Abbey

Members
  • Content count

    22
  • Joined

  • Last visited

About Abbey

  • Rank
    New Member
  1. Ok. I just want to thank you again. You are freaking amazing!
  2. My computer is runing great now. Inside C:\Qoobox\Quarantine there are 2 folders: Registry_backups and C wich is empty.
  3. ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=505332834e52e241990eb287990bfbc6 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-06-22 12:41:13 # local_time=2012-06-21 05:41:13 (-0800, Pacific Daylight Time) # country="United Kingdom" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=768 16777215 100 0 121535983 121535983 0 0 # compatibility_mode=2560 16777215 100 0 0 0 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=206542 # found=6 # cleaned=6 # scan_time=8870 C:\Documents and Settings\Silvo\Desktop\USE\MsgPlusLive-470.exe a variant of Win32/Adware.CiDHelp application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\Silvo\My Documents\Downloads\Iron_Sky_2012_DVDRiP_XViD-PSiG.exe Win32/Adware.1ClickDownload.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\Silvo\My Documents\Downloads\The.Mentalist.S04E22.HDTV.exe Win32/Adware.1ClickDownload.C application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\Silvo\My Documents\Prenosi\MsgPlusLive-483.exe a variant of Win32/Adware.CiDHelp application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\Silvo\My Documents\Prenosi\waterscenes.exe probably a variant of Win32/InstallIQ application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{5B41B8E3-4872-4858-BE5E-54AB66E304D9}\RP3\A0000843.exe a variant of Win32/Adware.CiDHelp application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
  4. BackEnv folder wich is inside the Qoobox is protected so I gues Ill skip that.
  5. Ok. Will do. Thank you sooo much for your help. All the problems are gone and my computer hasn't worked this fast since bought it.
  6. ComboFix 12-06-21.01 - Silvo 21/06/2012 10:06:57.6.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1250.386.1033.18.3327.2484 [GMT -7:00] Running from: c:\documents and settings\Silvo\My Documents\Downloads\ComboFix.exe AV: Bitdefender Antivirus *Disabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB} . . ((((((((((((((((((((((((( Files Created from 2012-05-21 to 2012-06-21 ))))))))))))))))))))))))))))))) . . 2012-06-21 16:40 . 2012-06-21 16:40 -------- d-----w- C:\_OTL 2012-06-21 10:57 . 2012-06-21 10:57 -------- d-----w- C:\TDSSKiller_Quarantine 2012-06-20 21:00 . 2012-06-20 23:05 -------- d-----w- c:\documents and settings\Silvo\Application Data\vlc 2012-06-20 16:45 . 2005-05-04 01:43 69632 ----a-w- c:\windows\Alcmtr.exe 2012-06-19 08:47 . 2012-06-19 08:47 14080 ----a-w- c:\windows\system32\drivers\TrueSight.sys 2012-06-18 16:32 . 2012-04-26 21:08 37336 ----a-w- c:\windows\system32\CleanMFT32.exe 2012-06-18 16:32 . 2008-09-18 04:17 658432 ----a-w- c:\windows\system32\MSCOMCT2.OCX 2012-06-18 16:32 . 2008-04-02 22:54 1101824 ----a-w- c:\windows\system32\UniBox210.ocx 2012-06-18 16:32 . 2008-04-02 22:53 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx 2012-06-18 16:32 . 2008-04-02 22:53 880640 ----a-w- c:\windows\system32\UniBox10.ocx 2012-06-18 16:31 . 2012-06-18 16:33 -------- d-----w- c:\program files\PC Tools Registry Mechanic 2012-06-18 16:31 . 2012-06-18 16:32 -------- d-----w- c:\program files\Common Files\PC Tools 2012-06-18 09:16 . 2012-06-18 09:16 -------- d-----w- c:\documents and settings\Silvo\Local Settings\Application Data\Opera 2012-06-18 09:15 . 2012-06-18 09:16 -------- d-----w- c:\program files\Opera 2012-06-17 22:45 . 2012-06-17 22:45 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys 2012-06-17 22:45 . 2012-06-17 22:45 -------- d-----w- c:\documents and settings\Silvo\Local Settings\Application Data\eSupport.com 2012-06-17 21:44 . 2012-06-17 21:44 -------- d-----w- C:\Rbackup 2012-06-17 21:41 . 2012-06-18 09:52 -------- d-----w- c:\program files\Perfect Uninstaller 2012-06-16 22:44 . 2012-06-16 22:44 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\QuickScan 2012-06-16 21:19 . 2012-06-16 21:19 -------- d-----w- c:\documents and settings\Maja\Application Data\Bitdefender 2012-06-15 10:36 . 2012-06-15 10:36 340624 ----a-w- c:\windows\system32\drivers\trufos.sys 2012-06-15 10:36 . 2012-06-15 10:36 360976 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys 2012-06-15 10:04 . 2012-06-15 10:04 -------- d-----w- c:\documents and settings\All Users\Application Data\BDLogging 2012-06-15 10:03 . 2008-11-08 01:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll 2012-06-15 10:03 . 2012-06-15 10:03 -------- d-----w- c:\documents and settings\Silvo\Application Data\Bitdefender 2012-06-15 10:00 . 2012-06-15 10:00 -------- d-----w- c:\documents and settings\Silvo\Application Data\QuickScan 2012-06-15 09:20 . 2012-06-15 09:19 73728 ----a-w- c:\windows\system32\javacpl.cpl 2012-06-15 09:20 . 2012-06-15 09:19 476936 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-06-15 09:19 . 2012-06-15 09:19 -------- d-----w- c:\program files\Java 2012-05-23 19:45 . 2012-06-16 22:40 -------- d-----w- c:\documents and settings\Silvo\Application Data\Mumble 2012-05-23 19:33 . 2012-05-23 19:44 -------- d-----w- c:\program files\Mumble . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-21 11:02 . 2004-08-03 21:59 36352 ----a-w- c:\windows\system32\drivers\disk.sys 2012-06-15 09:19 . 2011-11-10 13:40 472840 ----a-w- c:\windows\system32\deployJava1.dll 2012-06-14 13:55 . 2012-04-19 13:28 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-14 13:55 . 2011-05-22 20:57 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-05-15 10:18 . 2012-03-10 09:11 883008 ----a-w- c:\windows\system32\nvgenco32.dll 2012-05-15 10:18 . 2012-03-10 09:11 65536 ----a-w- c:\windows\system32\OpenCL.dll 2012-05-15 10:18 . 2012-03-10 09:11 1000768 ----a-w- c:\windows\system32\nvdispco32.dll 2012-05-15 10:18 . 2012-03-10 09:11 17543168 ----a-w- c:\windows\system32\nvcompiler.dll 2012-05-15 10:18 . 2009-08-11 09:20 2530624 ----a-w- c:\windows\system32\nvcuvid.dll 2012-05-15 10:18 . 2009-08-11 09:20 2445120 ----a-w- c:\windows\system32\nvcuvenc.dll 2012-05-15 10:18 . 2008-08-04 12:27 18771968 ----a-w- c:\windows\system32\nvoglnt.dll 2012-05-15 10:18 . 2008-08-04 12:27 6012928 ----a-w- c:\windows\system32\nvcuda.dll 2012-05-15 10:18 . 2008-08-04 12:27 2359808 ----a-w- c:\windows\system32\nvapi.dll 2012-05-15 10:18 . 2008-08-04 12:27 14014656 ----a-w- c:\windows\system32\drivers\nv4_mini.sys 2012-05-15 10:18 . 2008-08-04 12:27 4373248 ----a-w- c:\windows\system32\nv4_disp.dll 2012-05-15 09:43 . 2008-08-04 12:27 229376 ----a-w- c:\windows\system32\nvrszhc.dll 2012-05-15 09:43 . 2008-08-04 12:27 282624 ----a-w- c:\windows\system32\nvrsit.dll 2012-05-15 09:43 . 2008-08-04 12:27 253952 ----a-w- c:\windows\system32\nvrsth.dll 2012-05-15 09:43 . 2008-08-04 12:27 253952 ----a-w- c:\windows\system32\nvrssv.dll 2012-05-15 09:43 . 2008-08-04 12:27 126976 ----a-w- c:\windows\system32\nvrszht.dll 2012-05-15 09:43 . 2008-08-04 12:27 274432 ----a-w- c:\windows\system32\nvrsnl.dll 2012-05-15 09:43 . 2008-08-04 12:27 266240 ----a-w- c:\windows\system32\nvrsko.dll 2012-05-15 09:43 . 2008-08-04 12:27 335872 ----a-w- c:\windows\system32\nvrsar.dll 2012-05-15 09:43 . 2008-08-04 12:27 282624 ----a-w- c:\windows\system32\nvrsel.dll 2012-05-15 09:43 . 2008-08-04 12:27 274432 ----a-w- c:\windows\system32\nvrsesm.dll 2012-05-15 09:43 . 2008-08-04 12:27 249856 ----a-w- c:\windows\system32\nvrseng.dll 2012-05-15 09:43 . 2008-08-04 12:27 335872 ----a-w- c:\windows\system32\nvrshe.dll 2012-05-15 09:43 . 2008-08-04 12:27 286720 ----a-w- c:\windows\system32\nvrsfr.dll 2012-05-15 09:43 . 2008-08-04 12:27 274432 ----a-w- c:\windows\system32\nvrspt.dll 2012-05-15 09:43 . 2008-08-04 12:27 258048 ----a-w- c:\windows\system32\nvrssl.dll 2012-05-15 09:43 . 2008-08-04 12:27 253952 ----a-w- c:\windows\system32\nvrsno.dll 2012-05-15 09:43 . 2008-08-04 12:27 249856 ----a-w- c:\windows\system32\nvrsfi.dll 2012-05-15 09:43 . 2008-08-04 12:27 282624 ----a-w- c:\windows\system32\nvrses.dll 2012-05-15 09:43 . 2008-08-04 12:27 270336 ----a-w- c:\windows\system32\nvrsru.dll 2012-05-15 09:43 . 2008-08-04 12:27 258048 ----a-w- c:\windows\system32\nvrssk.dll 2012-05-15 09:43 . 2008-08-04 12:27 262144 ----a-w- c:\windows\system32\nvrshu.dll 2012-05-15 09:43 . 2008-08-04 12:27 258048 ----a-w- c:\windows\system32\nvrstr.dll 2012-05-15 09:43 . 2008-08-04 12:27 253952 ----a-w- c:\windows\system32\nvrsda.dll 2012-05-15 09:43 . 2008-08-04 12:27 274432 ----a-w- c:\windows\system32\nvrsja.dll 2012-05-15 09:43 . 2008-08-04 12:27 258048 ----a-w- c:\windows\system32\nvrspl.dll 2012-05-15 09:43 . 2008-08-04 12:27 270336 ----a-w- c:\windows\system32\nvrsptb.dll 2012-05-15 09:43 . 2008-08-04 12:27 278528 ----a-w- c:\windows\system32\nvrsde.dll 2012-05-15 09:43 . 2008-08-04 12:27 249856 ----a-w- c:\windows\system32\nvrscs.dll 2012-05-15 09:40 . 2009-07-14 11:35 54272 ----a-w- c:\windows\system32\nvwddi.dll 2012-05-15 09:40 . 2009-07-14 11:34 15504192 ----a-w- c:\windows\system32\nvcpl.dll 2012-05-15 09:40 . 2009-07-14 11:34 143680 ----a-w- c:\windows\system32\nvcolor.exe 2012-05-15 09:40 . 2009-07-14 11:34 164160 ----a-w- c:\windows\system32\nvsvc32.exe 2012-05-15 09:40 . 2009-07-14 11:34 108352 ----a-w- c:\windows\system32\nvmctray.dll 2012-04-04 13:56 . 2011-07-08 20:25 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-29 08:53 . 2012-03-29 08:53 72136 ----a-w- C:\GEMC011.sys 2012-03-24 15:51 . 2012-03-18 21:44 72136 ----a-w- C:\GEMC009.sys 2012-03-24 15:47 . 2012-03-18 16:37 72136 ----a-w- C:\GEMC005.sys 2012-03-24 15:45 . 2012-03-18 16:32 72136 ----a-w- C:\GEMC003.sys 2012-03-24 15:45 . 2012-03-18 16:32 72136 ----a-w- C:\GEMC001.sys 2011-11-21 22:19 . 2011-11-21 21:27 86405736 ----a-w- c:\program files\APB_Reloaded_Installer.exe 2012-02-19 12:56 . 2011-05-05 22:11 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2008-08-13 17:02 . 2008-08-13 17:02 35840 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 528384] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824] "SkyTel"="SkyTel.EXE" [2006-05-17 2879488] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-04-15 296056] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-05-15 15504192] "NvMediaCenter"="NvMCTray.dll" [2012-05-15 108352] "nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-05-15 1634112] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "BDAgent"="c:\program files\Bitdefender\Bitdefender 2012\bdagent.exe" [2012-03-22 1183616] "RTHDCPL"="RTHDCPL.EXE" [2007-03-08 16125952] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "ShowDeskFix"="shell32" [X] "RunNarrator"="Narrator.exe" [2008-04-14 53760] . c:\documents and settings\Maja\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\documents and settings\Silvo_2\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\documents and settings\Silvo\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ AVerQuick.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2008-8-4 618496] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-2-25 813584] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk backup=c:\windows\pss\GamersFirst LIVE!.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk backup=c:\windows\pss\McAfee Security Scan.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^Silvo^Start Menu^Programs^Startup^MagicDisc.lnk] path=c:\documents and settings\Silvo\Start Menu\Programs\Startup\MagicDisc.lnk backup=c:\windows\pss\MagicDisc.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^Silvo^Start Menu^Programs^Startup^Xfire.lnk] path=c:\documents and settings\Silvo\Start Menu\Programs\Startup\Xfire.lnk backup=c:\windows\pss\Xfire.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe] 2007-06-29 13:03 36864 ----a-w- c:\program files\GameSpy\Comrade\Comrade.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2008-07-24 15:02 490952 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware] 2012-04-04 13:56 462408 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2010-04-16 21:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2009-01-29 13:01 23975720 ----a-r- c:\program files\Skype\Phone\Skype.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] 2012-06-14 13:42 3905920 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "scan"=3 (0x3) "LIVESRV"=2 (0x2) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\Games-Masters.com\\CABAL Online (Europe)\\launcher\\update\\ESTdnheadless.exe"= "c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"= "c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"= "c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"= "c:\\Program Files\\Steam\\Steam.exe"= "c:\\Program Files\\Microsoft Games\\Halo 2\\halo2.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\ICQ7.2\\ICQ.exe"= "c:\\Program Files\\ICQ7.2\\aolload.exe"= "c:\\Program Files\\Xfire\\Xfire.exe"= "c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"= "c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"= "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\apb reloaded\\Launcher\\APBLauncher.exe"= "c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\apb reloaded\\Binaries\\APB.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\apb reloaded\\Binaries\\VivoxVoiceService.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"= "c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"= "c:\\Program Files\\tera fake\\TERA-Launcher.exe"= "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"= "c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"= "c:\\Program Files\\Opera\\pluginwrapper\\opera_plugin_wrapper.exe"= "c:\\Program Files\\Opera\\opera.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "57769:TCP"= 57769:TCP:Pando Media Booster "57769:UDP"= 57769:UDP:Pando Media Booster "57495:TCP"= 57495:TCP:Pando Media Booster "57495:UDP"= 57495:UDP:Pando Media Booster "56799:TCP"= 56799:TCP:Pando Media Booster "56799:UDP"= 56799:UDP:Pando Media Booster "21688:TCP"= 21688:TCP:@xpsp2res.dll,-22009 "56191:TCP"= 56191:TCP:Pando Media Booster "56191:UDP"= 56191:UDP:Pando Media Booster "57819:TCP"= 57819:TCP:Pando Media Booster "57819:UDP"= 57819:UDP:Pando Media Booster . R0 avc3;avc3;c:\windows\system32\drivers\avc3.sys [20/03/2012 20:22 611520] R1 BDVEDISK;BDVEDISK;c:\windows\system32\drivers\bdvedisk.sys [19/01/2010 19:32 85128] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 09:27 12880] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 14:55 67664] R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [11/08/2011 16:38 116608] R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [18/03/2012 05:49 21992] R2 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [24/11/2010 07:07 20088] R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [10/03/2012 02:27 1262400] R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [18/06/2012 09:32 793048] R2 UPDATESRV;BitDefender Desktop Update Service;c:\program files\BitDefender\Bitdefender 2012\updatesrv.exe [13/03/2012 18:24 53224] R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [04/08/2008 05:21 37376] R3 avchv;avchv Function Driver;c:\windows\system32\drivers\avchv.sys [25/11/2011 14:59 240184] R3 AVerBDA3x;AVerMedia SAA713x BDA Service;c:\windows\system32\drivers\AVerBDA3x.sys [04/08/2008 05:38 1180672] R3 kbdcap;kbdcap;c:\windows\system32\drivers\KbdCap.sys [14/09/2010 11:21 109440] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [08/07/2011 13:25 22344] S0 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?] S2 CardBusService;CardBusService;c:\program files\Common Files\AVerMedia\Service\CardBusService.exe [04/08/2008 07:18 188416] S2 gupdate1ca19f0d79b2096;Storitev Google Update Service (gupdate1ca19f0d79b2096);c:\program files\Google\Update\GoogleUpdate.exe [10/08/2009 12:29 133104] S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [19/07/2009 09:01 247096] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [08/07/2011 13:25 654408] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [19/04/2012 06:28 257224] S3 avckf;avckf;c:\windows\system32\drivers\avckf.sys [17/02/2012 16:45 447208] S3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys --> c:\windows\system32\drivers\bdfm.sys [?] S3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\bdfndisf.sys --> c:\windows\system32\DRIVERS\bdfndisf.sys [?] S3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys [17/11/2011 17:38 63056] S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18/12/2009 03:58 11336] S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [17/06/2012 15:45 23456] S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [02/10/2009 08:46 36608] S3 GEMC001;GEMC001;C:\GEMC001.sys [18/03/2012 09:32 72136] S3 GEMC002;GEMC002;C:\GEMC002.sys [19/03/2012 01:19 72136] S3 GEMC003;GEMC003;C:\GEMC003.sys [18/03/2012 09:32 72136] S3 GEMC004;GEMC004;C:\GEMC004.sys [19/03/2012 01:20 72136] S3 GEMC005;GEMC005;C:\GEMC005.sys [18/03/2012 09:37 72136] S3 GEMC007;GEMC007;C:\GEMC007.sys [18/03/2012 11:24 72136] S3 GEMC009;GEMC009;C:\GEMC009.sys [18/03/2012 14:44 72136] S3 GEMC011;GEMC011;C:\GEMC011.sys [29/03/2012 01:53 72136] S3 gupdatem;Storitev Posodobitve za Google (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/08/2009 12:29 133104] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [29/07/2011 13:07 27064] S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\DRIVERS\wg111v2.sys --> c:\windows\system32\DRIVERS\wg111v2.sys [?] S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\drivers\s816bus.sys [07/08/2008 06:27 81832] S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\drivers\s816mdfl.sys [07/08/2008 06:27 13864] S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\drivers\s816mdm.sys [07/08/2008 06:27 107304] S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s816mgmt.sys [07/08/2008 06:27 99112] S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\drivers\s816nd5.sys [07/08/2008 06:28 21928] S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\drivers\s816obex.sys [07/08/2008 06:27 97320] S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\drivers\s816unic.sys [07/08/2008 06:27 97704] S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 04:37 517096] S3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\BitDefender\Bitdefender Arrakis Server\bin\arrakis3.exe [14/10/2011 23:57 307544] S3 vtany;vtany;\??\c:\windows\vtany.sys --> c:\windows\vtany.sys [?] S3 XDva190;XDva190;\??\c:\windows\system32\XDva190.sys --> c:\windows\system32\XDva190.sys [?] S3 XDva275;XDva275;\??\c:\windows\system32\XDva275.sys --> c:\windows\system32\XDva275.sys [?] S3 XDva279;XDva279;\??\c:\windows\system32\XDva279.sys --> c:\windows\system32\XDva279.sys [?] S3 XDva288;XDva288;\??\c:\windows\system32\XDva288.sys --> c:\windows\system32\XDva288.sys [?] S3 XDva351;XDva351;\??\c:\windows\system32\XDva351.sys --> c:\windows\system32\XDva351.sys [?] S3 XDva380;XDva380;\??\c:\windows\system32\XDva380.sys --> c:\windows\system32\XDva380.sys [?] S3 XDva385;XDva385;\??\c:\windows\system32\XDva385.sys --> c:\windows\system32\XDva385.sys [?] S3 XDva387;XDva387;\??\c:\windows\system32\XDva387.sys --> c:\windows\system32\XDva387.sys [?] S3 XDva389;XDva389;\??\c:\windows\system32\XDva389.sys --> c:\windows\system32\XDva389.sys [?] S3 XDva391;XDva391;\??\c:\windows\system32\XDva391.sys --> c:\windows\system32\XDva391.sys [?] S3 XDva392;XDva392;\??\c:\windows\system32\XDva392.sys --> c:\windows\system32\XDva392.sys [?] S3 XDva393;XDva393;\??\c:\windows\system32\XDva393.sys --> c:\windows\system32\XDva393.sys [?] S3 XDva394;XDva394;\??\c:\windows\system32\XDva394.sys --> c:\windows\system32\XDva394.sys [?] S3 xhunter1;xhunter1;\??\c:\windows\xhunter1.sys --> c:\windows\xhunter1.sys [?] S4 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [02/10/2009 08:46 233472] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bdx REG_MULTI_SZ scan . Contents of the 'Scheduled Tasks' folder . 2012-06-21 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 13:55] . 2012-06-09 c:\windows\Tasks\AdobeAAMUpdater-1.0-SILVO1-Nadja.job - c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-08-27 01:44] . 2012-06-09 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] . 2012-06-14 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-22 11:56] . 2012-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd08335e74765c.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-10 19:29] . 2012-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-10 19:29] . 2012-06-21 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1060284298-362288127-839522115-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 15:45] . 2012-06-21 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1060284298-362288127-839522115-1005.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 15:45] . 2012-06-21 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1060284298-362288127-839522115-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 15:45] . 2012-06-03 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1060284298-362288127-839522115-1005.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 15:45] . 2012-06-21 c:\windows\Tasks\RMAutoUpdate.job - c:\program files\PC Tools Registry Mechanic\SULauncher.exe [2012-06-18 21:08] . 2012-06-21 c:\windows\Tasks\RMSchedule.job - c:\program files\PC Tools Registry Mechanic\RegMech.exe [2012-06-18 21:08] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ mStart Page = about:blank IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: Interfaces\{BC30E4D0-6780-42EB-9733-F8D55434BB60}: NameServer = 193.189.160.13,193.189.160.23 DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://disteng.nefficient.com/disteng/neffy/NeffyLauncher.cab FF - ProfilePath - c:\documents and settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ . - - - - ORPHANS REMOVED - - - - . HKLM-Explorer_Run-AFEC-CEAB - c:\documents and settings\Silvo\Application Data\Seven.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-06-21 10:16 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1060284298-362288127-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "??"=hex:8c,33,68,01,b0,79,c2,6e,8d,dc,26,ec,bc,fc,38,92,35,0c,fd,60,4a,41,50, 25,12,86,a3,7a,91,f7,42,11,72,ce,ce,7f,c7,a7,c1,ed,98,dc,c7,bc,52,4b,d4,c4,\ "??"=hex:8c,2e,ba,30,30,f7,7b,cf,e6,5b,fc,8c,37,11,23,7d . [HKEY_USERS\S-1-5-21-1060284298-362288127-839522115-1003\Software\SecuROM\License information*] "datasecu"=hex:c4,43,8b,be,c7,fb,7c,e8,d1,c0,c4,1d,7b,4a,fb,8d,e0,b8,8f,23,f5, 34,38,31,7a,41,71,bd,57,6c,84,13,02,db,70,67,05,d1,fd,38,83,6d,9d,d4,39,4e,\ "rkeysecu"=hex:8b,72,cf,6f,94,82,52,08,a8,f0,54,62,b4,bb,5f,33 . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(1908) c:\windows\system32\WININET.dll c:\program files\Logitech\SetPoint\lgscroll.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll c:\windows\system32\msi.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2012-06-21 10:25:10 ComboFix-quarantined-files.txt 2012-06-21 17:25 ComboFix2.txt 2012-06-21 15:31 . Pre-Run: 116,157,849,600 bytes free Post-Run: 116,137,689,088 bytes free . - - End Of File - - 9CF44EE04D3D5C15D6F181971D1D6A25
  7. I clicked Run Scan at first by mistake. I hope this didn't ruin something. But here are the results: All processes killed ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF739809-1C6C-47C0-85B9-569DBB141420}\ not found. Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully. Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found. Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found. Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\ not found. Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found. Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found. Registry value HKEY_USERS\S-1-5-21-1060284298-362288127-839522115-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully. Registry key HKEY_USERS\S-1-5-21-1060284298-362288127-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{4EA00044-4BB9-4E9A-A818-CAA3F7950317}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4EA00044-4BB9-4E9A-A818-CAA3F7950317}\ not found. Registry key HKEY_USERS\S-1-5-21-1060284298-362288127-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found. Registry key HKEY_USERS\S-1-5-21-1060284298-362288127-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB9}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB9}\ not found. Registry key HKEY_USERS\S-1-5-21-1060284298-362288127-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found. Registry key HKEY_USERS\S-1-5-21-1060284298-362288127-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF739809-1C6C-47C0-85B9-569DBB141420}\ not found. Prefs.js: "ICQ Search" removed from browser.search.defaultenginename Prefs.js: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872 removed from extensions.enabledItems Prefs.js: avg@igeared:6.103.018.001 removed from extensions.enabledItems Prefs.js: {CA60F577-1B28-41D6-8C78-C49E63304FCF}:1.0 removed from extensions.enabledItems Prefs.js: ffxtlbr@Facemoods.com:1.1.0 removed from extensions.enabledItems Prefs.js: engine@conduit.com:3.2.3.3 removed from extensions.enabledItems Prefs.js: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.2.3.3 removed from extensions.enabledItems File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared not found. Folder move failed. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\searchplugin scheduled to be moved on reboot. Folder move failed. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\modules scheduled to be moved on reboot. Folder move failed. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\META-INF scheduled to be moved on reboot. Folder move failed. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\defaults scheduled to be moved on reboot. Folder move failed. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components scheduled to be moved on reboot. Folder move failed. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\chrome scheduled to be moved on reboot. Folder move failed. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} scheduled to be moved on reboot. Folder move failed. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\ffxtlbr@Facemoods.com\defaults\preferences scheduled to be moved on reboot. Folder move failed. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\ffxtlbr@Facemoods.com\defaults scheduled to be moved on reboot. Folder move failed. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\ffxtlbr@Facemoods.com\content\preferences scheduled to be moved on reboot. Folder move failed. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\ffxtlbr@Facemoods.com\content\images scheduled to be moved on reboot. Folder move failed. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\ffxtlbr@Facemoods.com\content scheduled to be moved on reboot. Folder move failed. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\ffxtlbr@Facemoods.com\components scheduled to be moved on reboot. Folder move failed. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\ffxtlbr@Facemoods.com\chrome scheduled to be moved on reboot. Folder move failed. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\ffxtlbr@Facemoods.com scheduled to be moved on reboot. Folder move failed. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\toolbar@ask.com\searchplugins scheduled to be moved on reboot. Folder move failed. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\toolbar@ask.com\logs scheduled to be moved on reboot. Folder move failed. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\toolbar@ask.com\defaults\preferences scheduled to be moved on reboot. Folder move failed. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\toolbar@ask.com\defaults scheduled to be moved on reboot. Folder move failed. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\toolbar@ask.com\datastore scheduled to be moved on reboot. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Wed-12-Oct-2011-21-45-18-GMT folder moved successfully. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Tue-08-Nov-2011-12-41-51-GMT folder moved successfully. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Tue-08-Nov-2011-09-49-05-GMT folder moved successfully. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Thu-21-Jun-2012-14-15-26-GMT folder moved successfully. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\toolbar@ask.com\chrome\temp folder moved successfully. Folder move failed. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\toolbar@ask.com\chrome\skin scheduled to be moved on reboot. Folder move failed. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\toolbar@ask.com\chrome\content scheduled to be moved on reboot. Folder move failed. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\toolbar@ask.com\chrome scheduled to be moved on reboot. Folder move failed. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\toolbar@ask.com scheduled to be moved on reboot. Folder move failed. C:\Program Files\Mozilla Firefox\extensions\{CA60F577-1B28-41D6-8C78-C49E63304FCF}\defaults\preferences scheduled to be moved on reboot. Folder move failed. C:\Program Files\Mozilla Firefox\extensions\{CA60F577-1B28-41D6-8C78-C49E63304FCF}\defaults scheduled to be moved on reboot. Folder move failed. C:\Program Files\Mozilla Firefox\extensions\{CA60F577-1B28-41D6-8C78-C49E63304FCF}\chrome scheduled to be moved on reboot. Folder move failed. C:\Program Files\Mozilla Firefox\extensions\{CA60F577-1B28-41D6-8C78-C49E63304FCF} scheduled to be moved on reboot. Unable to fix default_search_provider items. Unable to fix default_search_provider items. Registry value HKEY_USERS\S-1-5-21-1060284298-362288127-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found. C:\Documents and Settings\Silvo\Application Data\1 moved successfully. C:\Documents and Settings\NetworkService\Application Data\1 moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users ->Temp folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Flash cache emptied: 41661 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 1425475 bytes ->Flash cache emptied: 877 bytes User: Maja ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 214461 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 1259610 bytes ->Google Chrome cache emptied: 11734036 bytes ->Flash cache emptied: 2954 bytes User: Nadja ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 192579 bytes ->Java cache emptied: 11830 bytes ->FireFox cache emptied: 149999401 bytes ->Google Chrome cache emptied: 9221883 bytes ->Flash cache emptied: 2119 bytes User: NetworkService ->Temp folder emptied: 16384 bytes ->Temporary Internet Files folder emptied: 540806 bytes ->Flash cache emptied: 706 bytes User: Silvo ->Temp folder emptied: 46063 bytes ->Temporary Internet Files folder emptied: 647873 bytes ->Java cache emptied: 5462419 bytes ->FireFox cache emptied: 73143583 bytes ->Google Chrome cache emptied: 41407262 bytes ->Opera cache emptied: 0 bytes ->Flash cache emptied: 10252 bytes User: Silvo_2 ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 138543 bytes ->FireFox cache emptied: 98156649 bytes ->Flash cache emptied: 3351 bytes User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32835 bytes ->Flash cache emptied: 41661 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 2518635 bytes %systemroot%\System32 .tmp files removed: 2577 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 32902 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 378.00 mb Restore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.50.0 log created on 06212012_094055 Files\Folders moved on Reboot... C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\searchplugin folder moved successfully. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\modules folder moved successfully. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\META-INF folder moved successfully. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\defaults folder moved successfully. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components folder moved successfully. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\chrome folder moved successfully. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} folder moved successfully. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\ffxtlbr@Facemoods.com\defaults\preferences folder moved successfully. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\ffxtlbr@Facemoods.com\defaults folder moved successfully. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\ffxtlbr@Facemoods.com\content\preferences folder moved successfully. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\ffxtlbr@Facemoods.com\content\images folder moved successfully. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\ffxtlbr@Facemoods.com\content folder moved successfully. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\ffxtlbr@Facemoods.com\components folder moved successfully. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\ffxtlbr@Facemoods.com\chrome folder moved successfully. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\ffxtlbr@Facemoods.com folder moved successfully. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\toolbar@ask.com\searchplugins folder moved successfully. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\toolbar@ask.com\logs folder moved successfully. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\toolbar@ask.com\defaults\preferences folder moved successfully. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\toolbar@ask.com\defaults folder moved successfully. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\toolbar@ask.com\datastore folder moved successfully. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\toolbar@ask.com\chrome\skin folder moved successfully. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\toolbar@ask.com\chrome\content folder moved successfully. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\toolbar@ask.com\chrome folder moved successfully. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\toolbar@ask.com folder moved successfully. C:\Program Files\Mozilla Firefox\extensions\{CA60F577-1B28-41D6-8C78-C49E63304FCF}\defaults\preferences folder moved successfully. C:\Program Files\Mozilla Firefox\extensions\{CA60F577-1B28-41D6-8C78-C49E63304FCF}\defaults folder moved successfully. C:\Program Files\Mozilla Firefox\extensions\{CA60F577-1B28-41D6-8C78-C49E63304FCF}\chrome folder moved successfully. C:\Program Files\Mozilla Firefox\extensions\{CA60F577-1B28-41D6-8C78-C49E63304FCF} folder moved successfully. File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_888.dat not found! File\Folder C:\WINDOWS\temp\~bd14C.tmp not found! Registry entries deleted on Reboot...
  8. OTL Extras logfile created on: 21/06/2012 09:05:38 - Run 1 OTL by OldTimer - Version 3.2.50.0 Folder = C:\Documents and Settings\Silvo\My Documents\Downloads Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: Združeno kraljestvo | Language: ENG | Date Format: dd/MM/yyyy 3.25 Gb Total Physical Memory | 2.66 Gb Available Physical Memory | 81.80% Memory free 5.09 Gb Paging File | 4.54 Gb Available in Paging File | 89.17% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 465.75 Gb Total Space | 107.68 Gb Free Space | 23.12% Space Free | Partition Type: NTFS Computer Name: SILVO1 | User Name: Silvo | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_USERS\S-1-5-21-1060284298-362288127-839522115-1003\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "57769:TCP" = 57769:TCP:*:Enabled:Pando Media Booster "57769:UDP" = 57769:UDP:*:Enabled:Pando Media Booster "57495:TCP" = 57495:TCP:*:Enabled:Pando Media Booster "57495:UDP" = 57495:UDP:*:Enabled:Pando Media Booster "56799:TCP" = 56799:TCP:*:Enabled:Pando Media Booster "56799:UDP" = 56799:UDP:*:Enabled:Pando Media Booster "21688:TCP" = 21688:TCP:*:Enabled:@xpsp2res.dll,-22009 "80:TCP" = 80:TCP:*:Enabled:@xpsp2res.dll,-22009 "56191:TCP" = 56191:TCP:*:Enabled:Pando Media Booster "56191:UDP" = 56191:UDP:*:Enabled:Pando Media Booster "57819:TCP" = 57819:TCP:*:Enabled:Pando Media Booster "57819:UDP" = 57819:UDP:*:Enabled:Pando Media Booster [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "57769:TCP" = 57769:TCP:*:Enabled:Pando Media Booster "57769:UDP" = 57769:UDP:*:Enabled:Pando Media Booster "57495:TCP" = 57495:TCP:*:Enabled:Pando Media Booster "57495:UDP" = 57495:UDP:*:Enabled:Pando Media Booster "56799:TCP" = 56799:TCP:*:Enabled:Pando Media Booster "56799:UDP" = 56799:UDP:*:Enabled:Pando Media Booster "21688:TCP" = 21688:TCP:*:Enabled:@xpsp2res.dll,-22009 "56191:TCP" = 56191:TCP:*:Enabled:Pando Media Booster "56191:UDP" = 56191:UDP:*:Enabled:Pando Media Booster "57819:TCP" = 57819:TCP:*:Enabled:Pando Media Booster "57819:UDP" = 57819:UDP:*:Enabled:Pando Media Booster ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\ICQ7.2\ICQ.exe" = C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.) "C:\Program Files\ICQ7.2\aolload.exe" = C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC) "C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- () [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Games-Masters.com\CABAL Online (Europe)\launcher\update\ESTdnheadless.exe" = C:\Program Files\Games-Masters.com\CABAL Online (Europe)\launcher\update\ESTdnheadless.exe:*:Enabled:EST! download engine -- () "C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" = C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club -- (Take-Two Interactive Software, Inc.) "C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server -- (PeeringPortal) "C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server -- (PeeringPortal) "C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation) "C:\Program Files\Microsoft Games\Halo 2\halo2.exe" = C:\Program Files\Microsoft Games\Halo 2\halo2.exe:*:Enabled:Halo 2 -- (Microsoft Corporation) "C:\Program Files\ICQ7.2\ICQ.exe" = C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.) "C:\Program Files\ICQ7.2\aolload.exe" = C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC) "C:\Program Files\Xfire\Xfire.exe" = C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire -- (Xfire Inc.) "C:\Program Files\TeamViewer\Version6\TeamViewer.exe" = C:\Program Files\TeamViewer\Version6\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH) "C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe" = C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH) "C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google) "C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation) "C:\Program Files\Steam\steamapps\common\apb reloaded\Launcher\APBLauncher.exe" = C:\Program Files\Steam\steamapps\common\apb reloaded\Launcher\APBLauncher.exe:*:Enabled:APB Reloaded -- (K2 Network, Inc.) "C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe" = C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher -- () "C:\Program Files\Steam\steamapps\common\apb reloaded\Binaries\APB.exe" = C:\Program Files\Steam\steamapps\common\apb reloaded\Binaries\APB.exe:*:Enabled:APB: APB.exe -- (K2 Network, Inc.) "C:\Program Files\Steam\steamapps\common\apb reloaded\Binaries\VivoxVoiceService.exe" = C:\Program Files\Steam\steamapps\common\apb reloaded\Binaries\VivoxVoiceService.exe:*:Enabled:APB: VivoxVoiceService.exe -- (Vivox Inc.) "C:\Program Files\TeamViewer\Version7\TeamViewer.exe" = C:\Program Files\TeamViewer\Version7\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH) "C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe" = C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH) "C:\Program Files\tera fake\TERA-Launcher.exe" = C:\Program Files\tera fake\TERA-Launcher.exe:*:Enabled:TERA -- (Solid State Networks) "C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- () "C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation) "C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe" = C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe:*:Enabled:Opera Internet Browser - Plugin wrapper -- (Opera Software) "C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable "{02627ee5-eaca-4742-a9cc-e687631773e4}" = Nero ShowTime "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{05EC21B8-4593-3037-A781-A6B5AFFCB19D}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools "{086a7d8c-0a38-4c7f-819a-620275550d5c}" = Nero BurningROM "{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer "{0CA38F52-F0FA-4B9F-8A36-EC8A9609FBBC}" = Halo 2 for Windows Vista "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{0FCDA0F8-F3E5-402E-B9B6-13CB2B01182B}" = TERA "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{1c00c7c5-e615-4139-b817-7f4003de68c0}" = Nero PhotoSnap Help "{1C9FE8CC-2578-41E6-AB28-3B927B055224}" = Windows Live - Pomocnik za vpis "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Orodje za prenos storitve Windows Live "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help "{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU "{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0 "{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java 6 Update 33 "{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5 "{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}" = Bitdefender Antivirus Plus 2012 "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) "{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU "{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{359cfc0a-beb1-440d-95ba-cf63a86da34f}" = Nero Recode "{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent "{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3C867F60-267A-11D4-BF03-0080C84D9C69}" = WinFox Setup "{3CB519B3-1475-4D45-B0D5-9405A2C8F704}" = Pošta Windows Live "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = Logitech Registration "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Zemlja "{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{51EAF221-C37C-43B2-A1AE-2885610AD7D7}" = Aion "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English) "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress "{5BFB956C-3AB9-492A-9E91-5D8C87DCC598}" = Paint.NET v3.5.1 "{5d9be3c1-8ba4-4e7e-82fd-9f74fa6815d1}" = Nero Vision "{5e08ecd1-c98e-4711-bf65-8fd736b3f969}" = Nero RescueAgent Help "{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}" = GameSpy Comrade "{60c731fb-c951-41ce-ad41-8e54c8594609}" = Nero Disc Copy Gadget Help "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner "{62B002C5-1AB3-11D8-8092-00E018B21FC0}" = USB Mass Storage Toolbox "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{64c5b887-b5ee-42b8-8596-78905a6b5f1f}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense "{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008 "{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.3 "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6C9F6D23-E9AD-43C9-B43A-011562AAF876}" = Windows Mobile 5.0 SDK R2 for Pocket PC "{6CAFFBCE-FC5B-41D5-ACC6-1F02E521C4D5}" = Windows Live Messenger "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2 "{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{77e33d87-255e-413e-9c8d-eed2a7f9bebf}" = Nero Live Help "{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune "{7CCEBC24-62DB-4280-A8EC-BFA49F167920}" = Software Update for Web Folders "{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page "{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries "{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2 "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12 "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007 "{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007 "{90120000-0021-0409-0000-0000000FF1CE}_VisualWebDeveloper_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{93FC6253-D5BA-4569-94B7-A087934A49D7}" = Pocket Theme Organizer "{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}" = Windows Mobile 5.0 SDK R2 for Smartphone "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{98a67610-a3b5-4098-a423-3708040026d3}" = "Nero SoundTrax Help "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2 "{9e82b934-9a25-445b-b8df-8012808074ac}" = Nero PhotoSnap "{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{a209525b-3377-43f4-b886-32f6b6e7356f}" = Nero WaveEditor "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5 "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008 "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1 "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint "{ad6bc5cc-2ef0-49c4-b33d-cdc8b2c4dc80}" = Nero Recode Help "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles "{B268E9A1-04A9-40D0-9866-846BE2B74BA7}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools "{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA nadzorna plošča 301.42 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafični gonilnik 301.42 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA Programa nView 136.27 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Sistemske opreme PhysX 9.12.0213 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA posodobitve 1.8.15 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B32E7732-B2FB-3FD0-81AC-6025B1104C66}" = Microsoft Device Emulator version 3.0 - ENU "{B354FB16-3027-47AF-AF3F-7AD1209B886E}" = globaldk "{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}" = Mumble 1.2.3 "{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation "{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU "{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}" = SoundTrax "{C60BA916-9E44-4DA4-B11A-9E27B7624EF5}" = Sony Ericsson Drivers "{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime "{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}" = Sony Ericsson Device Data "{C9FB868B-2086-4EE2-BD4F-BFBA36B131F4}" = NCsoft Launcher "{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}" = Microsoft Windows SDK for Visual Studio 2008 Tools "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed "{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{ce96f5a5-584d-4f8f-aa3e-9baed413db72}" = Nero CoverDesigner Help "{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D59AC9E9-FFAE-471B-B1FF-4B311D23417A}" = Sony Ericsson PC Suite "{D6BF6477-8369-489F-8DE6-3731F4B88560}" = Sony Ericsson PC Suite "{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}" = Microsoft Visual Studio 2008 Professional Edition - ENU "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}" = Nero ShowTime "{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player "{df6a95f5-adc1-406a-bdc6-2aa7cc0182aa}" = Nero Live "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit "{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed "{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer "{e8631efb-6b9a-426c-b1ce-e7173ca26bf8}" = Nero WaveEditor Help "{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer "{EBC92729-E677-415C-8A60-CEF034B33E49}" = Windows Live Essentials "{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{f1861f30-3419-44db-b2a1-c274825698b3}" = Nero Disc Copy Gadget "{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint "{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter "{F69FD33C-8815-46BF-9134-A643DE68F3C0}" = WinFast® Display Driver "{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights "{faf0b65c-072b-4f7e-bd05-6a56f28d4233}" = Wallery "{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool "{FC87BEA8-5582-476C-A754-41F3A9D976D4}" = AVerTV "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "6194C28A8F62DD817EA1B918E6E46E806A21B452" = Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0) "65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0) "6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager "AC3Filter" = AC3Filter (remove only) "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "AVerMedia M135-Series PCI TV Tuner" = AVerMedia M135-Series PCI TV Tuner 3.5.0.65 "AVerMedia MCE Encoder" = AVerMedia MCE Encoder 3.2.1.62 "Bitdefender" = Bitdefender Antivirus Plus 2012 "Born To Be Big_is1" = Born To Be Big "BSPlayerf" = BS.Player FREE powered by AdVantage "CCleaner" = CCleaner "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "Cheat Engine 5.6_is1" = Cheat Engine 5.6 "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "CPUID CPU-Z_is1" = CPUID CPU-Z 1.60 "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "DivX Setup" = DivX Setup "DriverAgent.exe" = DriverAgent by eSupport.com "EADM" = EA Download Manager "ENTERPRISE" = Microsoft Office Enterprise 2007 "EPSON Scanner" = EPSON Scan "Epson Stylus SX210_SX410_TX210_TX410 Navodila za uporabo" = Epson Stylus SX210_SX410_TX210_TX410 Priročnik "EPSON SX410 Series" = EPSON SX410 Series Printer Uninstall "GamersFirst LIVE!" = GamersFirst LIVE! "GamersFirst Sword 2" = Sword 2 "GameSpy Arcade" = GameSpy Arcade "Google Chrome" = Google Chrome "Google Updater" = Google Updater "Granado Espada_is1" = Granado Espada "Halo 2" = Halo 2 for Windows Vista "hp print screen utility" = hp print screen utility "HWiNFO32_is1" = HWiNFO32 Version 3.62 "ie8" = Windows Internet Explorer 8 "InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune "InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer "InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio "InstallShield_{FC87BEA8-5582-476C-A754-41F3A9D976D4}" = AVerTV "Macro Wizard 4.1_is1" = Macro Wizard 4.1 "Magic ISO Maker v5.5 (build 0272)" = Magic ISO Maker v5.5 (build 0272) "Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281) "MagicDisc 2.7.105" = MagicDisc 2.7.105 "MegaTrainer eXperience_is1" = MegaTrainer eXperience V1.0.9.0 "Messenger Plus! Live" = Messenger Plus! Live "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008 "Microsoft SQL Server 2005" = Microsoft SQL Server 2005 "Microsoft Visual Studio 2005 Tools for Office Runtime" = Microsoft Visual Studio 2005 Tools for Office Runtime "Microsoft Visual Studio 2008 Professional Edition - ENU" = Microsoft Visual Studio 2008 Professional Edition - ENU "Minecraft Beta Cracked" = Minecraft Beta Cracked "Mozilla Firefox 10.0.2 (x86 sl)" = Mozilla Firefox 10.0.2 (x86 sl) "Neffy" = Neffy 1,2,0,22 "Nero - Burning Rom" = Nero - Burning Rom "npkcxp" = nProtect KeyCrypt "NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager "Opera 12.00.1467" = Opera 12.00 "PhotoScape" = PhotoScape "RealPlayer 15.0" = RealPlayer "Registry Mechanic_is1" = PC Tools Registry Mechanic 11.0 "SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software "SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set "Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software "SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software "SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software "Sanctum © Coffee Stain Studios_is1" = Sanctum © Coffee Stain Studios version 1 "Steam App 113400" = APB Reloaded "SystemRequirementsLab" = System Requirements Lab "Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2 "TeamViewer 6" = TeamViewer 6 "TeamViewer 7" = TeamViewer 7 "Tweak UI 2.10" = Tweak UI "VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component "VLC media player" = VLC media player 2.0.1 "VMware_Player" = VMware Player "vsfilter_is1" = DirectVobSub 2.40.4209 "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 "Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows XP Service Pack" = Windows XP Service Pack 3 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR archiver "Xfire" = Xfire (remove only) "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1060284298-362288127-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "NCsoft-Aion" = Aion (North America) "NCsoft-AionEU" = Aion (Europe) "sc09-SLO_ZURNAL_MAIN" = Ski Challenge 2009 (zurnal24.si) "TeamSpeak 3 Client" = TeamSpeak 3 Client "Techno Design IP Notify" = LiveSearch Notification Tool ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 18/06/2012 00:12:42 | Computer Name = SILVO1 | Source = VsJITDebugger | ID = 4096 Description = An unhandled win32 exception occurred in svchost.exe [11096]. Just-In-Time debugging this exception failed with the following error: Debugger could not be started because no user is logged on. Check the documentation index for 'Just-in-time debugging, errors' for more information. Error - 18/06/2012 00:26:07 | Computer Name = SILVO1 | Source = VsJITDebugger | ID = 4096 Description = An unhandled win32 exception occurred in svchost.exe [3184]. Just-In-Time debugging this exception failed with the following error: Debugger could not be started because no user is logged on. Check the documentation index for 'Just-in-time debugging, errors' for more information. Error - 18/06/2012 01:49:29 | Computer Name = SILVO1 | Source = VsJITDebugger | ID = 4096 Description = An unhandled win32 exception occurred in svchost.exe [4784]. Just-In-Time debugging this exception failed with the following error: Debugger could not be started because no user is logged on. Check the documentation index for 'Just-in-time debugging, errors' for more information. Error - 18/06/2012 04:28:02 | Computer Name = SILVO1 | Source = VsJITDebugger | ID = 4096 Description = An unhandled win32 exception occurred in svchost.exe [6164]. Just-In-Time debugging this exception failed with the following error: Debugger could not be started because no user is logged on. Check the documentation index for 'Just-in-time debugging, errors' for more information. Error - 18/06/2012 04:28:02 | Computer Name = SILVO1 | Source = VsJITDebugger | ID = 4096 Description = An unhandled win32 exception occurred in svchost.exe [6164]. Just-In-Time debugging this exception failed with the following error: Debugger could not be started because no user is logged on. Check the documentation index for 'Just-in-time debugging, errors' for more information. Error - 18/06/2012 06:53:21 | Computer Name = SILVO1 | Source = VsJITDebugger | ID = 4096 Description = An unhandled win32 exception occurred in svchost.exe [1940]. Just-In-Time debugging this exception failed with the following error: Napaka pri klicu oddaljene procedure. Check the documentation index for 'Just-in-time debugging, errors' for more information. Error - 20/06/2012 05:05:42 | Computer Name = SILVO1 | Source = VsJITDebugger | ID = 4096 Description = An unhandled win32 exception occurred in svchost.exe [2628]. Just-In-Time debugging this exception failed with the following error: Debugger could not be started because no user is logged on. Check the documentation index for 'Just-in-time debugging, errors' for more information. Error - 20/06/2012 07:26:42 | Computer Name = SILVO1 | Source = VsJITDebugger | ID = 4096 Description = An unhandled win32 exception occurred in svchost.exe [1856]. Just-In-Time debugging this exception failed with the following error: Napaka pri klicu oddaljene procedure. Check the documentation index for 'Just-in-time debugging, errors' for more information. Error - 21/06/2012 03:49:06 | Computer Name = SILVO1 | Source = VsJITDebugger | ID = 4096 Description = Failed to load user32.dll into the vsjitdebugger.exe process. Error - 21/06/2012 03:49:36 | Computer Name = SILVO1 | Source = VsJITDebugger | ID = 4096 Description = An unhandled win32 exception occurred in svchost.exe [8000]. Just-In-Time debugging this exception failed with the following error: Izvajanje strežnika ni uspelo Check the documentation index for 'Just-in-time debugging, errors' for more information. [ OSession Events ] Error - 28/08/2009 08:25:37 | Computer Name = SILVO1 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash. Error - 28/08/2009 08:25:43 | Computer Name = SILVO1 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash. Error - 28/08/2009 08:25:46 | Computer Name = SILVO1 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash. [ System Events ] Error - 21/06/2012 11:16:40 | Computer Name = SILVO1 | Source = Service Control Manager | ID = 7034 Description = NVIDIA Driver Helper Service storitev se je nepričakovano prekinila. To je storila 1 krat. Error - 21/06/2012 11:16:40 | Computer Name = SILVO1 | Source = Service Control Manager | ID = 7034 Description = PC Tools Startup and Shutdown Monitor service storitev se je nepričakovano prekinila. To je storila 1 krat. Error - 21/06/2012 11:16:40 | Computer Name = SILVO1 | Source = Service Control Manager | ID = 7034 Description = Java Quick Starter storitev se je nepričakovano prekinila. To je storila 1 krat. Error - 21/06/2012 11:16:40 | Computer Name = SILVO1 | Source = Service Control Manager | ID = 7034 Description = SQL Server (SQLEXPRESS) storitev se je nepričakovano prekinila. To je storila 1 krat. Error - 21/06/2012 11:16:40 | Computer Name = SILVO1 | Source = Service Control Manager | ID = 7034 Description = Print Spooler storitev se je nepričakovano prekinila. To je storila 1 krat. Error - 21/06/2012 11:16:40 | Computer Name = SILVO1 | Source = Service Control Manager | ID = 7034 Description = Application Layer Gateway Service storitev se je nepričakovano prekinila. To je storila 1 krat. Error - 21/06/2012 11:16:40 | Computer Name = SILVO1 | Source = Service Control Manager | ID = 7034 Description = NVIDIA Update Service Daemon storitev se je nepričakovano prekinila. To je storila 1 krat. Error - 21/06/2012 11:16:40 | Computer Name = SILVO1 | Source = Service Control Manager | ID = 7031 Description = SQL Server Browser storitev se je nepričakovano prekinila. To je storila že 1 krat. Ta popravljalna dejanja bodo izvedena v 60000 milisekundah: Ponovni zagon storitve. Error - 21/06/2012 11:16:40 | Computer Name = SILVO1 | Source = Service Control Manager | ID = 7031 Description = SAS Core Service storitev se je nepričakovano prekinila. To je storila že 1 krat. Ta popravljalna dejanja bodo izvedena v 1000 milisekundah: Ponovni zagon storitve. Error - 21/06/2012 11:23:38 | Computer Name = SILVO1 | Source = Service Control Manager | ID = 7009 Description = Časovna omejitev (30000 milisekund) pri čakanju, da storitev CardBusService vzpostavi povezavo. < End of report >
  9. OTL logfile created on: 21/06/2012 09:05:38 - Run 1 OTL by OldTimer - Version 3.2.50.0 Folder = C:\Documents and Settings\Silvo\My Documents\Downloads Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: Združeno kraljestvo | Language: ENG | Date Format: dd/MM/yyyy 3.25 Gb Total Physical Memory | 2.66 Gb Available Physical Memory | 81.80% Memory free 5.09 Gb Paging File | 4.54 Gb Available in Paging File | 89.17% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 465.75 Gb Total Space | 107.68 Gb Free Space | 23.12% Space Free | Partition Type: NTFS Computer Name: SILVO1 | User Name: Silvo | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/06/21 09:03:40 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Silvo\My Documents\Downloads\OTL.exe PRC - [2012/05/15 03:18:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012/04/26 14:08:24 | 000,793,048 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe PRC - [2012/04/15 02:05:18 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe PRC - [2012/04/04 06:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/03/23 16:38:58 | 001,553,392 | ---- | M] (Bitdefender) -- C:\Program Files\BitDefender\Bitdefender 2012\vsserv.exe PRC - [2012/03/22 14:32:12 | 001,183,616 | ---- | M] (Bitdefender) -- C:\Program Files\BitDefender\Bitdefender 2012\bdagent.exe PRC - [2012/03/13 18:24:14 | 000,053,224 | ---- | M] (Bitdefender) -- C:\Program Files\BitDefender\Bitdefender 2012\updatesrv.exe PRC - [2011/08/11 16:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe PRC - [2011/07/28 16:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe PRC - [2009/07/20 04:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe PRC - [2009/07/10 04:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe PRC - [2009/06/28 06:50:19 | 000,191,008 | ---- | M] (INCA Internet Co., Ltd.) -- C:\WINDOWS\system32\npkcmsvc.exe PRC - [2008/09/30 04:48:28 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007/07/22 23:54:14 | 000,618,496 | ---- | M] () -- C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe PRC - [2007/07/11 06:57:42 | 000,880,640 | R--- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe PRC - [2007/06/12 23:16:02 | 000,528,384 | R--- | M] () -- C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe PRC - [2007/03/15 18:23:20 | 000,983,040 | R--- | M] (Teleca AB) -- C:\Program Files\Common Files\Teleca Shared\Generic.exe ========== Modules (No Company Name) ========== MOD - [2012/06/15 03:36:02 | 000,139,480 | ---- | M] () -- \\?\C:\Program Files\Bitdefender\Bitdefender 2012\bdnc.dll MOD - [2012/03/29 19:58:34 | 000,573,904 | ---- | M] () -- C:\Program Files\Common Files\BitDefender\Bitdefender Threat Scanner\bdsmartdb.dll MOD - [2012/03/28 00:07:08 | 000,107,520 | ---- | M] () -- C:\Program Files\BitDefender\Bitdefender 2012\UI\popup.ui MOD - [2012/03/28 00:07:06 | 000,004,608 | ---- | M] () -- C:\Program Files\BitDefender\Bitdefender 2012\UI\imsecurityal.ui MOD - [2012/03/28 00:07:04 | 000,003,072 | ---- | M] () -- C:\Program Files\BitDefender\Bitdefender 2012\UI\accessl.ui MOD - [2012/03/22 12:30:52 | 002,063,872 | ---- | M] () -- C:\Program Files\BitDefender\Bitdefender 2012\as2core\ashttpf.mdl MOD - [2012/03/22 12:30:52 | 001,917,952 | ---- | M] () -- C:\Program Files\BitDefender\Bitdefender 2012\as2core\ashttpph.mdl MOD - [2012/03/22 12:30:52 | 001,867,776 | ---- | M] () -- C:\Program Files\BitDefender\Bitdefender 2012\as2core\asimf.mdl MOD - [2012/03/22 12:30:52 | 000,956,928 | ---- | M] () -- C:\Program Files\BitDefender\Bitdefender 2012\as2core\ashttprbl.mdl MOD - [2012/03/22 12:30:52 | 000,634,880 | ---- | M] () -- C:\Program Files\BitDefender\Bitdefender 2012\as2core\ashttpbr.mdl MOD - [2012/03/22 12:30:52 | 000,513,536 | ---- | M] () -- C:\Program Files\BitDefender\Bitdefender 2012\as2core\ashttpdsp.mdl MOD - [2012/03/22 12:30:52 | 000,446,464 | ---- | M] () -- C:\Program Files\BitDefender\Bitdefender 2012\as2core\asimdsp.mdl MOD - [2012/03/22 12:30:52 | 000,391,168 | ---- | M] () -- C:\Program Files\BitDefender\Bitdefender 2012\as2core\asimbr.mdl MOD - [2012/03/12 15:14:58 | 000,270,536 | ---- | M] () -- C:\Program Files\BitDefender\Bitdefender 2012\avc3al.dll MOD - [2012/02/09 13:49:02 | 000,092,328 | ---- | M] () -- C:\Program Files\BitDefender\Bitdefender 2012\bdmetrics.dll MOD - [2012/01/31 16:45:16 | 001,226,400 | ---- | M] () -- \\?\C:\Program Files\Bitdefender\Bitdefender 2012\wslib.dll MOD - [2012/01/23 20:27:20 | 000,035,208 | ---- | M] () -- C:\Program Files\BitDefender\Bitdefender 2012\procinfo.dll MOD - [2012/01/23 20:20:54 | 000,139,208 | ---- | M] () -- C:\Program Files\BitDefender\Bitdefender 2012\popup.dll MOD - [2012/01/23 20:15:40 | 000,059,392 | ---- | M] () -- C:\Program Files\BitDefender\Bitdefender 2012\bdmltusrsrv.dll MOD - [2012/01/23 20:14:56 | 000,110,880 | ---- | M] () -- C:\Program Files\BitDefender\Bitdefender 2012\connector.dll MOD - [2012/01/23 20:14:00 | 000,061,440 | ---- | M] () -- C:\Program Files\BitDefender\Bitdefender 2012\excludemgr.dll MOD - [2012/01/23 20:13:40 | 000,154,152 | ---- | M] () -- C:\Program Files\BitDefender\Bitdefender 2012\framework.dll MOD - [2012/01/06 16:27:34 | 000,035,720 | ---- | M] () -- C:\Program Files\BitDefender\Bitdefender 2012\strdecoder.dll MOD - [2012/01/06 16:27:28 | 000,202,032 | ---- | M] () -- C:\Program Files\BitDefender\Bitdefender 2012\txmlutil.dll MOD - [2011/10/27 15:07:06 | 000,362,736 | ---- | M] () -- \\?\C:\Program Files\Common Files\Bitdefender\Bitdefender Threat Scanner\trufos.dll MOD - [2011/07/28 16:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011/07/28 16:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe MOD - [2011/05/19 19:34:22 | 000,056,224 | ---- | M] () -- \\?\C:\Program Files\Common Files\Bitdefender\Bitdefender Threat Scanner\Antivirus_09430_073\avxdisk.dll MOD - [2009/07/20 04:27:14 | 000,017,936 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\khalwrapper.dll MOD - [2008/04/13 17:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll MOD - [2008/04/13 17:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll MOD - [2007/07/22 23:54:14 | 000,618,496 | ---- | M] () -- C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe MOD - [2007/07/22 23:40:30 | 000,053,248 | ---- | M] () -- C:\Program Files\Common Files\AVerMedia\Dll\MsgLog.dll MOD - [2007/06/12 23:16:02 | 000,528,384 | R--- | M] () -- C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe MOD - [2007/05/22 23:23:34 | 004,591,616 | R--- | M] () -- C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application LauncherBmp.dll MOD - [2007/05/22 06:44:50 | 000,023,552 | R--- | M] () -- C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application LauncherLg.dll MOD - [2006/03/09 09:45:36 | 000,081,920 | R--- | M] () -- C:\Program Files\Common Files\Teleca Shared\boost_log-vc71-mt-1_33.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe /service -- (LIVESRV) SRV - File not found [Auto | Stopped] -- C:\DOCUME~1\Silvo\LOCALS~1\Temp\hpdj.exe -- (hpdj) SRV - [2012/06/14 06:55:22 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/05/15 03:18:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012/04/26 14:08:24 | 000,793,048 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc) SRV - [2012/04/04 14:08:37 | 000,356,984 | ---- | M] (BitDefender) [Disabled | Stopped] -- C:\Program Files\Common Files\BitDefender\Bitdefender Threat Scanner\scan.dll -- (scan) SRV - [2012/04/04 06:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/03/23 16:38:58 | 001,553,392 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe -- (VSSERV) SRV - [2012/03/13 18:24:14 | 000,053,224 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe -- (UPDATESRV) SRV - [2011/10/14 23:57:36 | 000,307,544 | ---- | M] (BitDefender) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\Bitdefender Arrakis Server\bin\arrakis3.exe -- (Update Server) SRV - [2011/08/11 16:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE) SRV - [2010/09/06 10:56:38 | 000,247,096 | ---- | M] () [Auto | Stopped] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2010/06/20 08:41:00 | 003,813,096 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\system32\GameMon.des -- (npggsvc) SRV - [2010/02/19 04:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009/07/20 04:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2009/06/28 06:50:19 | 000,191,008 | ---- | M] (INCA Internet Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\npkcmsvc.exe -- (npkcmsvc) SRV - [2009/01/08 00:42:54 | 000,233,472 | ---- | M] (Teruten) [Disabled | Stopped] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService) SRV - [2008/09/30 04:48:28 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2007/11/06 23:58:18 | 003,004,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90) SRV - [2007/09/04 10:25:44 | 000,131,072 | ---- | M] (NVIDIA) [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService) SRV - [2007/04/22 10:15:50 | 000,188,416 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\AVerMedia\Service\CardBusService.exe -- (CardBusService) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\xhunter1.sys -- (xhunter1) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva394.sys -- (XDva394) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva393.sys -- (XDva393) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva392.sys -- (XDva392) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva391.sys -- (XDva391) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva389.sys -- (XDva389) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva387.sys -- (XDva387) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva385.sys -- (XDva385) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva380.sys -- (XDva380) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva351.sys -- (XDva351) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva288.sys -- (XDva288) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva279.sys -- (XDva279) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva275.sys -- (XDva275) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva190.sys -- (XDva190) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\vtany.sys -- (vtany) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vmnetadapter.sys -- (VMnetAdapter) DRV - File not found [Kernel | Boot | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys -- (Trufos) DRV - File not found [Kernel | Boot | Stopped] -- System32\Drivers\sptd.sys -- (sptd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wg111v2.sys -- (RTLWUSB) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys -- (Profos) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\Silvo\LOCALS~1\Temp\mbr.sys -- (mbr) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lmimirr.sys -- (lmimirr) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EagleNT.sys -- (EagleNT) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\bdfndisf.sys -- (Bdfndisf) DRV - File not found [File_System | On_Demand | Stopped] -- system32\drivers\bdfm.sys -- (bdfm) DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\Silvo\LOCALS~1\Temp\aswMBR.sys -- (aswMBR) DRV - [2012/06/21 04:02:34 | 000,036,352 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\disk.sys -- (Disk) DRV - [2012/06/19 01:47:00 | 000,014,080 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\TrueSight.sys -- (TrueSight) DRV - [2012/06/17 15:45:24 | 000,023,456 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DrvAgent32.sys -- (DrvAgent32) DRV - [2012/06/15 03:36:03 | 000,360,976 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\bdfsfltr.sys -- (bdfsfltr) DRV - [2012/04/04 06:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012/03/29 01:53:35 | 000,072,136 | ---- | M] (www.wiselogic.co.kr) [Kernel | On_Demand | Stopped] -- C:\GEMC011.sys -- (GEMC011) DRV - [2012/03/24 08:51:51 | 000,072,136 | ---- | M] (www.wiselogic.co.kr) [Kernel | On_Demand | Stopped] -- C:\GEMC009.sys -- (GEMC009) DRV - [2012/03/24 08:47:39 | 000,072,136 | ---- | M] (www.wiselogic.co.kr) [Kernel | On_Demand | Stopped] -- C:\GEMC005.sys -- (GEMC005) DRV - [2012/03/24 08:45:49 | 000,072,136 | ---- | M] (www.wiselogic.co.kr) [Kernel | On_Demand | Stopped] -- C:\GEMC003.sys -- (GEMC003) DRV - [2012/03/24 08:45:20 | 000,072,136 | ---- | M] (www.wiselogic.co.kr) [Kernel | On_Demand | Stopped] -- C:\GEMC001.sys -- (GEMC001) DRV - [2012/03/20 20:22:08 | 000,611,520 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avc3.sys -- (avc3) DRV - [2012/03/20 09:54:50 | 000,072,136 | ---- | M] (www.wiselogic.co.kr) [Kernel | On_Demand | Stopped] -- C:\GEMC007.sys -- (GEMC007) DRV - [2012/03/19 01:20:03 | 000,072,136 | ---- | M] (www.wiselogic.co.kr) [Kernel | On_Demand | Stopped] -- C:\GEMC004.sys -- (GEMC004) DRV - [2012/03/19 01:19:44 | 000,072,136 | ---- | M] (www.wiselogic.co.kr) [Kernel | On_Demand | Stopped] -- C:\GEMC002.sys -- (GEMC002) DRV - [2012/03/01 16:30:37 | 000,130,664 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\BitDefender\Bitdefender 2012\bdselfpr.sys -- (BDSelfPr) DRV - [2012/02/17 16:45:12 | 000,447,208 | ---- | M] (BitDefender) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avckf.sys -- (avckf) DRV - [2011/11/25 14:59:40 | 000,240,184 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avchv.sys -- (avchv) DRV - [2011/11/17 17:38:34 | 000,063,056 | ---- | M] (BitDefender SRL) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bdsandbox.sys -- (bdsandbox) DRV - [2011/11/14 20:16:28 | 000,130,640 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys -- (bdftdif) DRV - [2011/09/21 02:25:34 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz135_x32.sys -- (cpuz135) DRV - [2011/07/22 09:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2011/07/12 14:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2010/09/29 15:13:46 | 000,020,088 | ---- | M] (REALiX) [Kernel | Auto | Running] -- C:\Program Files\HWiNFO32\HWiNFO32.SYS -- (HWiNFO32) DRV - [2010/09/14 11:21:09 | 000,109,440 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\KbdCap.sys -- (kbdcap) DRV - [2010/02/20 07:49:33 | 000,017,480 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi) DRV - [2010/01/19 19:32:40 | 000,085,128 | ---- | M] (BitDefender) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\bdvedisk.sys -- (BDVEDISK) DRV - [2009/12/30 02:20:56 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt) DRV - [2009/12/18 03:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv) DRV - [2009/06/17 09:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt) DRV - [2009/06/17 09:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2009/06/17 09:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2009/06/17 09:55:18 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd) DRV - [2009/04/15 04:53:20 | 000,043,424 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\npkcusb.sys -- (npkcusb) DRV - [2009/04/15 04:52:36 | 000,053,664 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\npkcrypt.sys -- (npkcrypt) DRV - [2009/01/08 00:42:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2008/07/28 08:19:28 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus) DRV - [2008/04/13 11:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE) DRV - [2008/02/24 05:27:00 | 000,037,376 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l151x86.sys -- (AtcL001) DRV - [2008/02/22 06:33:02 | 000,114,304 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm) DRV - [2008/02/22 06:33:02 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl) DRV - [2008/02/22 06:33:00 | 000,087,936 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM) DRV - [2007/09/04 10:26:32 | 000,029,696 | ---- | M] (NVidia Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\nvoclock.sys -- (NVR0Dev) DRV - [2007/06/19 00:51:20 | 000,107,304 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s816mdm.sys -- (s816mdm) DRV - [2007/06/19 00:51:18 | 000,099,112 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s816mgmt.sys -- (s816mgmt) Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM) DRV - [2007/06/19 00:51:18 | 000,097,704 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s816unic.sys -- (s816unic) Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM) DRV - [2007/06/19 00:51:18 | 000,097,320 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s816obex.sys -- (s816obex) DRV - [2007/06/19 00:51:18 | 000,021,928 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s816nd5.sys -- (s816nd5) Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS) DRV - [2007/06/19 00:51:18 | 000,013,864 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s816mdfl.sys -- (s816mdfl) DRV - [2007/06/19 00:51:16 | 000,081,832 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s816bus.sys -- (s816bus) Sony Ericsson Device 816 driver (WDM) DRV - [2007/05/21 01:42:46 | 001,180,672 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVerBDA3x.sys -- (AVerBDA3x) DRV - [2007/04/03 04:57:48 | 000,108,680 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116mdm.sys -- (s116mdm) DRV - [2007/04/03 04:57:48 | 000,015,112 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116mdfl.sys -- (s116mdfl) DRV - [2007/04/03 04:57:42 | 000,083,336 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116bus.sys -- (s116bus) Sony Ericsson Device 116 driver (WDM) DRV - [2007/03/08 17:27:56 | 004,485,120 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2004/08/13 11:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q={searchTerms}&crm=1 IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes IE - HKU\.DEFAULT\..\URLSearchHook: - No CLSID value found IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes IE - HKU\S-1-5-18\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/enterprise/security_response/index.jsp IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/enterprise/security_response/index.jsp IE - HKU\S-1-5-21-1060284298-362288127-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes IE - HKU\S-1-5-21-1060284298-362288127-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\S-1-5-21-1060284298-362288127-839522115-1003\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-1060284298-362288127-839522115-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found IE - HKU\S-1-5-21-1060284298-362288127-839522115-1003\..\SearchScopes,DefaultScope = Bing IE - HKU\S-1-5-21-1060284298-362288127-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IEFM1&src=IE-SearchBox IE - HKU\S-1-5-21-1060284298-362288127-839522115-1003\..\SearchScopes\{4EA00044-4BB9-4E9A-A818-CAA3F7950317}: "URL" = http://search.avg.com/route/?d=4e0383a6&v=7.5.30.4&i=26&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us IE - HKU\S-1-5-21-1060284298-362288127-839522115-1003\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKU\S-1-5-21-1060284298-362288127-839522115-1003\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB9}: "URL" = http://www.daemon-search.com/search/web?q={searchTerms} IE - HKU\S-1-5-21-1060284298-362288127-839522115-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1142338 IE - HKU\S-1-5-21-1060284298-362288127-839522115-1003\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q={searchTerms}&crm=1 IE - HKU\S-1-5-21-1060284298-362288127-839522115-1003\..\SearchScopes\{DB4131FF-29F0-4874-AA0B-D0A1910EEEE7}: "URL" = http://www.google.si/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz= IE - HKU\S-1-5-21-1060284298-362288127-839522115-1003\..\SearchScopes\{F5A9DC2B-3409-4DFC-A1EE-0114439EE65B}: "URL" = http://www.najdi.si/search.jsp?q={searchTerms}&foxsbar=ie IE - HKU\S-1-5-21-1060284298-362288127-839522115-1003\..\SearchScopes\Bing: "URL" = http://www.bing.com/search?q={searchTerms}&mkt=sl-SI&FORM=MIC2G5 IE - HKU\S-1-5-21-1060284298-362288127-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1060284298-362288127-839522115-1016\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.startup.homepage: "http://www.google.com/" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872 FF - prefs.js..extensions.enabledItems: avg@igeared:6.103.018.001 FF - prefs.js..extensions.enabledItems: {CA60F577-1B28-41D6-8C78-C49E63304FCF}:1.0 FF - prefs.js..extensions.enabledItems: ffxtlbr@Facemoods.com:1.1.0 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.3.3 FF - prefs.js..extensions.enabledItems: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.2.3.3 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files\GamersFirst\LIVE!\nplivelauncher.dll File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2009\FFToolbar\ FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/02/20 18:33:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/04/15 02:05:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/15 02:04:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/15 02:20:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2009\tbextension\ [2009/02/09 06:41:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Silvo\Application Data\Mozilla\Extensions [2012/06/21 07:15:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions [2012/06/21 07:15:19 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012/06/21 07:15:21 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} [2010/07/28 14:29:25 | 000,000,000 | ---D | M] (Facemoods) -- C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\ffxtlbr@Facemoods.com [2012/06/21 07:15:26 | 000,000,000 | ---D | M] ("MyPlayCity Toolbar") -- C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\toolbar@ask.com [2012/05/18 01:34:25 | 000,000,000 | ---D | M] (LavaFox V2-Green) -- C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\zigboom@ymail.com [2012/05/12 16:05:59 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\searchplugins\icqplugin-1.xml [2011/06/23 11:48:39 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\searchplugins\icqplugin-10.xml [2011/08/19 01:18:13 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\searchplugins\icqplugin-11.xml [2011/08/31 14:29:09 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\searchplugins\icqplugin-12.xml [2011/09/07 03:02:00 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\searchplugins\icqplugin-13.xml [2011/09/19 13:20:19 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\searchplugins\icqplugin-14.xml [2011/10/01 00:22:15 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\searchplugins\icqplugin-15.xml [2011/10/14 09:47:05 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\searchplugins\icqplugin-16.xml [2011/11/08 05:41:50 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\searchplugins\icqplugin-17.xml [2011/11/08 13:33:34 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\searchplugins\icqplugin-18.xml [2011/11/09 11:45:48 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\searchplugins\icqplugin-19.xml [2011/03/05 02:28:03 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\searchplugins\icqplugin-2.xml [2011/12/06 07:58:03 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\searchplugins\icqplugin-20.xml [2012/01/29 04:17:01 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\searchplugins\icqplugin-21.xml [2012/02/02 08:05:13 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\searchplugins\icqplugin-22.xml [2012/02/13 11:35:12 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\searchplugins\icqplugin-23.xml [2012/02/19 05:57:57 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\searchplugins\icqplugin-24.xml [2012/02/21 02:19:50 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\searchplugins\icqplugin-25.xml [2011/03/24 12:41:36 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\searchplugins\icqplugin-3.xml [2011/04/29 09:07:55 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\searchplugins\icqplugin-4.xml [2011/05/01 03:24:06 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\searchplugins\icqplugin-5.xml [2011/05/01 11:23:38 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\searchplugins\icqplugin-6.xml [2011/05/05 15:12:10 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\searchplugins\icqplugin-7.xml [2011/05/10 01:00:43 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\searchplugins\icqplugin-8.xml [2011/06/22 02:21:24 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\searchplugins\icqplugin-9.xml [2011/02/24 21:07:13 | 000,001,056 | ---- | M] () -- C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\searchplugins\icqplugin.xml [2012/06/21 07:15:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010/07/28 14:29:28 | 000,000,000 | ---D | M] (FindXplorer) -- C:\Program Files\Mozilla Firefox\extensions\{CA60F577-1B28-41D6-8C78-C49E63304FCF} [2012/06/15 02:20:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012/04/15 02:05:36 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT [2011/09/15 12:09:09 | 000,035,641 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\SILVO\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KEUDRCDB.DEFAULT\EXTENSIONS\TINYURL.ADDON@FAST-CHAT.CO.UK.XPI [2012/06/15 02:19:53 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2012/02/19 05:56:39 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2008/08/13 10:02:10 | 000,035,840 | ---- | M] () -- C:\Program Files\mozilla firefox\components\FFComm.dll [2008/01/22 23:20:30 | 000,491,520 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll [2011/10/01 00:19:22 | 000,010,799 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\ceneji.xml [2011/10/01 00:19:22 | 000,001,420 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\najdi-si.xml [2011/10/01 00:19:22 | 000,003,584 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\odpiralni.xml [2011/11/09 05:52:09 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml [2011/10/01 00:19:22 | 000,001,328 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-sl.xml ========== Chrome ========== CHR - default_search_provider: AVG Secure Search (Enabled) CHR - default_search_provider: search_url = http://search.avg.com/?d=4e0383cf&v=7.5.30.4&i=26&tp=ggl-chrome&q={searchTerms} CHR - default_search_provider: suggest_url = http://suggestqueries.google.com/complete/search?output=chrome&client=chrome&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.56\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.56\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Silvo\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll CHR - plugin: BitCometAgent (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll CHR - plugin: RealNetworks Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: DNA Plug-in (Enabled) = C:\Program Files\DNA\plugins\npbtdna.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Program Files\Yahoo!\Common\npyaxmpb.dll CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: YouTube = C:\Documents and Settings\Silvo\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Iskanje Google = C:\Documents and Settings\Silvo\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\Silvo\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\ CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Documents and Settings\Silvo\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ CHR - Extension: Gmail = C:\Documents and Settings\Silvo\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012/06/21 08:22:59 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.) O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKLM\..\Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - No CLSID value found. O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKU\S-1-5-21-1060284298-362288127-839522115-1003\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O3 - HKU\S-1-5-21-1060284298-362288127-839522115-1003\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [bDAgent] C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe (Bitdefender) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe () O4 - HKLM..\Run: [sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe () O4 - HKLM..\Run: [switchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKU\S-1-5-21-1060284298-362288127-839522115-1003..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA) O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation) O4 - HKU\.DEFAULT..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 File not found O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation) O4 - HKU\S-1-5-18..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 File not found O4 - HKU\S-1-5-21-1060284298-362288127-839522115-1016..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 File not found O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AVerQuick.lnk = C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe () O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: AFEC-CEAB = C:\Documents and Settings\Silvo\Application Data\Seven.exe O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1060284298-362288127-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1060284298-362288127-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-1060284298-362288127-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-1060284298-362288127-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-1060284298-362288127-839522115-1016\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1060284298-362288127-839522115-1016\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.srtest.com/srl_bin/sysreqlab3.cab (System Requirements Lab Class) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1217854800937 (WUWebControl Class) O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} http://www.acclaim.com/cabs/acclaim_v4.cab (GameLauncher Control) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1217854781968 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} http://disteng.nefficient.com/disteng/neffy/NeffyLauncher.cab (NeffyLauncherCtl Class) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} http://update.nprotect.net/keycrypt/cabal/npkcx_inca.cab (NPKCX Control) O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool) O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC30E4D0-6780-42EB-9733-F8D55434BB60}: NameServer = 193.189.160.13,193.189.160.23 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Documents and Settings\Silvo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Silvo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012/06/21 06:16:14 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2012/06/21 06:16:14 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2012/06/21 06:16:14 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2012/06/21 06:16:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2012/06/21 06:16:00 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/06/21 06:08:59 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Silvo\Recent [2012/06/21 05:52:27 | 000,000,000 | RHSD | C] -- C:\cmdcons [2012/06/21 05:47:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt [2012/06/21 03:57:51 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2012/06/20 14:00:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Silvo\Application Data\vlc [2012/06/20 14:00:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN [2012/06/20 09:45:33 | 000,069,632 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\Alcmtr.exe [2012/06/20 03:15:28 | 001,191,936 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RtlUpd.exe [2012/06/20 03:15:26 | 009,709,568 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTLCPL.EXE [2012/06/20 03:15:26 | 002,808,832 | ---- | C] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE [2012/06/20 03:15:26 | 000,299,008 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\ALSNDMGR.CPL [2012/06/20 03:15:26 | 000,282,624 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RTSndMgr.CPL [2012/06/20 03:15:26 | 000,086,016 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE [2012/06/20 03:15:25 | 002,157,568 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\MicCal.exe [2012/06/20 03:15:23 | 004,485,120 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys [2012/06/20 03:15:23 | 000,146,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\portcls.sys [2012/06/20 03:15:23 | 000,049,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\stream.sys [2012/06/20 03:15:22 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksuser.dll [2012/06/20 03:15:21 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksproxy.ax [2012/06/20 03:15:20 | 000,141,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ks.sys [2012/06/20 03:15:20 | 000,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys [2012/06/19 01:46:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Silvo\Desktop\RK_Quarantine [2012/06/18 09:32:01 | 001,101,824 | ---- | C] (Woodbury Associates Limited) -- C:\WINDOWS\System32\UniBox210.ocx [2012/06/18 09:32:01 | 000,880,640 | ---- | C] (Woodbury Associates Limited) -- C:\WINDOWS\System32\UniBox10.ocx [2012/06/18 09:32:01 | 000,658,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCOMCT2.OCX [2012/06/18 09:32:01 | 000,212,992 | ---- | C] (Woodbury Associates Limited) -- C:\WINDOWS\System32\UniBoxVB12.ocx [2012/06/18 09:32:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PC Tools Registry Mechanic [2012/06/18 09:31:58 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Registry Mechanic [2012/06/18 09:31:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools [2012/06/18 02:18:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia [2012/06/18 02:16:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Silvo\Local Settings\Application Data\Opera [2012/06/18 02:16:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Silvo\Application Data\Opera [2012/06/18 02:15:53 | 000,000,000 | ---D | C] -- C:\Program Files\Opera [2012/06/18 01:13:22 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Silvo\Start Menu\Programs\Administrative Tools [2012/06/17 15:45:24 | 000,023,456 | ---- | C] (Phoenix Technologies) -- C:\WINDOWS\System32\drivers\DrvAgent32.sys [2012/06/17 15:45:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Silvo\Local Settings\Application Data\eSupport.com [2012/06/17 14:44:55 | 000,000,000 | ---D | C] -- C:\Rbackup [2012/06/17 14:41:22 | 000,000,000 | ---D | C] -- C:\Program Files\Perfect Uninstaller [2012/06/15 03:36:04 | 000,340,624 | ---- | C] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\trufos.sys [2012/06/15 03:36:03 | 000,360,976 | ---- | C] (BitDefender) -- C:\WINDOWS\System32\drivers\bdfsfltr.sys [2012/06/15 03:04:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BDLogging [2012/06/15 03:03:38 | 000,016,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsgXP_2k3.dll [2012/06/15 03:03:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Bitdefender 2012 [2012/06/15 03:03:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Silvo\Application Data\Bitdefender [2012/06/15 03:00:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Silvo\Application Data\QuickScan [2012/06/15 02:20:02 | 000,476,936 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\npdeployJava1.dll [2012/06/15 02:20:02 | 000,157,448 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2012/06/15 02:20:02 | 000,149,256 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2012/06/15 02:20:02 | 000,149,256 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2012/06/15 02:20:02 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2012/06/15 02:19:48 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2012/06/13 16:17:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia [2012/05/23 12:45:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Silvo\Application Data\Mumble [2012/05/23 12:41:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mumble [2012/05/23 12:33:50 | 000,000,000 | ---D | C] -- C:\Program Files\Mumble [2011/11/21 14:27:38 | 086,405,736 | ---- | C] (K2 Network, Inc.) -- C:\Program Files\APB_Reloaded_Installer.exe [7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/06/21 09:06:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012/06/21 09:03:23 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Silvo\Desktop\MBR.dat [2012/06/21 08:23:57 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012/06/21 08:22:59 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2012/06/21 08:22:25 | 000,001,040 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cd08335e74765c.job [2012/06/21 08:22:25 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1060284298-362288127-839522115-1005.job [2012/06/21 08:22:25 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1060284298-362288127-839522115-1003.job [2012/06/21 08:22:25 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\RMAutoUpdate.job [2012/06/21 08:21:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/06/21 07:21:00 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012/06/21 05:52:30 | 000,000,339 | RHS- | M] () -- C:\boot.ini [2012/06/21 04:11:54 | 003,587,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012/06/21 04:11:48 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1060284298-362288127-839522115-1003.job [2012/06/21 04:11:48 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RMSchedule.job [2012/06/21 04:02:34 | 000,036,352 | ---- | M] () -- C:\WINDOWS\System32\drivers\disk.sys [2012/06/21 03:09:55 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2012/06/20 14:00:10 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk [2012/06/20 13:57:21 | 022,259,528 | ---- | M] () -- C:\Documents and Settings\Silvo\Desktop\vlc-2.0.1-win32.exe [2012/06/20 13:48:58 | 000,174,592 | ---- | M] () -- C:\Documents and Settings\Silvo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/06/19 01:47:00 | 000,014,080 | ---- | M] () -- C:\WINDOWS\System32\drivers\TrueSight.sys [2012/06/18 09:32:02 | 000,000,869 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PC Tools Registry Mechanic.lnk [2012/06/18 09:23:37 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk [2012/06/18 02:15:59 | 000,001,510 | ---- | M] () -- C:\Documents and Settings\Silvo\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk [2012/06/18 02:15:59 | 000,001,492 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk [2012/06/17 15:45:24 | 000,023,456 | ---- | M] (Phoenix Technologies) -- C:\WINDOWS\System32\drivers\DrvAgent32.sys [2012/06/17 14:41:36 | 000,000,042 | ---- | M] () -- C:\WINDOWS\System32\AK083E209605E394C.lie [2012/06/16 21:38:47 | 000,000,223 | ---- | M] () -- C:\Boot.bak [2012/06/15 03:36:04 | 000,340,624 | ---- | M] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\trufos.sys [2012/06/15 03:36:03 | 000,360,976 | ---- | M] (BitDefender) -- C:\WINDOWS\System32\drivers\bdfsfltr.sys [2012/06/15 03:03:43 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_avchv_01009.Wdf [2012/06/15 03:03:42 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf [2012/06/15 03:03:15 | 000,001,863 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Bitdefender Antivirus Plus 2012.lnk [2012/06/15 02:19:52 | 000,157,448 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2012/06/15 02:19:52 | 000,149,256 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2012/06/15 02:19:52 | 000,149,256 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2012/06/15 02:19:52 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2012/06/15 02:19:51 | 000,476,936 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\npdeployJava1.dll [2012/06/15 02:19:51 | 000,472,840 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll [2012/06/14 11:59:33 | 000,057,108 | ---- | M] () -- C:\Documents and Settings\Silvo\Desktop\Bambuk.jpg [2012/06/14 10:42:00 | 000,000,960 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2012/06/14 06:55:14 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2012/06/14 06:55:13 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2012/06/12 03:33:49 | 000,002,533 | ---- | M] () -- C:\Documents and Settings\Silvo\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk [2012/06/09 09:29:12 | 000,553,158 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012/06/09 09:29:12 | 000,107,556 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012/06/09 02:00:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-SILVO1-Nadja.job [2012/06/08 17:46:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2012/06/03 08:43:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1060284298-362288127-839522115-1005.job [2012/05/30 06:30:01 | 000,308,142 | ---- | M] () -- C:\Documents and Settings\Silvo\Desktop\123.bmp [2012/05/25 06:12:36 | 001,074,636 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin [2012/05/25 06:12:36 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin [2012/05/25 06:09:16 | 001,074,636 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin [2012/05/23 12:47:12 | 000,002,379 | ---- | M] () -- C:\Documents and Settings\Silvo\My Documents\MumbleAutomaticCertificateBackup.p12 [2012/05/23 12:44:59 | 000,000,656 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mumble.lnk [7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/06/21 09:03:23 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Silvo\Desktop\MBR.dat [2012/06/21 06:16:14 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2012/06/21 06:16:14 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2012/06/21 06:16:14 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2012/06/21 06:16:14 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2012/06/21 06:16:14 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2012/06/21 05:52:30 | 000,000,223 | ---- | C] () -- C:\Boot.bak [2012/06/21 05:52:28 | 000,260,272 | RHS- | C] () -- C:\cmldr [2012/06/20 14:00:10 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk [2012/06/20 13:57:11 | 022,259,528 | ---- | C] () -- C:\Documents and Settings\Silvo\Desktop\vlc-2.0.1-win32.exe [2012/06/19 01:47:00 | 000,014,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys [2012/06/18 09:32:24 | 000,000,272 | ---- | C] () -- C:\WINDOWS\tasks\RMAutoUpdate.job [2012/06/18 09:32:13 | 000,000,274 | ---- | C] () -- C:\WINDOWS\tasks\RMSchedule.job [2012/06/18 09:32:02 | 000,000,869 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PC Tools Registry Mechanic.lnk [2012/06/18 09:32:01 | 000,037,336 | ---- | C] () -- C:\WINDOWS\System32\CleanMFT32.exe [2012/06/18 02:15:59 | 000,001,510 | ---- | C] () -- C:\Documents and Settings\Silvo\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk [2012/06/18 02:15:59 | 000,001,498 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Opera.lnk [2012/06/18 02:15:59 | 000,001,492 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk [2012/06/17 14:41:36 | 000,000,042 | ---- | C] () -- C:\WINDOWS\System32\AK083E209605E394C.lie [2012/06/15 03:03:43 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_avchv_01009.Wdf [2012/06/15 03:03:42 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf [2012/06/15 03:03:15 | 000,001,863 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Bitdefender Antivirus Plus 2012.lnk [2012/06/14 11:59:22 | 000,057,108 | ---- | C] () -- C:\Documents and Settings\Silvo\Desktop\Bambuk.jpg [2012/05/30 06:30:01 | 000,308,142 | ---- | C] () -- C:\Documents and Settings\Silvo\Desktop\123.bmp [2012/05/23 12:47:12 | 000,002,379 | ---- | C] () -- C:\Documents and Settings\Silvo\My Documents\MumbleAutomaticCertificateBackup.p12 [2012/05/23 12:41:26 | 000,000,656 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mumble.lnk [2012/03/31 09:45:09 | 000,178,688 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2012/03/10 02:12:46 | 001,074,636 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin [2012/03/10 02:12:46 | 001,074,636 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin [2012/03/10 02:12:46 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin [2012/03/10 02:11:56 | 002,807,708 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data [2012/01/14 03:58:59 | 001,844,091 | ---- | C] () -- C:\Documents and Settings\Silvo\Application Data\1 [2012/01/12 14:03:18 | 000,180,539 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\1 [2011/12/28 09:38:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\Access.dat [2011/11/21 14:27:38 | 3830,088,838 | ---- | C] () -- C:\Program Files\Client1.5.3.569583.7z [2011/11/16 10:33:56 | 000,000,512 | ---- | C] () -- C:\WINDOWS\unlss.ini [2010/09/18 13:26:02 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\mf.dll [2010/09/14 11:21:09 | 000,109,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\KbdCap.sys [2010/07/09 12:04:40 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll [2010/06/25 11:56:43 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2012/03/13 14:44:21 | 000,001,024 | ---- | M] () -- C:\.rnd [2011/09/21 08:45:21 | 000,040,448 | ---- | M] () -- C:\Accountlist Yonichi + Takehito 14-09-2011.doc [2012/06/21 08:20:38 | 000,006,894 | ---- | M] () -- C:\bdlog.txt [2012/06/16 21:38:47 | 000,000,223 | ---- | M] () -- C:\Boot.bak [2012/06/21 05:52:30 | 000,000,339 | RHS- | M] () -- C:\boot.ini [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr [2012/06/21 08:31:03 | 000,030,648 | ---- | M] () -- C:\ComboFix.txt [2007/11/06 23:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt [2007/11/06 23:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt [2007/11/06 23:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt [2007/11/06 23:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt [2007/11/06 23:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt [2007/11/06 23:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt [2007/11/06 23:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt [2007/11/06 23:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt [2007/11/06 23:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt [2012/03/24 08:45:20 | 000,072,136 | ---- | M] (www.wiselogic.co.kr) -- C:\GEMC001.sys [2012/03/19 01:19:44 | 000,072,136 | ---- | M] (www.wiselogic.co.kr) -- C:\GEMC002.sys [2012/03/24 08:45:49 | 000,072,136 | ---- | M] (www.wiselogic.co.kr) -- C:\GEMC003.sys [2012/03/19 01:20:03 | 000,072,136 | ---- | M] (www.wiselogic.co.kr) -- C:\GEMC004.sys [2012/03/24 08:47:39 | 000,072,136 | ---- | M] (www.wiselogic.co.kr) -- C:\GEMC005.sys [2012/03/20 09:54:50 | 000,072,136 | ---- | M] (www.wiselogic.co.kr) -- C:\GEMC007.sys [2012/03/24 08:51:51 | 000,072,136 | ---- | M] (www.wiselogic.co.kr) -- C:\GEMC009.sys [2012/03/29 01:53:35 | 000,072,136 | ---- | M] (www.wiselogic.co.kr) -- C:\GEMC011.sys [2007/11/06 23:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini [2010/02/24 13:26:06 | 000,001,459 | ---- | M] () -- C:\hpfr5100.log [2010/07/06 01:44:34 | 000,497,640 | ---- | M] () -- C:\img083.jpg [2007/11/06 23:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini [2007/11/06 23:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll [2007/11/06 23:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll [2007/11/06 23:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll [2007/11/06 23:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll [2007/11/06 23:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll [2007/11/06 23:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll [2007/11/06 23:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll [2007/11/06 23:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll [2007/11/06 23:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll [2008/08/04 05:07:26 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2008/08/04 05:07:26 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2004/08/03 14:38:34 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2008/08/04 06:47:34 | 000,250,048 | RHS- | M] () -- C:\ntldr [2012/06/21 08:21:44 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys [2008/08/07 10:10:39 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm [2008/08/07 23:47:07 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm [2008/09/05 05:16:49 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm [2008/09/19 12:13:01 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm [2008/12/14 09:36:05 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm [2008/12/16 06:53:52 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm [2008/12/18 11:30:21 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm [2008/08/07 10:10:39 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm [2008/08/07 23:47:07 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm [2008/09/05 05:16:49 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm [2008/09/19 12:13:01 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm [2008/12/14 09:36:05 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm [2008/12/16 06:53:52 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm [2008/12/18 11:30:21 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm [2012/06/21 03:58:50 | 000,112,304 | ---- | M] () -- C:\TDSSKiller.2.7.41.0_21.06.2012_03.55.37_log.txt [2007/11/06 23:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp [2007/11/06 23:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab [2007/11/06 23:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI [2012/01/23 12:14:04 | 000,000,162 | -H-- | M] () -- C:\~$Codes.docx < %USERPROFILE%\*.* > [2010/10/24 02:41:28 | 000,000,034 | ---- | M] () -- C:\Documents and Settings\Silvo\logging.txt [2012/06/21 08:20:34 | 012,582,912 | ---- | M] () -- C:\Documents and Settings\Silvo\ntuser.dat [2012/06/21 09:06:33 | 000,001,024 | -H-- | M] () -- C:\Documents and Settings\Silvo\ntuser.dat.LOG [2012/06/21 08:20:35 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Silvo\ntuser.ini [2010/07/21 01:32:17 | 000,000,001 | ---- | M] () -- C:\Documents and Settings\Silvo\SI.bin < %USERPROFILE%\Application Data\*.* > [2009/10/02 08:46:43 | 000,002,528 | ---- | M] () -- C:\Documents and Settings\Silvo\Application Data\$_hpcst$.hpc [2012/03/07 07:33:05 | 001,844,091 | ---- | M] () -- C:\Documents and Settings\Silvo\Application Data\1 [2010/08/04 07:27:56 | 000,000,131 | ---- | M] () -- C:\Documents and Settings\Silvo\Application Data\default.rss [2008/08/04 06:55:17 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Silvo\Application Data\desktop.ini [2012/03/07 15:30:50 | 000,138,904 | ---- | M] () -- C:\Documents and Settings\Silvo\Application Data\PnkBstrK.sys [2010/03/15 05:26:41 | 000,000,180 | ---- | M] () -- C:\Documents and Settings\Silvo\Application Data\setup.log [2010/03/15 05:26:11 | 000,000,760 | ---- | M] () -- C:\Documents and Settings\Silvo\Application Data\setup_ldm.iss < %USERPROFILE%\Local Settings\Application Data\*.* > [2012/03/07 14:51:16 | 000,004,016 | ---- | M] () -- C:\Documents and Settings\Silvo\Local Settings\Application Data\6B607932-2F07-F673-54B8-E601F1D551B2.txt [2012/06/20 13:48:58 | 000,174,592 | ---- | M] () -- C:\Documents and Settings\Silvo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/08/20 10:26:47 | 000,000,128 | ---- | M] () -- C:\Documents and Settings\Silvo\Local Settings\Application Data\fusioncache.dat [2012/06/21 04:13:37 | 000,074,680 | ---- | M] () -- C:\Documents and Settings\Silvo\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2012/06/18 01:24:43 | 005,654,906 | -H-- | M] () -- C:\Documents and Settings\Silvo\Local Settings\Application Data\IconCache.db [2011/12/17 12:05:02 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Silvo\Local Settings\Application Data\prvlcl.dat < %AllUsersProfile%\*.* > < %AllUsersProfile%\Application Data\*.* > [2008/08/04 06:55:17 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini < %USERPROFILE%\My Documents\*.* > [2008/09/21 12:34:51 | 000,203,344 | ---- | M] () -- C:\Documents and Settings\Silvo\My Documents\0921213451Analog TV3.jpg [2010/05/28 10:59:48 | 000,001,219 | ---- | M] () -- C:\Documents and Settings\Silvo\My Documents\aionmemo_1d 3248d.dat [2009/11/20 01:38:24 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\Silvo\My Documents\aionmemo_394ada30.dat [2012/04/12 11:06:04 | 000,000,342 | ---- | M] () -- C:\Documents and Settings\Silvo\My Documents\aionmemo_c1b89fb0.dat [2010/05/03 13:27:03 | 000,000,055 | ---- | M] () -- C:\Documents and Settings\Silvo\My Documents\aionmemo_d9d4b6e9.dat [2009/11/08 10:42:35 | 000,000,007 | ---- | M] () -- C:\Documents and Settings\Silvo\My Documents\blabla.bat [2011/08/22 08:16:41 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\Silvo\My Documents\Default.rdp [2009/12/02 05:20:16 | 000,000,076 | -HS- | M] () -- C:\Documents and Settings\Silvo\My Documents\desktop.ini [2011/10/31 15:17:33 | 000,000,066 | ---- | M] () -- C:\Documents and Settings\Silvo\My Documents\GFWLIVESetupLog.txt [2011/10/31 15:17:32 | 000,004,586 | ---- | M] () -- C:\Documents and Settings\Silvo\My Documents\GFWLIVESetupLogVerbose.txt [2011/01/27 12:40:56 | 000,460,506 | ---- | M] () -- C:\Documents and Settings\Silvo\My Documents\Image.jpg [2010/11/11 14:03:05 | 000,005,887 | ---- | M] () -- C:\Documents and Settings\Silvo\My Documents\misc338.gif [2009/01/08 06:01:25 | 000,000,899 | ---- | M] () -- C:\Documents and Settings\Silvo\My Documents\Moje mape za izmenjevanje.lnk [2012/03/08 11:27:55 | 000,000,007 | ---- | M] () -- C:\Documents and Settings\Silvo\My Documents\mt-e_hook.txt [2012/03/08 11:27:55 | 000,000,041 | ---- | M] () -- C:\Documents and Settings\Silvo\My Documents\mt-x_hook.txt [2012/05/23 12:47:12 | 000,002,379 | ---- | M] () -- C:\Documents and Settings\Silvo\My Documents\MumbleAutomaticCertificateBackup.p12 [2009/07/06 14:24:45 | 000,001,175 | ---- | M] () -- C:\Documents and Settings\Silvo\My Documents\nejc_50@hotmail.com Arhiv map v skupni rabi.lnk [2008/10/17 07:54:57 | 000,006,144 | -H-- | M] () -- C:\Documents and Settings\Silvo\My Documents\photothumb.db [2010/04/26 09:16:19 | 842,328,696 | ---- | M] () -- C:\Documents and Settings\Silvo\My Documents\Sword_of_the_New_World_20091029.bin [2010/04/26 09:07:57 | 018,169,360 | ---- | M] () -- C:\Documents and Settings\Silvo\My Documents\Sword_of_the_New_World_20091029.exe [2010/04/04 11:35:32 | 1748,348,690 | ---- | M] () -- C:\Documents and Settings\Silvo\My Documents\Sword_of_the_New_World_20100331.bin [2010/04/04 11:35:32 | 1679,764,859 | ---- | M] () -- C:\Documents and Settings\Silvo\My Documents\Sword_of_the_New_World_20100331.bin2 [2010/04/04 11:35:28 | 1674,701,606 | ---- | M] () -- C:\Documents and Settings\Silvo\My Documents\Sword_of_the_New_World_20100331.bin3 [2010/04/04 11:32:34 | 021,656,176 | ---- | M] () -- C:\Documents and Settings\Silvo\My Documents\Sword_of_the_New_World_20100331.exe [2011/02/11 10:15:56 | 000,015,360 | -HS- | M] () -- C:\Documents and Settings\Silvo\My Documents\Thumbs.db [2011/02/16 04:14:38 | 000,209,067 | ---- | M] () -- C:\Documents and Settings\Silvo\My Documents\ts3_clientui-win32-12815-2011-02-16 12_14_33.015625.dmp [2011/04/23 13:33:43 | 000,218,339 | ---- | M] () -- C:\Documents and Settings\Silvo\My Documents\ts3_clientui-win32-12815-2011-04-23 22_33_41.755625.dmp [2009/10/27 23:10:03 | 000,009,509 | ---- | M] () -- C:\Documents and Settings\Silvo\My Documents\Uninstall Mass Effect.log [2010/01/07 08:10:38 | 000,014,825 | ---- | M] () -- C:\Documents and Settings\Silvo\My Documents\Vloga.docx [2011/05/12 03:36:38 | 109,212,672 | ---- | M] (VMware, Inc.) -- C:\Documents and Settings\Silvo\My Documents\VMware-player-3.1.4-385536.exe [2008/09/21 09:31:57 | 000,010,948 | ---- | M] () -- C:\Documents and Settings\Silvo\My Documents\Zapisnik razredne ure 19.9.2008.docx [2008/08/11 05:48:53 | 000,015,803 | ---- | M] () -- C:\Documents and Settings\Silvo\My Documents\zgodla.docx < End of report >
  10. aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-06-21 08:57:14 ----------------------------- 08:57:14.875 OS Version: Windows 5.1.2600 Service Pack 3 08:57:14.875 Number of processors: 2 586 0x1706 08:57:14.875 ComputerName: SILVO1 UserName: Silvo 08:57:22.546 Initialize success 09:01:45.890 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-7 09:01:45.890 Disk 0 Vendor: SAMSUNG_HD502IJ 1AA01109 Size: 476940MB BusType: 3 09:01:45.890 Disk 0 MBR read successfully 09:01:45.890 Disk 0 MBR scan 09:01:45.890 Disk 0 Windows XP default MBR code 09:01:45.890 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476929 MB offset 63 09:01:45.890 Disk 0 scanning sectors +976752000 09:01:45.968 Disk 0 scanning C:\WINDOWS\system32\drivers 09:01:53.515 Service scanning 09:02:07.281 Modules scanning 09:02:12.078 Disk 0 trace - called modules: 09:02:12.109 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS 09:02:12.109 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b03dab8] 09:02:12.109 3 CLASSPNP.SYS[f74c7fd7] -> nt!IofCallDriver -> \Device\00000092[0x8b06e258] 09:02:12.109 5 ACPI.sys[f735e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-7[0x8b045d98] 09:02:12.109 Scan finished successfully 09:03:23.250 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Silvo\Desktop\MBR.dat" 09:03:23.250 The log file has been saved successfully to "C:\Documents and Settings\Silvo\Desktop\aswMBR.txt"
  11. It says It's recommended to download Avast. Should I?
  12. ComboFix 12-06-21.01 - Silvo 21/06/2012 8:16.5.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1250.386.1033.18.3327.2657 [GMT -7:00] Running from: c:\documents and settings\Silvo\My Documents\Downloads\ComboFix.exe Command switches used :: c:\documents and settings\Silvo\My Documents\Downloads\CFScript.txt AV: Bitdefender Antivirus *Disabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB} . . ((((((((((((((((((((((((( Files Created from 2012-05-21 to 2012-06-21 ))))))))))))))))))))))))))))))) . . 2012-06-21 10:57 . 2012-06-21 10:57 -------- d-----w- C:\TDSSKiller_Quarantine 2012-06-20 21:00 . 2012-06-20 23:05 -------- d-----w- c:\documents and settings\Silvo\Application Data\vlc 2012-06-20 16:45 . 2005-05-04 01:43 69632 ----a-w- c:\windows\Alcmtr.exe 2012-06-19 08:47 . 2012-06-19 08:47 14080 ----a-w- c:\windows\system32\drivers\TrueSight.sys 2012-06-18 16:32 . 2012-04-26 21:08 37336 ----a-w- c:\windows\system32\CleanMFT32.exe 2012-06-18 16:32 . 2008-09-18 04:17 658432 ----a-w- c:\windows\system32\MSCOMCT2.OCX 2012-06-18 16:32 . 2008-04-02 22:54 1101824 ----a-w- c:\windows\system32\UniBox210.ocx 2012-06-18 16:32 . 2008-04-02 22:53 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx 2012-06-18 16:32 . 2008-04-02 22:53 880640 ----a-w- c:\windows\system32\UniBox10.ocx 2012-06-18 16:31 . 2012-06-18 16:33 -------- d-----w- c:\program files\PC Tools Registry Mechanic 2012-06-18 16:31 . 2012-06-18 16:32 -------- d-----w- c:\program files\Common Files\PC Tools 2012-06-18 09:16 . 2012-06-18 09:16 -------- d-----w- c:\documents and settings\Silvo\Local Settings\Application Data\Opera 2012-06-18 09:15 . 2012-06-18 09:16 -------- d-----w- c:\program files\Opera 2012-06-17 22:45 . 2012-06-17 22:45 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys 2012-06-17 22:45 . 2012-06-17 22:45 -------- d-----w- c:\documents and settings\Silvo\Local Settings\Application Data\eSupport.com 2012-06-17 21:44 . 2012-06-17 21:44 -------- d-----w- C:\Rbackup 2012-06-17 21:41 . 2012-06-18 09:52 -------- d-----w- c:\program files\Perfect Uninstaller 2012-06-16 22:44 . 2012-06-16 22:44 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\QuickScan 2012-06-16 21:19 . 2012-06-16 21:19 -------- d-----w- c:\documents and settings\Maja\Application Data\Bitdefender 2012-06-15 10:36 . 2012-06-15 10:36 340624 ----a-w- c:\windows\system32\drivers\trufos.sys 2012-06-15 10:36 . 2012-06-15 10:36 360976 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys 2012-06-15 10:04 . 2012-06-15 10:04 -------- d-----w- c:\documents and settings\All Users\Application Data\BDLogging 2012-06-15 10:03 . 2008-11-08 01:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll 2012-06-15 10:03 . 2012-06-15 10:03 -------- d-----w- c:\documents and settings\Silvo\Application Data\Bitdefender 2012-06-15 10:00 . 2012-06-15 10:00 -------- d-----w- c:\documents and settings\Silvo\Application Data\QuickScan 2012-06-15 09:20 . 2012-06-15 09:19 73728 ----a-w- c:\windows\system32\javacpl.cpl 2012-06-15 09:20 . 2012-06-15 09:19 476936 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-06-15 09:19 . 2012-06-15 09:19 -------- d-----w- c:\program files\Java 2012-05-23 19:45 . 2012-06-16 22:40 -------- d-----w- c:\documents and settings\Silvo\Application Data\Mumble 2012-05-23 19:33 . 2012-05-23 19:44 -------- d-----w- c:\program files\Mumble . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-21 11:02 . 2004-08-03 21:59 36352 ----a-w- c:\windows\system32\drivers\disk.sys 2012-06-15 09:19 . 2011-11-10 13:40 472840 ----a-w- c:\windows\system32\deployJava1.dll 2012-06-14 13:55 . 2012-04-19 13:28 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-14 13:55 . 2011-05-22 20:57 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-05-15 10:18 . 2012-03-10 09:11 883008 ----a-w- c:\windows\system32\nvgenco32.dll 2012-05-15 10:18 . 2012-03-10 09:11 65536 ----a-w- c:\windows\system32\OpenCL.dll 2012-05-15 10:18 . 2012-03-10 09:11 1000768 ----a-w- c:\windows\system32\nvdispco32.dll 2012-05-15 10:18 . 2012-03-10 09:11 17543168 ----a-w- c:\windows\system32\nvcompiler.dll 2012-05-15 10:18 . 2009-08-11 09:20 2530624 ----a-w- c:\windows\system32\nvcuvid.dll 2012-05-15 10:18 . 2009-08-11 09:20 2445120 ----a-w- c:\windows\system32\nvcuvenc.dll 2012-05-15 10:18 . 2008-08-04 12:27 18771968 ----a-w- c:\windows\system32\nvoglnt.dll 2012-05-15 10:18 . 2008-08-04 12:27 6012928 ----a-w- c:\windows\system32\nvcuda.dll 2012-05-15 10:18 . 2008-08-04 12:27 2359808 ----a-w- c:\windows\system32\nvapi.dll 2012-05-15 10:18 . 2008-08-04 12:27 14014656 ----a-w- c:\windows\system32\drivers\nv4_mini.sys 2012-05-15 10:18 . 2008-08-04 12:27 4373248 ----a-w- c:\windows\system32\nv4_disp.dll 2012-05-15 09:43 . 2008-08-04 12:27 229376 ----a-w- c:\windows\system32\nvrszhc.dll 2012-05-15 09:43 . 2008-08-04 12:27 282624 ----a-w- c:\windows\system32\nvrsit.dll 2012-05-15 09:43 . 2008-08-04 12:27 253952 ----a-w- c:\windows\system32\nvrsth.dll 2012-05-15 09:43 . 2008-08-04 12:27 253952 ----a-w- c:\windows\system32\nvrssv.dll 2012-05-15 09:43 . 2008-08-04 12:27 126976 ----a-w- c:\windows\system32\nvrszht.dll 2012-05-15 09:43 . 2008-08-04 12:27 274432 ----a-w- c:\windows\system32\nvrsnl.dll 2012-05-15 09:43 . 2008-08-04 12:27 266240 ----a-w- c:\windows\system32\nvrsko.dll 2012-05-15 09:43 . 2008-08-04 12:27 335872 ----a-w- c:\windows\system32\nvrsar.dll 2012-05-15 09:43 . 2008-08-04 12:27 282624 ----a-w- c:\windows\system32\nvrsel.dll 2012-05-15 09:43 . 2008-08-04 12:27 274432 ----a-w- c:\windows\system32\nvrsesm.dll 2012-05-15 09:43 . 2008-08-04 12:27 249856 ----a-w- c:\windows\system32\nvrseng.dll 2012-05-15 09:43 . 2008-08-04 12:27 335872 ----a-w- c:\windows\system32\nvrshe.dll 2012-05-15 09:43 . 2008-08-04 12:27 286720 ----a-w- c:\windows\system32\nvrsfr.dll 2012-05-15 09:43 . 2008-08-04 12:27 274432 ----a-w- c:\windows\system32\nvrspt.dll 2012-05-15 09:43 . 2008-08-04 12:27 258048 ----a-w- c:\windows\system32\nvrssl.dll 2012-05-15 09:43 . 2008-08-04 12:27 253952 ----a-w- c:\windows\system32\nvrsno.dll 2012-05-15 09:43 . 2008-08-04 12:27 249856 ----a-w- c:\windows\system32\nvrsfi.dll 2012-05-15 09:43 . 2008-08-04 12:27 282624 ----a-w- c:\windows\system32\nvrses.dll 2012-05-15 09:43 . 2008-08-04 12:27 270336 ----a-w- c:\windows\system32\nvrsru.dll 2012-05-15 09:43 . 2008-08-04 12:27 258048 ----a-w- c:\windows\system32\nvrssk.dll 2012-05-15 09:43 . 2008-08-04 12:27 262144 ----a-w- c:\windows\system32\nvrshu.dll 2012-05-15 09:43 . 2008-08-04 12:27 258048 ----a-w- c:\windows\system32\nvrstr.dll 2012-05-15 09:43 . 2008-08-04 12:27 253952 ----a-w- c:\windows\system32\nvrsda.dll 2012-05-15 09:43 . 2008-08-04 12:27 274432 ----a-w- c:\windows\system32\nvrsja.dll 2012-05-15 09:43 . 2008-08-04 12:27 258048 ----a-w- c:\windows\system32\nvrspl.dll 2012-05-15 09:43 . 2008-08-04 12:27 270336 ----a-w- c:\windows\system32\nvrsptb.dll 2012-05-15 09:43 . 2008-08-04 12:27 278528 ----a-w- c:\windows\system32\nvrsde.dll 2012-05-15 09:43 . 2008-08-04 12:27 249856 ----a-w- c:\windows\system32\nvrscs.dll 2012-05-15 09:40 . 2009-07-14 11:35 54272 ----a-w- c:\windows\system32\nvwddi.dll 2012-05-15 09:40 . 2009-07-14 11:34 15504192 ----a-w- c:\windows\system32\nvcpl.dll 2012-05-15 09:40 . 2009-07-14 11:34 143680 ----a-w- c:\windows\system32\nvcolor.exe 2012-05-15 09:40 . 2009-07-14 11:34 164160 ----a-w- c:\windows\system32\nvsvc32.exe 2012-05-15 09:40 . 2009-07-14 11:34 108352 ----a-w- c:\windows\system32\nvmctray.dll 2012-04-04 13:56 . 2011-07-08 20:25 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-29 08:53 . 2012-03-29 08:53 72136 ----a-w- C:\GEMC011.sys 2012-03-24 15:51 . 2012-03-18 21:44 72136 ----a-w- C:\GEMC009.sys 2012-03-24 15:47 . 2012-03-18 16:37 72136 ----a-w- C:\GEMC005.sys 2012-03-24 15:45 . 2012-03-18 16:32 72136 ----a-w- C:\GEMC003.sys 2012-03-24 15:45 . 2012-03-18 16:32 72136 ----a-w- C:\GEMC001.sys 2011-11-21 22:19 . 2011-11-21 21:27 86405736 ----a-w- c:\program files\APB_Reloaded_Installer.exe 2012-02-19 12:56 . 2011-05-05 22:11 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2008-08-13 17:02 . 2008-08-13 17:02 35840 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-06-21_13.32.02 ))))))))))))))))))))))))))))))))))))))))) . + 2012-06-21 15:22 . 2012-06-21 15:22 16384 c:\windows\Temp\Perflib_Perfdata_3d0.dat + 2008-08-04 12:12 . 2012-06-21 15:21 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat - 2008-08-04 12:12 . 2012-06-21 13:30 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2008-08-04 12:12 . 2012-06-21 15:21 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2008-08-04 12:12 . 2012-06-21 13:30 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2008-08-04 12:12 . 2012-06-21 15:21 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat - 2008-08-04 12:12 . 2012-06-21 13:30 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 528384] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824] "SkyTel"="SkyTel.EXE" [2006-05-17 2879488] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-04-15 296056] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-05-15 15504192] "NvMediaCenter"="NvMCTray.dll" [2012-05-15 108352] "nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-05-15 1634112] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "BDAgent"="c:\program files\Bitdefender\Bitdefender 2012\bdagent.exe" [2012-03-22 1183616] "RTHDCPL"="RTHDCPL.EXE" [2007-03-08 16125952] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "ShowDeskFix"="shell32" [X] "RunNarrator"="Narrator.exe" [2008-04-14 53760] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run] "AFEC-CEAB"="c:\documents and settings\Silvo\Application Data\Seven.exe" [bU] . c:\documents and settings\Maja\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\documents and settings\Silvo_2\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\documents and settings\Silvo\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ AVerQuick.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2008-8-4 618496] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-2-25 813584] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk backup=c:\windows\pss\GamersFirst LIVE!.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk backup=c:\windows\pss\McAfee Security Scan.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^Silvo^Start Menu^Programs^Startup^MagicDisc.lnk] path=c:\documents and settings\Silvo\Start Menu\Programs\Startup\MagicDisc.lnk backup=c:\windows\pss\MagicDisc.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^Silvo^Start Menu^Programs^Startup^Xfire.lnk] path=c:\documents and settings\Silvo\Start Menu\Programs\Startup\Xfire.lnk backup=c:\windows\pss\Xfire.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe] 2007-06-29 13:03 36864 ----a-w- c:\program files\GameSpy\Comrade\Comrade.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2008-07-24 15:02 490952 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware] 2012-04-04 13:56 462408 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2010-04-16 21:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2009-01-29 13:01 23975720 ----a-r- c:\program files\Skype\Phone\Skype.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] 2012-06-14 13:42 3905920 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "scan"=3 (0x3) "LIVESRV"=2 (0x2) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\Games-Masters.com\\CABAL Online (Europe)\\launcher\\update\\ESTdnheadless.exe"= "c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"= "c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"= "c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"= "c:\\Program Files\\Steam\\Steam.exe"= "c:\\Program Files\\Microsoft Games\\Halo 2\\halo2.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\ICQ7.2\\ICQ.exe"= "c:\\Program Files\\ICQ7.2\\aolload.exe"= "c:\\Program Files\\Xfire\\Xfire.exe"= "c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"= "c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"= "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\apb reloaded\\Launcher\\APBLauncher.exe"= "c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\apb reloaded\\Binaries\\APB.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\apb reloaded\\Binaries\\VivoxVoiceService.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"= "c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"= "c:\\Program Files\\tera fake\\TERA-Launcher.exe"= "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"= "c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"= "c:\\Program Files\\Opera\\pluginwrapper\\opera_plugin_wrapper.exe"= "c:\\Program Files\\Opera\\opera.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "57769:TCP"= 57769:TCP:Pando Media Booster "57769:UDP"= 57769:UDP:Pando Media Booster "57495:TCP"= 57495:TCP:Pando Media Booster "57495:UDP"= 57495:UDP:Pando Media Booster "56799:TCP"= 56799:TCP:Pando Media Booster "56799:UDP"= 56799:UDP:Pando Media Booster "21688:TCP"= 21688:TCP:@xpsp2res.dll,-22009 "56191:TCP"= 56191:TCP:Pando Media Booster "56191:UDP"= 56191:UDP:Pando Media Booster "57819:TCP"= 57819:TCP:Pando Media Booster "57819:UDP"= 57819:UDP:Pando Media Booster . R0 avc3;avc3;c:\windows\system32\drivers\avc3.sys [20/03/2012 20:22 611520] R1 BDVEDISK;BDVEDISK;c:\windows\system32\drivers\bdvedisk.sys [19/01/2010 19:32 85128] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 09:27 12880] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 14:55 67664] R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [11/08/2011 16:38 116608] R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [18/03/2012 05:49 21992] R2 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [24/11/2010 07:07 20088] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [08/07/2011 13:25 654408] R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [10/03/2012 02:27 1262400] R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [18/06/2012 09:32 793048] R2 UPDATESRV;BitDefender Desktop Update Service;c:\program files\BitDefender\Bitdefender 2012\updatesrv.exe [13/03/2012 18:24 53224] R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [04/08/2008 05:21 37376] R3 avchv;avchv Function Driver;c:\windows\system32\drivers\avchv.sys [25/11/2011 14:59 240184] R3 AVerBDA3x;AVerMedia SAA713x BDA Service;c:\windows\system32\drivers\AVerBDA3x.sys [04/08/2008 05:38 1180672] R3 kbdcap;kbdcap;c:\windows\system32\drivers\KbdCap.sys [14/09/2010 11:21 109440] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [08/07/2011 13:25 22344] S0 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?] S2 CardBusService;CardBusService;c:\program files\Common Files\AVerMedia\Service\CardBusService.exe [04/08/2008 07:18 188416] S2 gupdate1ca19f0d79b2096;Storitev Google Update Service (gupdate1ca19f0d79b2096);c:\program files\Google\Update\GoogleUpdate.exe [10/08/2009 12:29 133104] S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [19/07/2009 09:01 247096] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [19/04/2012 06:28 257224] S3 avckf;avckf;c:\windows\system32\drivers\avckf.sys [17/02/2012 16:45 447208] S3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys --> c:\windows\system32\drivers\bdfm.sys [?] S3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\bdfndisf.sys --> c:\windows\system32\DRIVERS\bdfndisf.sys [?] S3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys [17/11/2011 17:38 63056] S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18/12/2009 03:58 11336] S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [17/06/2012 15:45 23456] S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [02/10/2009 08:46 36608] S3 GEMC001;GEMC001;C:\GEMC001.sys [18/03/2012 09:32 72136] S3 GEMC002;GEMC002;C:\GEMC002.sys [19/03/2012 01:19 72136] S3 GEMC003;GEMC003;C:\GEMC003.sys [18/03/2012 09:32 72136] S3 GEMC004;GEMC004;C:\GEMC004.sys [19/03/2012 01:20 72136] S3 GEMC005;GEMC005;C:\GEMC005.sys [18/03/2012 09:37 72136] S3 GEMC007;GEMC007;C:\GEMC007.sys [18/03/2012 11:24 72136] S3 GEMC009;GEMC009;C:\GEMC009.sys [18/03/2012 14:44 72136] S3 GEMC011;GEMC011;C:\GEMC011.sys [29/03/2012 01:53 72136] S3 gupdatem;Storitev Posodobitve za Google (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/08/2009 12:29 133104] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [29/07/2011 13:07 27064] S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\DRIVERS\wg111v2.sys --> c:\windows\system32\DRIVERS\wg111v2.sys [?] S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\drivers\s816bus.sys [07/08/2008 06:27 81832] S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\drivers\s816mdfl.sys [07/08/2008 06:27 13864] S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\drivers\s816mdm.sys [07/08/2008 06:27 107304] S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s816mgmt.sys [07/08/2008 06:27 99112] S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\drivers\s816nd5.sys [07/08/2008 06:28 21928] S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\drivers\s816obex.sys [07/08/2008 06:27 97320] S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\drivers\s816unic.sys [07/08/2008 06:27 97704] S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 04:37 517096] S3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\BitDefender\Bitdefender Arrakis Server\bin\arrakis3.exe [14/10/2011 23:57 307544] S3 vtany;vtany;\??\c:\windows\vtany.sys --> c:\windows\vtany.sys [?] S3 XDva190;XDva190;\??\c:\windows\system32\XDva190.sys --> c:\windows\system32\XDva190.sys [?] S3 XDva275;XDva275;\??\c:\windows\system32\XDva275.sys --> c:\windows\system32\XDva275.sys [?] S3 XDva279;XDva279;\??\c:\windows\system32\XDva279.sys --> c:\windows\system32\XDva279.sys [?] S3 XDva288;XDva288;\??\c:\windows\system32\XDva288.sys --> c:\windows\system32\XDva288.sys [?] S3 XDva351;XDva351;\??\c:\windows\system32\XDva351.sys --> c:\windows\system32\XDva351.sys [?] S3 XDva380;XDva380;\??\c:\windows\system32\XDva380.sys --> c:\windows\system32\XDva380.sys [?] S3 XDva385;XDva385;\??\c:\windows\system32\XDva385.sys --> c:\windows\system32\XDva385.sys [?] S3 XDva387;XDva387;\??\c:\windows\system32\XDva387.sys --> c:\windows\system32\XDva387.sys [?] S3 XDva389;XDva389;\??\c:\windows\system32\XDva389.sys --> c:\windows\system32\XDva389.sys [?] S3 XDva391;XDva391;\??\c:\windows\system32\XDva391.sys --> c:\windows\system32\XDva391.sys [?] S3 XDva392;XDva392;\??\c:\windows\system32\XDva392.sys --> c:\windows\system32\XDva392.sys [?] S3 XDva393;XDva393;\??\c:\windows\system32\XDva393.sys --> c:\windows\system32\XDva393.sys [?] S3 XDva394;XDva394;\??\c:\windows\system32\XDva394.sys --> c:\windows\system32\XDva394.sys [?] S3 xhunter1;xhunter1;\??\c:\windows\xhunter1.sys --> c:\windows\xhunter1.sys [?] S4 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [02/10/2009 08:46 233472] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bdx REG_MULTI_SZ scan . Contents of the 'Scheduled Tasks' folder . 2012-06-21 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 13:55] . 2012-06-09 c:\windows\Tasks\AdobeAAMUpdater-1.0-SILVO1-Nadja.job - c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-08-27 01:44] . 2012-06-09 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] . 2012-06-14 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-22 11:56] . 2012-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd08335e74765c.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-10 19:29] . 2012-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-10 19:29] . 2012-06-21 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1060284298-362288127-839522115-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 15:45] . 2012-06-21 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1060284298-362288127-839522115-1005.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 15:45] . 2012-06-21 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1060284298-362288127-839522115-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 15:45] . 2012-06-03 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1060284298-362288127-839522115-1005.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 15:45] . 2012-06-21 c:\windows\Tasks\RMAutoUpdate.job - c:\program files\PC Tools Registry Mechanic\SULauncher.exe [2012-06-18 21:08] . 2012-06-21 c:\windows\Tasks\RMSchedule.job - c:\program files\PC Tools Registry Mechanic\RegMech.exe [2012-06-18 21:08] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ mStart Page = about:blank IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: Interfaces\{BC30E4D0-6780-42EB-9733-F8D55434BB60}: NameServer = 193.189.160.13,193.189.160.23 DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://disteng.nefficient.com/disteng/neffy/NeffyLauncher.cab FF - ProfilePath - c:\documents and settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-06-21 08:24 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1060284298-362288127-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "??"=hex:8c,33,68,01,b0,79,c2,6e,8d,dc,26,ec,bc,fc,38,92,35,0c,fd,60,4a,41,50, 25,12,86,a3,7a,91,f7,42,11,72,ce,ce,7f,c7,a7,c1,ed,98,dc,c7,bc,52,4b,d4,c4,\ "??"=hex:8c,2e,ba,30,30,f7,7b,cf,e6,5b,fc,8c,37,11,23,7d . [HKEY_USERS\S-1-5-21-1060284298-362288127-839522115-1003\Software\SecuROM\License information*] "datasecu"=hex:c4,43,8b,be,c7,fb,7c,e8,d1,c0,c4,1d,7b,4a,fb,8d,e0,b8,8f,23,f5, 34,38,31,7a,41,71,bd,57,6c,84,13,02,db,70,67,05,d1,fd,38,83,6d,9d,d4,39,4e,\ "rkeysecu"=hex:8b,72,cf,6f,94,82,52,08,a8,f0,54,62,b4,bb,5f,33 . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(2680) c:\windows\system32\WININET.dll c:\program files\Logitech\SetPoint\lgscroll.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll c:\windows\system32\msi.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Bitdefender\Bitdefender 2012\vsserv.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe c:\windows\system32\npkcmsvc.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\PnkBstrA.exe c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\windows\system32\RunDLL32.exe c:\windows\RTHDCPL.EXE c:\program files\Common Files\Teleca Shared\Generic.exe c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE . ************************************************************************** . Completion time: 2012-06-21 08:31:03 - machine was rebooted ComboFix-quarantined-files.txt 2012-06-21 15:30 ComboFix2.txt 2012-06-21 14:57 ComboFix3.txt 2012-06-21 14:40 ComboFix4.txt 2012-06-21 13:42 . Pre-Run: 115,620,388,864 bytes free Post-Run: 115,601,391,616 prosto bajtov . - - End Of File - - 685CCFC30CF4EA22AA414C870FE2CD89
  13. . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_33 Run by Silvo at 8:06:19 on 2012-06-21 Microsoft Windows XP Professional 5.1.2600.3.1250.386.1033.18.3327.2498 [GMT -7:00] . AV: Bitdefender Antivirus *Disabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB} . ============== Running Processes =============== . C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\SUPERAntiSpyware\SASCORE.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\WINDOWS\system32\npkcmsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe C:\WINDOWS\system32\PnkBstrA.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\program files\real\realplayer\update\realsched.exe C:\WINDOWS\system32\RunDLL32.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Bitdefender\Bitdefender 2012\downloader.exe C:\Program Files\DAEMON Tools Pro\DTProShellHlp.exe C:\Program Files\Google\Chrome\Application\chrome.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ mStart Page = about:blank uURLSearchHooks: H - No File uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - mURLSearchHooks: H - No File mURLSearchHooks: H - No File mURLSearchHooks: H - No File mURLSearchHooks: H - No File mURLSearchHooks: H - No File BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Windows Live - Pomoc pri vpisu: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll TB: {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - No File TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File uRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\nTuneCmd.exe" clear mRun: [sony Ericsson PC Suite] "c:\program files\sony ericsson\mobile2\application launcher\Application Launcher.exe" /startoptions mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe" mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE mRun: [skyTel] SkyTel.EXE mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [bDAgent] "c:\program files\bitdefender\bitdefender 2012\bdagent.exe" mRun: [RTHDCPL] RTHDCPL.EXE dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t dRunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 dRunOnce: [RunNarrator] Narrator.exe mExplorerRun: [AFEC-CEAB] c:\documents and settings\silvo\application data\Seven.exe StartupFolder: c:\docume~1\silvo\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\averqu~1.lnk - c:\program files\common files\avermedia\averquick\AVerQuick.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - c:\program files\icq7.2\ICQ.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.srtest.com/srl_bin/sysreqlab3.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1217854800937 DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} - hxxp://www.acclaim.com/cabs/acclaim_v4.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1217854781968 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://disteng.nefficient.com/disteng/neffy/NeffyLauncher.cab DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} - hxxp://update.nprotect.net/keycrypt/cabal/npkcx_inca.cab DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab TCP: Interfaces\{BC30E4D0-6780-42EB-9733-F8D55434BB60} : NameServer = 193.189.160.13,193.189.160.23 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\silvo\application data\mozilla\firefox\profiles\keudrcdb.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ . ============= SERVICES / DRIVERS =============== . R0 avc3;avc3;c:\windows\system32\drivers\avc3.sys [2012-3-20 611520] R1 BDVEDISK;BDVEDISK;c:\windows\system32\drivers\bdvedisk.sys [2010-1-19 85128] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664] R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608] R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2012-3-18 21992] R2 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\hwinfo32\HWiNFO32.SYS [2010-11-24 20088] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-7-8 654408] R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-3-10 1262400] R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2012-6-18 793048] R2 UPDATESRV;BitDefender Desktop Update Service;c:\program files\bitdefender\bitdefender 2012\updatesrv.exe [2012-3-13 53224] R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [2008-8-4 37376] R3 avchv;avchv Function Driver;c:\windows\system32\drivers\avchv.sys [2011-11-25 240184] R3 AVerBDA3x;AVerMedia SAA713x BDA Service;c:\windows\system32\drivers\AVerBDA3x.sys [2008-8-4 1180672] R3 kbdcap;kbdcap;c:\windows\system32\drivers\KbdCap.sys [2010-9-14 109440] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-7-8 22344] S2 CardBusService;CardBusService;c:\program files\common files\avermedia\service\CardBusService.exe [2008-8-4 188416] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate1ca19f0d79b2096;Storitev Google Update Service (gupdate1ca19f0d79b2096);c:\program files\google\update\GoogleUpdate.exe [2009-8-10 133104] S2 ICQ Service;ICQ Service;c:\program files\icq6toolbar\ICQ Service.exe [2009-7-19 247096] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-19 257224] S3 avckf;avckf;c:\windows\system32\drivers\avckf.sys [2012-2-17 447208] S3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys --> c:\windows\system32\drivers\bdfm.sys [?] S3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys --> c:\windows\system32\drivers\bdfndisf.sys [?] S3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys [2011-11-17 63056] S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336] S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2012-6-17 23456] S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2009-10-2 36608] S3 GEMC001;GEMC001;C:\GEMC001.sys [2012-3-18 72136] S3 GEMC002;GEMC002;C:\GEMC002.sys [2012-3-19 72136] S3 GEMC003;GEMC003;C:\GEMC003.sys [2012-3-18 72136] S3 GEMC004;GEMC004;C:\GEMC004.sys [2012-3-19 72136] S3 GEMC005;GEMC005;C:\GEMC005.sys [2012-3-18 72136] S3 GEMC007;GEMC007;C:\GEMC007.sys [2012-3-18 72136] S3 GEMC009;GEMC009;C:\GEMC009.sys [2012-3-18 72136] S3 GEMC011;GEMC011;C:\GEMC011.sys [2012-3-29 72136] S3 gupdatem;Storitev Posodobitve za Google (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-8-10 133104] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-7-29 27064] S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys --> c:\windows\system32\drivers\wg111v2.sys [?] S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\drivers\s816bus.sys [2008-8-7 81832] S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\drivers\s816mdfl.sys [2008-8-7 13864] S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\drivers\s816mdm.sys [2008-8-7 107304] S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s816mgmt.sys [2008-8-7 99112] S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\drivers\s816nd5.sys [2008-8-7 21928] S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\drivers\s816obex.sys [2008-8-7 97320] S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\drivers\s816unic.sys [2008-8-7 97704] S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096] S3 Update Server;BitDefender Update Server v2;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe [2011-10-14 307544] S3 vtany;vtany;\??\c:\windows\vtany.sys --> c:\windows\vtany.sys [?] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] S3 XDva190;XDva190;\??\c:\windows\system32\xdva190.sys --> c:\windows\system32\XDva190.sys [?] S3 XDva275;XDva275;\??\c:\windows\system32\xdva275.sys --> c:\windows\system32\XDva275.sys [?] S3 XDva279;XDva279;\??\c:\windows\system32\xdva279.sys --> c:\windows\system32\XDva279.sys [?] S3 XDva288;XDva288;\??\c:\windows\system32\xdva288.sys --> c:\windows\system32\XDva288.sys [?] S3 XDva351;XDva351;\??\c:\windows\system32\xdva351.sys --> c:\windows\system32\XDva351.sys [?] S3 XDva380;XDva380;\??\c:\windows\system32\xdva380.sys --> c:\windows\system32\XDva380.sys [?] S3 XDva385;XDva385;\??\c:\windows\system32\xdva385.sys --> c:\windows\system32\XDva385.sys [?] S3 XDva387;XDva387;\??\c:\windows\system32\xdva387.sys --> c:\windows\system32\XDva387.sys [?] S3 XDva389;XDva389;\??\c:\windows\system32\xdva389.sys --> c:\windows\system32\XDva389.sys [?] S3 XDva391;XDva391;\??\c:\windows\system32\xdva391.sys --> c:\windows\system32\XDva391.sys [?] S3 XDva392;XDva392;\??\c:\windows\system32\xdva392.sys --> c:\windows\system32\XDva392.sys [?] S3 XDva393;XDva393;\??\c:\windows\system32\xdva393.sys --> c:\windows\system32\XDva393.sys [?] S3 XDva394;XDva394;\??\c:\windows\system32\xdva394.sys --> c:\windows\system32\XDva394.sys [?] S3 xhunter1;xhunter1;\??\c:\windows\xhunter1.sys --> c:\windows\xhunter1.sys [?] S4 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-10-2 233472] . =============== Created Last 30 ================ . 2012-06-21 13:16:14 98816 ----a-w- c:\windows\sed.exe 2012-06-21 13:16:14 518144 ----a-w- c:\windows\SWREG.exe 2012-06-21 13:16:14 256000 ----a-w- c:\windows\PEV.exe 2012-06-21 13:16:14 208896 ----a-w- c:\windows\MBR.exe 2012-06-21 12:52:27 -------- d-sha-r- C:\cmdcons 2012-06-21 10:57:51 -------- d-----w- C:\TDSSKiller_Quarantine 2012-06-20 16:45:33 69632 ----a-w- c:\windows\Alcmtr.exe 2012-06-19 08:47:00 14080 ----a-w- c:\windows\system32\drivers\TrueSight.sys 2012-06-18 16:32:01 880640 ----a-w- c:\windows\system32\UniBox10.ocx 2012-06-18 16:32:01 658432 ----a-w- c:\windows\system32\MSCOMCT2.OCX 2012-06-18 16:32:01 37336 ----a-w- c:\windows\system32\CleanMFT32.exe 2012-06-18 16:32:01 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx 2012-06-18 16:32:01 1101824 ----a-w- c:\windows\system32\UniBox210.ocx 2012-06-18 16:31:58 -------- d-----w- c:\program files\PC Tools Registry Mechanic 2012-06-18 16:31:58 -------- d-----w- c:\program files\common files\PC Tools 2012-06-18 09:16:01 -------- d-----w- c:\documents and settings\silvo\local settings\application data\Opera 2012-06-17 22:45:24 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys 2012-06-17 22:45:24 -------- d-----w- c:\documents and settings\silvo\local settings\application data\eSupport.com 2012-06-17 21:44:55 -------- d-----w- C:\Rbackup 2012-06-17 21:41:22 -------- d-----w- c:\program files\Perfect Uninstaller 2012-06-15 10:36:04 340624 ----a-w- c:\windows\system32\drivers\trufos.sys 2012-06-15 10:36:03 360976 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys 2012-06-15 10:04:12 -------- d-----w- c:\documents and settings\all users\application data\BDLogging 2012-06-15 10:03:38 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll 2012-06-15 10:03:13 -------- d-----w- c:\documents and settings\silvo\application data\Bitdefender 2012-06-15 10:00:58 -------- d-----w- c:\documents and settings\silvo\application data\QuickScan 2012-06-15 09:20:02 73728 ----a-w- c:\windows\system32\javacpl.cpl 2012-06-15 09:20:02 476936 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-05-23 19:45:13 -------- d-----w- c:\documents and settings\silvo\application data\Mumble 2012-05-23 19:33:50 -------- d-----w- c:\program files\Mumble . ==================== Find3M ==================== . 2012-06-21 11:02:34 36352 ----a-w- c:\windows\system32\drivers\disk.sys 2012-06-15 09:19:51 472840 ----a-w- c:\windows\system32\deployJava1.dll 2012-06-14 13:55:14 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-14 13:55:13 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-05-25 13:12:36 1074636 ----a-w- c:\windows\system32\nvdrsdb0.bin 2012-05-25 13:12:36 1 ----a-w- c:\windows\system32\nvdrssel.bin 2012-05-25 13:09:16 1074636 ----a-w- c:\windows\system32\nvdrsdb1.bin 2012-05-15 10:18:00 883008 ----a-w- c:\windows\system32\nvgenco32.dll 2012-05-15 10:18:00 65536 ----a-w- c:\windows\system32\OpenCL.dll 2012-05-15 10:18:00 6012928 ----a-w- c:\windows\system32\nvcuda.dll 2012-05-15 10:18:00 4373248 ----a-w- c:\windows\system32\nv4_disp.dll 2012-05-15 10:18:00 2530624 ----a-w- c:\windows\system32\nvcuvid.dll 2012-05-15 10:18:00 2445120 ----a-w- c:\windows\system32\nvcuvenc.dll 2012-05-15 10:18:00 2359808 ----a-w- c:\windows\system32\nvapi.dll 2012-05-15 10:18:00 18771968 ----a-w- c:\windows\system32\nvoglnt.dll 2012-05-15 10:18:00 17543168 ----a-w- c:\windows\system32\nvcompiler.dll 2012-05-15 10:18:00 14014656 ----a-w- c:\windows\system32\drivers\nv4_mini.sys 2012-05-15 10:18:00 1000768 ----a-w- c:\windows\system32\nvdispco32.dll 2012-05-15 09:40:26 54272 ----a-w- c:\windows\system32\nvwddi.dll 2012-05-15 09:40:02 15504192 ----a-w- c:\windows\system32\nvcpl.dll 2012-05-15 09:40:02 143680 ----a-w- c:\windows\system32\nvcolor.exe 2012-05-15 09:40:01 164160 ----a-w- c:\windows\system32\nvsvc32.exe 2012-05-15 09:40:01 108352 ----a-w- c:\windows\system32\nvmctray.dll 2012-04-04 13:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-29 08:53:35 72136 ----a-w- C:\GEMC011.sys 2012-03-24 15:51:51 72136 ----a-w- C:\GEMC009.sys 2012-03-24 15:47:39 72136 ----a-w- C:\GEMC005.sys 2012-03-24 15:45:49 72136 ----a-w- C:\GEMC003.sys 2012-03-24 15:45:20 72136 ----a-w- C:\GEMC001.sys 2011-11-21 22:19:43 86405736 ----a-w- c:\program files\APB_Reloaded_Installer.exe . ============= FINISH: 8:06:36.78 ===============
  14. ComboFix 12-06-21.01 - Silvo 21/06/2012 7:49.4.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1250.386.1033.18.3327.2658 [GMT -7:00] Running from: c:\documents and settings\Silvo\My Documents\Downloads\ComboFix.exe Command switches used :: c:\documents and settings\Silvo\My Documents\Downloads\CFScript.txt AV: Bitdefender Antivirus *Disabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB} . FILE :: "c:\documents and settings\Silvo\Application Data\Seven.exe" . . ((((((((((((((((((((((((( Files Created from 2012-05-21 to 2012-06-21 ))))))))))))))))))))))))))))))) . . 2012-06-21 10:57 . 2012-06-21 10:57 -------- d-----w- C:\TDSSKiller_Quarantine 2012-06-20 21:00 . 2012-06-20 23:05 -------- d-----w- c:\documents and settings\Silvo\Application Data\vlc 2012-06-20 16:45 . 2005-05-04 01:43 69632 ----a-w- c:\windows\Alcmtr.exe 2012-06-19 08:47 . 2012-06-19 08:47 14080 ----a-w- c:\windows\system32\drivers\TrueSight.sys 2012-06-18 16:32 . 2012-04-26 21:08 37336 ----a-w- c:\windows\system32\CleanMFT32.exe 2012-06-18 16:32 . 2008-09-18 04:17 658432 ----a-w- c:\windows\system32\MSCOMCT2.OCX 2012-06-18 16:32 . 2008-04-02 22:54 1101824 ----a-w- c:\windows\system32\UniBox210.ocx 2012-06-18 16:32 . 2008-04-02 22:53 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx 2012-06-18 16:32 . 2008-04-02 22:53 880640 ----a-w- c:\windows\system32\UniBox10.ocx 2012-06-18 16:31 . 2012-06-18 16:33 -------- d-----w- c:\program files\PC Tools Registry Mechanic 2012-06-18 16:31 . 2012-06-18 16:32 -------- d-----w- c:\program files\Common Files\PC Tools 2012-06-18 09:16 . 2012-06-18 09:16 -------- d-----w- c:\documents and settings\Silvo\Local Settings\Application Data\Opera 2012-06-18 09:15 . 2012-06-18 09:16 -------- d-----w- c:\program files\Opera 2012-06-17 22:45 . 2012-06-17 22:45 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys 2012-06-17 22:45 . 2012-06-17 22:45 -------- d-----w- c:\documents and settings\Silvo\Local Settings\Application Data\eSupport.com 2012-06-17 21:44 . 2012-06-17 21:44 -------- d-----w- C:\Rbackup 2012-06-17 21:41 . 2012-06-18 09:52 -------- d-----w- c:\program files\Perfect Uninstaller 2012-06-16 22:44 . 2012-06-16 22:44 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\QuickScan 2012-06-16 21:19 . 2012-06-16 21:19 -------- d-----w- c:\documents and settings\Maja\Application Data\Bitdefender 2012-06-15 10:36 . 2012-06-15 10:36 340624 ----a-w- c:\windows\system32\drivers\trufos.sys 2012-06-15 10:36 . 2012-06-15 10:36 360976 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys 2012-06-15 10:04 . 2012-06-15 10:04 -------- d-----w- c:\documents and settings\All Users\Application Data\BDLogging 2012-06-15 10:03 . 2008-11-08 01:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll 2012-06-15 10:03 . 2012-06-15 10:03 -------- d-----w- c:\documents and settings\Silvo\Application Data\Bitdefender 2012-06-15 10:00 . 2012-06-15 10:00 -------- d-----w- c:\documents and settings\Silvo\Application Data\QuickScan 2012-06-15 09:20 . 2012-06-15 09:19 73728 ----a-w- c:\windows\system32\javacpl.cpl 2012-06-15 09:20 . 2012-06-15 09:19 476936 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-06-15 09:19 . 2012-06-15 09:19 -------- d-----w- c:\program files\Java 2012-05-23 19:45 . 2012-06-16 22:40 -------- d-----w- c:\documents and settings\Silvo\Application Data\Mumble 2012-05-23 19:33 . 2012-05-23 19:44 -------- d-----w- c:\program files\Mumble . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-21 11:02 . 2004-08-03 21:59 36352 ----a-w- c:\windows\system32\drivers\disk.sys 2012-06-15 09:19 . 2011-11-10 13:40 472840 ----a-w- c:\windows\system32\deployJava1.dll 2012-06-14 13:55 . 2012-04-19 13:28 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-14 13:55 . 2011-05-22 20:57 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-05-15 10:18 . 2012-03-10 09:11 883008 ----a-w- c:\windows\system32\nvgenco32.dll 2012-05-15 10:18 . 2012-03-10 09:11 65536 ----a-w- c:\windows\system32\OpenCL.dll 2012-05-15 10:18 . 2012-03-10 09:11 1000768 ----a-w- c:\windows\system32\nvdispco32.dll 2012-05-15 10:18 . 2012-03-10 09:11 17543168 ----a-w- c:\windows\system32\nvcompiler.dll 2012-05-15 10:18 . 2009-08-11 09:20 2530624 ----a-w- c:\windows\system32\nvcuvid.dll 2012-05-15 10:18 . 2009-08-11 09:20 2445120 ----a-w- c:\windows\system32\nvcuvenc.dll 2012-05-15 10:18 . 2008-08-04 12:27 18771968 ----a-w- c:\windows\system32\nvoglnt.dll 2012-05-15 10:18 . 2008-08-04 12:27 6012928 ----a-w- c:\windows\system32\nvcuda.dll 2012-05-15 10:18 . 2008-08-04 12:27 2359808 ----a-w- c:\windows\system32\nvapi.dll 2012-05-15 10:18 . 2008-08-04 12:27 14014656 ----a-w- c:\windows\system32\drivers\nv4_mini.sys 2012-05-15 10:18 . 2008-08-04 12:27 4373248 ----a-w- c:\windows\system32\nv4_disp.dll 2012-05-15 09:43 . 2008-08-04 12:27 229376 ----a-w- c:\windows\system32\nvrszhc.dll 2012-05-15 09:43 . 2008-08-04 12:27 282624 ----a-w- c:\windows\system32\nvrsit.dll 2012-05-15 09:43 . 2008-08-04 12:27 253952 ----a-w- c:\windows\system32\nvrsth.dll 2012-05-15 09:43 . 2008-08-04 12:27 253952 ----a-w- c:\windows\system32\nvrssv.dll 2012-05-15 09:43 . 2008-08-04 12:27 126976 ----a-w- c:\windows\system32\nvrszht.dll 2012-05-15 09:43 . 2008-08-04 12:27 274432 ----a-w- c:\windows\system32\nvrsnl.dll 2012-05-15 09:43 . 2008-08-04 12:27 266240 ----a-w- c:\windows\system32\nvrsko.dll 2012-05-15 09:43 . 2008-08-04 12:27 335872 ----a-w- c:\windows\system32\nvrsar.dll 2012-05-15 09:43 . 2008-08-04 12:27 282624 ----a-w- c:\windows\system32\nvrsel.dll 2012-05-15 09:43 . 2008-08-04 12:27 274432 ----a-w- c:\windows\system32\nvrsesm.dll 2012-05-15 09:43 . 2008-08-04 12:27 249856 ----a-w- c:\windows\system32\nvrseng.dll 2012-05-15 09:43 . 2008-08-04 12:27 335872 ----a-w- c:\windows\system32\nvrshe.dll 2012-05-15 09:43 . 2008-08-04 12:27 286720 ----a-w- c:\windows\system32\nvrsfr.dll 2012-05-15 09:43 . 2008-08-04 12:27 274432 ----a-w- c:\windows\system32\nvrspt.dll 2012-05-15 09:43 . 2008-08-04 12:27 258048 ----a-w- c:\windows\system32\nvrssl.dll 2012-05-15 09:43 . 2008-08-04 12:27 253952 ----a-w- c:\windows\system32\nvrsno.dll 2012-05-15 09:43 . 2008-08-04 12:27 249856 ----a-w- c:\windows\system32\nvrsfi.dll 2012-05-15 09:43 . 2008-08-04 12:27 282624 ----a-w- c:\windows\system32\nvrses.dll 2012-05-15 09:43 . 2008-08-04 12:27 270336 ----a-w- c:\windows\system32\nvrsru.dll 2012-05-15 09:43 . 2008-08-04 12:27 258048 ----a-w- c:\windows\system32\nvrssk.dll 2012-05-15 09:43 . 2008-08-04 12:27 262144 ----a-w- c:\windows\system32\nvrshu.dll 2012-05-15 09:43 . 2008-08-04 12:27 258048 ----a-w- c:\windows\system32\nvrstr.dll 2012-05-15 09:43 . 2008-08-04 12:27 253952 ----a-w- c:\windows\system32\nvrsda.dll 2012-05-15 09:43 . 2008-08-04 12:27 274432 ----a-w- c:\windows\system32\nvrsja.dll 2012-05-15 09:43 . 2008-08-04 12:27 258048 ----a-w- c:\windows\system32\nvrspl.dll 2012-05-15 09:43 . 2008-08-04 12:27 270336 ----a-w- c:\windows\system32\nvrsptb.dll 2012-05-15 09:43 . 2008-08-04 12:27 278528 ----a-w- c:\windows\system32\nvrsde.dll 2012-05-15 09:43 . 2008-08-04 12:27 249856 ----a-w- c:\windows\system32\nvrscs.dll 2012-05-15 09:40 . 2009-07-14 11:35 54272 ----a-w- c:\windows\system32\nvwddi.dll 2012-05-15 09:40 . 2009-07-14 11:34 15504192 ----a-w- c:\windows\system32\nvcpl.dll 2012-05-15 09:40 . 2009-07-14 11:34 143680 ----a-w- c:\windows\system32\nvcolor.exe 2012-05-15 09:40 . 2009-07-14 11:34 164160 ----a-w- c:\windows\system32\nvsvc32.exe 2012-05-15 09:40 . 2009-07-14 11:34 108352 ----a-w- c:\windows\system32\nvmctray.dll 2012-04-04 13:56 . 2011-07-08 20:25 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-29 08:53 . 2012-03-29 08:53 72136 ----a-w- C:\GEMC011.sys 2012-03-24 15:51 . 2012-03-18 21:44 72136 ----a-w- C:\GEMC009.sys 2012-03-24 15:47 . 2012-03-18 16:37 72136 ----a-w- C:\GEMC005.sys 2012-03-24 15:45 . 2012-03-18 16:32 72136 ----a-w- C:\GEMC003.sys 2012-03-24 15:45 . 2012-03-18 16:32 72136 ----a-w- C:\GEMC001.sys 2011-11-21 22:19 . 2011-11-21 21:27 86405736 ----a-w- c:\program files\APB_Reloaded_Installer.exe 2012-02-19 12:56 . 2011-05-05 22:11 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2008-08-13 17:02 . 2008-08-13 17:02 35840 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-06-21_13.32.02 ))))))))))))))))))))))))))))))))))))))))) . + 2012-06-21 14:34 . 2012-06-21 14:34 16384 c:\windows\Temp\Perflib_Perfdata_2c8.dat + 2008-08-04 12:12 . 2012-06-21 14:33 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat - 2008-08-04 12:12 . 2012-06-21 13:30 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2008-08-04 12:12 . 2012-06-21 14:33 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2008-08-04 12:12 . 2012-06-21 13:30 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2008-08-04 12:12 . 2012-06-21 14:33 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat - 2008-08-04 12:12 . 2012-06-21 13:30 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 528384] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824] "SkyTel"="SkyTel.EXE" [2006-05-17 2879488] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-04-15 296056] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-05-15 15504192] "NvMediaCenter"="NvMCTray.dll" [2012-05-15 108352] "nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-05-15 1634112] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "BDAgent"="c:\program files\Bitdefender\Bitdefender 2012\bdagent.exe" [2012-03-22 1183616] "RTHDCPL"="RTHDCPL.EXE" [2007-03-08 16125952] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "ShowDeskFix"="shell32" [X] "RunNarrator"="Narrator.exe" [2008-04-14 53760] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run] "AFEC-CEAB"="c:\documents and settings\Silvo\Application Data\Seven.exe" [bU] . c:\documents and settings\Maja\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\documents and settings\Silvo_2\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\documents and settings\Silvo\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ AVerQuick.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2008-8-4 618496] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-2-25 813584] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk backup=c:\windows\pss\GamersFirst LIVE!.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk backup=c:\windows\pss\McAfee Security Scan.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^Silvo^Start Menu^Programs^Startup^MagicDisc.lnk] path=c:\documents and settings\Silvo\Start Menu\Programs\Startup\MagicDisc.lnk backup=c:\windows\pss\MagicDisc.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^Silvo^Start Menu^Programs^Startup^Xfire.lnk] path=c:\documents and settings\Silvo\Start Menu\Programs\Startup\Xfire.lnk backup=c:\windows\pss\Xfire.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe] 2007-06-29 13:03 36864 ----a-w- c:\program files\GameSpy\Comrade\Comrade.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2008-07-24 15:02 490952 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware] 2012-04-04 13:56 462408 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2010-04-16 21:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2009-01-29 13:01 23975720 ----a-r- c:\program files\Skype\Phone\Skype.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] 2012-06-14 13:42 3905920 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "scan"=3 (0x3) "LIVESRV"=2 (0x2) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\Games-Masters.com\\CABAL Online (Europe)\\launcher\\update\\ESTdnheadless.exe"= "c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"= "c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"= "c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"= "c:\\Program Files\\Steam\\Steam.exe"= "c:\\Program Files\\Microsoft Games\\Halo 2\\halo2.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\ICQ7.2\\ICQ.exe"= "c:\\Program Files\\ICQ7.2\\aolload.exe"= "c:\\Program Files\\Xfire\\Xfire.exe"= "c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"= "c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"= "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\apb reloaded\\Launcher\\APBLauncher.exe"= "c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\apb reloaded\\Binaries\\APB.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\apb reloaded\\Binaries\\VivoxVoiceService.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"= "c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"= "c:\\Program Files\\tera fake\\TERA-Launcher.exe"= "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"= "c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"= "c:\\Program Files\\Opera\\pluginwrapper\\opera_plugin_wrapper.exe"= "c:\\Program Files\\Opera\\opera.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "57769:TCP"= 57769:TCP:Pando Media Booster "57769:UDP"= 57769:UDP:Pando Media Booster "57495:TCP"= 57495:TCP:Pando Media Booster "57495:UDP"= 57495:UDP:Pando Media Booster "56799:TCP"= 56799:TCP:Pando Media Booster "56799:UDP"= 56799:UDP:Pando Media Booster "21688:TCP"= 21688:TCP:@xpsp2res.dll,-22009 "56191:TCP"= 56191:TCP:Pando Media Booster "56191:UDP"= 56191:UDP:Pando Media Booster "57819:TCP"= 57819:TCP:Pando Media Booster "57819:UDP"= 57819:UDP:Pando Media Booster . R0 avc3;avc3;c:\windows\system32\drivers\avc3.sys [20/03/2012 20:22 611520] R1 BDVEDISK;BDVEDISK;c:\windows\system32\drivers\bdvedisk.sys [19/01/2010 19:32 85128] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 09:27 12880] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 14:55 67664] R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [11/08/2011 16:38 116608] R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [18/03/2012 05:49 21992] R2 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [24/11/2010 07:07 20088] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [08/07/2011 13:25 654408] R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [10/03/2012 02:27 1262400] R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [18/06/2012 09:32 793048] R2 UPDATESRV;BitDefender Desktop Update Service;c:\program files\BitDefender\Bitdefender 2012\updatesrv.exe [13/03/2012 18:24 53224] R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [04/08/2008 05:21 37376] R3 avchv;avchv Function Driver;c:\windows\system32\drivers\avchv.sys [25/11/2011 14:59 240184] R3 AVerBDA3x;AVerMedia SAA713x BDA Service;c:\windows\system32\drivers\AVerBDA3x.sys [04/08/2008 05:38 1180672] R3 kbdcap;kbdcap;c:\windows\system32\drivers\KbdCap.sys [14/09/2010 11:21 109440] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [08/07/2011 13:25 22344] S0 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?] S2 CardBusService;CardBusService;c:\program files\Common Files\AVerMedia\Service\CardBusService.exe [04/08/2008 07:18 188416] S2 gupdate1ca19f0d79b2096;Storitev Google Update Service (gupdate1ca19f0d79b2096);c:\program files\Google\Update\GoogleUpdate.exe [10/08/2009 12:29 133104] S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [19/07/2009 09:01 247096] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [19/04/2012 06:28 257224] S3 avckf;avckf;c:\windows\system32\drivers\avckf.sys [17/02/2012 16:45 447208] S3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys --> c:\windows\system32\drivers\bdfm.sys [?] S3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\bdfndisf.sys --> c:\windows\system32\DRIVERS\bdfndisf.sys [?] S3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys [17/11/2011 17:38 63056] S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18/12/2009 03:58 11336] S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [17/06/2012 15:45 23456] S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [02/10/2009 08:46 36608] S3 GEMC001;GEMC001;C:\GEMC001.sys [18/03/2012 09:32 72136] S3 GEMC002;GEMC002;C:\GEMC002.sys [19/03/2012 01:19 72136] S3 GEMC003;GEMC003;C:\GEMC003.sys [18/03/2012 09:32 72136] S3 GEMC004;GEMC004;C:\GEMC004.sys [19/03/2012 01:20 72136] S3 GEMC005;GEMC005;C:\GEMC005.sys [18/03/2012 09:37 72136] S3 GEMC007;GEMC007;C:\GEMC007.sys [18/03/2012 11:24 72136] S3 GEMC009;GEMC009;C:\GEMC009.sys [18/03/2012 14:44 72136] S3 GEMC011;GEMC011;C:\GEMC011.sys [29/03/2012 01:53 72136] S3 gupdatem;Storitev Posodobitve za Google (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/08/2009 12:29 133104] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [29/07/2011 13:07 27064] S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\DRIVERS\wg111v2.sys --> c:\windows\system32\DRIVERS\wg111v2.sys [?] S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\drivers\s816bus.sys [07/08/2008 06:27 81832] S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\drivers\s816mdfl.sys [07/08/2008 06:27 13864] S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\drivers\s816mdm.sys [07/08/2008 06:27 107304] S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s816mgmt.sys [07/08/2008 06:27 99112] S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\drivers\s816nd5.sys [07/08/2008 06:28 21928] S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\drivers\s816obex.sys [07/08/2008 06:27 97320] S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\drivers\s816unic.sys [07/08/2008 06:27 97704] S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 04:37 517096] S3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\BitDefender\Bitdefender Arrakis Server\bin\arrakis3.exe [14/10/2011 23:57 307544] S3 vtany;vtany;\??\c:\windows\vtany.sys --> c:\windows\vtany.sys [?] S3 XDva190;XDva190;\??\c:\windows\system32\XDva190.sys --> c:\windows\system32\XDva190.sys [?] S3 XDva275;XDva275;\??\c:\windows\system32\XDva275.sys --> c:\windows\system32\XDva275.sys [?] S3 XDva279;XDva279;\??\c:\windows\system32\XDva279.sys --> c:\windows\system32\XDva279.sys [?] S3 XDva288;XDva288;\??\c:\windows\system32\XDva288.sys --> c:\windows\system32\XDva288.sys [?] S3 XDva351;XDva351;\??\c:\windows\system32\XDva351.sys --> c:\windows\system32\XDva351.sys [?] S3 XDva380;XDva380;\??\c:\windows\system32\XDva380.sys --> c:\windows\system32\XDva380.sys [?] S3 XDva385;XDva385;\??\c:\windows\system32\XDva385.sys --> c:\windows\system32\XDva385.sys [?] S3 XDva387;XDva387;\??\c:\windows\system32\XDva387.sys --> c:\windows\system32\XDva387.sys [?] S3 XDva389;XDva389;\??\c:\windows\system32\XDva389.sys --> c:\windows\system32\XDva389.sys [?] S3 XDva391;XDva391;\??\c:\windows\system32\XDva391.sys --> c:\windows\system32\XDva391.sys [?] S3 XDva392;XDva392;\??\c:\windows\system32\XDva392.sys --> c:\windows\system32\XDva392.sys [?] S3 XDva393;XDva393;\??\c:\windows\system32\XDva393.sys --> c:\windows\system32\XDva393.sys [?] S3 XDva394;XDva394;\??\c:\windows\system32\XDva394.sys --> c:\windows\system32\XDva394.sys [?] S3 xhunter1;xhunter1;\??\c:\windows\xhunter1.sys --> c:\windows\xhunter1.sys [?] S4 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [02/10/2009 08:46 233472] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bdx REG_MULTI_SZ scan . Contents of the 'Scheduled Tasks' folder . 2012-06-21 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 13:55] . 2012-06-09 c:\windows\Tasks\AdobeAAMUpdater-1.0-SILVO1-Nadja.job - c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-08-27 01:44] . 2012-06-09 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] . 2012-06-14 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-22 11:56] . 2012-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd08335e74765c.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-10 19:29] . 2012-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-10 19:29] . 2012-06-21 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1060284298-362288127-839522115-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 15:45] . 2012-06-21 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1060284298-362288127-839522115-1005.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 15:45] . 2012-06-21 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1060284298-362288127-839522115-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 15:45] . 2012-06-03 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1060284298-362288127-839522115-1005.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 15:45] . 2012-06-21 c:\windows\Tasks\RMAutoUpdate.job - c:\program files\PC Tools Registry Mechanic\SULauncher.exe [2012-06-18 21:08] . 2012-06-21 c:\windows\Tasks\RMSchedule.job - c:\program files\PC Tools Registry Mechanic\RegMech.exe [2012-06-18 21:08] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ mStart Page = about:blank IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: Interfaces\{BC30E4D0-6780-42EB-9733-F8D55434BB60}: NameServer = 193.189.160.13,193.189.160.23 DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://disteng.nefficient.com/disteng/neffy/NeffyLauncher.cab FF - ProfilePath - c:\documents and settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-06-21 07:55 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1060284298-362288127-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "??"=hex:8c,33,68,01,b0,79,c2,6e,8d,dc,26,ec,bc,fc,38,92,35,0c,fd,60,4a,41,50, 25,12,86,a3,7a,91,f7,42,11,72,ce,ce,7f,c7,a7,c1,ed,98,dc,c7,bc,52,4b,d4,c4,\ "??"=hex:8c,2e,ba,30,30,f7,7b,cf,e6,5b,fc,8c,37,11,23,7d . [HKEY_USERS\S-1-5-21-1060284298-362288127-839522115-1003\Software\SecuROM\License information*] "datasecu"=hex:c4,43,8b,be,c7,fb,7c,e8,d1,c0,c4,1d,7b,4a,fb,8d,e0,b8,8f,23,f5, 34,38,31,7a,41,71,bd,57,6c,84,13,02,db,70,67,05,d1,fd,38,83,6d,9d,d4,39,4e,\ "rkeysecu"=hex:8b,72,cf,6f,94,82,52,08,a8,f0,54,62,b4,bb,5f,33 . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(2268) c:\windows\system32\WININET.dll c:\program files\Logitech\SetPoint\lgscroll.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll c:\windows\system32\msi.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2012-06-21 07:57:19 ComboFix-quarantined-files.txt 2012-06-21 14:57 ComboFix2.txt 2012-06-21 14:40 ComboFix3.txt 2012-06-21 13:42 . Pre-Run: 115,633,319,936 bytes free Post-Run: 115,609,436,160 prosto bajtov . - - End Of File - - BE4CFDBCBCAFB3296E9CE3054A09A88B
  15. ComboFix 12-06-21.01 - Silvo 21/06/2012 7:24.3.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1250.386.1033.18.3327.2653 [GMT -7:00] Running from: c:\documents and settings\Silvo\My Documents\Downloads\ComboFix.exe Command switches used :: c:\documents and settings\Silvo\My Documents\Downloads\CFScript.txt AV: Bitdefender Antivirus *Disabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB} . FILE :: "c:\documents and settings\silvo\local settings\Temp\DAT9A2.tmp.exe" "c:\windows\system\178918.exe" "c:\windows\system32\drivers\pavproc.sys" "c:\windows\system32\DRIVERS\ShlDrv51.sys" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Maja\Local Settings\Application Data\AskToolbar c:\documents and settings\Maja\Local Settings\Application Data\AskToolbar\cache.dat c:\documents and settings\Maja\Local Settings\Application Data\AskToolbar\config.xml . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_17891 -------\Legacy_AVG_SECURITY_TOOLBAR_SERVICE -------\Legacy_JAKFCSWX -------\Legacy_PAVPROC -------\Legacy_PAVPRSRV -------\Legacy_SHLDDRV -------\Service_17891 -------\Service_AVG Security Toolbar Service -------\Service_jakfcswx -------\Service_PavProc -------\Service_PavPrSrv -------\Service_ShldDrv . . ((((((((((((((((((((((((( Files Created from 2012-05-21 to 2012-06-21 ))))))))))))))))))))))))))))))) . . 2012-06-21 10:57 . 2012-06-21 10:57 -------- d-----w- C:\TDSSKiller_Quarantine 2012-06-20 21:00 . 2012-06-20 23:05 -------- d-----w- c:\documents and settings\Silvo\Application Data\vlc 2012-06-20 16:45 . 2005-05-04 01:43 69632 ----a-w- c:\windows\Alcmtr.exe 2012-06-19 08:47 . 2012-06-19 08:47 14080 ----a-w- c:\windows\system32\drivers\TrueSight.sys 2012-06-18 16:32 . 2012-04-26 21:08 37336 ----a-w- c:\windows\system32\CleanMFT32.exe 2012-06-18 16:32 . 2008-09-18 04:17 658432 ----a-w- c:\windows\system32\MSCOMCT2.OCX 2012-06-18 16:32 . 2008-04-02 22:54 1101824 ----a-w- c:\windows\system32\UniBox210.ocx 2012-06-18 16:32 . 2008-04-02 22:53 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx 2012-06-18 16:32 . 2008-04-02 22:53 880640 ----a-w- c:\windows\system32\UniBox10.ocx 2012-06-18 16:31 . 2012-06-18 16:33 -------- d-----w- c:\program files\PC Tools Registry Mechanic 2012-06-18 16:31 . 2012-06-18 16:32 -------- d-----w- c:\program files\Common Files\PC Tools 2012-06-18 09:16 . 2012-06-18 09:16 -------- d-----w- c:\documents and settings\Silvo\Local Settings\Application Data\Opera 2012-06-18 09:15 . 2012-06-18 09:16 -------- d-----w- c:\program files\Opera 2012-06-17 22:45 . 2012-06-17 22:45 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys 2012-06-17 22:45 . 2012-06-17 22:45 -------- d-----w- c:\documents and settings\Silvo\Local Settings\Application Data\eSupport.com 2012-06-17 21:44 . 2012-06-17 21:44 -------- d-----w- C:\Rbackup 2012-06-17 21:41 . 2012-06-18 09:52 -------- d-----w- c:\program files\Perfect Uninstaller 2012-06-16 22:44 . 2012-06-16 22:44 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\QuickScan 2012-06-16 21:19 . 2012-06-16 21:19 -------- d-----w- c:\documents and settings\Maja\Application Data\Bitdefender 2012-06-15 10:36 . 2012-06-15 10:36 340624 ----a-w- c:\windows\system32\drivers\trufos.sys 2012-06-15 10:36 . 2012-06-15 10:36 360976 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys 2012-06-15 10:04 . 2012-06-15 10:04 -------- d-----w- c:\documents and settings\All Users\Application Data\BDLogging 2012-06-15 10:03 . 2008-11-08 01:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll 2012-06-15 10:03 . 2012-06-15 10:03 -------- d-----w- c:\documents and settings\Silvo\Application Data\Bitdefender 2012-06-15 10:00 . 2012-06-15 10:00 -------- d-----w- c:\documents and settings\Silvo\Application Data\QuickScan 2012-06-15 09:20 . 2012-06-15 09:19 73728 ----a-w- c:\windows\system32\javacpl.cpl 2012-06-15 09:20 . 2012-06-15 09:19 476936 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-06-15 09:19 . 2012-06-15 09:19 -------- d-----w- c:\program files\Java 2012-05-23 19:45 . 2012-06-16 22:40 -------- d-----w- c:\documents and settings\Silvo\Application Data\Mumble 2012-05-23 19:33 . 2012-05-23 19:44 -------- d-----w- c:\program files\Mumble . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-21 11:02 . 2004-08-03 21:59 36352 ----a-w- c:\windows\system32\drivers\disk.sys 2012-06-15 09:19 . 2011-11-10 13:40 472840 ----a-w- c:\windows\system32\deployJava1.dll 2012-06-14 13:55 . 2012-04-19 13:28 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-14 13:55 . 2011-05-22 20:57 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-05-15 10:18 . 2012-03-10 09:11 883008 ----a-w- c:\windows\system32\nvgenco32.dll 2012-05-15 10:18 . 2012-03-10 09:11 65536 ----a-w- c:\windows\system32\OpenCL.dll 2012-05-15 10:18 . 2012-03-10 09:11 1000768 ----a-w- c:\windows\system32\nvdispco32.dll 2012-05-15 10:18 . 2012-03-10 09:11 17543168 ----a-w- c:\windows\system32\nvcompiler.dll 2012-05-15 10:18 . 2009-08-11 09:20 2530624 ----a-w- c:\windows\system32\nvcuvid.dll 2012-05-15 10:18 . 2009-08-11 09:20 2445120 ----a-w- c:\windows\system32\nvcuvenc.dll 2012-05-15 10:18 . 2008-08-04 12:27 18771968 ----a-w- c:\windows\system32\nvoglnt.dll 2012-05-15 10:18 . 2008-08-04 12:27 6012928 ----a-w- c:\windows\system32\nvcuda.dll 2012-05-15 10:18 . 2008-08-04 12:27 2359808 ----a-w- c:\windows\system32\nvapi.dll 2012-05-15 10:18 . 2008-08-04 12:27 14014656 ----a-w- c:\windows\system32\drivers\nv4_mini.sys 2012-05-15 10:18 . 2008-08-04 12:27 4373248 ----a-w- c:\windows\system32\nv4_disp.dll 2012-05-15 09:43 . 2008-08-04 12:27 229376 ----a-w- c:\windows\system32\nvrszhc.dll 2012-05-15 09:43 . 2008-08-04 12:27 282624 ----a-w- c:\windows\system32\nvrsit.dll 2012-05-15 09:43 . 2008-08-04 12:27 253952 ----a-w- c:\windows\system32\nvrsth.dll 2012-05-15 09:43 . 2008-08-04 12:27 253952 ----a-w- c:\windows\system32\nvrssv.dll 2012-05-15 09:43 . 2008-08-04 12:27 126976 ----a-w- c:\windows\system32\nvrszht.dll 2012-05-15 09:43 . 2008-08-04 12:27 274432 ----a-w- c:\windows\system32\nvrsnl.dll 2012-05-15 09:43 . 2008-08-04 12:27 266240 ----a-w- c:\windows\system32\nvrsko.dll 2012-05-15 09:43 . 2008-08-04 12:27 335872 ----a-w- c:\windows\system32\nvrsar.dll 2012-05-15 09:43 . 2008-08-04 12:27 282624 ----a-w- c:\windows\system32\nvrsel.dll 2012-05-15 09:43 . 2008-08-04 12:27 274432 ----a-w- c:\windows\system32\nvrsesm.dll 2012-05-15 09:43 . 2008-08-04 12:27 249856 ----a-w- c:\windows\system32\nvrseng.dll 2012-05-15 09:43 . 2008-08-04 12:27 335872 ----a-w- c:\windows\system32\nvrshe.dll 2012-05-15 09:43 . 2008-08-04 12:27 286720 ----a-w- c:\windows\system32\nvrsfr.dll 2012-05-15 09:43 . 2008-08-04 12:27 274432 ----a-w- c:\windows\system32\nvrspt.dll 2012-05-15 09:43 . 2008-08-04 12:27 258048 ----a-w- c:\windows\system32\nvrssl.dll 2012-05-15 09:43 . 2008-08-04 12:27 253952 ----a-w- c:\windows\system32\nvrsno.dll 2012-05-15 09:43 . 2008-08-04 12:27 249856 ----a-w- c:\windows\system32\nvrsfi.dll 2012-05-15 09:43 . 2008-08-04 12:27 282624 ----a-w- c:\windows\system32\nvrses.dll 2012-05-15 09:43 . 2008-08-04 12:27 270336 ----a-w- c:\windows\system32\nvrsru.dll 2012-05-15 09:43 . 2008-08-04 12:27 258048 ----a-w- c:\windows\system32\nvrssk.dll 2012-05-15 09:43 . 2008-08-04 12:27 262144 ----a-w- c:\windows\system32\nvrshu.dll 2012-05-15 09:43 . 2008-08-04 12:27 258048 ----a-w- c:\windows\system32\nvrstr.dll 2012-05-15 09:43 . 2008-08-04 12:27 253952 ----a-w- c:\windows\system32\nvrsda.dll 2012-05-15 09:43 . 2008-08-04 12:27 274432 ----a-w- c:\windows\system32\nvrsja.dll 2012-05-15 09:43 . 2008-08-04 12:27 258048 ----a-w- c:\windows\system32\nvrspl.dll 2012-05-15 09:43 . 2008-08-04 12:27 270336 ----a-w- c:\windows\system32\nvrsptb.dll 2012-05-15 09:43 . 2008-08-04 12:27 278528 ----a-w- c:\windows\system32\nvrsde.dll 2012-05-15 09:43 . 2008-08-04 12:27 249856 ----a-w- c:\windows\system32\nvrscs.dll 2012-05-15 09:40 . 2009-07-14 11:35 54272 ----a-w- c:\windows\system32\nvwddi.dll 2012-05-15 09:40 . 2009-07-14 11:34 15504192 ----a-w- c:\windows\system32\nvcpl.dll 2012-05-15 09:40 . 2009-07-14 11:34 143680 ----a-w- c:\windows\system32\nvcolor.exe 2012-05-15 09:40 . 2009-07-14 11:34 164160 ----a-w- c:\windows\system32\nvsvc32.exe 2012-05-15 09:40 . 2009-07-14 11:34 108352 ----a-w- c:\windows\system32\nvmctray.dll 2012-04-04 13:56 . 2011-07-08 20:25 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-29 08:53 . 2012-03-29 08:53 72136 ----a-w- C:\GEMC011.sys 2012-03-24 15:51 . 2012-03-18 21:44 72136 ----a-w- C:\GEMC009.sys 2012-03-24 15:47 . 2012-03-18 16:37 72136 ----a-w- C:\GEMC005.sys 2012-03-24 15:45 . 2012-03-18 16:32 72136 ----a-w- C:\GEMC003.sys 2012-03-24 15:45 . 2012-03-18 16:32 72136 ----a-w- C:\GEMC001.sys 2011-11-21 22:19 . 2011-11-21 21:27 86405736 ----a-w- c:\program files\APB_Reloaded_Installer.exe 2012-02-19 12:56 . 2011-05-05 22:11 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2008-08-13 17:02 . 2008-08-13 17:02 35840 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-06-21_13.32.02 ))))))))))))))))))))))))))))))))))))))))) . + 2012-06-21 14:34 . 2012-06-21 14:34 16384 c:\windows\Temp\Perflib_Perfdata_2c8.dat + 2008-08-04 12:12 . 2012-06-21 14:33 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat - 2008-08-04 12:12 . 2012-06-21 13:30 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2008-08-04 12:12 . 2012-06-21 14:33 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2008-08-04 12:12 . 2012-06-21 13:30 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2008-08-04 12:12 . 2012-06-21 14:33 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat - 2008-08-04 12:12 . 2012-06-21 13:30 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 528384] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824] "SkyTel"="SkyTel.EXE" [2006-05-17 2879488] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-04-15 296056] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-05-15 15504192] "NvMediaCenter"="NvMCTray.dll" [2012-05-15 108352] "nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-05-15 1634112] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "BDAgent"="c:\program files\Bitdefender\Bitdefender 2012\bdagent.exe" [2012-03-22 1183616] "RTHDCPL"="RTHDCPL.EXE" [2007-03-08 16125952] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "ShowDeskFix"="shell32" [X] "RunNarrator"="Narrator.exe" [2008-04-14 53760] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run] "AFEC-CEAB"="c:\documents and settings\Silvo\Application Data\Seven.exe" [bU] . c:\documents and settings\Maja\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\documents and settings\Silvo_2\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\documents and settings\Silvo\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ AVerQuick.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2008-8-4 618496] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-2-25 813584] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk backup=c:\windows\pss\GamersFirst LIVE!.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk backup=c:\windows\pss\McAfee Security Scan.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^Silvo^Start Menu^Programs^Startup^MagicDisc.lnk] path=c:\documents and settings\Silvo\Start Menu\Programs\Startup\MagicDisc.lnk backup=c:\windows\pss\MagicDisc.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^Silvo^Start Menu^Programs^Startup^Xfire.lnk] path=c:\documents and settings\Silvo\Start Menu\Programs\Startup\Xfire.lnk backup=c:\windows\pss\Xfire.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe] 2007-06-29 13:03 36864 ----a-w- c:\program files\GameSpy\Comrade\Comrade.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2008-07-24 15:02 490952 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware] 2012-04-04 13:56 462408 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2010-04-16 21:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2009-01-29 13:01 23975720 ----a-r- c:\program files\Skype\Phone\Skype.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] 2012-06-14 13:42 3905920 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "scan"=3 (0x3) "LIVESRV"=2 (0x2) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\Games-Masters.com\\CABAL Online (Europe)\\launcher\\update\\ESTdnheadless.exe"= "c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"= "c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"= "c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"= "c:\\Program Files\\Steam\\Steam.exe"= "c:\\Program Files\\Microsoft Games\\Halo 2\\halo2.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\ICQ7.2\\ICQ.exe"= "c:\\Program Files\\ICQ7.2\\aolload.exe"= "c:\\Program Files\\Xfire\\Xfire.exe"= "c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"= "c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"= "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\apb reloaded\\Launcher\\APBLauncher.exe"= "c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\apb reloaded\\Binaries\\APB.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\apb reloaded\\Binaries\\VivoxVoiceService.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"= "c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"= "c:\\Program Files\\tera fake\\TERA-Launcher.exe"= "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"= "c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"= "c:\\Program Files\\Opera\\pluginwrapper\\opera_plugin_wrapper.exe"= "c:\\Program Files\\Opera\\opera.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "57769:TCP"= 57769:TCP:Pando Media Booster "57769:UDP"= 57769:UDP:Pando Media Booster "57495:TCP"= 57495:TCP:Pando Media Booster "57495:UDP"= 57495:UDP:Pando Media Booster "56799:TCP"= 56799:TCP:Pando Media Booster "56799:UDP"= 56799:UDP:Pando Media Booster "21688:TCP"= 21688:TCP:@xpsp2res.dll,-22009 "56191:TCP"= 56191:TCP:Pando Media Booster "56191:UDP"= 56191:UDP:Pando Media Booster "57819:TCP"= 57819:TCP:Pando Media Booster "57819:UDP"= 57819:UDP:Pando Media Booster . R0 avc3;avc3;c:\windows\system32\drivers\avc3.sys [20/03/2012 20:22 611520] R1 BDVEDISK;BDVEDISK;c:\windows\system32\drivers\bdvedisk.sys [19/01/2010 19:32 85128] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 09:27 12880] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 14:55 67664] R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [11/08/2011 16:38 116608] R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [18/03/2012 05:49 21992] R2 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [24/11/2010 07:07 20088] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [08/07/2011 13:25 654408] R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [10/03/2012 02:27 1262400] R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [18/06/2012 09:32 793048] R2 UPDATESRV;BitDefender Desktop Update Service;c:\program files\BitDefender\Bitdefender 2012\updatesrv.exe [13/03/2012 18:24 53224] R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [04/08/2008 05:21 37376] R3 avchv;avchv Function Driver;c:\windows\system32\drivers\avchv.sys [25/11/2011 14:59 240184] R3 AVerBDA3x;AVerMedia SAA713x BDA Service;c:\windows\system32\drivers\AVerBDA3x.sys [04/08/2008 05:38 1180672] R3 kbdcap;kbdcap;c:\windows\system32\drivers\KbdCap.sys [14/09/2010 11:21 109440] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [08/07/2011 13:25 22344] S0 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?] S2 CardBusService;CardBusService;c:\program files\Common Files\AVerMedia\Service\CardBusService.exe [04/08/2008 07:18 188416] S2 gupdate1ca19f0d79b2096;Storitev Google Update Service (gupdate1ca19f0d79b2096);c:\program files\Google\Update\GoogleUpdate.exe [10/08/2009 12:29 133104] S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [19/07/2009 09:01 247096] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [19/04/2012 06:28 257224] S3 avckf;avckf;c:\windows\system32\drivers\avckf.sys [17/02/2012 16:45 447208] S3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys --> c:\windows\system32\drivers\bdfm.sys [?] S3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\bdfndisf.sys --> c:\windows\system32\DRIVERS\bdfndisf.sys [?] S3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys [17/11/2011 17:38 63056] S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18/12/2009 03:58 11336] S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [17/06/2012 15:45 23456] S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [02/10/2009 08:46 36608] S3 GEMC001;GEMC001;C:\GEMC001.sys [18/03/2012 09:32 72136] S3 GEMC002;GEMC002;C:\GEMC002.sys [19/03/2012 01:19 72136] S3 GEMC003;GEMC003;C:\GEMC003.sys [18/03/2012 09:32 72136] S3 GEMC004;GEMC004;C:\GEMC004.sys [19/03/2012 01:20 72136] S3 GEMC005;GEMC005;C:\GEMC005.sys [18/03/2012 09:37 72136] S3 GEMC007;GEMC007;C:\GEMC007.sys [18/03/2012 11:24 72136] S3 GEMC009;GEMC009;C:\GEMC009.sys [18/03/2012 14:44 72136] S3 GEMC011;GEMC011;C:\GEMC011.sys [29/03/2012 01:53 72136] S3 gupdatem;Storitev Posodobitve za Google (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/08/2009 12:29 133104] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [29/07/2011 13:07 27064] S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\DRIVERS\wg111v2.sys --> c:\windows\system32\DRIVERS\wg111v2.sys [?] S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\drivers\s816bus.sys [07/08/2008 06:27 81832] S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\drivers\s816mdfl.sys [07/08/2008 06:27 13864] S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\drivers\s816mdm.sys [07/08/2008 06:27 107304] S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s816mgmt.sys [07/08/2008 06:27 99112] S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\drivers\s816nd5.sys [07/08/2008 06:28 21928] S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\drivers\s816obex.sys [07/08/2008 06:27 97320] S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\drivers\s816unic.sys [07/08/2008 06:27 97704] S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 04:37 517096] S3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\BitDefender\Bitdefender Arrakis Server\bin\arrakis3.exe [14/10/2011 23:57 307544] S3 vtany;vtany;\??\c:\windows\vtany.sys --> c:\windows\vtany.sys [?] S3 XDva190;XDva190;\??\c:\windows\system32\XDva190.sys --> c:\windows\system32\XDva190.sys [?] S3 XDva275;XDva275;\??\c:\windows\system32\XDva275.sys --> c:\windows\system32\XDva275.sys [?] S3 XDva279;XDva279;\??\c:\windows\system32\XDva279.sys --> c:\windows\system32\XDva279.sys [?] S3 XDva288;XDva288;\??\c:\windows\system32\XDva288.sys --> c:\windows\system32\XDva288.sys [?] S3 XDva351;XDva351;\??\c:\windows\system32\XDva351.sys --> c:\windows\system32\XDva351.sys [?] S3 XDva380;XDva380;\??\c:\windows\system32\XDva380.sys --> c:\windows\system32\XDva380.sys [?] S3 XDva385;XDva385;\??\c:\windows\system32\XDva385.sys --> c:\windows\system32\XDva385.sys [?] S3 XDva387;XDva387;\??\c:\windows\system32\XDva387.sys --> c:\windows\system32\XDva387.sys [?] S3 XDva389;XDva389;\??\c:\windows\system32\XDva389.sys --> c:\windows\system32\XDva389.sys [?] S3 XDva391;XDva391;\??\c:\windows\system32\XDva391.sys --> c:\windows\system32\XDva391.sys [?] S3 XDva392;XDva392;\??\c:\windows\system32\XDva392.sys --> c:\windows\system32\XDva392.sys [?] S3 XDva393;XDva393;\??\c:\windows\system32\XDva393.sys --> c:\windows\system32\XDva393.sys [?] S3 XDva394;XDva394;\??\c:\windows\system32\XDva394.sys --> c:\windows\system32\XDva394.sys [?] S3 xhunter1;xhunter1;\??\c:\windows\xhunter1.sys --> c:\windows\xhunter1.sys [?] S4 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [02/10/2009 08:46 233472] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bdx REG_MULTI_SZ scan . Contents of the 'Scheduled Tasks' folder . 2012-06-21 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 13:55] . 2012-06-09 c:\windows\Tasks\AdobeAAMUpdater-1.0-SILVO1-Nadja.job - c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-08-27 01:44] . 2012-06-09 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] . 2012-06-14 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-22 11:56] . 2012-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd08335e74765c.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-10 19:29] . 2012-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-10 19:29] . 2012-06-21 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1060284298-362288127-839522115-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 15:45] . 2012-06-21 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1060284298-362288127-839522115-1005.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 15:45] . 2012-06-21 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1060284298-362288127-839522115-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 15:45] . 2012-06-03 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1060284298-362288127-839522115-1005.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 15:45] . 2012-06-21 c:\windows\Tasks\RMAutoUpdate.job - c:\program files\PC Tools Registry Mechanic\SULauncher.exe [2012-06-18 21:08] . 2012-06-21 c:\windows\Tasks\RMSchedule.job - c:\program files\PC Tools Registry Mechanic\RegMech.exe [2012-06-18 21:08] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ mStart Page = about:blank IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: Interfaces\{BC30E4D0-6780-42EB-9733-F8D55434BB60}: NameServer = 193.189.160.13,193.189.160.23 DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://disteng.nefficient.com/disteng/neffy/NeffyLauncher.cab FF - ProfilePath - c:\documents and settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-06-21 07:35 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1060284298-362288127-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "??"=hex:8c,33,68,01,b0,79,c2,6e,8d,dc,26,ec,bc,fc,38,92,35,0c,fd,60,4a,41,50, 25,12,86,a3,7a,91,f7,42,11,72,ce,ce,7f,c7,a7,c1,ed,98,dc,c7,bc,52,4b,d4,c4,\ "??"=hex:8c,2e,ba,30,30,f7,7b,cf,e6,5b,fc,8c,37,11,23,7d . [HKEY_USERS\S-1-5-21-1060284298-362288127-839522115-1003\Software\SecuROM\License information*] "datasecu"=hex:c4,43,8b,be,c7,fb,7c,e8,d1,c0,c4,1d,7b,4a,fb,8d,e0,b8,8f,23,f5, 34,38,31,7a,41,71,bd,57,6c,84,13,02,db,70,67,05,d1,fd,38,83,6d,9d,d4,39,4e,\ "rkeysecu"=hex:8b,72,cf,6f,94,82,52,08,a8,f0,54,62,b4,bb,5f,33 . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(2588) c:\windows\system32\WININET.dll c:\program files\Logitech\SetPoint\lgscroll.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll c:\windows\system32\msi.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\program files\SUPERAntiSpyware\SASSEH.DLL c:\program files\Microsoft Office\Office12\1033\GrooveIntlResource.dll c:\program files\Common Files\Nero\SMC\NeroDigitalExt.dll c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\MFC80.DLL c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll c:\windows\system32\nvcpl.dll c:\windows\system32\NVRSENG.DLL c:\windows\system32\nvapi.dll c:\windows\system32\nvshell.dll c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll c:\program files\Epson Software\Easy Photo Print\EPTBL.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Bitdefender\Bitdefender 2012\vsserv.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe c:\windows\system32\npkcmsvc.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\PnkBstrA.exe c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\windows\system32\wscntfy.exe c:\windows\system32\RunDLL32.exe c:\windows\RTHDCPL.EXE c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE c:\program files\Common Files\Teleca Shared\Generic.exe c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe . ************************************************************************** . Completion time: 2012-06-21 07:40:37 - machine was rebooted ComboFix-quarantined-files.txt 2012-06-21 14:40 ComboFix2.txt 2012-06-21 13:42 . Pre-Run: 115,635,351,552 bytes free Post-Run: 115,616,382,976 prosto bajtov . - - End Of File - - 8ED716934614853E067210330D70CAF3