Shadows (Version: 1.0)</div>
<div>thriXXX VirtuallyJenna-029.002</div>
<div>TMNT (Version: 1.00.0000)</div>
<div>TMPGEnc 4.0 XPress (Version: 4.4.1.237)</div>
<div>TMPGEnc DVD Author 1.6 (Version: 1.6.0026)</div>
<div>Toolbox (Version: 90.0.146.000)</div>
<div>Top Spin 2 (Version: 1.00.0000)</div>
<div>TopOCR Release 3 (Version: Release 3)</div>
<div>Torchlight (Version: 0.0.66.192)</div>
<div>Total Commander (Remove or Repair)</div>
<div>Total Video Converter 3.12 080330</div>
<div>Toto 3</div>
<div>Toto Dejan Screen 2</div>
<div>Toto februar 2010</div>
<div>Toto screensaver 2</div>
<div>Toto Screensaver 4</div>
<div>Toto X</div>
<div>TP-LINK Client Installation Program</div>
<div>Transcribe! 7.32 (Version: 7.32)</div>
<div>TrayApp (Version: 90.0.146.000)</div>
<div>Trucks &amp; Trailers 1.00 (Version: 1.00)</div>
<div>Tunatic</div>
<div>ubi.com</div>
<div>Ubisoft Game Launcher (Version: 1.0.0.0)</div>
<div>UDPixel_en.exe</div>
<div>Ulead DVD DiskRecorder 2.1.1</div>
<div>Ulead VideoStudio 9.0 SE DVD (Version: 9.0 SE)</div>
<div>UltraStar Deluxe (Version: 1.1)</div>
<div>UnloadSupport (Version: 9.0.0)</div>
<div>Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)</div>
<div>Update for Microsoft Visual Studio Web Authoring Component (KB945140)</div>
<div>Update for Windows XP (KB925720) (Version: 1)</div>
<div>Update for Windows XP (KB927891) (Version: 3)</div>
<div>Update for Windows XP (KB930916) (Version: 1)</div>
<div>Update for Windows XP (KB933360) (Version: 1)</div>
<div>Update for Windows XP (KB938828) (Version: 1)</div>
<div>Update for Windows XP (KB942763) (Version: 1)</div>
<div>Update for Windows XP (KB942840) (Version: 1)</div>
<div>Update for Windows XP (KB946627) (Version: 1)</div>
<div>Update for Windows XP (KB951072-v2) (Version: 2)</div>
<div>Update for Windows XP (KB955759) (Version: 1)</div>
<div>Update for Windows XP (KB955839) (Version: 1)</div>
<div>Update for Windows XP (KB967715) (Version: 1)</div>
<div>Update for Windows XP (KB968389) (Version: 1)</div>
<div>Update for Windows XP (KB971737) (Version: 1)</div>
<div>Update for Windows XP (KB973687) (Version: 1)</div>
<div>Update for Windows XP (KB973815) (Version: 1)</div>
<div>Update for Windows XP (KB976749) (Version: 1)</div>
<div>Update for Windows XP (KB978207) (Version: 1)</div>
<div>Update for Windows XP (KB980182) (Version: 1)</div>
<div>Urban Freestyle Soccer</div>
<div>vanBasco&#39;s MIDI Player</div>
<div>VideoToolkit01 (Version: 90.0.146.000)</div>
<div>VIO (Version: 14.0.0.342)</div>
<div>Virtual Sound Canvas DXi</div>
<div>VLC media player 2.0.1 (Version: 2.0.1)</div>
<div>VSClassic (Version: 14.0.0.342)</div>
<div>VSPro (Version: 14.0.0.342)</div>
<div>Warcraft III: All Products</div>
<div>Warkeys 1.15.7.0b (Version: 1.15.7.0b)</div>
<div>WAV MP3 Converter v4.2 build 1259</div>
<div>WebReg (Version: 90.0.146.000)</div>
<div>WhereIsIt? 3.68 (Version: 3.68)</div>
<div>Winamp (Version: 5.621 )</div>
<div>Winamp Detector Plug-in (Version: 1.0.0.1)</div>
<div>Winamp Skin Maker</div>
<div>Windows Driver Package - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0)</div>
<div>Windows Imaging Component (Version: 3.0.0.0)</div>
<div>Windows Installer Clean Up (Version: 3.00.00.0000)</div>
<div>Windows Live installer (Version: 12.0.1471.1025)</div>
<div>Windows Live Mail (Version: 12.0.1606.1023)</div>
<div>Windows Live Messenger (Version: 8.5.1302.1018)</div>
<div>Windows Live Photo Gallery (Version: 12.0.1329.0201)</div>
<div>Windows Live Sign-in Assistant (Version: 5.000.818.6)</div>
<div>Windows Live Writer (Version: 12.0.1370.0325)</div>
<div>Windows Media Encoder 9 Series</div>
<div>Windows Media Encoder 9 Series (Version: 9.00.2980)</div>
<div>Windows Media Format 11 runtime</div>
<div>Windows Media Player Firefox Plugin (Version: 1.0.0.8)</div>
<div>Windows Presentation Foundation (Version: 3.0.6920.0)</div>
<div>Windows Updates Downloader (Version: 2.50 Build 1002)</div>
<div>Winemaker Extraordinaire 1.00</div>
<div>WinRAR archiver</div>
<div>WordBiz version 1.8 (Version: 1.8)</div>
<div>Worms Reloaded</div>
<div>X3mE Yamb (Version: 1.8.0)</div>
<div>Xbox 360 Controller for Windows</div>
<div>Xfire (remove only)</div>
<div>Xiph QuickTime Components</div>
<div>XMedia Recode 2.1.2.9 (Version: 2.1.2.9)</div>
<div>XML Paper Specification Shared Components Pack 1.0</div>
<div>Yahoo! Messenger</div>
<div>Yahoo! Software Update</div>
<div>Yu-Gi-Oh! Power of Chaos KAIBA THE REVENGE (Version: 1.00.0000)</div>
<div>Yu-Gi-Oh! Power of Chaos YUGI THE DESTINY (Version: 1.00.0000)</div>
<div>Yu Gi Oh PoC Joey the Passion 1.00</div>
<div>Zelda Forever</div>
<div>Zilla PDF to TXT Converter V1.0.7</div>
<div>Zune Desktop Theme (Version: 1.0.5341.0)</div>
<div> </div>
<div>========================= Devices: ================================</div>
<div> </div>
<div>Name: Floppy disk drive</div>
<div>Description: Floppy disk drive</div>
<div>Class Guid: {4D36E980-E325-11CE-BFC1-08002BE10318}</div>
<div>Manufacturer: (Standard floppy disk drives)</div>
<div>Service: flpydisk</div>
<div>Problem: : This device is disabled. (Code 22)</div>
<div>Resolution: In Device Manager, click &quot;Action&quot;, and then click &quot;Enable Device&quot;. This starts the Enable Device wizard. Follow the instructions.</div>
<div> </div>
<div> </div>
<div>========================= Memory info: ===================================</div>
<div> </div>
<div>Percentage of memory in use: 42%</div>
<div>Total physical RAM: 2047.29 MB</div>
<div>Available physical RAM: 1185.21 MB</div>
<div>Total Pagefile: 4893.46 MB</div>
<div>Available Pagefile: 4185.27 MB</div>
<div>Total Virtual: 2047.88 MB</div>
<div>Available Virtual: 1977.89 MB</div>
<div> </div>
<div>========================= Partitions: =====================================</div>
<div> </div>
<div>1 Drive c: () (Fixed) (Total:48.83 GB) (Free:3.37 GB) NTFS</div>
<div>2 Drive d: () (Fixed) (Total:184.05 GB) (Free:4.78 GB) NTFS</div>
<div>4 Drive f: (Particija F) (Fixed) (Total:195.31 GB) (Free:3.08 GB) NTFS</div>
<div>5 Drive g: (Particija G) (Fixed) (Total:75.13 GB) (Free:7.15 GB) NTFS</div>
<div>6 Drive h: (Particija H) (Fixed) (Total:195.31 GB) (Free:7.71 GB) NTFS</div>
<div> </div>
<div>========================= Users: ========================================</div>
<div> </div>
<div>User accounts for \\MOBILE</div>
<div> </div>
<div>Administrator            ASPNET                   Guest                    </div>
<div>HelpAssistant            SUPPORT_388945a0         User                     </div>
<div> </div>
<div>========================= Minidump Files ==================================</div>
<div> </div>
<div>No minidump file found</div>
<div> </div>
<div>**** End of log ****</div>
<div> </div>


#18 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 17 April 2012 - 11:05 AM

Any progress?
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#19 DejanS

DejanS

    Regular Member

  • Honorary Members
  • PipPip
  • 54 posts

Posted 17 April 2012 - 11:07 AM

<p>Hi!</p>
<p>I posted results up there.</p>
<p>Thanks for info about system restore-no, I won&#39;t do it without your approval. Thats why I asked about it.</p>
<p>I didn&#39;t know HijackThis is not good, sorry. I saw many use it for reports on forums. My mistake...</p>
<p>I have nod32 and I am pleased with it. What would be free AV of your choice?</p>
<p> </p>
<p> </p>
<div>Update... I can&#39;t get to facebook page. If I clear cookies (and browser&#39;s cash) I can get to facebook, but all other navigation on site is impossible. If I dont clear cookies I cant get to facebook home page at all.</div>
<div>If I try to send email by using Outlook (by my gmail account), it says i have conectivity problem. If i try to go to gmail site in browser I can log in but cannot send email (again, connectivity problem).</div>
<div>I checked out on other PC, same cable. Both facebook and gmail are working fine.</div>
<div>It seems its getting worse...</div>
<div>Thank you so much for your help :)</div>


#20 DejanS

DejanS

    Regular Member

  • Honorary Members
  • PipPip
  • 54 posts

Posted 17 April 2012 - 11:11 AM

I don't know why that reply looked so bad... with all those adittional signs...





Also tagged with one or more of these keywords: 208.73.210.29, cannot open sites, isohunt

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users