Jump to content

Abbey

Honorary Members
 View Profile  See their activity

  • Posts

    22

  • Joined

  • Last visited

 Content Type 

Everything posted by Abbey

  1. Abbey
    Ok. I just want to thank you again. You are freaking amazing!
  2. Abbey
    My computer is runing great now. Inside C:\Qoobox\Quarantine there are 2 folders: Registry_backups and C wich is empty.
  3. Abbey
    ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=505332834e52e241990eb287990bfbc6 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-06-22 12:41:13 # local_time=2012-06-21 05:41:13 (-0800, Pacific Daylight Time) # country="United Kingdom" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=768 16777215 100 0 121535983 121535983 0 0 # compatibility_mode=2560 16777215 100 0 0 0 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=206542 # found=6 # cleaned=6 # scan_time=8870 C:\Documents and Settings\Silvo\Desktop\USE\MsgPlusLive-470.exe a variant of Win32/Adware.CiDHelp application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\Silvo\My Documents\Downloads\Iron_Sky_2012_DVDRiP_XViD-PSiG.exe Win32/Adware.1ClickDownload.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\Silvo\My Documents\Downloads\The.Mentalist.S04E22.HDTV.exe Win32/Adware.1ClickDownload.C application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\Silvo\My Documents\Prenosi\MsgPlusLive-483.exe a variant of Win32/Adware.CiDHelp application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\Silvo\My Documents\Prenosi\waterscenes.exe probably a variant of Win32/InstallIQ application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{5B41B8E3-4872-4858-BE5E-54AB66E304D9}\RP3\A0000843.exe a variant of Win32/Adware.CiDHelp application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
  4. Abbey
    BackEnv folder wich is inside the Qoobox is protected so I gues Ill skip that.
  5. Abbey
    Ok. Will do. Thank you sooo much for your help. All the problems are gone and my computer hasn't worked this fast since bought it.
  6. Abbey
    ComboFix 12-06-21.01 - Silvo 21/06/2012 10:06:57.6.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1250.386.1033.18.3327.2484 [GMT -7:00] Running from: c:\documents and settings\Silvo\My Documents\Downloads\ComboFix.exe AV: Bitdefender Antivirus *Disabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB} . . ((((((((((((((((((((((((( Files Created from 2012-05-21 to 2012-06-21 ))))))))))))))))))))))))))))))) . . 2012-06-21 16:40 . 2012-06-21 16:40 -------- d-----w- C:\_OTL 2012-06-21 10:57 . 2012-06-21 10:57 -------- d-----w- C:\TDSSKiller_Quarantine 2012-06-20 21:00 . 2012-06-20 23:05 -------- d-----w- c:\documents and settings\Silvo\Application Data\vlc 2012-06-20 16:45 . 2005-05-04 01:43 69632 ----a-w- c:\windows\Alcmtr.exe 2012-06-19 08:47 . 2012-06-19 08:47 14080 ----a-w- c:\windows\system32\drivers\TrueSight.sys 2012-06-18 16:32 . 2012-04-26 21:08 37336 ----a-w- c:\windows\system32\CleanMFT32.exe 2012-06-18 16:32 . 2008-09-18 04:17 658432 ----a-w- c:\windows\system32\MSCOMCT2.OCX 2012-06-18 16:32 . 2008-04-02 22:54 1101824 ----a-w- c:\windows\system32\UniBox210.ocx 2012-06-18 16:32 . 2008-04-02 22:53 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx 2012-06-18 16:32 . 2008-04-02 22:53 880640 ----a-w- c:\windows\system32\UniBox10.ocx 2012-06-18 16:31 . 2012-06-18 16:33 -------- d-----w- c:\program files\PC Tools Registry Mechanic 2012-06-18 16:31 . 2012-06-18 16:32 -------- d-----w- c:\program files\Common Files\PC Tools 2012-06-18 09:16 . 2012-06-18 09:16 -------- d-----w- c:\documents and settings\Silvo\Local Settings\Application Data\Opera 2012-06-18 09:15 . 2012-06-18 09:16 -------- d-----w- c:\program files\Opera 2012-06-17 22:45 . 2012-06-17 22:45 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys 2012-06-17 22:45 . 2012-06-17 22:45 -------- d-----w- c:\documents and settings\Silvo\Local Settings\Application Data\eSupport.com 2012-06-17 21:44 . 2012-06-17 21:44 -------- d-----w- C:\Rbackup 2012-06-17 21:41 . 2012-06-18 09:52 -------- d-----w- c:\program files\Perfect Uninstaller 2012-06-16 22:44 . 2012-06-16 22:44 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\QuickScan 2012-06-16 21:19 . 2012-06-16 21:19 -------- d-----w- c:\documents and settings\Maja\Application Data\Bitdefender 2012-06-15 10:36 . 2012-06-15 10:36 340624 ----a-w- c:\windows\system32\drivers\trufos.sys 2012-06-15 10:36 . 2012-06-15 10:36 360976 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys 2012-06-15 10:04 . 2012-06-15 10:04 -------- d-----w- c:\documents and settings\All Users\Application Data\BDLogging 2012-06-15 10:03 . 2008-11-08 01:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll 2012-06-15 10:03 . 2012-06-15 10:03 -------- d-----w- c:\documents and settings\Silvo\Application Data\Bitdefender 2012-06-15 10:00 . 2012-06-15 10:00 -------- d-----w- c:\documents and settings\Silvo\Application Data\QuickScan 2012-06-15 09:20 . 2012-06-15 09:19 73728 ----a-w- c:\windows\system32\javacpl.cpl 2012-06-15 09:20 . 2012-06-15 09:19 476936 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-06-15 09:19 . 2012-06-15 09:19 -------- d-----w- c:\program files\Java 2012-05-23 19:45 . 2012-06-16 22:40 -------- d-----w- c:\documents and settings\Silvo\Application Data\Mumble 2012-05-23 19:33 . 2012-05-23 19:44 -------- d-----w- c:\program files\Mumble . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-21 11:02 . 2004-08-03 21:59 36352 ----a-w- c:\windows\system32\drivers\disk.sys 2012-06-15 09:19 . 2011-11-10 13:40 472840 ----a-w- c:\windows\system32\deployJava1.dll 2012-06-14 13:55 . 2012-04-19 13:28 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-14 13:55 . 2011-05-22 20:57 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-05-15 10:18 . 2012-03-10 09:11 883008 ----a-w- c:\windows\system32\nvgenco32.dll 2012-05-15 10:18 . 2012-03-10 09:11 65536 ----a-w- c:\windows\system32\OpenCL.dll 2012-05-15 10:18 . 2012-03-10 09:11 1000768 ----a-w- c:\windows\system32\nvdispco32.dll 2012-05-15 10:18 . 2012-03-10 09:11 17543168 ----a-w- c:\windows\system32\nvcompiler.dll 2012-05-15 10:18 . 2009-08-11 09:20 2530624 ----a-w- c:\windows\system32\nvcuvid.dll 2012-05-15 10:18 . 2009-08-11 09:20 2445120 ----a-w- c:\windows\system32\nvcuvenc.dll 2012-05-15 10:18 . 2008-08-04 12:27 18771968 ----a-w- c:\windows\system32\nvoglnt.dll 2012-05-15 10:18 . 2008-08-04 12:27 6012928 ----a-w- c:\windows\system32\nvcuda.dll 2012-05-15 10:18 . 2008-08-04 12:27 2359808 ----a-w- c:\windows\system32\nvapi.dll 2012-05-15 10:18 . 2008-08-04 12:27 14014656 ----a-w- c:\windows\system32\drivers\nv4_mini.sys 2012-05-15 10:18 . 2008-08-04 12:27 4373248 ----a-w- c:\windows\system32\nv4_disp.dll 2012-05-15 09:43 . 2008-08-04 12:27 229376 ----a-w- c:\windows\system32\nvrszhc.dll 2012-05-15 09:43 . 2008-08-04 12:27 282624 ----a-w- c:\windows\system32\nvrsit.dll 2012-05-15 09:43 . 2008-08-04 12:27 253952 ----a-w- c:\windows\system32\nvrsth.dll 2012-05-15 09:43 . 2008-08-04 12:27 253952 ----a-w- c:\windows\system32\nvrssv.dll 2012-05-15 09:43 . 2008-08-04 12:27 126976 ----a-w- c:\windows\system32\nvrszht.dll 2012-05-15 09:43 . 2008-08-04 12:27 274432 ----a-w- c:\windows\system32\nvrsnl.dll 2012-05-15 09:43 . 2008-08-04 12:27 266240 ----a-w- c:\windows\system32\nvrsko.dll 2012-05-15 09:43 . 2008-08-04 12:27 335872 ----a-w- c:\windows\system32\nvrsar.dll 2012-05-15 09:43 . 2008-08-04 12:27 282624 ----a-w- c:\windows\system32\nvrsel.dll 2012-05-15 09:43 . 2008-08-04 12:27 274432 ----a-w- c:\windows\system32\nvrsesm.dll 2012-05-15 09:43 . 2008-08-04 12:27 249856 ----a-w- c:\windows\system32\nvrseng.dll 2012-05-15 09:43 . 2008-08-04 12:27 335872 ----a-w- c:\windows\system32\nvrshe.dll 2012-05-15 09:43 . 2008-08-04 12:27 286720 ----a-w- c:\windows\system32\nvrsfr.dll 2012-05-15 09:43 . 2008-08-04 12:27 274432 ----a-w- c:\windows\system32\nvrspt.dll 2012-05-15 09:43 . 2008-08-04 12:27 258048 ----a-w- c:\windows\system32\nvrssl.dll 2012-05-15 09:43 . 2008-08-04 12:27 253952 ----a-w- c:\windows\system32\nvrsno.dll 2012-05-15 09:43 . 2008-08-04 12:27 249856 ----a-w- c:\windows\system32\nvrsfi.dll 2012-05-15 09:43 . 2008-08-04 12:27 282624 ----a-w- c:\windows\system32\nvrses.dll 2012-05-15 09:43 . 2008-08-04 12:27 270336 ----a-w- c:\windows\system32\nvrsru.dll 2012-05-15 09:43 . 2008-08-04 12:27 258048 ----a-w- c:\windows\system32\nvrssk.dll 2012-05-15 09:43 . 2008-08-04 12:27 262144 ----a-w- c:\windows\system32\nvrshu.dll 2012-05-15 09:43 . 2008-08-04 12:27 258048 ----a-w- c:\windows\system32\nvrstr.dll 2012-05-15 09:43 . 2008-08-04 12:27 253952 ----a-w- c:\windows\system32\nvrsda.dll 2012-05-15 09:43 . 2008-08-04 12:27 274432 ----a-w- c:\windows\system32\nvrsja.dll 2012-05-15 09:43 . 2008-08-04 12:27 258048 ----a-w- c:\windows\system32\nvrspl.dll 2012-05-15 09:43 . 2008-08-04 12:27 270336 ----a-w- c:\windows\system32\nvrsptb.dll 2012-05-15 09:43 . 2008-08-04 12:27 278528 ----a-w- c:\windows\system32\nvrsde.dll 2012-05-15 09:43 . 2008-08-04 12:27 249856 ----a-w- c:\windows\system32\nvrscs.dll 2012-05-15 09:40 . 2009-07-14 11:35 54272 ----a-w- c:\windows\system32\nvwddi.dll 2012-05-15 09:40 . 2009-07-14 11:34 15504192 ----a-w- c:\windows\system32\nvcpl.dll 2012-05-15 09:40 . 2009-07-14 11:34 143680 ----a-w- c:\windows\system32\nvcolor.exe 2012-05-15 09:40 . 2009-07-14 11:34 164160 ----a-w- c:\windows\system32\nvsvc32.exe 2012-05-15 09:40 . 2009-07-14 11:34 108352 ----a-w- c:\windows\system32\nvmctray.dll 2012-04-04 13:56 . 2011-07-08 20:25 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-29 08:53 . 2012-03-29 08:53 72136 ----a-w- C:\GEMC011.sys 2012-03-24 15:51 . 2012-03-18 21:44 72136 ----a-w- C:\GEMC009.sys 2012-03-24 15:47 . 2012-03-18 16:37 72136 ----a-w- C:\GEMC005.sys 2012-03-24 15:45 . 2012-03-18 16:32 72136 ----a-w- C:\GEMC003.sys 2012-03-24 15:45 . 2012-03-18 16:32 72136 ----a-w- C:\GEMC001.sys 2011-11-21 22:19 . 2011-11-21 21:27 86405736 ----a-w- c:\program files\APB_Reloaded_Installer.exe 2012-02-19 12:56 . 2011-05-05 22:11 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2008-08-13 17:02 . 2008-08-13 17:02 35840 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 528384] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824] "SkyTel"="SkyTel.EXE" [2006-05-17 2879488] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-04-15 296056] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-05-15 15504192] "NvMediaCenter"="NvMCTray.dll" [2012-05-15 108352] "nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-05-15 1634112] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "BDAgent"="c:\program files\Bitdefender\Bitdefender 2012\bdagent.exe" [2012-03-22 1183616] "RTHDCPL"="RTHDCPL.EXE" [2007-03-08 16125952] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "ShowDeskFix"="shell32" [X] "RunNarrator"="Narrator.exe" [2008-04-14 53760] . c:\documents and settings\Maja\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\documents and settings\Silvo_2\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\documents and settings\Silvo\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ AVerQuick.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2008-8-4 618496] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-2-25 813584] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk backup=c:\windows\pss\GamersFirst LIVE!.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk backup=c:\windows\pss\McAfee Security Scan.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^Silvo^Start Menu^Programs^Startup^MagicDisc.lnk] path=c:\documents and settings\Silvo\Start Menu\Programs\Startup\MagicDisc.lnk backup=c:\windows\pss\MagicDisc.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^Silvo^Start Menu^Programs^Startup^Xfire.lnk] path=c:\documents and settings\Silvo\Start Menu\Programs\Startup\Xfire.lnk backup=c:\windows\pss\Xfire.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe] 2007-06-29 13:03 36864 ----a-w- c:\program files\GameSpy\Comrade\Comrade.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2008-07-24 15:02 490952 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware] 2012-04-04 13:56 462408 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2010-04-16 21:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2009-01-29 13:01 23975720 ----a-r- c:\program files\Skype\Phone\Skype.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] 2012-06-14 13:42 3905920 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "scan"=3 (0x3) "LIVESRV"=2 (0x2) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\Games-Masters.com\\CABAL Online (Europe)\\launcher\\update\\ESTdnheadless.exe"= "c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"= "c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"= "c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"= "c:\\Program Files\\Steam\\Steam.exe"= "c:\\Program Files\\Microsoft Games\\Halo 2\\halo2.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\ICQ7.2\\ICQ.exe"= "c:\\Program Files\\ICQ7.2\\aolload.exe"= "c:\\Program Files\\Xfire\\Xfire.exe"= "c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"= "c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"= "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\apb reloaded\\Launcher\\APBLauncher.exe"= "c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\apb reloaded\\Binaries\\APB.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\apb reloaded\\Binaries\\VivoxVoiceService.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"= "c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"= "c:\\Program Files\\tera fake\\TERA-Launcher.exe"= "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"= "c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"= "c:\\Program Files\\Opera\\pluginwrapper\\opera_plugin_wrapper.exe"= "c:\\Program Files\\Opera\\opera.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "57769:TCP"= 57769:TCP:Pando Media Booster "57769:UDP"= 57769:UDP:Pando Media Booster "57495:TCP"= 57495:TCP:Pando Media Booster "57495:UDP"= 57495:UDP:Pando Media Booster "56799:TCP"= 56799:TCP:Pando Media Booster "56799:UDP"= 56799:UDP:Pando Media Booster "21688:TCP"= 21688:TCP:@xpsp2res.dll,-22009 "56191:TCP"= 56191:TCP:Pando Media Booster "56191:UDP"= 56191:UDP:Pando Media Booster "57819:TCP"= 57819:TCP:Pando Media Booster "57819:UDP"= 57819:UDP:Pando Media Booster . R0 avc3;avc3;c:\windows\system32\drivers\avc3.sys [20/03/2012 20:22 611520] R1 BDVEDISK;BDVEDISK;c:\windows\system32\drivers\bdvedisk.sys [19/01/2010 19:32 85128] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 09:27 12880] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 14:55 67664] R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [11/08/2011 16:38 116608] R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [18/03/2012 05:49 21992] R2 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [24/11/2010 07:07 20088] R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [10/03/2012 02:27 1262400] R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [18/06/2012 09:32 793048] R2 UPDATESRV;BitDefender Desktop Update Service;c:\program files\BitDefender\Bitdefender 2012\updatesrv.exe [13/03/2012 18:24 53224] R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [04/08/2008 05:21 37376] R3 avchv;avchv Function Driver;c:\windows\system32\drivers\avchv.sys [25/11/2011 14:59 240184] R3 AVerBDA3x;AVerMedia SAA713x BDA Service;c:\windows\system32\drivers\AVerBDA3x.sys [04/08/2008 05:38 1180672] R3 kbdcap;kbdcap;c:\windows\system32\drivers\KbdCap.sys [14/09/2010 11:21 109440] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [08/07/2011 13:25 22344] S0 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?] S2 CardBusService;CardBusService;c:\program files\Common Files\AVerMedia\Service\CardBusService.exe [04/08/2008 07:18 188416] S2 gupdate1ca19f0d79b2096;Storitev Google Update Service (gupdate1ca19f0d79b2096);c:\program files\Google\Update\GoogleUpdate.exe [10/08/2009 12:29 133104] S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [19/07/2009 09:01 247096] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [08/07/2011 13:25 654408] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [19/04/2012 06:28 257224] S3 avckf;avckf;c:\windows\system32\drivers\avckf.sys [17/02/2012 16:45 447208] S3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys --> c:\windows\system32\drivers\bdfm.sys [?] S3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\bdfndisf.sys --> c:\windows\system32\DRIVERS\bdfndisf.sys [?] S3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys [17/11/2011 17:38 63056] S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18/12/2009 03:58 11336] S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [17/06/2012 15:45 23456] S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [02/10/2009 08:46 36608] S3 GEMC001;GEMC001;C:\GEMC001.sys [18/03/2012 09:32 72136] S3 GEMC002;GEMC002;C:\GEMC002.sys [19/03/2012 01:19 72136] S3 GEMC003;GEMC003;C:\GEMC003.sys [18/03/2012 09:32 72136] S3 GEMC004;GEMC004;C:\GEMC004.sys [19/03/2012 01:20 72136] S3 GEMC005;GEMC005;C:\GEMC005.sys [18/03/2012 09:37 72136] S3 GEMC007;GEMC007;C:\GEMC007.sys [18/03/2012 11:24 72136] S3 GEMC009;GEMC009;C:\GEMC009.sys [18/03/2012 14:44 72136] S3 GEMC011;GEMC011;C:\GEMC011.sys [29/03/2012 01:53 72136] S3 gupdatem;Storitev Posodobitve za Google (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/08/2009 12:29 133104] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [29/07/2011 13:07 27064] S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\DRIVERS\wg111v2.sys --> c:\windows\system32\DRIVERS\wg111v2.sys [?] S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\drivers\s816bus.sys [07/08/2008 06:27 81832] S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\drivers\s816mdfl.sys [07/08/2008 06:27 13864] S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\drivers\s816mdm.sys [07/08/2008 06:27 107304] S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s816mgmt.sys [07/08/2008 06:27 99112] S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\drivers\s816nd5.sys [07/08/2008 06:28 21928] S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\drivers\s816obex.sys [07/08/2008 06:27 97320] S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\drivers\s816unic.sys [07/08/2008 06:27 97704] S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 04:37 517096] S3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\BitDefender\Bitdefender Arrakis Server\bin\arrakis3.exe [14/10/2011 23:57 307544] S3 vtany;vtany;\??\c:\windows\vtany.sys --> c:\windows\vtany.sys [?] S3 XDva190;XDva190;\??\c:\windows\system32\XDva190.sys --> c:\windows\system32\XDva190.sys [?] S3 XDva275;XDva275;\??\c:\windows\system32\XDva275.sys --> c:\windows\system32\XDva275.sys [?] S3 XDva279;XDva279;\??\c:\windows\system32\XDva279.sys --> c:\windows\system32\XDva279.sys [?] S3 XDva288;XDva288;\??\c:\windows\system32\XDva288.sys --> c:\windows\system32\XDva288.sys [?] S3 XDva351;XDva351;\??\c:\windows\system32\XDva351.sys --> c:\windows\system32\XDva351.sys [?] S3 XDva380;XDva380;\??\c:\windows\system32\XDva380.sys --> c:\windows\system32\XDva380.sys [?] S3 XDva385;XDva385;\??\c:\windows\system32\XDva385.sys --> c:\windows\system32\XDva385.sys [?] S3 XDva387;XDva387;\??\c:\windows\system32\XDva387.sys --> c:\windows\system32\XDva387.sys [?] S3 XDva389;XDva389;\??\c:\windows\system32\XDva389.sys --> c:\windows\system32\XDva389.sys [?] S3 XDva391;XDva391;\??\c:\windows\system32\XDva391.sys --> c:\windows\system32\XDva391.sys [?] S3 XDva392;XDva392;\??\c:\windows\system32\XDva392.sys --> c:\windows\system32\XDva392.sys [?] S3 XDva393;XDva393;\??\c:\windows\system32\XDva393.sys --> c:\windows\system32\XDva393.sys [?] S3 XDva394;XDva394;\??\c:\windows\system32\XDva394.sys --> c:\windows\system32\XDva394.sys [?] S3 xhunter1;xhunter1;\??\c:\windows\xhunter1.sys --> c:\windows\xhunter1.sys [?] S4 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [02/10/2009 08:46 233472] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bdx REG_MULTI_SZ scan . Contents of the 'Scheduled Tasks' folder . 2012-06-21 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 13:55] . 2012-06-09 c:\windows\Tasks\AdobeAAMUpdater-1.0-SILVO1-Nadja.job - c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-08-27 01:44] . 2012-06-09 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] . 2012-06-14 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-22 11:56] . 2012-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd08335e74765c.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-10 19:29] . 2012-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-10 19:29] . 2012-06-21 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1060284298-362288127-839522115-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 15:45] . 2012-06-21 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1060284298-362288127-839522115-1005.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 15:45] . 2012-06-21 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1060284298-362288127-839522115-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 15:45] . 2012-06-03 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1060284298-362288127-839522115-1005.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 15:45] . 2012-06-21 c:\windows\Tasks\RMAutoUpdate.job - c:\program files\PC Tools Registry Mechanic\SULauncher.exe [2012-06-18 21:08] . 2012-06-21 c:\windows\Tasks\RMSchedule.job - c:\program files\PC Tools Registry Mechanic\RegMech.exe [2012-06-18 21:08] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ mStart Page = about:blank IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: Interfaces\{BC30E4D0-6780-42EB-9733-F8D55434BB60}: NameServer = 193.189.160.13,193.189.160.23 DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://disteng.nefficient.com/disteng/neffy/NeffyLauncher.cab FF - ProfilePath - c:\documents and settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ . - - - - ORPHANS REMOVED - - - - . HKLM-Explorer_Run-AFEC-CEAB - c:\documents and settings\Silvo\Application Data\Seven.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-06-21 10:16 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1060284298-362288127-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "??"=hex:8c,33,68,01,b0,79,c2,6e,8d,dc,26,ec,bc,fc,38,92,35,0c,fd,60,4a,41,50, 25,12,86,a3,7a,91,f7,42,11,72,ce,ce,7f,c7,a7,c1,ed,98,dc,c7,bc,52,4b,d4,c4,\ "??"=hex:8c,2e,ba,30,30,f7,7b,cf,e6,5b,fc,8c,37,11,23,7d . [HKEY_USERS\S-1-5-21-1060284298-362288127-839522115-1003\Software\SecuROM\License information*] "datasecu"=hex:c4,43,8b,be,c7,fb,7c,e8,d1,c0,c4,1d,7b,4a,fb,8d,e0,b8,8f,23,f5, 34,38,31,7a,41,71,bd,57,6c,84,13,02,db,70,67,05,d1,fd,38,83,6d,9d,d4,39,4e,\ "rkeysecu"=hex:8b,72,cf,6f,94,82,52,08,a8,f0,54,62,b4,bb,5f,33 . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(1908) c:\windows\system32\WININET.dll c:\program files\Logitech\SetPoint\lgscroll.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll c:\windows\system32\msi.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2012-06-21 10:25:10 ComboFix-quarantined-files.txt 2012-06-21 17:25 ComboFix2.txt 2012-06-21 15:31 . Pre-Run: 116,157,849,600 bytes free Post-Run: 116,137,689,088 bytes free . - - End Of File - - 9CF44EE04D3D5C15D6F181971D1D6A25
  7. Abbey
    I clicked Run Scan at first by mistake. I hope this didn't ruin something. But here are the results: All processes killed ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF739809-1C6C-47C0-85B9-569DBB141420}\ not found. Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully. Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found. Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found. Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\ not found. Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found. Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found. Registry value HKEY_USERS\S-1-5-21-1060284298-362288127-839522115-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully. Registry key HKEY_USERS\S-1-5-21-1060284298-362288127-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{4EA00044-4BB9-4E9A-A818-CAA3F7950317}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4EA00044-4BB9-4E9A-A818-CAA3F7950317}\ not found. Registry key HKEY_USERS\S-1-5-21-1060284298-362288127-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found. Registry key HKEY_USERS\S-1-5-21-1060284298-362288127-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB9}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB9}\ not found. Registry key HKEY_USERS\S-1-5-21-1060284298-362288127-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found. Registry key HKEY_USERS\S-1-5-21-1060284298-362288127-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF739809-1C6C-47C0-85B9-569DBB141420}\ not found. Prefs.js: "ICQ Search" removed from browser.search.defaultenginename Prefs.js: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872 removed from extensions.enabledItems Prefs.js: avg@igeared:6.103.018.001 removed from extensions.enabledItems Prefs.js: {CA60F577-1B28-41D6-8C78-C49E63304FCF}:1.0 removed from extensions.enabledItems Prefs.js: ffxtlbr@Facemoods.com:1.1.0 removed from extensions.enabledItems Prefs.js: engine@conduit.com:3.2.3.3 removed from extensions.enabledItems Prefs.js: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.2.3.3 removed from extensions.enabledItems File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared not found. Folder move failed. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\searchplugin scheduled to be moved on reboot. Folder move failed. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\modules scheduled to be moved on reboot. Folder move failed. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\META-INF scheduled to be moved on reboot. Folder move failed. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\defaults scheduled to be moved on reboot. Folder move failed. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components scheduled to be moved on reboot. Folder move failed. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\chrome scheduled to be moved on reboot. Folder move failed. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} scheduled to be moved on reboot. Folder move failed. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\ffxtlbr@Facemoods.com\defaults\preferences scheduled to be moved on reboot. Folder move failed. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\ffxtlbr@Facemoods.com\defaults scheduled to be moved on reboot. Folder move failed. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\ffxtlbr@Facemoods.com\content\preferences scheduled to be moved on reboot. Folder move failed. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\ffxtlbr@Facemoods.com\content\images scheduled to be moved on reboot. Folder move failed. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\ffxtlbr@Facemoods.com\content scheduled to be moved on reboot. Folder move failed. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\ffxtlbr@Facemoods.com\components scheduled to be moved on reboot. Folder move failed. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\ffxtlbr@Facemoods.com\chrome scheduled to be moved on reboot. Folder move failed. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\ffxtlbr@Facemoods.com scheduled to be moved on reboot. Folder move failed. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\toolbar@ask.com\searchplugins scheduled to be moved on reboot. Folder move failed. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\toolbar@ask.com\logs scheduled to be moved on reboot. Folder move failed. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\toolbar@ask.com\defaults\preferences scheduled to be moved on reboot. Folder move failed. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\toolbar@ask.com\defaults scheduled to be moved on reboot. Folder move failed. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\toolbar@ask.com\datastore scheduled to be moved on reboot. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Wed-12-Oct-2011-21-45-18-GMT folder moved successfully. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Tue-08-Nov-2011-12-41-51-GMT folder moved successfully. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Tue-08-Nov-2011-09-49-05-GMT folder moved successfully. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Thu-21-Jun-2012-14-15-26-GMT folder moved successfully. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\toolbar@ask.com\chrome\temp folder moved successfully. Folder move failed. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\toolbar@ask.com\chrome\skin scheduled to be moved on reboot. Folder move failed. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\toolbar@ask.com\chrome\content scheduled to be moved on reboot. Folder move failed. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\toolbar@ask.com\chrome scheduled to be moved on reboot. Folder move failed. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\toolbar@ask.com scheduled to be moved on reboot. Folder move failed. C:\Program Files\Mozilla Firefox\extensions\{CA60F577-1B28-41D6-8C78-C49E63304FCF}\defaults\preferences scheduled to be moved on reboot. Folder move failed. C:\Program Files\Mozilla Firefox\extensions\{CA60F577-1B28-41D6-8C78-C49E63304FCF}\defaults scheduled to be moved on reboot. Folder move failed. C:\Program Files\Mozilla Firefox\extensions\{CA60F577-1B28-41D6-8C78-C49E63304FCF}\chrome scheduled to be moved on reboot. Folder move failed. C:\Program Files\Mozilla Firefox\extensions\{CA60F577-1B28-41D6-8C78-C49E63304FCF} scheduled to be moved on reboot. Unable to fix default_search_provider items. Unable to fix default_search_provider items. Registry value HKEY_USERS\S-1-5-21-1060284298-362288127-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found. C:\Documents and Settings\Silvo\Application Data\1 moved successfully. C:\Documents and Settings\NetworkService\Application Data\1 moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users ->Temp folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Flash cache emptied: 41661 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 1425475 bytes ->Flash cache emptied: 877 bytes User: Maja ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 214461 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 1259610 bytes ->Google Chrome cache emptied: 11734036 bytes ->Flash cache emptied: 2954 bytes User: Nadja ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 192579 bytes ->Java cache emptied: 11830 bytes ->FireFox cache emptied: 149999401 bytes ->Google Chrome cache emptied: 9221883 bytes ->Flash cache emptied: 2119 bytes User: NetworkService ->Temp folder emptied: 16384 bytes ->Temporary Internet Files folder emptied: 540806 bytes ->Flash cache emptied: 706 bytes User: Silvo ->Temp folder emptied: 46063 bytes ->Temporary Internet Files folder emptied: 647873 bytes ->Java cache emptied: 5462419 bytes ->FireFox cache emptied: 73143583 bytes ->Google Chrome cache emptied: 41407262 bytes ->Opera cache emptied: 0 bytes ->Flash cache emptied: 10252 bytes User: Silvo_2 ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 138543 bytes ->FireFox cache emptied: 98156649 bytes ->Flash cache emptied: 3351 bytes User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32835 bytes ->Flash cache emptied: 41661 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 2518635 bytes %systemroot%\System32 .tmp files removed: 2577 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 32902 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 378.00 mb Restore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.50.0 log created on 06212012_094055 Files\Folders moved on Reboot... C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\searchplugin folder moved successfully. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\modules folder moved successfully. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\META-INF folder moved successfully. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\defaults folder moved successfully. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components folder moved successfully. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\chrome folder moved successfully. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} folder moved successfully. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\ffxtlbr@Facemoods.com\defaults\preferences folder moved successfully. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\ffxtlbr@Facemoods.com\defaults folder moved successfully. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\ffxtlbr@Facemoods.com\content\preferences folder moved successfully. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\ffxtlbr@Facemoods.com\content\images folder moved successfully. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\ffxtlbr@Facemoods.com\content folder moved successfully. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\ffxtlbr@Facemoods.com\components folder moved successfully. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\ffxtlbr@Facemoods.com\chrome folder moved successfully. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\ffxtlbr@Facemoods.com folder moved successfully. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\toolbar@ask.com\searchplugins folder moved successfully. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\toolbar@ask.com\logs folder moved successfully. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\toolbar@ask.com\defaults\preferences folder moved successfully. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\toolbar@ask.com\defaults folder moved successfully. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\toolbar@ask.com\datastore folder moved successfully. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\toolbar@ask.com\chrome\skin folder moved successfully. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\toolbar@ask.com\chrome\content folder moved successfully. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\toolbar@ask.com\chrome folder moved successfully. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\toolbar@ask.com folder moved successfully. C:\Program Files\Mozilla Firefox\extensions\{CA60F577-1B28-41D6-8C78-C49E63304FCF}\defaults\preferences folder moved successfully. C:\Program Files\Mozilla Firefox\extensions\{CA60F577-1B28-41D6-8C78-C49E63304FCF}\defaults folder moved successfully. C:\Program Files\Mozilla Firefox\extensions\{CA60F577-1B28-41D6-8C78-C49E63304FCF}\chrome folder moved successfully. C:\Program Files\Mozilla Firefox\extensions\{CA60F577-1B28-41D6-8C78-C49E63304FCF} folder moved successfully. File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_888.dat not found! File\Folder C:\WINDOWS\temp\~bd14C.tmp not found! Registry entries deleted on Reboot...
  8. Abbey
    OTL Extras logfile created on: 21/06/2012 09:05:38 - Run 1 OTL by OldTimer - Version 3.2.50.0 Folder = C:\Documents and Settings\Silvo\My Documents\Downloads Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: Združeno kraljestvo | Language: ENG | Date Format: dd/MM/yyyy 3.25 Gb Total Physical Memory | 2.66 Gb Available Physical Memory | 81.80% Memory free 5.09 Gb Paging File | 4.54 Gb Available in Paging File | 89.17% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 465.75 Gb Total Space | 107.68 Gb Free Space | 23.12% Space Free | Partition Type: NTFS Computer Name: SILVO1 | User Name: Silvo | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_USERS\S-1-5-21-1060284298-362288127-839522115-1003\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "57769:TCP" = 57769:TCP:*:Enabled:Pando Media Booster "57769:UDP" = 57769:UDP:*:Enabled:Pando Media Booster "57495:TCP" = 57495:TCP:*:Enabled:Pando Media Booster "57495:UDP" = 57495:UDP:*:Enabled:Pando Media Booster "56799:TCP" = 56799:TCP:*:Enabled:Pando Media Booster "56799:UDP" = 56799:UDP:*:Enabled:Pando Media Booster "21688:TCP" = 21688:TCP:*:Enabled:@xpsp2res.dll,-22009 "80:TCP" = 80:TCP:*:Enabled:@xpsp2res.dll,-22009 "56191:TCP" = 56191:TCP:*:Enabled:Pando Media Booster "56191:UDP" = 56191:UDP:*:Enabled:Pando Media Booster "57819:TCP" = 57819:TCP:*:Enabled:Pando Media Booster "57819:UDP" = 57819:UDP:*:Enabled:Pando Media Booster [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "57769:TCP" = 57769:TCP:*:Enabled:Pando Media Booster "57769:UDP" = 57769:UDP:*:Enabled:Pando Media Booster "57495:TCP" = 57495:TCP:*:Enabled:Pando Media Booster "57495:UDP" = 57495:UDP:*:Enabled:Pando Media Booster "56799:TCP" = 56799:TCP:*:Enabled:Pando Media Booster "56799:UDP" = 56799:UDP:*:Enabled:Pando Media Booster "21688:TCP" = 21688:TCP:*:Enabled:@xpsp2res.dll,-22009 "56191:TCP" = 56191:TCP:*:Enabled:Pando Media Booster "56191:UDP" = 56191:UDP:*:Enabled:Pando Media Booster "57819:TCP" = 57819:TCP:*:Enabled:Pando Media Booster "57819:UDP" = 57819:UDP:*:Enabled:Pando Media Booster ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\ICQ7.2\ICQ.exe" = C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.) "C:\Program Files\ICQ7.2\aolload.exe" = C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC) "C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- () [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Games-Masters.com\CABAL Online (Europe)\launcher\update\ESTdnheadless.exe" = C:\Program Files\Games-Masters.com\CABAL Online (Europe)\launcher\update\ESTdnheadless.exe:*:Enabled:EST! download engine -- () "C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" = C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club -- (Take-Two Interactive Software, Inc.) "C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server -- (PeeringPortal) "C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server -- (PeeringPortal) "C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation) "C:\Program Files\Microsoft Games\Halo 2\halo2.exe" = C:\Program Files\Microsoft Games\Halo 2\halo2.exe:*:Enabled:Halo 2 -- (Microsoft Corporation) "C:\Program Files\ICQ7.2\ICQ.exe" = C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.) "C:\Program Files\ICQ7.2\aolload.exe" = C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC) "C:\Program Files\Xfire\Xfire.exe" = C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire -- (Xfire Inc.) "C:\Program Files\TeamViewer\Version6\TeamViewer.exe" = C:\Program Files\TeamViewer\Version6\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH) "C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe" = C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH) "C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google) "C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation) "C:\Program Files\Steam\steamapps\common\apb reloaded\Launcher\APBLauncher.exe" = C:\Program Files\Steam\steamapps\common\apb reloaded\Launcher\APBLauncher.exe:*:Enabled:APB Reloaded -- (K2 Network, Inc.) "C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe" = C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher -- () "C:\Program Files\Steam\steamapps\common\apb reloaded\Binaries\APB.exe" = C:\Program Files\Steam\steamapps\common\apb reloaded\Binaries\APB.exe:*:Enabled:APB: APB.exe -- (K2 Network, Inc.) "C:\Program Files\Steam\steamapps\common\apb reloaded\Binaries\VivoxVoiceService.exe" = C:\Program Files\Steam\steamapps\common\apb reloaded\Binaries\VivoxVoiceService.exe:*:Enabled:APB: VivoxVoiceService.exe -- (Vivox Inc.) "C:\Program Files\TeamViewer\Version7\TeamViewer.exe" = C:\Program Files\TeamViewer\Version7\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH) "C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe" = C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH) "C:\Program Files\tera fake\TERA-Launcher.exe" = C:\Program Files\tera fake\TERA-Launcher.exe:*:Enabled:TERA -- (Solid State Networks) "C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- () "C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation) "C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe" = C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe:*:Enabled:Opera Internet Browser - Plugin wrapper -- (Opera Software) "C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable "{02627ee5-eaca-4742-a9cc-e687631773e4}" = Nero ShowTime "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{05EC21B8-4593-3037-A781-A6B5AFFCB19D}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools "{086a7d8c-0a38-4c7f-819a-620275550d5c}" = Nero BurningROM "{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer "{0CA38F52-F0FA-4B9F-8A36-EC8A9609FBBC}" = Halo 2 for Windows Vista "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{0FCDA0F8-F3E5-402E-B9B6-13CB2B01182B}" = TERA "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{1c00c7c5-e615-4139-b817-7f4003de68c0}" = Nero PhotoSnap Help "{1C9FE8CC-2578-41E6-AB28-3B927B055224}" = Windows Live - Pomocnik za vpis "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Orodje za prenos storitve Windows Live "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help "{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU "{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0 "{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java 6 Update 33 "{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5 "{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}" = Bitdefender Antivirus Plus 2012 "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) "{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU "{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{359cfc0a-beb1-440d-95ba-cf63a86da34f}" = Nero Recode "{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent "{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3C867F60-267A-11D4-BF03-0080C84D9C69}" = WinFox Setup "{3CB519B3-1475-4D45-B0D5-9405A2C8F704}" = Pošta Windows Live "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = Logitech Registration "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Zemlja "{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{51EAF221-C37C-43B2-A1AE-2885610AD7D7}" = Aion "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English) "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress "{5BFB956C-3AB9-492A-9E91-5D8C87DCC598}" = Paint.NET v3.5.1 "{5d9be3c1-8ba4-4e7e-82fd-9f74fa6815d1}" = Nero Vision "{5e08ecd1-c98e-4711-bf65-8fd736b3f969}" = Nero RescueAgent Help "{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}" = GameSpy Comrade "{60c731fb-c951-41ce-ad41-8e54c8594609}" = Nero Disc Copy Gadget Help "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner "{62B002C5-1AB3-11D8-8092-00E018B21FC0}" = USB Mass Storage Toolbox "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{64c5b887-b5ee-42b8-8596-78905a6b5f1f}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense "{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008 "{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.3 "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6C9F6D23-E9AD-43C9-B43A-011562AAF876}" = Windows Mobile 5.0 SDK R2 for Pocket PC "{6CAFFBCE-FC5B-41D5-ACC6-1F02E521C4D5}" = Windows Live Messenger "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2 "{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{77e33d87-255e-413e-9c8d-eed2a7f9bebf}" = Nero Live Help "{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune "{7CCEBC24-62DB-4280-A8EC-BFA49F167920}" = Software Update for Web Folders "{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page "{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries "{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2 "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12 "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007 "{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007 "{90120000-0021-0409-0000-0000000FF1CE}_VisualWebDeveloper_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{93FC6253-D5BA-4569-94B7-A087934A49D7}" = Pocket Theme Organizer "{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}" = Windows Mobile 5.0 SDK R2 for Smartphone "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{98a67610-a3b5-4098-a423-3708040026d3}" = "Nero SoundTrax Help "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2 "{9e82b934-9a25-445b-b8df-8012808074ac}" = Nero PhotoSnap "{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{a209525b-3377-43f4-b886-32f6b6e7356f}" = Nero WaveEditor "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5 "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008 "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1 "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint "{ad6bc5cc-2ef0-49c4-b33d-cdc8b2c4dc80}" = Nero Recode Help "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles "{B268E9A1-04A9-40D0-9866-846BE2B74BA7}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools "{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA nadzorna plošča 301.42 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafični gonilnik 301.42 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA Programa nView 136.27 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Sistemske opreme PhysX 9.12.0213 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA posodobitve 1.8.15 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B32E7732-B2FB-3FD0-81AC-6025B1104C66}" = Microsoft Device Emulator version 3.0 - ENU "{B354FB16-3027-47AF-AF3F-7AD1209B886E}" = globaldk "{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}" = Mumble 1.2.3 "{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation "{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU "{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}" = SoundTrax "{C60BA916-9E44-4DA4-B11A-9E27B7624EF5}" = Sony Ericsson Drivers "{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime "{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}" = Sony Ericsson Device Data "{C9FB868B-2086-4EE2-BD4F-BFBA36B131F4}" = NCsoft Launcher "{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}" = Microsoft Windows SDK for Visual Studio 2008 Tools "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed "{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{ce96f5a5-584d-4f8f-aa3e-9baed413db72}" = Nero CoverDesigner Help "{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D59AC9E9-FFAE-471B-B1FF-4B311D23417A}" = Sony Ericsson PC Suite "{D6BF6477-8369-489F-8DE6-3731F4B88560}" = Sony Ericsson PC Suite "{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}" = Microsoft Visual Studio 2008 Professional Edition - ENU "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}" = Nero ShowTime "{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player "{df6a95f5-adc1-406a-bdc6-2aa7cc0182aa}" = Nero Live "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit "{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed "{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer "{e8631efb-6b9a-426c-b1ce-e7173ca26bf8}" = Nero WaveEditor Help "{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer "{EBC92729-E677-415C-8A60-CEF034B33E49}" = Windows Live Essentials "{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{f1861f30-3419-44db-b2a1-c274825698b3}" = Nero Disc Copy Gadget "{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint "{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter "{F69FD33C-8815-46BF-9134-A643DE68F3C0}" = WinFast® Display Driver "{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights "{faf0b65c-072b-4f7e-bd05-6a56f28d4233}" = Wallery "{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool "{FC87BEA8-5582-476C-A754-41F3A9D976D4}" = AVerTV "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "6194C28A8F62DD817EA1B918E6E46E806A21B452" = Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0) "65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0) "6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager "AC3Filter" = AC3Filter (remove only) "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "AVerMedia M135-Series PCI TV Tuner" = AVerMedia M135-Series PCI TV Tuner 3.5.0.65 "AVerMedia MCE Encoder" = AVerMedia MCE Encoder 3.2.1.62 "Bitdefender" = Bitdefender Antivirus Plus 2012 "Born To Be Big_is1" = Born To Be Big "BSPlayerf" = BS.Player FREE powered by AdVantage "CCleaner" = CCleaner "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "Cheat Engine 5.6_is1" = Cheat Engine 5.6 "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "CPUID CPU-Z_is1" = CPUID CPU-Z 1.60 "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "DivX Setup" = DivX Setup "DriverAgent.exe" = DriverAgent by eSupport.com "EADM" = EA Download Manager "ENTERPRISE" = Microsoft Office Enterprise 2007 "EPSON Scanner" = EPSON Scan "Epson Stylus SX210_SX410_TX210_TX410 Navodila za uporabo" = Epson Stylus SX210_SX410_TX210_TX410 Priročnik "EPSON SX410 Series" = EPSON SX410 Series Printer Uninstall "GamersFirst LIVE!" = GamersFirst LIVE! "GamersFirst Sword 2" = Sword 2 "GameSpy Arcade" = GameSpy Arcade "Google Chrome" = Google Chrome "Google Updater" = Google Updater "Granado Espada_is1" = Granado Espada "Halo 2" = Halo 2 for Windows Vista "hp print screen utility" = hp print screen utility "HWiNFO32_is1" = HWiNFO32 Version 3.62 "ie8" = Windows Internet Explorer 8 "InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune "InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer "InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio "InstallShield_{FC87BEA8-5582-476C-A754-41F3A9D976D4}" = AVerTV "Macro Wizard 4.1_is1" = Macro Wizard 4.1 "Magic ISO Maker v5.5 (build 0272)" = Magic ISO Maker v5.5 (build 0272) "Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281) "MagicDisc 2.7.105" = MagicDisc 2.7.105 "MegaTrainer eXperience_is1" = MegaTrainer eXperience V1.0.9.0 "Messenger Plus! Live" = Messenger Plus! Live "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008 "Microsoft SQL Server 2005" = Microsoft SQL Server 2005 "Microsoft Visual Studio 2005 Tools for Office Runtime" = Microsoft Visual Studio 2005 Tools for Office Runtime "Microsoft Visual Studio 2008 Professional Edition - ENU" = Microsoft Visual Studio 2008 Professional Edition - ENU "Minecraft Beta Cracked" = Minecraft Beta Cracked "Mozilla Firefox 10.0.2 (x86 sl)" = Mozilla Firefox 10.0.2 (x86 sl) "Neffy" = Neffy 1,2,0,22 "Nero - Burning Rom" = Nero - Burning Rom "npkcxp" = nProtect KeyCrypt "NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager "Opera 12.00.1467" = Opera 12.00 "PhotoScape" = PhotoScape "RealPlayer 15.0" = RealPlayer "Registry Mechanic_is1" = PC Tools Registry Mechanic 11.0 "SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software "SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set "Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software "SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software "SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software "Sanctum © Coffee Stain Studios_is1" = Sanctum © Coffee Stain Studios version 1 "Steam App 113400" = APB Reloaded "SystemRequirementsLab" = System Requirements Lab "Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2 "TeamViewer 6" = TeamViewer 6 "TeamViewer 7" = TeamViewer 7 "Tweak UI 2.10" = Tweak UI "VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component "VLC media player" = VLC media player 2.0.1 "VMware_Player" = VMware Player "vsfilter_is1" = DirectVobSub 2.40.4209 "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 "Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows XP Service Pack" = Windows XP Service Pack 3 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR archiver "Xfire" = Xfire (remove only) "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1060284298-362288127-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "NCsoft-Aion" = Aion (North America) "NCsoft-AionEU" = Aion (Europe) "sc09-SLO_ZURNAL_MAIN" = Ski Challenge 2009 (zurnal24.si) "TeamSpeak 3 Client" = TeamSpeak 3 Client "Techno Design IP Notify" = LiveSearch Notification Tool ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 18/06/2012 00:12:42 | Computer Name = SILVO1 | Source = VsJITDebugger | ID = 4096 Description = An unhandled win32 exception occurred in svchost.exe [11096]. Just-In-Time debugging this exception failed with the following error: Debugger could not be started because no user is logged on. Check the documentation index for 'Just-in-time debugging, errors' for more information. Error - 18/06/2012 00:26:07 | Computer Name = SILVO1 | Source = VsJITDebugger | ID = 4096 Description = An unhandled win32 exception occurred in svchost.exe [3184]. Just-In-Time debugging this exception failed with the following error: Debugger could not be started because no user is logged on. Check the documentation index for 'Just-in-time debugging, errors' for more information. Error - 18/06/2012 01:49:29 | Computer Name = SILVO1 | Source = VsJITDebugger | ID = 4096 Description = An unhandled win32 exception occurred in svchost.exe [4784]. Just-In-Time debugging this exception failed with the following error: Debugger could not be started because no user is logged on. Check the documentation index for 'Just-in-time debugging, errors' for more information. Error - 18/06/2012 04:28:02 | Computer Name = SILVO1 | Source = VsJITDebugger | ID = 4096 Description = An unhandled win32 exception occurred in svchost.exe [6164]. Just-In-Time debugging this exception failed with the following error: Debugger could not be started because no user is logged on. Check the documentation index for 'Just-in-time debugging, errors' for more information. Error - 18/06/2012 04:28:02 | Computer Name = SILVO1 | Source = VsJITDebugger | ID = 4096 Description = An unhandled win32 exception occurred in svchost.exe [6164]. Just-In-Time debugging this exception failed with the following error: Debugger could not be started because no user is logged on. Check the documentation index for 'Just-in-time debugging, errors' for more information. Error - 18/06/2012 06:53:21 | Computer Name = SILVO1 | Source = VsJITDebugger | ID = 4096 Description = An unhandled win32 exception occurred in svchost.exe [1940]. Just-In-Time debugging this exception failed with the following error: Napaka pri klicu oddaljene procedure. Check the documentation index for 'Just-in-time debugging, errors' for more information. Error - 20/06/2012 05:05:42 | Computer Name = SILVO1 | Source = VsJITDebugger | ID = 4096 Description = An unhandled win32 exception occurred in svchost.exe [2628]. Just-In-Time debugging this exception failed with the following error: Debugger could not be started because no user is logged on. Check the documentation index for 'Just-in-time debugging, errors' for more information. Error - 20/06/2012 07:26:42 | Computer Name = SILVO1 | Source = VsJITDebugger | ID = 4096 Description = An unhandled win32 exception occurred in svchost.exe [1856]. Just-In-Time debugging this exception failed with the following error: Napaka pri klicu oddaljene procedure. Check the documentation index for 'Just-in-time debugging, errors' for more information. Error - 21/06/2012 03:49:06 | Computer Name = SILVO1 | Source = VsJITDebugger | ID = 4096 Description = Failed to load user32.dll into the vsjitdebugger.exe process. Error - 21/06/2012 03:49:36 | Computer Name = SILVO1 | Source = VsJITDebugger | ID = 4096 Description = An unhandled win32 exception occurred in svchost.exe [8000]. Just-In-Time debugging this exception failed with the following error: Izvajanje strežnika ni uspelo Check the documentation index for 'Just-in-time debugging, errors' for more information. [ OSession Events ] Error - 28/08/2009 08:25:37 | Computer Name = SILVO1 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash. Error - 28/08/2009 08:25:43 | Computer Name = SILVO1 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash. Error - 28/08/2009 08:25:46 | Computer Name = SILVO1 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash. [ System Events ] Error - 21/06/2012 11:16:40 | Computer Name = SILVO1 | Source = Service Control Manager | ID = 7034 Description = NVIDIA Driver Helper Service storitev se je nepričakovano prekinila. To je storila 1 krat. Error - 21/06/2012 11:16:40 | Computer Name = SILVO1 | Source = Service Control Manager | ID = 7034 Description = PC Tools Startup and Shutdown Monitor service storitev se je nepričakovano prekinila. To je storila 1 krat. Error - 21/06/2012 11:16:40 | Computer Name = SILVO1 | Source = Service Control Manager | ID = 7034 Description = Java Quick Starter storitev se je nepričakovano prekinila. To je storila 1 krat. Error - 21/06/2012 11:16:40 | Computer Name = SILVO1 | Source = Service Control Manager | ID = 7034 Description = SQL Server (SQLEXPRESS) storitev se je nepričakovano prekinila. To je storila 1 krat. Error - 21/06/2012 11:16:40 | Computer Name = SILVO1 | Source = Service Control Manager | ID = 7034 Description = Print Spooler storitev se je nepričakovano prekinila. To je storila 1 krat. Error - 21/06/2012 11:16:40 | Computer Name = SILVO1 | Source = Service Control Manager | ID = 7034 Description = Application Layer Gateway Service storitev se je nepričakovano prekinila. To je storila 1 krat. Error - 21/06/2012 11:16:40 | Computer Name = SILVO1 | Source = Service Control Manager | ID = 7034 Description = NVIDIA Update Service Daemon storitev se je nepričakovano prekinila. To je storila 1 krat. Error - 21/06/2012 11:16:40 | Computer Name = SILVO1 | Source = Service Control Manager | ID = 7031 Description = SQL Server Browser storitev se je nepričakovano prekinila. To je storila že 1 krat. Ta popravljalna dejanja bodo izvedena v 60000 milisekundah: Ponovni zagon storitve. Error - 21/06/2012 11:16:40 | Computer Name = SILVO1 | Source = Service Control Manager | ID = 7031 Description = SAS Core Service storitev se je nepričakovano prekinila. To je storila že 1 krat. Ta popravljalna dejanja bodo izvedena v 1000 milisekundah: Ponovni zagon storitve. Error - 21/06/2012 11:23:38 | Computer Name = SILVO1 | Source = Service Control Manager | ID = 7009 Description = Časovna omejitev (30000 milisekund) pri čakanju, da storitev CardBusService vzpostavi povezavo. < End of report >
  9. Abbey
    OTL logfile created on: 21/06/2012 09:05:38 - Run 1 OTL by OldTimer - Version 3.2.50.0 Folder = C:\Documents and Settings\Silvo\My Documents\Downloads Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: Združeno kraljestvo | Language: ENG | Date Format: dd/MM/yyyy 3.25 Gb Total Physical Memory | 2.66 Gb Available Physical Memory | 81.80% Memory free 5.09 Gb Paging File | 4.54 Gb Available in Paging File | 89.17% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 465.75 Gb Total Space | 107.68 Gb Free Space | 23.12% Space Free | Partition Type: NTFS Computer Name: SILVO1 | User Name: Silvo | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/06/21 09:03:40 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Silvo\My Documents\Downloads\OTL.exe PRC - [2012/05/15 03:18:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012/04/26 14:08:24 | 000,793,048 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe PRC - [2012/04/15 02:05:18 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe PRC - [2012/04/04 06:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/03/23 16:38:58 | 001,553,392 | ---- | M] (Bitdefender) -- C:\Program Files\BitDefender\Bitdefender 2012\vsserv.exe PRC - [2012/03/22 14:32:12 | 001,183,616 | ---- | M] (Bitdefender) -- C:\Program Files\BitDefender\Bitdefender 2012\bdagent.exe PRC - [2012/03/13 18:24:14 | 000,053,224 | ---- | M] (Bitdefender) -- C:\Program Files\BitDefender\Bitdefender 2012\updatesrv.exe PRC - [2011/08/11 16:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe PRC - [2011/07/28 16:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe PRC - [2009/07/20 04:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe PRC - [2009/07/10 04:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe PRC - [2009/06/28 06:50:19 | 000,191,008 | ---- | M] (INCA Internet Co., Ltd.) -- C:\WINDOWS\system32\npkcmsvc.exe PRC - [2008/09/30 04:48:28 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007/07/22 23:54:14 | 000,618,496 | ---- | M] () -- C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe PRC - [2007/07/11 06:57:42 | 000,880,640 | R--- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe PRC - [2007/06/12 23:16:02 | 000,528,384 | R--- | M] () -- C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe PRC - [2007/03/15 18:23:20 | 000,983,040 | R--- | M] (Teleca AB) -- C:\Program Files\Common Files\Teleca Shared\Generic.exe ========== Modules (No Company Name) ========== MOD - [2012/06/15 03:36:02 | 000,139,480 | ---- | M] () -- \\?\C:\Program Files\Bitdefender\Bitdefender 2012\bdnc.dll MOD - [2012/03/29 19:58:34 | 000,573,904 | ---- | M] () -- C:\Program Files\Common Files\BitDefender\Bitdefender Threat Scanner\bdsmartdb.dll MOD - [2012/03/28 00:07:08 | 000,107,520 | ---- | M] () -- C:\Program Files\BitDefender\Bitdefender 2012\UI\popup.ui MOD - [2012/03/28 00:07:06 | 000,004,608 | ---- | M] () -- C:\Program Files\BitDefender\Bitdefender 2012\UI\imsecurityal.ui MOD - [2012/03/28 00:07:04 | 000,003,072 | ---- | M] () -- C:\Program Files\BitDefender\Bitdefender 2012\UI\accessl.ui MOD - [2012/03/22 12:30:52 | 002,063,872 | ---- | M] () -- C:\Program Files\BitDefender\Bitdefender 2012\as2core\ashttpf.mdl MOD - [2012/03/22 12:30:52 | 001,917,952 | ---- | M] () -- C:\Program Files\BitDefender\Bitdefender 2012\as2core\ashttpph.mdl MOD - [2012/03/22 12:30:52 | 001,867,776 | ---- | M] () -- C:\Program Files\BitDefender\Bitdefender 2012\as2core\asimf.mdl MOD - [2012/03/22 12:30:52 | 000,956,928 | ---- | M] () -- C:\Program Files\BitDefender\Bitdefender 2012\as2core\ashttprbl.mdl MOD - [2012/03/22 12:30:52 | 000,634,880 | ---- | M] () -- C:\Program Files\BitDefender\Bitdefender 2012\as2core\ashttpbr.mdl MOD - [2012/03/22 12:30:52 | 000,513,536 | ---- | M] () -- C:\Program Files\BitDefender\Bitdefender 2012\as2core\ashttpdsp.mdl MOD - [2012/03/22 12:30:52 | 000,446,464 | ---- | M] () -- C:\Program Files\BitDefender\Bitdefender 2012\as2core\asimdsp.mdl MOD - [2012/03/22 12:30:52 | 000,391,168 | ---- | M] () -- C:\Program Files\BitDefender\Bitdefender 2012\as2core\asimbr.mdl MOD - [2012/03/12 15:14:58 | 000,270,536 | ---- | M] () -- C:\Program Files\BitDefender\Bitdefender 2012\avc3al.dll MOD - [2012/02/09 13:49:02 | 000,092,328 | ---- | M] () -- C:\Program Files\BitDefender\Bitdefender 2012\bdmetrics.dll MOD - [2012/01/31 16:45:16 | 001,226,400 | ---- | M] () -- \\?\C:\Program Files\Bitdefender\Bitdefender 2012\wslib.dll MOD - [2012/01/23 20:27:20 | 000,035,208 | ---- | M] () -- C:\Program Files\BitDefender\Bitdefender 2012\procinfo.dll MOD - [2012/01/23 20:20:54 | 000,139,208 | ---- | M] () -- C:\Program Files\BitDefender\Bitdefender 2012\popup.dll MOD - [2012/01/23 20:15:40 | 000,059,392 | ---- | M] () -- C:\Program Files\BitDefender\Bitdefender 2012\bdmltusrsrv.dll MOD - [2012/01/23 20:14:56 | 000,110,880 | ---- | M] () -- C:\Program Files\BitDefender\Bitdefender 2012\connector.dll MOD - [2012/01/23 20:14:00 | 000,061,440 | ---- | M] () -- C:\Program Files\BitDefender\Bitdefender 2012\excludemgr.dll MOD - [2012/01/23 20:13:40 | 000,154,152 | ---- | M] () -- C:\Program Files\BitDefender\Bitdefender 2012\framework.dll MOD - [2012/01/06 16:27:34 | 000,035,720 | ---- | M] () -- C:\Program Files\BitDefender\Bitdefender 2012\strdecoder.dll MOD - [2012/01/06 16:27:28 | 000,202,032 | ---- | M] () -- C:\Program Files\BitDefender\Bitdefender 2012\txmlutil.dll MOD - [2011/10/27 15:07:06 | 000,362,736 | ---- | M] () -- \\?\C:\Program Files\Common Files\Bitdefender\Bitdefender Threat Scanner\trufos.dll MOD - [2011/07/28 16:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011/07/28 16:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe MOD - [2011/05/19 19:34:22 | 000,056,224 | ---- | M] () -- \\?\C:\Program Files\Common Files\Bitdefender\Bitdefender Threat Scanner\Antivirus_09430_073\avxdisk.dll MOD - [2009/07/20 04:27:14 | 000,017,936 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\khalwrapper.dll MOD - [2008/04/13 17:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll MOD - [2008/04/13 17:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll MOD - [2007/07/22 23:54:14 | 000,618,496 | ---- | M] () -- C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe MOD - [2007/07/22 23:40:30 | 000,053,248 | ---- | M] () -- C:\Program Files\Common Files\AVerMedia\Dll\MsgLog.dll MOD - [2007/06/12 23:16:02 | 000,528,384 | R--- | M] () -- C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe MOD - [2007/05/22 23:23:34 | 004,591,616 | R--- | M] () -- C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application LauncherBmp.dll MOD - [2007/05/22 06:44:50 | 000,023,552 | R--- | M] () -- C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application LauncherLg.dll MOD - [2006/03/09 09:45:36 | 000,081,920 | R--- | M] () -- C:\Program Files\Common Files\Teleca Shared\boost_log-vc71-mt-1_33.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe /service -- (LIVESRV) SRV - File not found [Auto | Stopped] -- C:\DOCUME~1\Silvo\LOCALS~1\Temp\hpdj.exe -- (hpdj) SRV - [2012/06/14 06:55:22 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/05/15 03:18:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012/04/26 14:08:24 | 000,793,048 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc) SRV - [2012/04/04 14:08:37 | 000,356,984 | ---- | M] (BitDefender) [Disabled | Stopped] -- C:\Program Files\Common Files\BitDefender\Bitdefender Threat Scanner\scan.dll -- (scan) SRV - [2012/04/04 06:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/03/23 16:38:58 | 001,553,392 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe -- (VSSERV) SRV - [2012/03/13 18:24:14 | 000,053,224 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe -- (UPDATESRV) SRV - [2011/10/14 23:57:36 | 000,307,544 | ---- | M] (BitDefender) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\Bitdefender Arrakis Server\bin\arrakis3.exe -- (Update Server) SRV - [2011/08/11 16:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE) SRV - [2010/09/06 10:56:38 | 000,247,096 | ---- | M] () [Auto | Stopped] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2010/06/20 08:41:00 | 003,813,096 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\system32\GameMon.des -- (npggsvc) SRV - [2010/02/19 04:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009/07/20 04:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2009/06/28 06:50:19 | 000,191,008 | ---- | M] (INCA Internet Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\npkcmsvc.exe -- (npkcmsvc) SRV - [2009/01/08 00:42:54 | 000,233,472 | ---- | M] (Teruten) [Disabled | Stopped] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService) SRV - [2008/09/30 04:48:28 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2007/11/06 23:58:18 | 003,004,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90) SRV - [2007/09/04 10:25:44 | 000,131,072 | ---- | M] (NVIDIA) [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService) SRV - [2007/04/22 10:15:50 | 000,188,416 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\AVerMedia\Service\CardBusService.exe -- (CardBusService) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\xhunter1.sys -- (xhunter1) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva394.sys -- (XDva394) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva393.sys -- (XDva393) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva392.sys -- (XDva392) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva391.sys -- (XDva391) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva389.sys -- (XDva389) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva387.sys -- (XDva387) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva385.sys -- (XDva385) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva380.sys -- (XDva380) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva351.sys -- (XDva351) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva288.sys -- (XDva288) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva279.sys -- (XDva279) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva275.sys -- (XDva275) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva190.sys -- (XDva190) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\vtany.sys -- (vtany) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vmnetadapter.sys -- (VMnetAdapter) DRV - File not found [Kernel | Boot | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys -- (Trufos) DRV - File not found [Kernel | Boot | Stopped] -- System32\Drivers\sptd.sys -- (sptd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wg111v2.sys -- (RTLWUSB) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys -- (Profos) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\Silvo\LOCALS~1\Temp\mbr.sys -- (mbr) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lmimirr.sys -- (lmimirr) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EagleNT.sys -- (EagleNT) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\bdfndisf.sys -- (Bdfndisf) DRV - File not found [File_System | On_Demand | Stopped] -- system32\drivers\bdfm.sys -- (bdfm) DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\Silvo\LOCALS~1\Temp\aswMBR.sys -- (aswMBR) DRV - [2012/06/21 04:02:34 | 000,036,352 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\disk.sys -- (Disk) DRV - [2012/06/19 01:47:00 | 000,014,080 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\TrueSight.sys -- (TrueSight) DRV - [2012/06/17 15:45:24 | 000,023,456 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DrvAgent32.sys -- (DrvAgent32) DRV - [2012/06/15 03:36:03 | 000,360,976 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\bdfsfltr.sys -- (bdfsfltr) DRV - [2012/04/04 06:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012/03/29 01:53:35 | 000,072,136 | ---- | M] (www.wiselogic.co.kr) [Kernel | On_Demand | Stopped] -- C:\GEMC011.sys -- (GEMC011) DRV - [2012/03/24 08:51:51 | 000,072,136 | ---- | M] (www.wiselogic.co.kr) [Kernel | On_Demand | Stopped] -- C:\GEMC009.sys -- (GEMC009) DRV - [2012/03/24 08:47:39 | 000,072,136 | ---- | M] (www.wiselogic.co.kr) [Kernel | On_Demand | Stopped] -- C:\GEMC005.sys -- (GEMC005) DRV - [2012/03/24 08:45:49 | 000,072,136 | ---- | M] (www.wiselogic.co.kr) [Kernel | On_Demand | Stopped] -- C:\GEMC003.sys -- (GEMC003) DRV - [2012/03/24 08:45:20 | 000,072,136 | ---- | M] (www.wiselogic.co.kr) [Kernel | On_Demand | Stopped] -- C:\GEMC001.sys -- (GEMC001) DRV - [2012/03/20 20:22:08 | 000,611,520 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avc3.sys -- (avc3) DRV - [2012/03/20 09:54:50 | 000,072,136 | ---- | M] (www.wiselogic.co.kr) [Kernel | On_Demand | Stopped] -- C:\GEMC007.sys -- (GEMC007) DRV - [2012/03/19 01:20:03 | 000,072,136 | ---- | M] (www.wiselogic.co.kr) [Kernel | On_Demand | Stopped] -- C:\GEMC004.sys -- (GEMC004) DRV - [2012/03/19 01:19:44 | 000,072,136 | ---- | M] (www.wiselogic.co.kr) [Kernel | On_Demand | Stopped] -- C:\GEMC002.sys -- (GEMC002) DRV - [2012/03/01 16:30:37 | 000,130,664 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\BitDefender\Bitdefender 2012\bdselfpr.sys -- (BDSelfPr) DRV - [2012/02/17 16:45:12 | 000,447,208 | ---- | M] (BitDefender) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avckf.sys -- (avckf) DRV - [2011/11/25 14:59:40 | 000,240,184 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avchv.sys -- (avchv) DRV - [2011/11/17 17:38:34 | 000,063,056 | ---- | M] (BitDefender SRL) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bdsandbox.sys -- (bdsandbox) DRV - [2011/11/14 20:16:28 | 000,130,640 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys -- (bdftdif) DRV - [2011/09/21 02:25:34 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz135_x32.sys -- (cpuz135) DRV - [2011/07/22 09:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2011/07/12 14:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2010/09/29 15:13:46 | 000,020,088 | ---- | M] (REALiX) [Kernel | Auto | Running] -- C:\Program Files\HWiNFO32\HWiNFO32.SYS -- (HWiNFO32) DRV - [2010/09/14 11:21:09 | 000,109,440 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\KbdCap.sys -- (kbdcap) DRV - [2010/02/20 07:49:33 | 000,017,480 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi) DRV - [2010/01/19 19:32:40 | 000,085,128 | ---- | M] (BitDefender) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\bdvedisk.sys -- (BDVEDISK) DRV - [2009/12/30 02:20:56 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt) DRV - [2009/12/18 03:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv) DRV - [2009/06/17 09:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt) DRV - [2009/06/17 09:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2009/06/17 09:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2009/06/17 09:55:18 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd) DRV - [2009/04/15 04:53:20 | 000,043,424 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\npkcusb.sys -- (npkcusb) DRV - [2009/04/15 04:52:36 | 000,053,664 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\npkcrypt.sys -- (npkcrypt) DRV - [2009/01/08 00:42:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2008/07/28 08:19:28 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus) DRV - [2008/04/13 11:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE) DRV - [2008/02/24 05:27:00 | 000,037,376 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l151x86.sys -- (AtcL001) DRV - [2008/02/22 06:33:02 | 000,114,304 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm) DRV - [2008/02/22 06:33:02 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl) DRV - [2008/02/22 06:33:00 | 000,087,936 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM) DRV - [2007/09/04 10:26:32 | 000,029,696 | ---- | M] (NVidia Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\nvoclock.sys -- (NVR0Dev) DRV - [2007/06/19 00:51:20 | 000,107,304 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s816mdm.sys -- (s816mdm) DRV - [2007/06/19 00:51:18 | 000,099,112 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s816mgmt.sys -- (s816mgmt) Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM) DRV - [2007/06/19 00:51:18 | 000,097,704 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s816unic.sys -- (s816unic) Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM) DRV - [2007/06/19 00:51:18 | 000,097,320 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s816obex.sys -- (s816obex) DRV - [2007/06/19 00:51:18 | 000,021,928 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s816nd5.sys -- (s816nd5) Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS) DRV - [2007/06/19 00:51:18 | 000,013,864 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s816mdfl.sys -- (s816mdfl) DRV - [2007/06/19 00:51:16 | 000,081,832 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s816bus.sys -- (s816bus) Sony Ericsson Device 816 driver (WDM) DRV - [2007/05/21 01:42:46 | 001,180,672 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVerBDA3x.sys -- (AVerBDA3x) DRV - [2007/04/03 04:57:48 | 000,108,680 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116mdm.sys -- (s116mdm) DRV - [2007/04/03 04:57:48 | 000,015,112 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116mdfl.sys -- (s116mdfl) DRV - [2007/04/03 04:57:42 | 000,083,336 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116bus.sys -- (s116bus) Sony Ericsson Device 116 driver (WDM) DRV - [2007/03/08 17:27:56 | 004,485,120 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2004/08/13 11:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q={searchTerms}&crm=1 IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes IE - HKU\.DEFAULT\..\URLSearchHook: - No CLSID value found IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes IE - HKU\S-1-5-18\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/enterprise/security_response/index.jsp IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/enterprise/security_response/index.jsp IE - HKU\S-1-5-21-1060284298-362288127-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes IE - HKU\S-1-5-21-1060284298-362288127-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\S-1-5-21-1060284298-362288127-839522115-1003\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-1060284298-362288127-839522115-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found IE - HKU\S-1-5-21-1060284298-362288127-839522115-1003\..\SearchScopes,DefaultScope = Bing IE - HKU\S-1-5-21-1060284298-362288127-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IEFM1&src=IE-SearchBox IE - HKU\S-1-5-21-1060284298-362288127-839522115-1003\..\SearchScopes\{4EA00044-4BB9-4E9A-A818-CAA3F7950317}: "URL" = http://search.avg.com/route/?d=4e0383a6&v=7.5.30.4&i=26&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us IE - HKU\S-1-5-21-1060284298-362288127-839522115-1003\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKU\S-1-5-21-1060284298-362288127-839522115-1003\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB9}: "URL" = http://www.daemon-search.com/search/web?q={searchTerms} IE - HKU\S-1-5-21-1060284298-362288127-839522115-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1142338 IE - HKU\S-1-5-21-1060284298-362288127-839522115-1003\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q={searchTerms}&crm=1 IE - HKU\S-1-5-21-1060284298-362288127-839522115-1003\..\SearchScopes\{DB4131FF-29F0-4874-AA0B-D0A1910EEEE7}: "URL" = http://www.google.si/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz= IE - HKU\S-1-5-21-1060284298-362288127-839522115-1003\..\SearchScopes\{F5A9DC2B-3409-4DFC-A1EE-0114439EE65B}: "URL" = http://www.najdi.si/search.jsp?q={searchTerms}&foxsbar=ie IE - HKU\S-1-5-21-1060284298-362288127-839522115-1003\..\SearchScopes\Bing: "URL" = http://www.bing.com/search?q={searchTerms}&mkt=sl-SI&FORM=MIC2G5 IE - HKU\S-1-5-21-1060284298-362288127-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1060284298-362288127-839522115-1016\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.startup.homepage: "http://www.google.com/" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872 FF - prefs.js..extensions.enabledItems: avg@igeared:6.103.018.001 FF - prefs.js..extensions.enabledItems: {CA60F577-1B28-41D6-8C78-C49E63304FCF}:1.0 FF - prefs.js..extensions.enabledItems: ffxtlbr@Facemoods.com:1.1.0 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.3.3 FF - prefs.js..extensions.enabledItems: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.2.3.3 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files\GamersFirst\LIVE!\nplivelauncher.dll File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2009\FFToolbar\ FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/02/20 18:33:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/04/15 02:05:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/15 02:04:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/15 02:20:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2009\tbextension\ [2009/02/09 06:41:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Silvo\Application Data\Mozilla\Extensions [2012/06/21 07:15:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions [2012/06/21 07:15:19 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012/06/21 07:15:21 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} [2010/07/28 14:29:25 | 000,000,000 | ---D | M] (Facemoods) -- C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\ffxtlbr@Facemoods.com [2012/06/21 07:15:26 | 000,000,000 | ---D | M] ("MyPlayCity Toolbar") -- C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\toolbar@ask.com [2012/05/18 01:34:25 | 000,000,000 | ---D | M] (LavaFox V2-Green) -- C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\zigboom@ymail.com [2012/05/12 16:05:59 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\searchplugins\icqplugin-1.xml [2011/06/23 11:48:39 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\searchplugins\icqplugin-10.xml [2011/08/19 01:18:13 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\searchplugins\icqplugin-11.xml [2011/08/31 14:29:09 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\searchplugins\icqplugin-12.xml [2011/09/07 03:02:00 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\searchplugins\icqplugin-13.xml [2011/09/19 13:20:19 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\searchplugins\icqplugin-14.xml [2011/10/01 00:22:15 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\searchplugins\icqplugin-15.xml [2011/10/14 09:47:05 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\searchplugins\icqplugin-16.xml [2011/11/08 05:41:50 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\searchplugins\icqplugin-17.xml [2011/11/08 13:33:34 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\searchplugins\icqplugin-18.xml [2011/11/09 11:45:48 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\searchplugins\icqplugin-19.xml [2011/03/05 02:28:03 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\searchplugins\icqplugin-2.xml [2011/12/06 07:58:03 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\searchplugins\icqplugin-20.xml [2012/01/29 04:17:01 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\searchplugins\icqplugin-21.xml [2012/02/02 08:05:13 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\searchplugins\icqplugin-22.xml [2012/02/13 11:35:12 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\searchplugins\icqplugin-23.xml [2012/02/19 05:57:57 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\searchplugins\icqplugin-24.xml [2012/02/21 02:19:50 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\searchplugins\icqplugin-25.xml [2011/03/24 12:41:36 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\searchplugins\icqplugin-3.xml [2011/04/29 09:07:55 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\searchplugins\icqplugin-4.xml [2011/05/01 03:24:06 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\searchplugins\icqplugin-5.xml [2011/05/01 11:23:38 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\searchplugins\icqplugin-6.xml [2011/05/05 15:12:10 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\searchplugins\icqplugin-7.xml [2011/05/10 01:00:43 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\searchplugins\icqplugin-8.xml [2011/06/22 02:21:24 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\searchplugins\icqplugin-9.xml [2011/02/24 21:07:13 | 000,001,056 | ---- | M] () -- C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\searchplugins\icqplugin.xml [2012/06/21 07:15:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010/07/28 14:29:28 | 000,000,000 | ---D | M] (FindXplorer) -- C:\Program Files\Mozilla Firefox\extensions\{CA60F577-1B28-41D6-8C78-C49E63304FCF} [2012/06/15 02:20:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012/04/15 02:05:36 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT [2011/09/15 12:09:09 | 000,035,641 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\SILVO\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KEUDRCDB.DEFAULT\EXTENSIONS\TINYURL.ADDON@FAST-CHAT.CO.UK.XPI [2012/06/15 02:19:53 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2012/02/19 05:56:39 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2008/08/13 10:02:10 | 000,035,840 | ---- | M] () -- C:\Program Files\mozilla firefox\components\FFComm.dll [2008/01/22 23:20:30 | 000,491,520 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll [2011/10/01 00:19:22 | 000,010,799 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\ceneji.xml [2011/10/01 00:19:22 | 000,001,420 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\najdi-si.xml [2011/10/01 00:19:22 | 000,003,584 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\odpiralni.xml [2011/11/09 05:52:09 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml [2011/10/01 00:19:22 | 000,001,328 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-sl.xml ========== Chrome ========== CHR - default_search_provider: AVG Secure Search (Enabled) CHR - default_search_provider: search_url = http://search.avg.com/?d=4e0383cf&v=7.5.30.4&i=26&tp=ggl-chrome&q={searchTerms} CHR - default_search_provider: suggest_url = http://suggestqueries.google.com/complete/search?output=chrome&client=chrome&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.56\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.56\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Silvo\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll CHR - plugin: BitCometAgent (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll CHR - plugin: RealNetworks Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: DNA Plug-in (Enabled) = C:\Program Files\DNA\plugins\npbtdna.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Program Files\Yahoo!\Common\npyaxmpb.dll CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: YouTube = C:\Documents and Settings\Silvo\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Iskanje Google = C:\Documents and Settings\Silvo\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\Silvo\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\ CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Documents and Settings\Silvo\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ CHR - Extension: Gmail = C:\Documents and Settings\Silvo\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012/06/21 08:22:59 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.) O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKLM\..\Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - No CLSID value found. O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKU\S-1-5-21-1060284298-362288127-839522115-1003\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O3 - HKU\S-1-5-21-1060284298-362288127-839522115-1003\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [bDAgent] C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe (Bitdefender) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe () O4 - HKLM..\Run: [sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe () O4 - HKLM..\Run: [switchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKU\S-1-5-21-1060284298-362288127-839522115-1003..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA) O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation) O4 - HKU\.DEFAULT..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 File not found O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation) O4 - HKU\S-1-5-18..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 File not found O4 - HKU\S-1-5-21-1060284298-362288127-839522115-1016..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 File not found O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AVerQuick.lnk = C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe () O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: AFEC-CEAB = C:\Documents and Settings\Silvo\Application Data\Seven.exe O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1060284298-362288127-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1060284298-362288127-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-1060284298-362288127-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-1060284298-362288127-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-1060284298-362288127-839522115-1016\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1060284298-362288127-839522115-1016\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.srtest.com/srl_bin/sysreqlab3.cab (System Requirements Lab Class) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1217854800937 (WUWebControl Class) O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} http://www.acclaim.com/cabs/acclaim_v4.cab (GameLauncher Control) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1217854781968 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} http://disteng.nefficient.com/disteng/neffy/NeffyLauncher.cab (NeffyLauncherCtl Class) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} http://update.nprotect.net/keycrypt/cabal/npkcx_inca.cab (NPKCX Control) O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool) O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC30E4D0-6780-42EB-9733-F8D55434BB60}: NameServer = 193.189.160.13,193.189.160.23 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Documents and Settings\Silvo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Silvo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012/06/21 06:16:14 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2012/06/21 06:16:14 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2012/06/21 06:16:14 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2012/06/21 06:16:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2012/06/21 06:16:00 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/06/21 06:08:59 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Silvo\Recent [2012/06/21 05:52:27 | 000,000,000 | RHSD | C] -- C:\cmdcons [2012/06/21 05:47:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt [2012/06/21 03:57:51 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2012/06/20 14:00:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Silvo\Application Data\vlc [2012/06/20 14:00:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN [2012/06/20 09:45:33 | 000,069,632 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\Alcmtr.exe [2012/06/20 03:15:28 | 001,191,936 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RtlUpd.exe [2012/06/20 03:15:26 | 009,709,568 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTLCPL.EXE [2012/06/20 03:15:26 | 002,808,832 | ---- | C] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE [2012/06/20 03:15:26 | 000,299,008 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\ALSNDMGR.CPL [2012/06/20 03:15:26 | 000,282,624 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RTSndMgr.CPL [2012/06/20 03:15:26 | 000,086,016 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE [2012/06/20 03:15:25 | 002,157,568 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\MicCal.exe [2012/06/20 03:15:23 | 004,485,120 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys [2012/06/20 03:15:23 | 000,146,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\portcls.sys [2012/06/20 03:15:23 | 000,049,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\stream.sys [2012/06/20 03:15:22 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksuser.dll [2012/06/20 03:15:21 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksproxy.ax [2012/06/20 03:15:20 | 000,141,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ks.sys [2012/06/20 03:15:20 | 000,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys [2012/06/19 01:46:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Silvo\Desktop\RK_Quarantine [2012/06/18 09:32:01 | 001,101,824 | ---- | C] (Woodbury Associates Limited) -- C:\WINDOWS\System32\UniBox210.ocx [2012/06/18 09:32:01 | 000,880,640 | ---- | C] (Woodbury Associates Limited) -- C:\WINDOWS\System32\UniBox10.ocx [2012/06/18 09:32:01 | 000,658,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCOMCT2.OCX [2012/06/18 09:32:01 | 000,212,992 | ---- | C] (Woodbury Associates Limited) -- C:\WINDOWS\System32\UniBoxVB12.ocx [2012/06/18 09:32:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PC Tools Registry Mechanic [2012/06/18 09:31:58 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Registry Mechanic [2012/06/18 09:31:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools [2012/06/18 02:18:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia [2012/06/18 02:16:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Silvo\Local Settings\Application Data\Opera [2012/06/18 02:16:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Silvo\Application Data\Opera [2012/06/18 02:15:53 | 000,000,000 | ---D | C] -- C:\Program Files\Opera [2012/06/18 01:13:22 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Silvo\Start Menu\Programs\Administrative Tools [2012/06/17 15:45:24 | 000,023,456 | ---- | C] (Phoenix Technologies) -- C:\WINDOWS\System32\drivers\DrvAgent32.sys [2012/06/17 15:45:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Silvo\Local Settings\Application Data\eSupport.com [2012/06/17 14:44:55 | 000,000,000 | ---D | C] -- C:\Rbackup [2012/06/17 14:41:22 | 000,000,000 | ---D | C] -- C:\Program Files\Perfect Uninstaller [2012/06/15 03:36:04 | 000,340,624 | ---- | C] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\trufos.sys [2012/06/15 03:36:03 | 000,360,976 | ---- | C] (BitDefender) -- C:\WINDOWS\System32\drivers\bdfsfltr.sys [2012/06/15 03:04:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BDLogging [2012/06/15 03:03:38 | 000,016,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsgXP_2k3.dll [2012/06/15 03:03:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Bitdefender 2012 [2012/06/15 03:03:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Silvo\Application Data\Bitdefender [2012/06/15 03:00:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Silvo\Application Data\QuickScan [2012/06/15 02:20:02 | 000,476,936 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\npdeployJava1.dll [2012/06/15 02:20:02 | 000,157,448 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2012/06/15 02:20:02 | 000,149,256 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2012/06/15 02:20:02 | 000,149,256 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2012/06/15 02:20:02 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2012/06/15 02:19:48 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2012/06/13 16:17:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia [2012/05/23 12:45:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Silvo\Application Data\Mumble [2012/05/23 12:41:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mumble [2012/05/23 12:33:50 | 000,000,000 | ---D | C] -- C:\Program Files\Mumble [2011/11/21 14:27:38 | 086,405,736 | ---- | C] (K2 Network, Inc.) -- C:\Program Files\APB_Reloaded_Installer.exe [7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/06/21 09:06:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012/06/21 09:03:23 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Silvo\Desktop\MBR.dat [2012/06/21 08:23:57 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012/06/21 08:22:59 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2012/06/21 08:22:25 | 000,001,040 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cd08335e74765c.job [2012/06/21 08:22:25 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1060284298-362288127-839522115-1005.job [2012/06/21 08:22:25 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1060284298-362288127-839522115-1003.job [2012/06/21 08:22:25 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\RMAutoUpdate.job [2012/06/21 08:21:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/06/21 07:21:00 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012/06/21 05:52:30 | 000,000,339 | RHS- | M] () -- C:\boot.ini [2012/06/21 04:11:54 | 003,587,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012/06/21 04:11:48 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1060284298-362288127-839522115-1003.job [2012/06/21 04:11:48 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RMSchedule.job [2012/06/21 04:02:34 | 000,036,352 | ---- | M] () -- C:\WINDOWS\System32\drivers\disk.sys [2012/06/21 03:09:55 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2012/06/20 14:00:10 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk [2012/06/20 13:57:21 | 022,259,528 | ---- | M] () -- C:\Documents and Settings\Silvo\Desktop\vlc-2.0.1-win32.exe [2012/06/20 13:48:58 | 000,174,592 | ---- | M] () -- C:\Documents and Settings\Silvo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/06/19 01:47:00 | 000,014,080 | ---- | M] () -- C:\WINDOWS\System32\drivers\TrueSight.sys [2012/06/18 09:32:02 | 000,000,869 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PC Tools Registry Mechanic.lnk [2012/06/18 09:23:37 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk [2012/06/18 02:15:59 | 000,001,510 | ---- | M] () -- C:\Documents and Settings\Silvo\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk [2012/06/18 02:15:59 | 000,001,492 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk [2012/06/17 15:45:24 | 000,023,456 | ---- | M] (Phoenix Technologies) -- C:\WINDOWS\System32\drivers\DrvAgent32.sys [2012/06/17 14:41:36 | 000,000,042 | ---- | M] () -- C:\WINDOWS\System32\AK083E209605E394C.lie [2012/06/16 21:38:47 | 000,000,223 | ---- | M] () -- C:\Boot.bak [2012/06/15 03:36:04 | 000,340,624 | ---- | M] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\trufos.sys [2012/06/15 03:36:03 | 000,360,976 | ---- | M] (BitDefender) -- C:\WINDOWS\System32\drivers\bdfsfltr.sys [2012/06/15 03:03:43 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_avchv_01009.Wdf [2012/06/15 03:03:42 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf [2012/06/15 03:03:15 | 000,001,863 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Bitdefender Antivirus Plus 2012.lnk [2012/06/15 02:19:52 | 000,157,448 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2012/06/15 02:19:52 | 000,149,256 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2012/06/15 02:19:52 | 000,149,256 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2012/06/15 02:19:52 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2012/06/15 02:19:51 | 000,476,936 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\npdeployJava1.dll [2012/06/15 02:19:51 | 000,472,840 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll [2012/06/14 11:59:33 | 000,057,108 | ---- | M] () -- C:\Documents and Settings\Silvo\Desktop\Bambuk.jpg [2012/06/14 10:42:00 | 000,000,960 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2012/06/14 06:55:14 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2012/06/14 06:55:13 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2012/06/12 03:33:49 | 000,002,533 | ---- | M] () -- C:\Documents and Settings\Silvo\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk [2012/06/09 09:29:12 | 000,553,158 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012/06/09 09:29:12 | 000,107,556 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012/06/09 02:00:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-SILVO1-Nadja.job [2012/06/08 17:46:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2012/06/03 08:43:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1060284298-362288127-839522115-1005.job [2012/05/30 06:30:01 | 000,308,142 | ---- | M] () -- C:\Documents and Settings\Silvo\Desktop\123.bmp [2012/05/25 06:12:36 | 001,074,636 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin [2012/05/25 06:12:36 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin [2012/05/25 06:09:16 | 001,074,636 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin [2012/05/23 12:47:12 | 000,002,379 | ---- | M] () -- C:\Documents and Settings\Silvo\My Documents\MumbleAutomaticCertificateBackup.p12 [2012/05/23 12:44:59 | 000,000,656 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mumble.lnk [7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/06/21 09:03:23 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Silvo\Desktop\MBR.dat [2012/06/21 06:16:14 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2012/06/21 06:16:14 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2012/06/21 06:16:14 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2012/06/21 06:16:14 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2012/06/21 06:16:14 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2012/06/21 05:52:30 | 000,000,223 | ---- | C] () -- C:\Boot.bak [2012/06/21 05:52:28 | 000,260,272 | RHS- | C] () -- C:\cmldr [2012/06/20 14:00:10 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk [2012/06/20 13:57:11 | 022,259,528 | ---- | C] () -- C:\Documents and Settings\Silvo\Desktop\vlc-2.0.1-win32.exe [2012/06/19 01:47:00 | 000,014,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys [2012/06/18 09:32:24 | 000,000,272 | ---- | C] () -- C:\WINDOWS\tasks\RMAutoUpdate.job [2012/06/18 09:32:13 | 000,000,274 | ---- | C] () -- C:\WINDOWS\tasks\RMSchedule.job [2012/06/18 09:32:02 | 000,000,869 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PC Tools Registry Mechanic.lnk [2012/06/18 09:32:01 | 000,037,336 | ---- | C] () -- C:\WINDOWS\System32\CleanMFT32.exe [2012/06/18 02:15:59 | 000,001,510 | ---- | C] () -- C:\Documents and Settings\Silvo\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk [2012/06/18 02:15:59 | 000,001,498 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Opera.lnk [2012/06/18 02:15:59 | 000,001,492 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk [2012/06/17 14:41:36 | 000,000,042 | ---- | C] () -- C:\WINDOWS\System32\AK083E209605E394C.lie [2012/06/15 03:03:43 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_avchv_01009.Wdf [2012/06/15 03:03:42 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf [2012/06/15 03:03:15 | 000,001,863 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Bitdefender Antivirus Plus 2012.lnk [2012/06/14 11:59:22 | 000,057,108 | ---- | C] () -- C:\Documents and Settings\Silvo\Desktop\Bambuk.jpg [2012/05/30 06:30:01 | 000,308,142 | ---- | C] () -- C:\Documents and Settings\Silvo\Desktop\123.bmp [2012/05/23 12:47:12 | 000,002,379 | ---- | C] () -- C:\Documents and Settings\Silvo\My Documents\MumbleAutomaticCertificateBackup.p12 [2012/05/23 12:41:26 | 000,000,656 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mumble.lnk [2012/03/31 09:45:09 | 000,178,688 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2012/03/10 02:12:46 | 001,074,636 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin [2012/03/10 02:12:46 | 001,074,636 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin [2012/03/10 02:12:46 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin [2012/03/10 02:11:56 | 002,807,708 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data [2012/01/14 03:58:59 | 001,844,091 | ---- | C] () -- C:\Documents and Settings\Silvo\Application Data\1 [2012/01/12 14:03:18 | 000,180,539 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\1 [2011/12/28 09:38:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\Access.dat [2011/11/21 14:27:38 | 3830,088,838 | ---- | C] () -- C:\Program Files\Client1.5.3.569583.7z [2011/11/16 10:33:56 | 000,000,512 | ---- | C] () -- C:\WINDOWS\unlss.ini [2010/09/18 13:26:02 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\mf.dll [2010/09/14 11:21:09 | 000,109,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\KbdCap.sys [2010/07/09 12:04:40 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll [2010/06/25 11:56:43 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2012/03/13 14:44:21 | 000,001,024 | ---- | M] () -- C:\.rnd [2011/09/21 08:45:21 | 000,040,448 | ---- | M] () -- C:\Accountlist Yonichi + Takehito 14-09-2011.doc [2012/06/21 08:20:38 | 000,006,894 | ---- | M] () -- C:\bdlog.txt [2012/06/16 21:38:47 | 000,000,223 | ---- | M] () -- C:\Boot.bak [2012/06/21 05:52:30 | 000,000,339 | RHS- | M] () -- C:\boot.ini [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr [2012/06/21 08:31:03 | 000,030,648 | ---- | M] () -- C:\ComboFix.txt [2007/11/06 23:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt [2007/11/06 23:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt [2007/11/06 23:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt [2007/11/06 23:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt [2007/11/06 23:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt [2007/11/06 23:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt [2007/11/06 23:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt [2007/11/06 23:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt [2007/11/06 23:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt [2012/03/24 08:45:20 | 000,072,136 | ---- | M] (www.wiselogic.co.kr) -- C:\GEMC001.sys [2012/03/19 01:19:44 | 000,072,136 | ---- | M] (www.wiselogic.co.kr) -- C:\GEMC002.sys [2012/03/24 08:45:49 | 000,072,136 | ---- | M] (www.wiselogic.co.kr) -- C:\GEMC003.sys [2012/03/19 01:20:03 | 000,072,136 | ---- | M] (www.wiselogic.co.kr) -- C:\GEMC004.sys [2012/03/24 08:47:39 | 000,072,136 | ---- | M] (www.wiselogic.co.kr) -- C:\GEMC005.sys [2012/03/20 09:54:50 | 000,072,136 | ---- | M] (www.wiselogic.co.kr) -- C:\GEMC007.sys [2012/03/24 08:51:51 | 000,072,136 | ---- | M] (www.wiselogic.co.kr) -- C:\GEMC009.sys [2012/03/29 01:53:35 | 000,072,136 | ---- | M] (www.wiselogic.co.kr) -- C:\GEMC011.sys [2007/11/06 23:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini [2010/02/24 13:26:06 | 000,001,459 | ---- | M] () -- C:\hpfr5100.log [2010/07/06 01:44:34 | 000,497,640 | ---- | M] () -- C:\img083.jpg [2007/11/06 23:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini [2007/11/06 23:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll [2007/11/06 23:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll [2007/11/06 23:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll [2007/11/06 23:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll [2007/11/06 23:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll [2007/11/06 23:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll [2007/11/06 23:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll [2007/11/06 23:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll [2007/11/06 23:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll [2008/08/04 05:07:26 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2008/08/04 05:07:26 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2004/08/03 14:38:34 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2008/08/04 06:47:34 | 000,250,048 | RHS- | M] () -- C:\ntldr [2012/06/21 08:21:44 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys [2008/08/07 10:10:39 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm [2008/08/07 23:47:07 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm [2008/09/05 05:16:49 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm [2008/09/19 12:13:01 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm [2008/12/14 09:36:05 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm [2008/12/16 06:53:52 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm [2008/12/18 11:30:21 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm [2008/08/07 10:10:39 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm [2008/08/07 23:47:07 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm [2008/09/05 05:16:49 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm [2008/09/19 12:13:01 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm [2008/12/14 09:36:05 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm [2008/12/16 06:53:52 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm [2008/12/18 11:30:21 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm [2012/06/21 03:58:50 | 000,112,304 | ---- | M] () -- C:\TDSSKiller.2.7.41.0_21.06.2012_03.55.37_log.txt [2007/11/06 23:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp [2007/11/06 23:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab [2007/11/06 23:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI [2012/01/23 12:14:04 | 000,000,162 | -H-- | M] () -- C:\~$Codes.docx < %USERPROFILE%\*.* > [2010/10/24 02:41:28 | 000,000,034 | ---- | M] () -- C:\Documents and Settings\Silvo\logging.txt [2012/06/21 08:20:34 | 012,582,912 | ---- | M] () -- C:\Documents and Settings\Silvo\ntuser.dat [2012/06/21 09:06:33 | 000,001,024 | -H-- | M] () -- C:\Documents and Settings\Silvo\ntuser.dat.LOG [2012/06/21 08:20:35 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Silvo\ntuser.ini [2010/07/21 01:32:17 | 000,000,001 | ---- | M] () -- C:\Documents and Settings\Silvo\SI.bin < %USERPROFILE%\Application Data\*.* > [2009/10/02 08:46:43 | 000,002,528 | ---- | M] () -- C:\Documents and Settings\Silvo\Application Data\$_hpcst$.hpc [2012/03/07 07:33:05 | 001,844,091 | ---- | M] () -- C:\Documents and Settings\Silvo\Application Data\1 [2010/08/04 07:27:56 | 000,000,131 | ---- | M] () -- C:\Documents and Settings\Silvo\Application Data\default.rss [2008/08/04 06:55:17 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Silvo\Application Data\desktop.ini [2012/03/07 15:30:50 | 000,138,904 | ---- | M] () -- C:\Documents and Settings\Silvo\Application Data\PnkBstrK.sys [2010/03/15 05:26:41 | 000,000,180 | ---- | M] () -- C:\Documents and Settings\Silvo\Application Data\setup.log [2010/03/15 05:26:11 | 000,000,760 | ---- | M] () -- C:\Documents and Settings\Silvo\Application Data\setup_ldm.iss < %USERPROFILE%\Local Settings\Application Data\*.* > [2012/03/07 14:51:16 | 000,004,016 | ---- | M] () -- C:\Documents and Settings\Silvo\Local Settings\Application Data\6B607932-2F07-F673-54B8-E601F1D551B2.txt [2012/06/20 13:48:58 | 000,174,592 | ---- | M] () -- C:\Documents and Settings\Silvo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/08/20 10:26:47 | 000,000,128 | ---- | M] () -- C:\Documents and Settings\Silvo\Local Settings\Application Data\fusioncache.dat [2012/06/21 04:13:37 | 000,074,680 | ---- | M] () -- C:\Documents and Settings\Silvo\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2012/06/18 01:24:43 | 005,654,906 | -H-- | M] () -- C:\Documents and Settings\Silvo\Local Settings\Application Data\IconCache.db [2011/12/17 12:05:02 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Silvo\Local Settings\Application Data\prvlcl.dat < %AllUsersProfile%\*.* > < %AllUsersProfile%\Application Data\*.* > [2008/08/04 06:55:17 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini < %USERPROFILE%\My Documents\*.* > [2008/09/21 12:34:51 | 000,203,344 | ---- | M] () -- C:\Documents and Settings\Silvo\My Documents\0921213451Analog TV3.jpg [2010/05/28 10:59:48 | 000,001,219 | ---- | M] () -- C:\Documents and Settings\Silvo\My Documents\aionmemo_1d 3248d.dat [2009/11/20 01:38:24 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\Silvo\My Documents\aionmemo_394ada30.dat [2012/04/12 11:06:04 | 000,000,342 | ---- | M] () -- C:\Documents and Settings\Silvo\My Documents\aionmemo_c1b89fb0.dat [2010/05/03 13:27:03 | 000,000,055 | ---- | M] () -- C:\Documents and Settings\Silvo\My Documents\aionmemo_d9d4b6e9.dat [2009/11/08 10:42:35 | 000,000,007 | ---- | M] () -- C:\Documents and Settings\Silvo\My Documents\blabla.bat [2011/08/22 08:16:41 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\Silvo\My Documents\Default.rdp [2009/12/02 05:20:16 | 000,000,076 | -HS- | M] () -- C:\Documents and Settings\Silvo\My Documents\desktop.ini [2011/10/31 15:17:33 | 000,000,066 | ---- | M] () -- C:\Documents and Settings\Silvo\My Documents\GFWLIVESetupLog.txt [2011/10/31 15:17:32 | 000,004,586 | ---- | M] () -- C:\Documents and Settings\Silvo\My Documents\GFWLIVESetupLogVerbose.txt [2011/01/27 12:40:56 | 000,460,506 | ---- | M] () -- C:\Documents and Settings\Silvo\My Documents\Image.jpg [2010/11/11 14:03:05 | 000,005,887 | ---- | M] () -- C:\Documents and Settings\Silvo\My Documents\misc338.gif [2009/01/08 06:01:25 | 000,000,899 | ---- | M] () -- C:\Documents and Settings\Silvo\My Documents\Moje mape za izmenjevanje.lnk [2012/03/08 11:27:55 | 000,000,007 | ---- | M] () -- C:\Documents and Settings\Silvo\My Documents\mt-e_hook.txt [2012/03/08 11:27:55 | 000,000,041 | ---- | M] () -- C:\Documents and Settings\Silvo\My Documents\mt-x_hook.txt [2012/05/23 12:47:12 | 000,002,379 | ---- | M] () -- C:\Documents and Settings\Silvo\My Documents\MumbleAutomaticCertificateBackup.p12 [2009/07/06 14:24:45 | 000,001,175 | ---- | M] () -- C:\Documents and Settings\Silvo\My Documents\nejc_50@hotmail.com Arhiv map v skupni rabi.lnk [2008/10/17 07:54:57 | 000,006,144 | -H-- | M] () -- C:\Documents and Settings\Silvo\My Documents\photothumb.db [2010/04/26 09:16:19 | 842,328,696 | ---- | M] () -- C:\Documents and Settings\Silvo\My Documents\Sword_of_the_New_World_20091029.bin [2010/04/26 09:07:57 | 018,169,360 | ---- | M] () -- C:\Documents and Settings\Silvo\My Documents\Sword_of_the_New_World_20091029.exe [2010/04/04 11:35:32 | 1748,348,690 | ---- | M] () -- C:\Documents and Settings\Silvo\My Documents\Sword_of_the_New_World_20100331.bin [2010/04/04 11:35:32 | 1679,764,859 | ---- | M] () -- C:\Documents and Settings\Silvo\My Documents\Sword_of_the_New_World_20100331.bin2 [2010/04/04 11:35:28 | 1674,701,606 | ---- | M] () -- C:\Documents and Settings\Silvo\My Documents\Sword_of_the_New_World_20100331.bin3 [2010/04/04 11:32:34 | 021,656,176 | ---- | M] () -- C:\Documents and Settings\Silvo\My Documents\Sword_of_the_New_World_20100331.exe [2011/02/11 10:15:56 | 000,015,360 | -HS- | M] () -- C:\Documents and Settings\Silvo\My Documents\Thumbs.db [2011/02/16 04:14:38 | 000,209,067 | ---- | M] () -- C:\Documents and Settings\Silvo\My Documents\ts3_clientui-win32-12815-2011-02-16 12_14_33.015625.dmp [2011/04/23 13:33:43 | 000,218,339 | ---- | M] () -- C:\Documents and Settings\Silvo\My Documents\ts3_clientui-win32-12815-2011-04-23 22_33_41.755625.dmp [2009/10/27 23:10:03 | 000,009,509 | ---- | M] () -- C:\Documents and Settings\Silvo\My Documents\Uninstall Mass Effect.log [2010/01/07 08:10:38 | 000,014,825 | ---- | M] () -- C:\Documents and Settings\Silvo\My Documents\Vloga.docx [2011/05/12 03:36:38 | 109,212,672 | ---- | M] (VMware, Inc.) -- C:\Documents and Settings\Silvo\My Documents\VMware-player-3.1.4-385536.exe [2008/09/21 09:31:57 | 000,010,948 | ---- | M] () -- C:\Documents and Settings\Silvo\My Documents\Zapisnik razredne ure 19.9.2008.docx [2008/08/11 05:48:53 | 000,015,803 | ---- | M] () -- C:\Documents and Settings\Silvo\My Documents\zgodla.docx < End of report >
  10. Abbey
    aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-06-21 08:57:14 ----------------------------- 08:57:14.875 OS Version: Windows 5.1.2600 Service Pack 3 08:57:14.875 Number of processors: 2 586 0x1706 08:57:14.875 ComputerName: SILVO1 UserName: Silvo 08:57:22.546 Initialize success 09:01:45.890 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-7 09:01:45.890 Disk 0 Vendor: SAMSUNG_HD502IJ 1AA01109 Size: 476940MB BusType: 3 09:01:45.890 Disk 0 MBR read successfully 09:01:45.890 Disk 0 MBR scan 09:01:45.890 Disk 0 Windows XP default MBR code 09:01:45.890 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476929 MB offset 63 09:01:45.890 Disk 0 scanning sectors +976752000 09:01:45.968 Disk 0 scanning C:\WINDOWS\system32\drivers 09:01:53.515 Service scanning 09:02:07.281 Modules scanning 09:02:12.078 Disk 0 trace - called modules: 09:02:12.109 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS 09:02:12.109 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b03dab8] 09:02:12.109 3 CLASSPNP.SYS[f74c7fd7] -> nt!IofCallDriver -> \Device\00000092[0x8b06e258] 09:02:12.109 5 ACPI.sys[f735e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-7[0x8b045d98] 09:02:12.109 Scan finished successfully 09:03:23.250 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Silvo\Desktop\MBR.dat" 09:03:23.250 The log file has been saved successfully to "C:\Documents and Settings\Silvo\Desktop\aswMBR.txt"
  11. Abbey
    It says It's recommended to download Avast. Should I?
  12. Abbey
    ComboFix 12-06-21.01 - Silvo 21/06/2012 8:16.5.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1250.386.1033.18.3327.2657 [GMT -7:00] Running from: c:\documents and settings\Silvo\My Documents\Downloads\ComboFix.exe Command switches used :: c:\documents and settings\Silvo\My Documents\Downloads\CFScript.txt AV: Bitdefender Antivirus *Disabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB} . . ((((((((((((((((((((((((( Files Created from 2012-05-21 to 2012-06-21 ))))))))))))))))))))))))))))))) . . 2012-06-21 10:57 . 2012-06-21 10:57 -------- d-----w- C:\TDSSKiller_Quarantine 2012-06-20 21:00 . 2012-06-20 23:05 -------- d-----w- c:\documents and settings\Silvo\Application Data\vlc 2012-06-20 16:45 . 2005-05-04 01:43 69632 ----a-w- c:\windows\Alcmtr.exe 2012-06-19 08:47 . 2012-06-19 08:47 14080 ----a-w- c:\windows\system32\drivers\TrueSight.sys 2012-06-18 16:32 . 2012-04-26 21:08 37336 ----a-w- c:\windows\system32\CleanMFT32.exe 2012-06-18 16:32 . 2008-09-18 04:17 658432 ----a-w- c:\windows\system32\MSCOMCT2.OCX 2012-06-18 16:32 . 2008-04-02 22:54 1101824 ----a-w- c:\windows\system32\UniBox210.ocx 2012-06-18 16:32 . 2008-04-02 22:53 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx 2012-06-18 16:32 . 2008-04-02 22:53 880640 ----a-w- c:\windows\system32\UniBox10.ocx 2012-06-18 16:31 . 2012-06-18 16:33 -------- d-----w- c:\program files\PC Tools Registry Mechanic 2012-06-18 16:31 . 2012-06-18 16:32 -------- d-----w- c:\program files\Common Files\PC Tools 2012-06-18 09:16 . 2012-06-18 09:16 -------- d-----w- c:\documents and settings\Silvo\Local Settings\Application Data\Opera 2012-06-18 09:15 . 2012-06-18 09:16 -------- d-----w- c:\program files\Opera 2012-06-17 22:45 . 2012-06-17 22:45 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys 2012-06-17 22:45 . 2012-06-17 22:45 -------- d-----w- c:\documents and settings\Silvo\Local Settings\Application Data\eSupport.com 2012-06-17 21:44 . 2012-06-17 21:44 -------- d-----w- C:\Rbackup 2012-06-17 21:41 . 2012-06-18 09:52 -------- d-----w- c:\program files\Perfect Uninstaller 2012-06-16 22:44 . 2012-06-16 22:44 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\QuickScan 2012-06-16 21:19 . 2012-06-16 21:19 -------- d-----w- c:\documents and settings\Maja\Application Data\Bitdefender 2012-06-15 10:36 . 2012-06-15 10:36 340624 ----a-w- c:\windows\system32\drivers\trufos.sys 2012-06-15 10:36 . 2012-06-15 10:36 360976 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys 2012-06-15 10:04 . 2012-06-15 10:04 -------- d-----w- c:\documents and settings\All Users\Application Data\BDLogging 2012-06-15 10:03 . 2008-11-08 01:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll 2012-06-15 10:03 . 2012-06-15 10:03 -------- d-----w- c:\documents and settings\Silvo\Application Data\Bitdefender 2012-06-15 10:00 . 2012-06-15 10:00 -------- d-----w- c:\documents and settings\Silvo\Application Data\QuickScan 2012-06-15 09:20 . 2012-06-15 09:19 73728 ----a-w- c:\windows\system32\javacpl.cpl 2012-06-15 09:20 . 2012-06-15 09:19 476936 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-06-15 09:19 . 2012-06-15 09:19 -------- d-----w- c:\program files\Java 2012-05-23 19:45 . 2012-06-16 22:40 -------- d-----w- c:\documents and settings\Silvo\Application Data\Mumble 2012-05-23 19:33 . 2012-05-23 19:44 -------- d-----w- c:\program files\Mumble . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-21 11:02 . 2004-08-03 21:59 36352 ----a-w- c:\windows\system32\drivers\disk.sys 2012-06-15 09:19 . 2011-11-10 13:40 472840 ----a-w- c:\windows\system32\deployJava1.dll 2012-06-14 13:55 . 2012-04-19 13:28 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-14 13:55 . 2011-05-22 20:57 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-05-15 10:18 . 2012-03-10 09:11 883008 ----a-w- c:\windows\system32\nvgenco32.dll 2012-05-15 10:18 . 2012-03-10 09:11 65536 ----a-w- c:\windows\system32\OpenCL.dll 2012-05-15 10:18 . 2012-03-10 09:11 1000768 ----a-w- c:\windows\system32\nvdispco32.dll 2012-05-15 10:18 . 2012-03-10 09:11 17543168 ----a-w- c:\windows\system32\nvcompiler.dll 2012-05-15 10:18 . 2009-08-11 09:20 2530624 ----a-w- c:\windows\system32\nvcuvid.dll 2012-05-15 10:18 . 2009-08-11 09:20 2445120 ----a-w- c:\windows\system32\nvcuvenc.dll 2012-05-15 10:18 . 2008-08-04 12:27 18771968 ----a-w- c:\windows\system32\nvoglnt.dll 2012-05-15 10:18 . 2008-08-04 12:27 6012928 ----a-w- c:\windows\system32\nvcuda.dll 2012-05-15 10:18 . 2008-08-04 12:27 2359808 ----a-w- c:\windows\system32\nvapi.dll 2012-05-15 10:18 . 2008-08-04 12:27 14014656 ----a-w- c:\windows\system32\drivers\nv4_mini.sys 2012-05-15 10:18 . 2008-08-04 12:27 4373248 ----a-w- c:\windows\system32\nv4_disp.dll 2012-05-15 09:43 . 2008-08-04 12:27 229376 ----a-w- c:\windows\system32\nvrszhc.dll 2012-05-15 09:43 . 2008-08-04 12:27 282624 ----a-w- c:\windows\system32\nvrsit.dll 2012-05-15 09:43 . 2008-08-04 12:27 253952 ----a-w- c:\windows\system32\nvrsth.dll 2012-05-15 09:43 . 2008-08-04 12:27 253952 ----a-w- c:\windows\system32\nvrssv.dll 2012-05-15 09:43 . 2008-08-04 12:27 126976 ----a-w- c:\windows\system32\nvrszht.dll 2012-05-15 09:43 . 2008-08-04 12:27 274432 ----a-w- c:\windows\system32\nvrsnl.dll 2012-05-15 09:43 . 2008-08-04 12:27 266240 ----a-w- c:\windows\system32\nvrsko.dll 2012-05-15 09:43 . 2008-08-04 12:27 335872 ----a-w- c:\windows\system32\nvrsar.dll 2012-05-15 09:43 . 2008-08-04 12:27 282624 ----a-w- c:\windows\system32\nvrsel.dll 2012-05-15 09:43 . 2008-08-04 12:27 274432 ----a-w- c:\windows\system32\nvrsesm.dll 2012-05-15 09:43 . 2008-08-04 12:27 249856 ----a-w- c:\windows\system32\nvrseng.dll 2012-05-15 09:43 . 2008-08-04 12:27 335872 ----a-w- c:\windows\system32\nvrshe.dll 2012-05-15 09:43 . 2008-08-04 12:27 286720 ----a-w- c:\windows\system32\nvrsfr.dll 2012-05-15 09:43 . 2008-08-04 12:27 274432 ----a-w- c:\windows\system32\nvrspt.dll 2012-05-15 09:43 . 2008-08-04 12:27 258048 ----a-w- c:\windows\system32\nvrssl.dll 2012-05-15 09:43 . 2008-08-04 12:27 253952 ----a-w- c:\windows\system32\nvrsno.dll 2012-05-15 09:43 . 2008-08-04 12:27 249856 ----a-w- c:\windows\system32\nvrsfi.dll 2012-05-15 09:43 . 2008-08-04 12:27 282624 ----a-w- c:\windows\system32\nvrses.dll 2012-05-15 09:43 . 2008-08-04 12:27 270336 ----a-w- c:\windows\system32\nvrsru.dll 2012-05-15 09:43 . 2008-08-04 12:27 258048 ----a-w- c:\windows\system32\nvrssk.dll 2012-05-15 09:43 . 2008-08-04 12:27 262144 ----a-w- c:\windows\system32\nvrshu.dll 2012-05-15 09:43 . 2008-08-04 12:27 258048 ----a-w- c:\windows\system32\nvrstr.dll 2012-05-15 09:43 . 2008-08-04 12:27 253952 ----a-w- c:\windows\system32\nvrsda.dll 2012-05-15 09:43 . 2008-08-04 12:27 274432 ----a-w- c:\windows\system32\nvrsja.dll 2012-05-15 09:43 . 2008-08-04 12:27 258048 ----a-w- c:\windows\system32\nvrspl.dll 2012-05-15 09:43 . 2008-08-04 12:27 270336 ----a-w- c:\windows\system32\nvrsptb.dll 2012-05-15 09:43 . 2008-08-04 12:27 278528 ----a-w- c:\windows\system32\nvrsde.dll 2012-05-15 09:43 . 2008-08-04 12:27 249856 ----a-w- c:\windows\system32\nvrscs.dll 2012-05-15 09:40 . 2009-07-14 11:35 54272 ----a-w- c:\windows\system32\nvwddi.dll 2012-05-15 09:40 . 2009-07-14 11:34 15504192 ----a-w- c:\windows\system32\nvcpl.dll 2012-05-15 09:40 . 2009-07-14 11:34 143680 ----a-w- c:\windows\system32\nvcolor.exe 2012-05-15 09:40 . 2009-07-14 11:34 164160 ----a-w- c:\windows\system32\nvsvc32.exe 2012-05-15 09:40 . 2009-07-14 11:34 108352 ----a-w- c:\windows\system32\nvmctray.dll 2012-04-04 13:56 . 2011-07-08 20:25 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-29 08:53 . 2012-03-29 08:53 72136 ----a-w- C:\GEMC011.sys 2012-03-24 15:51 . 2012-03-18 21:44 72136 ----a-w- C:\GEMC009.sys 2012-03-24 15:47 . 2012-03-18 16:37 72136 ----a-w- C:\GEMC005.sys 2012-03-24 15:45 . 2012-03-18 16:32 72136 ----a-w- C:\GEMC003.sys 2012-03-24 15:45 . 2012-03-18 16:32 72136 ----a-w- C:\GEMC001.sys 2011-11-21 22:19 . 2011-11-21 21:27 86405736 ----a-w- c:\program files\APB_Reloaded_Installer.exe 2012-02-19 12:56 . 2011-05-05 22:11 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2008-08-13 17:02 . 2008-08-13 17:02 35840 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-06-21_13.32.02 ))))))))))))))))))))))))))))))))))))))))) . + 2012-06-21 15:22 . 2012-06-21 15:22 16384 c:\windows\Temp\Perflib_Perfdata_3d0.dat + 2008-08-04 12:12 . 2012-06-21 15:21 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat - 2008-08-04 12:12 . 2012-06-21 13:30 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2008-08-04 12:12 . 2012-06-21 15:21 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2008-08-04 12:12 . 2012-06-21 13:30 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2008-08-04 12:12 . 2012-06-21 15:21 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat - 2008-08-04 12:12 . 2012-06-21 13:30 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 528384] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824] "SkyTel"="SkyTel.EXE" [2006-05-17 2879488] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-04-15 296056] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-05-15 15504192] "NvMediaCenter"="NvMCTray.dll" [2012-05-15 108352] "nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-05-15 1634112] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "BDAgent"="c:\program files\Bitdefender\Bitdefender 2012\bdagent.exe" [2012-03-22 1183616] "RTHDCPL"="RTHDCPL.EXE" [2007-03-08 16125952] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "ShowDeskFix"="shell32" [X] "RunNarrator"="Narrator.exe" [2008-04-14 53760] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run] "AFEC-CEAB"="c:\documents and settings\Silvo\Application Data\Seven.exe" [bU] . c:\documents and settings\Maja\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\documents and settings\Silvo_2\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\documents and settings\Silvo\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ AVerQuick.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2008-8-4 618496] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-2-25 813584] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk backup=c:\windows\pss\GamersFirst LIVE!.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk backup=c:\windows\pss\McAfee Security Scan.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^Silvo^Start Menu^Programs^Startup^MagicDisc.lnk] path=c:\documents and settings\Silvo\Start Menu\Programs\Startup\MagicDisc.lnk backup=c:\windows\pss\MagicDisc.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^Silvo^Start Menu^Programs^Startup^Xfire.lnk] path=c:\documents and settings\Silvo\Start Menu\Programs\Startup\Xfire.lnk backup=c:\windows\pss\Xfire.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe] 2007-06-29 13:03 36864 ----a-w- c:\program files\GameSpy\Comrade\Comrade.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2008-07-24 15:02 490952 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware] 2012-04-04 13:56 462408 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2010-04-16 21:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2009-01-29 13:01 23975720 ----a-r- c:\program files\Skype\Phone\Skype.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] 2012-06-14 13:42 3905920 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "scan"=3 (0x3) "LIVESRV"=2 (0x2) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\Games-Masters.com\\CABAL Online (Europe)\\launcher\\update\\ESTdnheadless.exe"= "c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"= "c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"= "c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"= "c:\\Program Files\\Steam\\Steam.exe"= "c:\\Program Files\\Microsoft Games\\Halo 2\\halo2.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\ICQ7.2\\ICQ.exe"= "c:\\Program Files\\ICQ7.2\\aolload.exe"= "c:\\Program Files\\Xfire\\Xfire.exe"= "c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"= "c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"= "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\apb reloaded\\Launcher\\APBLauncher.exe"= "c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\apb reloaded\\Binaries\\APB.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\apb reloaded\\Binaries\\VivoxVoiceService.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"= "c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"= "c:\\Program Files\\tera fake\\TERA-Launcher.exe"= "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"= "c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"= "c:\\Program Files\\Opera\\pluginwrapper\\opera_plugin_wrapper.exe"= "c:\\Program Files\\Opera\\opera.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "57769:TCP"= 57769:TCP:Pando Media Booster "57769:UDP"= 57769:UDP:Pando Media Booster "57495:TCP"= 57495:TCP:Pando Media Booster "57495:UDP"= 57495:UDP:Pando Media Booster "56799:TCP"= 56799:TCP:Pando Media Booster "56799:UDP"= 56799:UDP:Pando Media Booster "21688:TCP"= 21688:TCP:@xpsp2res.dll,-22009 "56191:TCP"= 56191:TCP:Pando Media Booster "56191:UDP"= 56191:UDP:Pando Media Booster "57819:TCP"= 57819:TCP:Pando Media Booster "57819:UDP"= 57819:UDP:Pando Media Booster . R0 avc3;avc3;c:\windows\system32\drivers\avc3.sys [20/03/2012 20:22 611520] R1 BDVEDISK;BDVEDISK;c:\windows\system32\drivers\bdvedisk.sys [19/01/2010 19:32 85128] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 09:27 12880] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 14:55 67664] R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [11/08/2011 16:38 116608] R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [18/03/2012 05:49 21992] R2 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [24/11/2010 07:07 20088] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [08/07/2011 13:25 654408] R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [10/03/2012 02:27 1262400] R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [18/06/2012 09:32 793048] R2 UPDATESRV;BitDefender Desktop Update Service;c:\program files\BitDefender\Bitdefender 2012\updatesrv.exe [13/03/2012 18:24 53224] R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [04/08/2008 05:21 37376] R3 avchv;avchv Function Driver;c:\windows\system32\drivers\avchv.sys [25/11/2011 14:59 240184] R3 AVerBDA3x;AVerMedia SAA713x BDA Service;c:\windows\system32\drivers\AVerBDA3x.sys [04/08/2008 05:38 1180672] R3 kbdcap;kbdcap;c:\windows\system32\drivers\KbdCap.sys [14/09/2010 11:21 109440] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [08/07/2011 13:25 22344] S0 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?] S2 CardBusService;CardBusService;c:\program files\Common Files\AVerMedia\Service\CardBusService.exe [04/08/2008 07:18 188416] S2 gupdate1ca19f0d79b2096;Storitev Google Update Service (gupdate1ca19f0d79b2096);c:\program files\Google\Update\GoogleUpdate.exe [10/08/2009 12:29 133104] S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [19/07/2009 09:01 247096] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [19/04/2012 06:28 257224] S3 avckf;avckf;c:\windows\system32\drivers\avckf.sys [17/02/2012 16:45 447208] S3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys --> c:\windows\system32\drivers\bdfm.sys [?] S3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\bdfndisf.sys --> c:\windows\system32\DRIVERS\bdfndisf.sys [?] S3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys [17/11/2011 17:38 63056] S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18/12/2009 03:58 11336] S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [17/06/2012 15:45 23456] S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [02/10/2009 08:46 36608] S3 GEMC001;GEMC001;C:\GEMC001.sys [18/03/2012 09:32 72136] S3 GEMC002;GEMC002;C:\GEMC002.sys [19/03/2012 01:19 72136] S3 GEMC003;GEMC003;C:\GEMC003.sys [18/03/2012 09:32 72136] S3 GEMC004;GEMC004;C:\GEMC004.sys [19/03/2012 01:20 72136] S3 GEMC005;GEMC005;C:\GEMC005.sys [18/03/2012 09:37 72136] S3 GEMC007;GEMC007;C:\GEMC007.sys [18/03/2012 11:24 72136] S3 GEMC009;GEMC009;C:\GEMC009.sys [18/03/2012 14:44 72136] S3 GEMC011;GEMC011;C:\GEMC011.sys [29/03/2012 01:53 72136] S3 gupdatem;Storitev Posodobitve za Google (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/08/2009 12:29 133104] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [29/07/2011 13:07 27064] S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\DRIVERS\wg111v2.sys --> c:\windows\system32\DRIVERS\wg111v2.sys [?] S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\drivers\s816bus.sys [07/08/2008 06:27 81832] S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\drivers\s816mdfl.sys [07/08/2008 06:27 13864] S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\drivers\s816mdm.sys [07/08/2008 06:27 107304] S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s816mgmt.sys [07/08/2008 06:27 99112] S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\drivers\s816nd5.sys [07/08/2008 06:28 21928] S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\drivers\s816obex.sys [07/08/2008 06:27 97320] S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\drivers\s816unic.sys [07/08/2008 06:27 97704] S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 04:37 517096] S3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\BitDefender\Bitdefender Arrakis Server\bin\arrakis3.exe [14/10/2011 23:57 307544] S3 vtany;vtany;\??\c:\windows\vtany.sys --> c:\windows\vtany.sys [?] S3 XDva190;XDva190;\??\c:\windows\system32\XDva190.sys --> c:\windows\system32\XDva190.sys [?] S3 XDva275;XDva275;\??\c:\windows\system32\XDva275.sys --> c:\windows\system32\XDva275.sys [?] S3 XDva279;XDva279;\??\c:\windows\system32\XDva279.sys --> c:\windows\system32\XDva279.sys [?] S3 XDva288;XDva288;\??\c:\windows\system32\XDva288.sys --> c:\windows\system32\XDva288.sys [?] S3 XDva351;XDva351;\??\c:\windows\system32\XDva351.sys --> c:\windows\system32\XDva351.sys [?] S3 XDva380;XDva380;\??\c:\windows\system32\XDva380.sys --> c:\windows\system32\XDva380.sys [?] S3 XDva385;XDva385;\??\c:\windows\system32\XDva385.sys --> c:\windows\system32\XDva385.sys [?] S3 XDva387;XDva387;\??\c:\windows\system32\XDva387.sys --> c:\windows\system32\XDva387.sys [?] S3 XDva389;XDva389;\??\c:\windows\system32\XDva389.sys --> c:\windows\system32\XDva389.sys [?] S3 XDva391;XDva391;\??\c:\windows\system32\XDva391.sys --> c:\windows\system32\XDva391.sys [?] S3 XDva392;XDva392;\??\c:\windows\system32\XDva392.sys --> c:\windows\system32\XDva392.sys [?] S3 XDva393;XDva393;\??\c:\windows\system32\XDva393.sys --> c:\windows\system32\XDva393.sys [?] S3 XDva394;XDva394;\??\c:\windows\system32\XDva394.sys --> c:\windows\system32\XDva394.sys [?] S3 xhunter1;xhunter1;\??\c:\windows\xhunter1.sys --> c:\windows\xhunter1.sys [?] S4 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [02/10/2009 08:46 233472] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bdx REG_MULTI_SZ scan . Contents of the 'Scheduled Tasks' folder . 2012-06-21 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 13:55] . 2012-06-09 c:\windows\Tasks\AdobeAAMUpdater-1.0-SILVO1-Nadja.job - c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-08-27 01:44] . 2012-06-09 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] . 2012-06-14 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-22 11:56] . 2012-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd08335e74765c.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-10 19:29] . 2012-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-10 19:29] . 2012-06-21 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1060284298-362288127-839522115-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 15:45] . 2012-06-21 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1060284298-362288127-839522115-1005.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 15:45] . 2012-06-21 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1060284298-362288127-839522115-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 15:45] . 2012-06-03 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1060284298-362288127-839522115-1005.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 15:45] . 2012-06-21 c:\windows\Tasks\RMAutoUpdate.job - c:\program files\PC Tools Registry Mechanic\SULauncher.exe [2012-06-18 21:08] . 2012-06-21 c:\windows\Tasks\RMSchedule.job - c:\program files\PC Tools Registry Mechanic\RegMech.exe [2012-06-18 21:08] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ mStart Page = about:blank IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: Interfaces\{BC30E4D0-6780-42EB-9733-F8D55434BB60}: NameServer = 193.189.160.13,193.189.160.23 DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://disteng.nefficient.com/disteng/neffy/NeffyLauncher.cab FF - ProfilePath - c:\documents and settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-06-21 08:24 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1060284298-362288127-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "??"=hex:8c,33,68,01,b0,79,c2,6e,8d,dc,26,ec,bc,fc,38,92,35,0c,fd,60,4a,41,50, 25,12,86,a3,7a,91,f7,42,11,72,ce,ce,7f,c7,a7,c1,ed,98,dc,c7,bc,52,4b,d4,c4,\ "??"=hex:8c,2e,ba,30,30,f7,7b,cf,e6,5b,fc,8c,37,11,23,7d . [HKEY_USERS\S-1-5-21-1060284298-362288127-839522115-1003\Software\SecuROM\License information*] "datasecu"=hex:c4,43,8b,be,c7,fb,7c,e8,d1,c0,c4,1d,7b,4a,fb,8d,e0,b8,8f,23,f5, 34,38,31,7a,41,71,bd,57,6c,84,13,02,db,70,67,05,d1,fd,38,83,6d,9d,d4,39,4e,\ "rkeysecu"=hex:8b,72,cf,6f,94,82,52,08,a8,f0,54,62,b4,bb,5f,33 . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(2680) c:\windows\system32\WININET.dll c:\program files\Logitech\SetPoint\lgscroll.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll c:\windows\system32\msi.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Bitdefender\Bitdefender 2012\vsserv.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe c:\windows\system32\npkcmsvc.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\PnkBstrA.exe c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\windows\system32\RunDLL32.exe c:\windows\RTHDCPL.EXE c:\program files\Common Files\Teleca Shared\Generic.exe c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE . ************************************************************************** . Completion time: 2012-06-21 08:31:03 - machine was rebooted ComboFix-quarantined-files.txt 2012-06-21 15:30 ComboFix2.txt 2012-06-21 14:57 ComboFix3.txt 2012-06-21 14:40 ComboFix4.txt 2012-06-21 13:42 . Pre-Run: 115,620,388,864 bytes free Post-Run: 115,601,391,616 prosto bajtov . - - End Of File - - 685CCFC30CF4EA22AA414C870FE2CD89
  13. Abbey
    . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_33 Run by Silvo at 8:06:19 on 2012-06-21 Microsoft Windows XP Professional 5.1.2600.3.1250.386.1033.18.3327.2498 [GMT -7:00] . AV: Bitdefender Antivirus *Disabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB} . ============== Running Processes =============== . C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\SUPERAntiSpyware\SASCORE.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\WINDOWS\system32\npkcmsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe C:\WINDOWS\system32\PnkBstrA.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\program files\real\realplayer\update\realsched.exe C:\WINDOWS\system32\RunDLL32.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Bitdefender\Bitdefender 2012\downloader.exe C:\Program Files\DAEMON Tools Pro\DTProShellHlp.exe C:\Program Files\Google\Chrome\Application\chrome.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ mStart Page = about:blank uURLSearchHooks: H - No File uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - mURLSearchHooks: H - No File mURLSearchHooks: H - No File mURLSearchHooks: H - No File mURLSearchHooks: H - No File mURLSearchHooks: H - No File BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Windows Live - Pomoc pri vpisu: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll TB: {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - No File TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File uRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\nTuneCmd.exe" clear mRun: [sony Ericsson PC Suite] "c:\program files\sony ericsson\mobile2\application launcher\Application Launcher.exe" /startoptions mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe" mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE mRun: [skyTel] SkyTel.EXE mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [bDAgent] "c:\program files\bitdefender\bitdefender 2012\bdagent.exe" mRun: [RTHDCPL] RTHDCPL.EXE dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t dRunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 dRunOnce: [RunNarrator] Narrator.exe mExplorerRun: [AFEC-CEAB] c:\documents and settings\silvo\application data\Seven.exe StartupFolder: c:\docume~1\silvo\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\averqu~1.lnk - c:\program files\common files\avermedia\averquick\AVerQuick.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - c:\program files\icq7.2\ICQ.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.srtest.com/srl_bin/sysreqlab3.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1217854800937 DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} - hxxp://www.acclaim.com/cabs/acclaim_v4.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1217854781968 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://disteng.nefficient.com/disteng/neffy/NeffyLauncher.cab DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} - hxxp://update.nprotect.net/keycrypt/cabal/npkcx_inca.cab DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab TCP: Interfaces\{BC30E4D0-6780-42EB-9733-F8D55434BB60} : NameServer = 193.189.160.13,193.189.160.23 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\silvo\application data\mozilla\firefox\profiles\keudrcdb.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ . ============= SERVICES / DRIVERS =============== . R0 avc3;avc3;c:\windows\system32\drivers\avc3.sys [2012-3-20 611520] R1 BDVEDISK;BDVEDISK;c:\windows\system32\drivers\bdvedisk.sys [2010-1-19 85128] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664] R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608] R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2012-3-18 21992] R2 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\hwinfo32\HWiNFO32.SYS [2010-11-24 20088] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-7-8 654408] R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-3-10 1262400] R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2012-6-18 793048] R2 UPDATESRV;BitDefender Desktop Update Service;c:\program files\bitdefender\bitdefender 2012\updatesrv.exe [2012-3-13 53224] R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [2008-8-4 37376] R3 avchv;avchv Function Driver;c:\windows\system32\drivers\avchv.sys [2011-11-25 240184] R3 AVerBDA3x;AVerMedia SAA713x BDA Service;c:\windows\system32\drivers\AVerBDA3x.sys [2008-8-4 1180672] R3 kbdcap;kbdcap;c:\windows\system32\drivers\KbdCap.sys [2010-9-14 109440] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-7-8 22344] S2 CardBusService;CardBusService;c:\program files\common files\avermedia\service\CardBusService.exe [2008-8-4 188416] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate1ca19f0d79b2096;Storitev Google Update Service (gupdate1ca19f0d79b2096);c:\program files\google\update\GoogleUpdate.exe [2009-8-10 133104] S2 ICQ Service;ICQ Service;c:\program files\icq6toolbar\ICQ Service.exe [2009-7-19 247096] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-19 257224] S3 avckf;avckf;c:\windows\system32\drivers\avckf.sys [2012-2-17 447208] S3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys --> c:\windows\system32\drivers\bdfm.sys [?] S3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys --> c:\windows\system32\drivers\bdfndisf.sys [?] S3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys [2011-11-17 63056] S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336] S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2012-6-17 23456] S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2009-10-2 36608] S3 GEMC001;GEMC001;C:\GEMC001.sys [2012-3-18 72136] S3 GEMC002;GEMC002;C:\GEMC002.sys [2012-3-19 72136] S3 GEMC003;GEMC003;C:\GEMC003.sys [2012-3-18 72136] S3 GEMC004;GEMC004;C:\GEMC004.sys [2012-3-19 72136] S3 GEMC005;GEMC005;C:\GEMC005.sys [2012-3-18 72136] S3 GEMC007;GEMC007;C:\GEMC007.sys [2012-3-18 72136] S3 GEMC009;GEMC009;C:\GEMC009.sys [2012-3-18 72136] S3 GEMC011;GEMC011;C:\GEMC011.sys [2012-3-29 72136] S3 gupdatem;Storitev Posodobitve za Google (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-8-10 133104] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-7-29 27064] S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys --> c:\windows\system32\drivers\wg111v2.sys [?] S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\drivers\s816bus.sys [2008-8-7 81832] S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\drivers\s816mdfl.sys [2008-8-7 13864] S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\drivers\s816mdm.sys [2008-8-7 107304] S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s816mgmt.sys [2008-8-7 99112] S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\drivers\s816nd5.sys [2008-8-7 21928] S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\drivers\s816obex.sys [2008-8-7 97320] S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\drivers\s816unic.sys [2008-8-7 97704] S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096] S3 Update Server;BitDefender Update Server v2;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe [2011-10-14 307544] S3 vtany;vtany;\??\c:\windows\vtany.sys --> c:\windows\vtany.sys [?] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] S3 XDva190;XDva190;\??\c:\windows\system32\xdva190.sys --> c:\windows\system32\XDva190.sys [?] S3 XDva275;XDva275;\??\c:\windows\system32\xdva275.sys --> c:\windows\system32\XDva275.sys [?] S3 XDva279;XDva279;\??\c:\windows\system32\xdva279.sys --> c:\windows\system32\XDva279.sys [?] S3 XDva288;XDva288;\??\c:\windows\system32\xdva288.sys --> c:\windows\system32\XDva288.sys [?] S3 XDva351;XDva351;\??\c:\windows\system32\xdva351.sys --> c:\windows\system32\XDva351.sys [?] S3 XDva380;XDva380;\??\c:\windows\system32\xdva380.sys --> c:\windows\system32\XDva380.sys [?] S3 XDva385;XDva385;\??\c:\windows\system32\xdva385.sys --> c:\windows\system32\XDva385.sys [?] S3 XDva387;XDva387;\??\c:\windows\system32\xdva387.sys --> c:\windows\system32\XDva387.sys [?] S3 XDva389;XDva389;\??\c:\windows\system32\xdva389.sys --> c:\windows\system32\XDva389.sys [?] S3 XDva391;XDva391;\??\c:\windows\system32\xdva391.sys --> c:\windows\system32\XDva391.sys [?] S3 XDva392;XDva392;\??\c:\windows\system32\xdva392.sys --> c:\windows\system32\XDva392.sys [?] S3 XDva393;XDva393;\??\c:\windows\system32\xdva393.sys --> c:\windows\system32\XDva393.sys [?] S3 XDva394;XDva394;\??\c:\windows\system32\xdva394.sys --> c:\windows\system32\XDva394.sys [?] S3 xhunter1;xhunter1;\??\c:\windows\xhunter1.sys --> c:\windows\xhunter1.sys [?] S4 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-10-2 233472] . =============== Created Last 30 ================ . 2012-06-21 13:16:14 98816 ----a-w- c:\windows\sed.exe 2012-06-21 13:16:14 518144 ----a-w- c:\windows\SWREG.exe 2012-06-21 13:16:14 256000 ----a-w- c:\windows\PEV.exe 2012-06-21 13:16:14 208896 ----a-w- c:\windows\MBR.exe 2012-06-21 12:52:27 -------- d-sha-r- C:\cmdcons 2012-06-21 10:57:51 -------- d-----w- C:\TDSSKiller_Quarantine 2012-06-20 16:45:33 69632 ----a-w- c:\windows\Alcmtr.exe 2012-06-19 08:47:00 14080 ----a-w- c:\windows\system32\drivers\TrueSight.sys 2012-06-18 16:32:01 880640 ----a-w- c:\windows\system32\UniBox10.ocx 2012-06-18 16:32:01 658432 ----a-w- c:\windows\system32\MSCOMCT2.OCX 2012-06-18 16:32:01 37336 ----a-w- c:\windows\system32\CleanMFT32.exe 2012-06-18 16:32:01 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx 2012-06-18 16:32:01 1101824 ----a-w- c:\windows\system32\UniBox210.ocx 2012-06-18 16:31:58 -------- d-----w- c:\program files\PC Tools Registry Mechanic 2012-06-18 16:31:58 -------- d-----w- c:\program files\common files\PC Tools 2012-06-18 09:16:01 -------- d-----w- c:\documents and settings\silvo\local settings\application data\Opera 2012-06-17 22:45:24 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys 2012-06-17 22:45:24 -------- d-----w- c:\documents and settings\silvo\local settings\application data\eSupport.com 2012-06-17 21:44:55 -------- d-----w- C:\Rbackup 2012-06-17 21:41:22 -------- d-----w- c:\program files\Perfect Uninstaller 2012-06-15 10:36:04 340624 ----a-w- c:\windows\system32\drivers\trufos.sys 2012-06-15 10:36:03 360976 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys 2012-06-15 10:04:12 -------- d-----w- c:\documents and settings\all users\application data\BDLogging 2012-06-15 10:03:38 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll 2012-06-15 10:03:13 -------- d-----w- c:\documents and settings\silvo\application data\Bitdefender 2012-06-15 10:00:58 -------- d-----w- c:\documents and settings\silvo\application data\QuickScan 2012-06-15 09:20:02 73728 ----a-w- c:\windows\system32\javacpl.cpl 2012-06-15 09:20:02 476936 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-05-23 19:45:13 -------- d-----w- c:\documents and settings\silvo\application data\Mumble 2012-05-23 19:33:50 -------- d-----w- c:\program files\Mumble . ==================== Find3M ==================== . 2012-06-21 11:02:34 36352 ----a-w- c:\windows\system32\drivers\disk.sys 2012-06-15 09:19:51 472840 ----a-w- c:\windows\system32\deployJava1.dll 2012-06-14 13:55:14 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-14 13:55:13 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-05-25 13:12:36 1074636 ----a-w- c:\windows\system32\nvdrsdb0.bin 2012-05-25 13:12:36 1 ----a-w- c:\windows\system32\nvdrssel.bin 2012-05-25 13:09:16 1074636 ----a-w- c:\windows\system32\nvdrsdb1.bin 2012-05-15 10:18:00 883008 ----a-w- c:\windows\system32\nvgenco32.dll 2012-05-15 10:18:00 65536 ----a-w- c:\windows\system32\OpenCL.dll 2012-05-15 10:18:00 6012928 ----a-w- c:\windows\system32\nvcuda.dll 2012-05-15 10:18:00 4373248 ----a-w- c:\windows\system32\nv4_disp.dll 2012-05-15 10:18:00 2530624 ----a-w- c:\windows\system32\nvcuvid.dll 2012-05-15 10:18:00 2445120 ----a-w- c:\windows\system32\nvcuvenc.dll 2012-05-15 10:18:00 2359808 ----a-w- c:\windows\system32\nvapi.dll 2012-05-15 10:18:00 18771968 ----a-w- c:\windows\system32\nvoglnt.dll 2012-05-15 10:18:00 17543168 ----a-w- c:\windows\system32\nvcompiler.dll 2012-05-15 10:18:00 14014656 ----a-w- c:\windows\system32\drivers\nv4_mini.sys 2012-05-15 10:18:00 1000768 ----a-w- c:\windows\system32\nvdispco32.dll 2012-05-15 09:40:26 54272 ----a-w- c:\windows\system32\nvwddi.dll 2012-05-15 09:40:02 15504192 ----a-w- c:\windows\system32\nvcpl.dll 2012-05-15 09:40:02 143680 ----a-w- c:\windows\system32\nvcolor.exe 2012-05-15 09:40:01 164160 ----a-w- c:\windows\system32\nvsvc32.exe 2012-05-15 09:40:01 108352 ----a-w- c:\windows\system32\nvmctray.dll 2012-04-04 13:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-29 08:53:35 72136 ----a-w- C:\GEMC011.sys 2012-03-24 15:51:51 72136 ----a-w- C:\GEMC009.sys 2012-03-24 15:47:39 72136 ----a-w- C:\GEMC005.sys 2012-03-24 15:45:49 72136 ----a-w- C:\GEMC003.sys 2012-03-24 15:45:20 72136 ----a-w- C:\GEMC001.sys 2011-11-21 22:19:43 86405736 ----a-w- c:\program files\APB_Reloaded_Installer.exe . ============= FINISH: 8:06:36.78 ===============
  14. Abbey
    ComboFix 12-06-21.01 - Silvo 21/06/2012 7:49.4.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1250.386.1033.18.3327.2658 [GMT -7:00] Running from: c:\documents and settings\Silvo\My Documents\Downloads\ComboFix.exe Command switches used :: c:\documents and settings\Silvo\My Documents\Downloads\CFScript.txt AV: Bitdefender Antivirus *Disabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB} . FILE :: "c:\documents and settings\Silvo\Application Data\Seven.exe" . . ((((((((((((((((((((((((( Files Created from 2012-05-21 to 2012-06-21 ))))))))))))))))))))))))))))))) . . 2012-06-21 10:57 . 2012-06-21 10:57 -------- d-----w- C:\TDSSKiller_Quarantine 2012-06-20 21:00 . 2012-06-20 23:05 -------- d-----w- c:\documents and settings\Silvo\Application Data\vlc 2012-06-20 16:45 . 2005-05-04 01:43 69632 ----a-w- c:\windows\Alcmtr.exe 2012-06-19 08:47 . 2012-06-19 08:47 14080 ----a-w- c:\windows\system32\drivers\TrueSight.sys 2012-06-18 16:32 . 2012-04-26 21:08 37336 ----a-w- c:\windows\system32\CleanMFT32.exe 2012-06-18 16:32 . 2008-09-18 04:17 658432 ----a-w- c:\windows\system32\MSCOMCT2.OCX 2012-06-18 16:32 . 2008-04-02 22:54 1101824 ----a-w- c:\windows\system32\UniBox210.ocx 2012-06-18 16:32 . 2008-04-02 22:53 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx 2012-06-18 16:32 . 2008-04-02 22:53 880640 ----a-w- c:\windows\system32\UniBox10.ocx 2012-06-18 16:31 . 2012-06-18 16:33 -------- d-----w- c:\program files\PC Tools Registry Mechanic 2012-06-18 16:31 . 2012-06-18 16:32 -------- d-----w- c:\program files\Common Files\PC Tools 2012-06-18 09:16 . 2012-06-18 09:16 -------- d-----w- c:\documents and settings\Silvo\Local Settings\Application Data\Opera 2012-06-18 09:15 . 2012-06-18 09:16 -------- d-----w- c:\program files\Opera 2012-06-17 22:45 . 2012-06-17 22:45 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys 2012-06-17 22:45 . 2012-06-17 22:45 -------- d-----w- c:\documents and settings\Silvo\Local Settings\Application Data\eSupport.com 2012-06-17 21:44 . 2012-06-17 21:44 -------- d-----w- C:\Rbackup 2012-06-17 21:41 . 2012-06-18 09:52 -------- d-----w- c:\program files\Perfect Uninstaller 2012-06-16 22:44 . 2012-06-16 22:44 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\QuickScan 2012-06-16 21:19 . 2012-06-16 21:19 -------- d-----w- c:\documents and settings\Maja\Application Data\Bitdefender 2012-06-15 10:36 . 2012-06-15 10:36 340624 ----a-w- c:\windows\system32\drivers\trufos.sys 2012-06-15 10:36 . 2012-06-15 10:36 360976 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys 2012-06-15 10:04 . 2012-06-15 10:04 -------- d-----w- c:\documents and settings\All Users\Application Data\BDLogging 2012-06-15 10:03 . 2008-11-08 01:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll 2012-06-15 10:03 . 2012-06-15 10:03 -------- d-----w- c:\documents and settings\Silvo\Application Data\Bitdefender 2012-06-15 10:00 . 2012-06-15 10:00 -------- d-----w- c:\documents and settings\Silvo\Application Data\QuickScan 2012-06-15 09:20 . 2012-06-15 09:19 73728 ----a-w- c:\windows\system32\javacpl.cpl 2012-06-15 09:20 . 2012-06-15 09:19 476936 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-06-15 09:19 . 2012-06-15 09:19 -------- d-----w- c:\program files\Java 2012-05-23 19:45 . 2012-06-16 22:40 -------- d-----w- c:\documents and settings\Silvo\Application Data\Mumble 2012-05-23 19:33 . 2012-05-23 19:44 -------- d-----w- c:\program files\Mumble . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-21 11:02 . 2004-08-03 21:59 36352 ----a-w- c:\windows\system32\drivers\disk.sys 2012-06-15 09:19 . 2011-11-10 13:40 472840 ----a-w- c:\windows\system32\deployJava1.dll 2012-06-14 13:55 . 2012-04-19 13:28 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-14 13:55 . 2011-05-22 20:57 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-05-15 10:18 . 2012-03-10 09:11 883008 ----a-w- c:\windows\system32\nvgenco32.dll 2012-05-15 10:18 . 2012-03-10 09:11 65536 ----a-w- c:\windows\system32\OpenCL.dll 2012-05-15 10:18 . 2012-03-10 09:11 1000768 ----a-w- c:\windows\system32\nvdispco32.dll 2012-05-15 10:18 . 2012-03-10 09:11 17543168 ----a-w- c:\windows\system32\nvcompiler.dll 2012-05-15 10:18 . 2009-08-11 09:20 2530624 ----a-w- c:\windows\system32\nvcuvid.dll 2012-05-15 10:18 . 2009-08-11 09:20 2445120 ----a-w- c:\windows\system32\nvcuvenc.dll 2012-05-15 10:18 . 2008-08-04 12:27 18771968 ----a-w- c:\windows\system32\nvoglnt.dll 2012-05-15 10:18 . 2008-08-04 12:27 6012928 ----a-w- c:\windows\system32\nvcuda.dll 2012-05-15 10:18 . 2008-08-04 12:27 2359808 ----a-w- c:\windows\system32\nvapi.dll 2012-05-15 10:18 . 2008-08-04 12:27 14014656 ----a-w- c:\windows\system32\drivers\nv4_mini.sys 2012-05-15 10:18 . 2008-08-04 12:27 4373248 ----a-w- c:\windows\system32\nv4_disp.dll 2012-05-15 09:43 . 2008-08-04 12:27 229376 ----a-w- c:\windows\system32\nvrszhc.dll 2012-05-15 09:43 . 2008-08-04 12:27 282624 ----a-w- c:\windows\system32\nvrsit.dll 2012-05-15 09:43 . 2008-08-04 12:27 253952 ----a-w- c:\windows\system32\nvrsth.dll 2012-05-15 09:43 . 2008-08-04 12:27 253952 ----a-w- c:\windows\system32\nvrssv.dll 2012-05-15 09:43 . 2008-08-04 12:27 126976 ----a-w- c:\windows\system32\nvrszht.dll 2012-05-15 09:43 . 2008-08-04 12:27 274432 ----a-w- c:\windows\system32\nvrsnl.dll 2012-05-15 09:43 . 2008-08-04 12:27 266240 ----a-w- c:\windows\system32\nvrsko.dll 2012-05-15 09:43 . 2008-08-04 12:27 335872 ----a-w- c:\windows\system32\nvrsar.dll 2012-05-15 09:43 . 2008-08-04 12:27 282624 ----a-w- c:\windows\system32\nvrsel.dll 2012-05-15 09:43 . 2008-08-04 12:27 274432 ----a-w- c:\windows\system32\nvrsesm.dll 2012-05-15 09:43 . 2008-08-04 12:27 249856 ----a-w- c:\windows\system32\nvrseng.dll 2012-05-15 09:43 . 2008-08-04 12:27 335872 ----a-w- c:\windows\system32\nvrshe.dll 2012-05-15 09:43 . 2008-08-04 12:27 286720 ----a-w- c:\windows\system32\nvrsfr.dll 2012-05-15 09:43 . 2008-08-04 12:27 274432 ----a-w- c:\windows\system32\nvrspt.dll 2012-05-15 09:43 . 2008-08-04 12:27 258048 ----a-w- c:\windows\system32\nvrssl.dll 2012-05-15 09:43 . 2008-08-04 12:27 253952 ----a-w- c:\windows\system32\nvrsno.dll 2012-05-15 09:43 . 2008-08-04 12:27 249856 ----a-w- c:\windows\system32\nvrsfi.dll 2012-05-15 09:43 . 2008-08-04 12:27 282624 ----a-w- c:\windows\system32\nvrses.dll 2012-05-15 09:43 . 2008-08-04 12:27 270336 ----a-w- c:\windows\system32\nvrsru.dll 2012-05-15 09:43 . 2008-08-04 12:27 258048 ----a-w- c:\windows\system32\nvrssk.dll 2012-05-15 09:43 . 2008-08-04 12:27 262144 ----a-w- c:\windows\system32\nvrshu.dll 2012-05-15 09:43 . 2008-08-04 12:27 258048 ----a-w- c:\windows\system32\nvrstr.dll 2012-05-15 09:43 . 2008-08-04 12:27 253952 ----a-w- c:\windows\system32\nvrsda.dll 2012-05-15 09:43 . 2008-08-04 12:27 274432 ----a-w- c:\windows\system32\nvrsja.dll 2012-05-15 09:43 . 2008-08-04 12:27 258048 ----a-w- c:\windows\system32\nvrspl.dll 2012-05-15 09:43 . 2008-08-04 12:27 270336 ----a-w- c:\windows\system32\nvrsptb.dll 2012-05-15 09:43 . 2008-08-04 12:27 278528 ----a-w- c:\windows\system32\nvrsde.dll 2012-05-15 09:43 . 2008-08-04 12:27 249856 ----a-w- c:\windows\system32\nvrscs.dll 2012-05-15 09:40 . 2009-07-14 11:35 54272 ----a-w- c:\windows\system32\nvwddi.dll 2012-05-15 09:40 . 2009-07-14 11:34 15504192 ----a-w- c:\windows\system32\nvcpl.dll 2012-05-15 09:40 . 2009-07-14 11:34 143680 ----a-w- c:\windows\system32\nvcolor.exe 2012-05-15 09:40 . 2009-07-14 11:34 164160 ----a-w- c:\windows\system32\nvsvc32.exe 2012-05-15 09:40 . 2009-07-14 11:34 108352 ----a-w- c:\windows\system32\nvmctray.dll 2012-04-04 13:56 . 2011-07-08 20:25 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-29 08:53 . 2012-03-29 08:53 72136 ----a-w- C:\GEMC011.sys 2012-03-24 15:51 . 2012-03-18 21:44 72136 ----a-w- C:\GEMC009.sys 2012-03-24 15:47 . 2012-03-18 16:37 72136 ----a-w- C:\GEMC005.sys 2012-03-24 15:45 . 2012-03-18 16:32 72136 ----a-w- C:\GEMC003.sys 2012-03-24 15:45 . 2012-03-18 16:32 72136 ----a-w- C:\GEMC001.sys 2011-11-21 22:19 . 2011-11-21 21:27 86405736 ----a-w- c:\program files\APB_Reloaded_Installer.exe 2012-02-19 12:56 . 2011-05-05 22:11 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2008-08-13 17:02 . 2008-08-13 17:02 35840 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-06-21_13.32.02 ))))))))))))))))))))))))))))))))))))))))) . + 2012-06-21 14:34 . 2012-06-21 14:34 16384 c:\windows\Temp\Perflib_Perfdata_2c8.dat + 2008-08-04 12:12 . 2012-06-21 14:33 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat - 2008-08-04 12:12 . 2012-06-21 13:30 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2008-08-04 12:12 . 2012-06-21 14:33 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2008-08-04 12:12 . 2012-06-21 13:30 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2008-08-04 12:12 . 2012-06-21 14:33 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat - 2008-08-04 12:12 . 2012-06-21 13:30 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 528384] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824] "SkyTel"="SkyTel.EXE" [2006-05-17 2879488] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-04-15 296056] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-05-15 15504192] "NvMediaCenter"="NvMCTray.dll" [2012-05-15 108352] "nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-05-15 1634112] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "BDAgent"="c:\program files\Bitdefender\Bitdefender 2012\bdagent.exe" [2012-03-22 1183616] "RTHDCPL"="RTHDCPL.EXE" [2007-03-08 16125952] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "ShowDeskFix"="shell32" [X] "RunNarrator"="Narrator.exe" [2008-04-14 53760] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run] "AFEC-CEAB"="c:\documents and settings\Silvo\Application Data\Seven.exe" [bU] . c:\documents and settings\Maja\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\documents and settings\Silvo_2\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\documents and settings\Silvo\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ AVerQuick.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2008-8-4 618496] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-2-25 813584] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk backup=c:\windows\pss\GamersFirst LIVE!.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk backup=c:\windows\pss\McAfee Security Scan.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^Silvo^Start Menu^Programs^Startup^MagicDisc.lnk] path=c:\documents and settings\Silvo\Start Menu\Programs\Startup\MagicDisc.lnk backup=c:\windows\pss\MagicDisc.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^Silvo^Start Menu^Programs^Startup^Xfire.lnk] path=c:\documents and settings\Silvo\Start Menu\Programs\Startup\Xfire.lnk backup=c:\windows\pss\Xfire.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe] 2007-06-29 13:03 36864 ----a-w- c:\program files\GameSpy\Comrade\Comrade.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2008-07-24 15:02 490952 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware] 2012-04-04 13:56 462408 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2010-04-16 21:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2009-01-29 13:01 23975720 ----a-r- c:\program files\Skype\Phone\Skype.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] 2012-06-14 13:42 3905920 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "scan"=3 (0x3) "LIVESRV"=2 (0x2) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\Games-Masters.com\\CABAL Online (Europe)\\launcher\\update\\ESTdnheadless.exe"= "c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"= "c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"= "c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"= "c:\\Program Files\\Steam\\Steam.exe"= "c:\\Program Files\\Microsoft Games\\Halo 2\\halo2.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\ICQ7.2\\ICQ.exe"= "c:\\Program Files\\ICQ7.2\\aolload.exe"= "c:\\Program Files\\Xfire\\Xfire.exe"= "c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"= "c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"= "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\apb reloaded\\Launcher\\APBLauncher.exe"= "c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\apb reloaded\\Binaries\\APB.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\apb reloaded\\Binaries\\VivoxVoiceService.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"= "c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"= "c:\\Program Files\\tera fake\\TERA-Launcher.exe"= "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"= "c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"= "c:\\Program Files\\Opera\\pluginwrapper\\opera_plugin_wrapper.exe"= "c:\\Program Files\\Opera\\opera.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "57769:TCP"= 57769:TCP:Pando Media Booster "57769:UDP"= 57769:UDP:Pando Media Booster "57495:TCP"= 57495:TCP:Pando Media Booster "57495:UDP"= 57495:UDP:Pando Media Booster "56799:TCP"= 56799:TCP:Pando Media Booster "56799:UDP"= 56799:UDP:Pando Media Booster "21688:TCP"= 21688:TCP:@xpsp2res.dll,-22009 "56191:TCP"= 56191:TCP:Pando Media Booster "56191:UDP"= 56191:UDP:Pando Media Booster "57819:TCP"= 57819:TCP:Pando Media Booster "57819:UDP"= 57819:UDP:Pando Media Booster . R0 avc3;avc3;c:\windows\system32\drivers\avc3.sys [20/03/2012 20:22 611520] R1 BDVEDISK;BDVEDISK;c:\windows\system32\drivers\bdvedisk.sys [19/01/2010 19:32 85128] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 09:27 12880] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 14:55 67664] R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [11/08/2011 16:38 116608] R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [18/03/2012 05:49 21992] R2 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [24/11/2010 07:07 20088] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [08/07/2011 13:25 654408] R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [10/03/2012 02:27 1262400] R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [18/06/2012 09:32 793048] R2 UPDATESRV;BitDefender Desktop Update Service;c:\program files\BitDefender\Bitdefender 2012\updatesrv.exe [13/03/2012 18:24 53224] R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [04/08/2008 05:21 37376] R3 avchv;avchv Function Driver;c:\windows\system32\drivers\avchv.sys [25/11/2011 14:59 240184] R3 AVerBDA3x;AVerMedia SAA713x BDA Service;c:\windows\system32\drivers\AVerBDA3x.sys [04/08/2008 05:38 1180672] R3 kbdcap;kbdcap;c:\windows\system32\drivers\KbdCap.sys [14/09/2010 11:21 109440] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [08/07/2011 13:25 22344] S0 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?] S2 CardBusService;CardBusService;c:\program files\Common Files\AVerMedia\Service\CardBusService.exe [04/08/2008 07:18 188416] S2 gupdate1ca19f0d79b2096;Storitev Google Update Service (gupdate1ca19f0d79b2096);c:\program files\Google\Update\GoogleUpdate.exe [10/08/2009 12:29 133104] S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [19/07/2009 09:01 247096] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [19/04/2012 06:28 257224] S3 avckf;avckf;c:\windows\system32\drivers\avckf.sys [17/02/2012 16:45 447208] S3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys --> c:\windows\system32\drivers\bdfm.sys [?] S3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\bdfndisf.sys --> c:\windows\system32\DRIVERS\bdfndisf.sys [?] S3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys [17/11/2011 17:38 63056] S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18/12/2009 03:58 11336] S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [17/06/2012 15:45 23456] S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [02/10/2009 08:46 36608] S3 GEMC001;GEMC001;C:\GEMC001.sys [18/03/2012 09:32 72136] S3 GEMC002;GEMC002;C:\GEMC002.sys [19/03/2012 01:19 72136] S3 GEMC003;GEMC003;C:\GEMC003.sys [18/03/2012 09:32 72136] S3 GEMC004;GEMC004;C:\GEMC004.sys [19/03/2012 01:20 72136] S3 GEMC005;GEMC005;C:\GEMC005.sys [18/03/2012 09:37 72136] S3 GEMC007;GEMC007;C:\GEMC007.sys [18/03/2012 11:24 72136] S3 GEMC009;GEMC009;C:\GEMC009.sys [18/03/2012 14:44 72136] S3 GEMC011;GEMC011;C:\GEMC011.sys [29/03/2012 01:53 72136] S3 gupdatem;Storitev Posodobitve za Google (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/08/2009 12:29 133104] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [29/07/2011 13:07 27064] S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\DRIVERS\wg111v2.sys --> c:\windows\system32\DRIVERS\wg111v2.sys [?] S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\drivers\s816bus.sys [07/08/2008 06:27 81832] S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\drivers\s816mdfl.sys [07/08/2008 06:27 13864] S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\drivers\s816mdm.sys [07/08/2008 06:27 107304] S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s816mgmt.sys [07/08/2008 06:27 99112] S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\drivers\s816nd5.sys [07/08/2008 06:28 21928] S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\drivers\s816obex.sys [07/08/2008 06:27 97320] S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\drivers\s816unic.sys [07/08/2008 06:27 97704] S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 04:37 517096] S3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\BitDefender\Bitdefender Arrakis Server\bin\arrakis3.exe [14/10/2011 23:57 307544] S3 vtany;vtany;\??\c:\windows\vtany.sys --> c:\windows\vtany.sys [?] S3 XDva190;XDva190;\??\c:\windows\system32\XDva190.sys --> c:\windows\system32\XDva190.sys [?] S3 XDva275;XDva275;\??\c:\windows\system32\XDva275.sys --> c:\windows\system32\XDva275.sys [?] S3 XDva279;XDva279;\??\c:\windows\system32\XDva279.sys --> c:\windows\system32\XDva279.sys [?] S3 XDva288;XDva288;\??\c:\windows\system32\XDva288.sys --> c:\windows\system32\XDva288.sys [?] S3 XDva351;XDva351;\??\c:\windows\system32\XDva351.sys --> c:\windows\system32\XDva351.sys [?] S3 XDva380;XDva380;\??\c:\windows\system32\XDva380.sys --> c:\windows\system32\XDva380.sys [?] S3 XDva385;XDva385;\??\c:\windows\system32\XDva385.sys --> c:\windows\system32\XDva385.sys [?] S3 XDva387;XDva387;\??\c:\windows\system32\XDva387.sys --> c:\windows\system32\XDva387.sys [?] S3 XDva389;XDva389;\??\c:\windows\system32\XDva389.sys --> c:\windows\system32\XDva389.sys [?] S3 XDva391;XDva391;\??\c:\windows\system32\XDva391.sys --> c:\windows\system32\XDva391.sys [?] S3 XDva392;XDva392;\??\c:\windows\system32\XDva392.sys --> c:\windows\system32\XDva392.sys [?] S3 XDva393;XDva393;\??\c:\windows\system32\XDva393.sys --> c:\windows\system32\XDva393.sys [?] S3 XDva394;XDva394;\??\c:\windows\system32\XDva394.sys --> c:\windows\system32\XDva394.sys [?] S3 xhunter1;xhunter1;\??\c:\windows\xhunter1.sys --> c:\windows\xhunter1.sys [?] S4 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [02/10/2009 08:46 233472] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bdx REG_MULTI_SZ scan . Contents of the 'Scheduled Tasks' folder . 2012-06-21 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 13:55] . 2012-06-09 c:\windows\Tasks\AdobeAAMUpdater-1.0-SILVO1-Nadja.job - c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-08-27 01:44] . 2012-06-09 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] . 2012-06-14 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-22 11:56] . 2012-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd08335e74765c.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-10 19:29] . 2012-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-10 19:29] . 2012-06-21 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1060284298-362288127-839522115-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 15:45] . 2012-06-21 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1060284298-362288127-839522115-1005.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 15:45] . 2012-06-21 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1060284298-362288127-839522115-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 15:45] . 2012-06-03 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1060284298-362288127-839522115-1005.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 15:45] . 2012-06-21 c:\windows\Tasks\RMAutoUpdate.job - c:\program files\PC Tools Registry Mechanic\SULauncher.exe [2012-06-18 21:08] . 2012-06-21 c:\windows\Tasks\RMSchedule.job - c:\program files\PC Tools Registry Mechanic\RegMech.exe [2012-06-18 21:08] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ mStart Page = about:blank IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: Interfaces\{BC30E4D0-6780-42EB-9733-F8D55434BB60}: NameServer = 193.189.160.13,193.189.160.23 DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://disteng.nefficient.com/disteng/neffy/NeffyLauncher.cab FF - ProfilePath - c:\documents and settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-06-21 07:55 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1060284298-362288127-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "??"=hex:8c,33,68,01,b0,79,c2,6e,8d,dc,26,ec,bc,fc,38,92,35,0c,fd,60,4a,41,50, 25,12,86,a3,7a,91,f7,42,11,72,ce,ce,7f,c7,a7,c1,ed,98,dc,c7,bc,52,4b,d4,c4,\ "??"=hex:8c,2e,ba,30,30,f7,7b,cf,e6,5b,fc,8c,37,11,23,7d . [HKEY_USERS\S-1-5-21-1060284298-362288127-839522115-1003\Software\SecuROM\License information*] "datasecu"=hex:c4,43,8b,be,c7,fb,7c,e8,d1,c0,c4,1d,7b,4a,fb,8d,e0,b8,8f,23,f5, 34,38,31,7a,41,71,bd,57,6c,84,13,02,db,70,67,05,d1,fd,38,83,6d,9d,d4,39,4e,\ "rkeysecu"=hex:8b,72,cf,6f,94,82,52,08,a8,f0,54,62,b4,bb,5f,33 . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(2268) c:\windows\system32\WININET.dll c:\program files\Logitech\SetPoint\lgscroll.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll c:\windows\system32\msi.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2012-06-21 07:57:19 ComboFix-quarantined-files.txt 2012-06-21 14:57 ComboFix2.txt 2012-06-21 14:40 ComboFix3.txt 2012-06-21 13:42 . Pre-Run: 115,633,319,936 bytes free Post-Run: 115,609,436,160 prosto bajtov . - - End Of File - - BE4CFDBCBCAFB3296E9CE3054A09A88B
  15. Abbey
    ComboFix 12-06-21.01 - Silvo 21/06/2012 7:24.3.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1250.386.1033.18.3327.2653 [GMT -7:00] Running from: c:\documents and settings\Silvo\My Documents\Downloads\ComboFix.exe Command switches used :: c:\documents and settings\Silvo\My Documents\Downloads\CFScript.txt AV: Bitdefender Antivirus *Disabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB} . FILE :: "c:\documents and settings\silvo\local settings\Temp\DAT9A2.tmp.exe" "c:\windows\system\178918.exe" "c:\windows\system32\drivers\pavproc.sys" "c:\windows\system32\DRIVERS\ShlDrv51.sys" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Maja\Local Settings\Application Data\AskToolbar c:\documents and settings\Maja\Local Settings\Application Data\AskToolbar\cache.dat c:\documents and settings\Maja\Local Settings\Application Data\AskToolbar\config.xml . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_17891 -------\Legacy_AVG_SECURITY_TOOLBAR_SERVICE -------\Legacy_JAKFCSWX -------\Legacy_PAVPROC -------\Legacy_PAVPRSRV -------\Legacy_SHLDDRV -------\Service_17891 -------\Service_AVG Security Toolbar Service -------\Service_jakfcswx -------\Service_PavProc -------\Service_PavPrSrv -------\Service_ShldDrv . . ((((((((((((((((((((((((( Files Created from 2012-05-21 to 2012-06-21 ))))))))))))))))))))))))))))))) . . 2012-06-21 10:57 . 2012-06-21 10:57 -------- d-----w- C:\TDSSKiller_Quarantine 2012-06-20 21:00 . 2012-06-20 23:05 -------- d-----w- c:\documents and settings\Silvo\Application Data\vlc 2012-06-20 16:45 . 2005-05-04 01:43 69632 ----a-w- c:\windows\Alcmtr.exe 2012-06-19 08:47 . 2012-06-19 08:47 14080 ----a-w- c:\windows\system32\drivers\TrueSight.sys 2012-06-18 16:32 . 2012-04-26 21:08 37336 ----a-w- c:\windows\system32\CleanMFT32.exe 2012-06-18 16:32 . 2008-09-18 04:17 658432 ----a-w- c:\windows\system32\MSCOMCT2.OCX 2012-06-18 16:32 . 2008-04-02 22:54 1101824 ----a-w- c:\windows\system32\UniBox210.ocx 2012-06-18 16:32 . 2008-04-02 22:53 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx 2012-06-18 16:32 . 2008-04-02 22:53 880640 ----a-w- c:\windows\system32\UniBox10.ocx 2012-06-18 16:31 . 2012-06-18 16:33 -------- d-----w- c:\program files\PC Tools Registry Mechanic 2012-06-18 16:31 . 2012-06-18 16:32 -------- d-----w- c:\program files\Common Files\PC Tools 2012-06-18 09:16 . 2012-06-18 09:16 -------- d-----w- c:\documents and settings\Silvo\Local Settings\Application Data\Opera 2012-06-18 09:15 . 2012-06-18 09:16 -------- d-----w- c:\program files\Opera 2012-06-17 22:45 . 2012-06-17 22:45 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys 2012-06-17 22:45 . 2012-06-17 22:45 -------- d-----w- c:\documents and settings\Silvo\Local Settings\Application Data\eSupport.com 2012-06-17 21:44 . 2012-06-17 21:44 -------- d-----w- C:\Rbackup 2012-06-17 21:41 . 2012-06-18 09:52 -------- d-----w- c:\program files\Perfect Uninstaller 2012-06-16 22:44 . 2012-06-16 22:44 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\QuickScan 2012-06-16 21:19 . 2012-06-16 21:19 -------- d-----w- c:\documents and settings\Maja\Application Data\Bitdefender 2012-06-15 10:36 . 2012-06-15 10:36 340624 ----a-w- c:\windows\system32\drivers\trufos.sys 2012-06-15 10:36 . 2012-06-15 10:36 360976 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys 2012-06-15 10:04 . 2012-06-15 10:04 -------- d-----w- c:\documents and settings\All Users\Application Data\BDLogging 2012-06-15 10:03 . 2008-11-08 01:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll 2012-06-15 10:03 . 2012-06-15 10:03 -------- d-----w- c:\documents and settings\Silvo\Application Data\Bitdefender 2012-06-15 10:00 . 2012-06-15 10:00 -------- d-----w- c:\documents and settings\Silvo\Application Data\QuickScan 2012-06-15 09:20 . 2012-06-15 09:19 73728 ----a-w- c:\windows\system32\javacpl.cpl 2012-06-15 09:20 . 2012-06-15 09:19 476936 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-06-15 09:19 . 2012-06-15 09:19 -------- d-----w- c:\program files\Java 2012-05-23 19:45 . 2012-06-16 22:40 -------- d-----w- c:\documents and settings\Silvo\Application Data\Mumble 2012-05-23 19:33 . 2012-05-23 19:44 -------- d-----w- c:\program files\Mumble . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-21 11:02 . 2004-08-03 21:59 36352 ----a-w- c:\windows\system32\drivers\disk.sys 2012-06-15 09:19 . 2011-11-10 13:40 472840 ----a-w- c:\windows\system32\deployJava1.dll 2012-06-14 13:55 . 2012-04-19 13:28 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-14 13:55 . 2011-05-22 20:57 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-05-15 10:18 . 2012-03-10 09:11 883008 ----a-w- c:\windows\system32\nvgenco32.dll 2012-05-15 10:18 . 2012-03-10 09:11 65536 ----a-w- c:\windows\system32\OpenCL.dll 2012-05-15 10:18 . 2012-03-10 09:11 1000768 ----a-w- c:\windows\system32\nvdispco32.dll 2012-05-15 10:18 . 2012-03-10 09:11 17543168 ----a-w- c:\windows\system32\nvcompiler.dll 2012-05-15 10:18 . 2009-08-11 09:20 2530624 ----a-w- c:\windows\system32\nvcuvid.dll 2012-05-15 10:18 . 2009-08-11 09:20 2445120 ----a-w- c:\windows\system32\nvcuvenc.dll 2012-05-15 10:18 . 2008-08-04 12:27 18771968 ----a-w- c:\windows\system32\nvoglnt.dll 2012-05-15 10:18 . 2008-08-04 12:27 6012928 ----a-w- c:\windows\system32\nvcuda.dll 2012-05-15 10:18 . 2008-08-04 12:27 2359808 ----a-w- c:\windows\system32\nvapi.dll 2012-05-15 10:18 . 2008-08-04 12:27 14014656 ----a-w- c:\windows\system32\drivers\nv4_mini.sys 2012-05-15 10:18 . 2008-08-04 12:27 4373248 ----a-w- c:\windows\system32\nv4_disp.dll 2012-05-15 09:43 . 2008-08-04 12:27 229376 ----a-w- c:\windows\system32\nvrszhc.dll 2012-05-15 09:43 . 2008-08-04 12:27 282624 ----a-w- c:\windows\system32\nvrsit.dll 2012-05-15 09:43 . 2008-08-04 12:27 253952 ----a-w- c:\windows\system32\nvrsth.dll 2012-05-15 09:43 . 2008-08-04 12:27 253952 ----a-w- c:\windows\system32\nvrssv.dll 2012-05-15 09:43 . 2008-08-04 12:27 126976 ----a-w- c:\windows\system32\nvrszht.dll 2012-05-15 09:43 . 2008-08-04 12:27 274432 ----a-w- c:\windows\system32\nvrsnl.dll 2012-05-15 09:43 . 2008-08-04 12:27 266240 ----a-w- c:\windows\system32\nvrsko.dll 2012-05-15 09:43 . 2008-08-04 12:27 335872 ----a-w- c:\windows\system32\nvrsar.dll 2012-05-15 09:43 . 2008-08-04 12:27 282624 ----a-w- c:\windows\system32\nvrsel.dll 2012-05-15 09:43 . 2008-08-04 12:27 274432 ----a-w- c:\windows\system32\nvrsesm.dll 2012-05-15 09:43 . 2008-08-04 12:27 249856 ----a-w- c:\windows\system32\nvrseng.dll 2012-05-15 09:43 . 2008-08-04 12:27 335872 ----a-w- c:\windows\system32\nvrshe.dll 2012-05-15 09:43 . 2008-08-04 12:27 286720 ----a-w- c:\windows\system32\nvrsfr.dll 2012-05-15 09:43 . 2008-08-04 12:27 274432 ----a-w- c:\windows\system32\nvrspt.dll 2012-05-15 09:43 . 2008-08-04 12:27 258048 ----a-w- c:\windows\system32\nvrssl.dll 2012-05-15 09:43 . 2008-08-04 12:27 253952 ----a-w- c:\windows\system32\nvrsno.dll 2012-05-15 09:43 . 2008-08-04 12:27 249856 ----a-w- c:\windows\system32\nvrsfi.dll 2012-05-15 09:43 . 2008-08-04 12:27 282624 ----a-w- c:\windows\system32\nvrses.dll 2012-05-15 09:43 . 2008-08-04 12:27 270336 ----a-w- c:\windows\system32\nvrsru.dll 2012-05-15 09:43 . 2008-08-04 12:27 258048 ----a-w- c:\windows\system32\nvrssk.dll 2012-05-15 09:43 . 2008-08-04 12:27 262144 ----a-w- c:\windows\system32\nvrshu.dll 2012-05-15 09:43 . 2008-08-04 12:27 258048 ----a-w- c:\windows\system32\nvrstr.dll 2012-05-15 09:43 . 2008-08-04 12:27 253952 ----a-w- c:\windows\system32\nvrsda.dll 2012-05-15 09:43 . 2008-08-04 12:27 274432 ----a-w- c:\windows\system32\nvrsja.dll 2012-05-15 09:43 . 2008-08-04 12:27 258048 ----a-w- c:\windows\system32\nvrspl.dll 2012-05-15 09:43 . 2008-08-04 12:27 270336 ----a-w- c:\windows\system32\nvrsptb.dll 2012-05-15 09:43 . 2008-08-04 12:27 278528 ----a-w- c:\windows\system32\nvrsde.dll 2012-05-15 09:43 . 2008-08-04 12:27 249856 ----a-w- c:\windows\system32\nvrscs.dll 2012-05-15 09:40 . 2009-07-14 11:35 54272 ----a-w- c:\windows\system32\nvwddi.dll 2012-05-15 09:40 . 2009-07-14 11:34 15504192 ----a-w- c:\windows\system32\nvcpl.dll 2012-05-15 09:40 . 2009-07-14 11:34 143680 ----a-w- c:\windows\system32\nvcolor.exe 2012-05-15 09:40 . 2009-07-14 11:34 164160 ----a-w- c:\windows\system32\nvsvc32.exe 2012-05-15 09:40 . 2009-07-14 11:34 108352 ----a-w- c:\windows\system32\nvmctray.dll 2012-04-04 13:56 . 2011-07-08 20:25 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-29 08:53 . 2012-03-29 08:53 72136 ----a-w- C:\GEMC011.sys 2012-03-24 15:51 . 2012-03-18 21:44 72136 ----a-w- C:\GEMC009.sys 2012-03-24 15:47 . 2012-03-18 16:37 72136 ----a-w- C:\GEMC005.sys 2012-03-24 15:45 . 2012-03-18 16:32 72136 ----a-w- C:\GEMC003.sys 2012-03-24 15:45 . 2012-03-18 16:32 72136 ----a-w- C:\GEMC001.sys 2011-11-21 22:19 . 2011-11-21 21:27 86405736 ----a-w- c:\program files\APB_Reloaded_Installer.exe 2012-02-19 12:56 . 2011-05-05 22:11 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2008-08-13 17:02 . 2008-08-13 17:02 35840 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-06-21_13.32.02 ))))))))))))))))))))))))))))))))))))))))) . + 2012-06-21 14:34 . 2012-06-21 14:34 16384 c:\windows\Temp\Perflib_Perfdata_2c8.dat + 2008-08-04 12:12 . 2012-06-21 14:33 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat - 2008-08-04 12:12 . 2012-06-21 13:30 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2008-08-04 12:12 . 2012-06-21 14:33 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2008-08-04 12:12 . 2012-06-21 13:30 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2008-08-04 12:12 . 2012-06-21 14:33 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat - 2008-08-04 12:12 . 2012-06-21 13:30 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 528384] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824] "SkyTel"="SkyTel.EXE" [2006-05-17 2879488] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-04-15 296056] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-05-15 15504192] "NvMediaCenter"="NvMCTray.dll" [2012-05-15 108352] "nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-05-15 1634112] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "BDAgent"="c:\program files\Bitdefender\Bitdefender 2012\bdagent.exe" [2012-03-22 1183616] "RTHDCPL"="RTHDCPL.EXE" [2007-03-08 16125952] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "ShowDeskFix"="shell32" [X] "RunNarrator"="Narrator.exe" [2008-04-14 53760] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run] "AFEC-CEAB"="c:\documents and settings\Silvo\Application Data\Seven.exe" [bU] . c:\documents and settings\Maja\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\documents and settings\Silvo_2\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\documents and settings\Silvo\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ AVerQuick.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2008-8-4 618496] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-2-25 813584] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk backup=c:\windows\pss\GamersFirst LIVE!.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk backup=c:\windows\pss\McAfee Security Scan.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^Silvo^Start Menu^Programs^Startup^MagicDisc.lnk] path=c:\documents and settings\Silvo\Start Menu\Programs\Startup\MagicDisc.lnk backup=c:\windows\pss\MagicDisc.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^Silvo^Start Menu^Programs^Startup^Xfire.lnk] path=c:\documents and settings\Silvo\Start Menu\Programs\Startup\Xfire.lnk backup=c:\windows\pss\Xfire.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe] 2007-06-29 13:03 36864 ----a-w- c:\program files\GameSpy\Comrade\Comrade.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2008-07-24 15:02 490952 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware] 2012-04-04 13:56 462408 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2010-04-16 21:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2009-01-29 13:01 23975720 ----a-r- c:\program files\Skype\Phone\Skype.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] 2012-06-14 13:42 3905920 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "scan"=3 (0x3) "LIVESRV"=2 (0x2) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\Games-Masters.com\\CABAL Online (Europe)\\launcher\\update\\ESTdnheadless.exe"= "c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"= "c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"= "c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"= "c:\\Program Files\\Steam\\Steam.exe"= "c:\\Program Files\\Microsoft Games\\Halo 2\\halo2.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\ICQ7.2\\ICQ.exe"= "c:\\Program Files\\ICQ7.2\\aolload.exe"= "c:\\Program Files\\Xfire\\Xfire.exe"= "c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"= "c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"= "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\apb reloaded\\Launcher\\APBLauncher.exe"= "c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\apb reloaded\\Binaries\\APB.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\apb reloaded\\Binaries\\VivoxVoiceService.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"= "c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"= "c:\\Program Files\\tera fake\\TERA-Launcher.exe"= "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"= "c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"= "c:\\Program Files\\Opera\\pluginwrapper\\opera_plugin_wrapper.exe"= "c:\\Program Files\\Opera\\opera.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "57769:TCP"= 57769:TCP:Pando Media Booster "57769:UDP"= 57769:UDP:Pando Media Booster "57495:TCP"= 57495:TCP:Pando Media Booster "57495:UDP"= 57495:UDP:Pando Media Booster "56799:TCP"= 56799:TCP:Pando Media Booster "56799:UDP"= 56799:UDP:Pando Media Booster "21688:TCP"= 21688:TCP:@xpsp2res.dll,-22009 "56191:TCP"= 56191:TCP:Pando Media Booster "56191:UDP"= 56191:UDP:Pando Media Booster "57819:TCP"= 57819:TCP:Pando Media Booster "57819:UDP"= 57819:UDP:Pando Media Booster . R0 avc3;avc3;c:\windows\system32\drivers\avc3.sys [20/03/2012 20:22 611520] R1 BDVEDISK;BDVEDISK;c:\windows\system32\drivers\bdvedisk.sys [19/01/2010 19:32 85128] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 09:27 12880] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 14:55 67664] R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [11/08/2011 16:38 116608] R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [18/03/2012 05:49 21992] R2 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [24/11/2010 07:07 20088] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [08/07/2011 13:25 654408] R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [10/03/2012 02:27 1262400] R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [18/06/2012 09:32 793048] R2 UPDATESRV;BitDefender Desktop Update Service;c:\program files\BitDefender\Bitdefender 2012\updatesrv.exe [13/03/2012 18:24 53224] R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [04/08/2008 05:21 37376] R3 avchv;avchv Function Driver;c:\windows\system32\drivers\avchv.sys [25/11/2011 14:59 240184] R3 AVerBDA3x;AVerMedia SAA713x BDA Service;c:\windows\system32\drivers\AVerBDA3x.sys [04/08/2008 05:38 1180672] R3 kbdcap;kbdcap;c:\windows\system32\drivers\KbdCap.sys [14/09/2010 11:21 109440] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [08/07/2011 13:25 22344] S0 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?] S2 CardBusService;CardBusService;c:\program files\Common Files\AVerMedia\Service\CardBusService.exe [04/08/2008 07:18 188416] S2 gupdate1ca19f0d79b2096;Storitev Google Update Service (gupdate1ca19f0d79b2096);c:\program files\Google\Update\GoogleUpdate.exe [10/08/2009 12:29 133104] S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [19/07/2009 09:01 247096] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [19/04/2012 06:28 257224] S3 avckf;avckf;c:\windows\system32\drivers\avckf.sys [17/02/2012 16:45 447208] S3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys --> c:\windows\system32\drivers\bdfm.sys [?] S3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\bdfndisf.sys --> c:\windows\system32\DRIVERS\bdfndisf.sys [?] S3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys [17/11/2011 17:38 63056] S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18/12/2009 03:58 11336] S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [17/06/2012 15:45 23456] S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [02/10/2009 08:46 36608] S3 GEMC001;GEMC001;C:\GEMC001.sys [18/03/2012 09:32 72136] S3 GEMC002;GEMC002;C:\GEMC002.sys [19/03/2012 01:19 72136] S3 GEMC003;GEMC003;C:\GEMC003.sys [18/03/2012 09:32 72136] S3 GEMC004;GEMC004;C:\GEMC004.sys [19/03/2012 01:20 72136] S3 GEMC005;GEMC005;C:\GEMC005.sys [18/03/2012 09:37 72136] S3 GEMC007;GEMC007;C:\GEMC007.sys [18/03/2012 11:24 72136] S3 GEMC009;GEMC009;C:\GEMC009.sys [18/03/2012 14:44 72136] S3 GEMC011;GEMC011;C:\GEMC011.sys [29/03/2012 01:53 72136] S3 gupdatem;Storitev Posodobitve za Google (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/08/2009 12:29 133104] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [29/07/2011 13:07 27064] S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\DRIVERS\wg111v2.sys --> c:\windows\system32\DRIVERS\wg111v2.sys [?] S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\drivers\s816bus.sys [07/08/2008 06:27 81832] S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\drivers\s816mdfl.sys [07/08/2008 06:27 13864] S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\drivers\s816mdm.sys [07/08/2008 06:27 107304] S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s816mgmt.sys [07/08/2008 06:27 99112] S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\drivers\s816nd5.sys [07/08/2008 06:28 21928] S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\drivers\s816obex.sys [07/08/2008 06:27 97320] S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\drivers\s816unic.sys [07/08/2008 06:27 97704] S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 04:37 517096] S3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\BitDefender\Bitdefender Arrakis Server\bin\arrakis3.exe [14/10/2011 23:57 307544] S3 vtany;vtany;\??\c:\windows\vtany.sys --> c:\windows\vtany.sys [?] S3 XDva190;XDva190;\??\c:\windows\system32\XDva190.sys --> c:\windows\system32\XDva190.sys [?] S3 XDva275;XDva275;\??\c:\windows\system32\XDva275.sys --> c:\windows\system32\XDva275.sys [?] S3 XDva279;XDva279;\??\c:\windows\system32\XDva279.sys --> c:\windows\system32\XDva279.sys [?] S3 XDva288;XDva288;\??\c:\windows\system32\XDva288.sys --> c:\windows\system32\XDva288.sys [?] S3 XDva351;XDva351;\??\c:\windows\system32\XDva351.sys --> c:\windows\system32\XDva351.sys [?] S3 XDva380;XDva380;\??\c:\windows\system32\XDva380.sys --> c:\windows\system32\XDva380.sys [?] S3 XDva385;XDva385;\??\c:\windows\system32\XDva385.sys --> c:\windows\system32\XDva385.sys [?] S3 XDva387;XDva387;\??\c:\windows\system32\XDva387.sys --> c:\windows\system32\XDva387.sys [?] S3 XDva389;XDva389;\??\c:\windows\system32\XDva389.sys --> c:\windows\system32\XDva389.sys [?] S3 XDva391;XDva391;\??\c:\windows\system32\XDva391.sys --> c:\windows\system32\XDva391.sys [?] S3 XDva392;XDva392;\??\c:\windows\system32\XDva392.sys --> c:\windows\system32\XDva392.sys [?] S3 XDva393;XDva393;\??\c:\windows\system32\XDva393.sys --> c:\windows\system32\XDva393.sys [?] S3 XDva394;XDva394;\??\c:\windows\system32\XDva394.sys --> c:\windows\system32\XDva394.sys [?] S3 xhunter1;xhunter1;\??\c:\windows\xhunter1.sys --> c:\windows\xhunter1.sys [?] S4 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [02/10/2009 08:46 233472] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bdx REG_MULTI_SZ scan . Contents of the 'Scheduled Tasks' folder . 2012-06-21 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 13:55] . 2012-06-09 c:\windows\Tasks\AdobeAAMUpdater-1.0-SILVO1-Nadja.job - c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-08-27 01:44] . 2012-06-09 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] . 2012-06-14 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-22 11:56] . 2012-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd08335e74765c.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-10 19:29] . 2012-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-10 19:29] . 2012-06-21 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1060284298-362288127-839522115-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 15:45] . 2012-06-21 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1060284298-362288127-839522115-1005.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 15:45] . 2012-06-21 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1060284298-362288127-839522115-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 15:45] . 2012-06-03 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1060284298-362288127-839522115-1005.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 15:45] . 2012-06-21 c:\windows\Tasks\RMAutoUpdate.job - c:\program files\PC Tools Registry Mechanic\SULauncher.exe [2012-06-18 21:08] . 2012-06-21 c:\windows\Tasks\RMSchedule.job - c:\program files\PC Tools Registry Mechanic\RegMech.exe [2012-06-18 21:08] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ mStart Page = about:blank IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: Interfaces\{BC30E4D0-6780-42EB-9733-F8D55434BB60}: NameServer = 193.189.160.13,193.189.160.23 DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://disteng.nefficient.com/disteng/neffy/NeffyLauncher.cab FF - ProfilePath - c:\documents and settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-06-21 07:35 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1060284298-362288127-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "??"=hex:8c,33,68,01,b0,79,c2,6e,8d,dc,26,ec,bc,fc,38,92,35,0c,fd,60,4a,41,50, 25,12,86,a3,7a,91,f7,42,11,72,ce,ce,7f,c7,a7,c1,ed,98,dc,c7,bc,52,4b,d4,c4,\ "??"=hex:8c,2e,ba,30,30,f7,7b,cf,e6,5b,fc,8c,37,11,23,7d . [HKEY_USERS\S-1-5-21-1060284298-362288127-839522115-1003\Software\SecuROM\License information*] "datasecu"=hex:c4,43,8b,be,c7,fb,7c,e8,d1,c0,c4,1d,7b,4a,fb,8d,e0,b8,8f,23,f5, 34,38,31,7a,41,71,bd,57,6c,84,13,02,db,70,67,05,d1,fd,38,83,6d,9d,d4,39,4e,\ "rkeysecu"=hex:8b,72,cf,6f,94,82,52,08,a8,f0,54,62,b4,bb,5f,33 . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(2588) c:\windows\system32\WININET.dll c:\program files\Logitech\SetPoint\lgscroll.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll c:\windows\system32\msi.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\program files\SUPERAntiSpyware\SASSEH.DLL c:\program files\Microsoft Office\Office12\1033\GrooveIntlResource.dll c:\program files\Common Files\Nero\SMC\NeroDigitalExt.dll c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\MFC80.DLL c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll c:\windows\system32\nvcpl.dll c:\windows\system32\NVRSENG.DLL c:\windows\system32\nvapi.dll c:\windows\system32\nvshell.dll c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll c:\program files\Epson Software\Easy Photo Print\EPTBL.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Bitdefender\Bitdefender 2012\vsserv.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe c:\windows\system32\npkcmsvc.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\PnkBstrA.exe c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\windows\system32\wscntfy.exe c:\windows\system32\RunDLL32.exe c:\windows\RTHDCPL.EXE c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE c:\program files\Common Files\Teleca Shared\Generic.exe c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe . ************************************************************************** . Completion time: 2012-06-21 07:40:37 - machine was rebooted ComboFix-quarantined-files.txt 2012-06-21 14:40 ComboFix2.txt 2012-06-21 13:42 . Pre-Run: 115,635,351,552 bytes free Post-Run: 115,616,382,976 prosto bajtov . - - End Of File - - 8ED716934614853E067210330D70CAF3
  16. Abbey
    ComboFix 12-06-21.01 - Silvo 21/06/2012 6:18.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1250.386.1033.18.3327.2529 [GMT -7:00] Running from: c:\documents and settings\Silvo\My Documents\Downloads\ComboFix.exe AV: Bitdefender Antivirus *Disabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB} FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\1339754446.bdinstall.bin c:\documents and settings\All Users\Application Data\FindXplorer c:\documents and settings\All Users\Application Data\TEMP c:\documents and settings\All Users\Application Data\TorrentEasy\fdmbtsupp.dll c:\documents and settings\LocalService\Local Settings\Application Data\$GPATH c:\documents and settings\LocalService\Local Settings\Application Data\sLT.exf c:\documents and settings\Silvo\Application Data\chrtmp c:\documents and settings\Silvo\Application Data\DROA45.tmp c:\documents and settings\Silvo\Application Data\PriceGong c:\documents and settings\Silvo\Application Data\PriceGong\Data\1.xml c:\documents and settings\Silvo\Application Data\PriceGong\Data\a.xml c:\documents and settings\Silvo\Application Data\PriceGong\Data\b.xml c:\documents and settings\Silvo\Application Data\PriceGong\Data\c.xml c:\documents and settings\Silvo\Application Data\PriceGong\Data\d.xml c:\documents and settings\Silvo\Application Data\PriceGong\Data\e.xml c:\documents and settings\Silvo\Application Data\PriceGong\Data\f.xml c:\documents and settings\Silvo\Application Data\PriceGong\Data\g.xml c:\documents and settings\Silvo\Application Data\PriceGong\Data\h.xml c:\documents and settings\Silvo\Application Data\PriceGong\Data\i.xml c:\documents and settings\Silvo\Application Data\PriceGong\Data\J.xml c:\documents and settings\Silvo\Application Data\PriceGong\Data\k.xml c:\documents and settings\Silvo\Application Data\PriceGong\Data\l.xml c:\documents and settings\Silvo\Application Data\PriceGong\Data\m.xml c:\documents and settings\Silvo\Application Data\PriceGong\Data\mru.xml c:\documents and settings\Silvo\Application Data\PriceGong\Data\n.xml c:\documents and settings\Silvo\Application Data\PriceGong\Data\o.xml c:\documents and settings\Silvo\Application Data\PriceGong\Data\p.xml c:\documents and settings\Silvo\Application Data\PriceGong\Data\q.xml c:\documents and settings\Silvo\Application Data\PriceGong\Data\r.xml c:\documents and settings\Silvo\Application Data\PriceGong\Data\s.xml c:\documents and settings\Silvo\Application Data\PriceGong\Data\t.xml c:\documents and settings\Silvo\Application Data\PriceGong\Data\u.xml c:\documents and settings\Silvo\Application Data\PriceGong\Data\v.xml c:\documents and settings\Silvo\Application Data\PriceGong\Data\w.xml c:\documents and settings\Silvo\Application Data\PriceGong\Data\x.xml c:\documents and settings\Silvo\Application Data\PriceGong\Data\y.xml c:\documents and settings\Silvo\Application Data\PriceGong\Data\z.xml c:\documents and settings\Silvo\Application Data\SQLite3.dll c:\documents and settings\Silvo\Local Settings\Application Data\assembly\tmp c:\documents and settings\Silvo\WINDOWS C:\install.exe c:\program files\FindXplorer c:\program files\FindXplorer\uninstall.exe c:\program files\Internet Explorer\SET1E9.tmp C:\Thumbs.db c:\windows\keys.ini c:\windows\system32\html c:\windows\system32\html\calendar.html c:\windows\system32\html\calendarbottom.html c:\windows\system32\html\calendartop.html c:\windows\system32\html\crystalexportdialog.htm c:\windows\system32\html\crystalprinthost.html c:\windows\system32\images c:\windows\system32\images\toolbar\calendar.gif c:\windows\system32\images\toolbar\crlogo.gif c:\windows\system32\images\toolbar\export.gif c:\windows\system32\images\toolbar\export_over.gif c:\windows\system32\images\toolbar\exportd.gif c:\windows\system32\images\toolbar\First.gif c:\windows\system32\images\toolbar\first_over.gif c:\windows\system32\images\toolbar\Firstd.gif c:\windows\system32\images\toolbar\gotopage.gif c:\windows\system32\images\toolbar\gotopage_over.gif c:\windows\system32\images\toolbar\gotopaged.gif c:\windows\system32\images\toolbar\grouptree.gif c:\windows\system32\images\toolbar\grouptree_over.gif c:\windows\system32\images\toolbar\grouptreed.gif c:\windows\system32\images\toolbar\grouptreepressed.gif c:\windows\system32\images\toolbar\Last.gif c:\windows\system32\images\toolbar\last_over.gif c:\windows\system32\images\toolbar\Lastd.gif c:\windows\system32\images\toolbar\Next.gif c:\windows\system32\images\toolbar\next_over.gif c:\windows\system32\images\toolbar\Nextd.gif c:\windows\system32\images\toolbar\Prev.gif c:\windows\system32\images\toolbar\prev_over.gif c:\windows\system32\images\toolbar\Prevd.gif c:\windows\system32\images\toolbar\print.gif c:\windows\system32\images\toolbar\print_over.gif c:\windows\system32\images\toolbar\printd.gif c:\windows\system32\images\toolbar\Refresh.gif c:\windows\system32\images\toolbar\refresh_over.gif c:\windows\system32\images\toolbar\refreshd.gif c:\windows\system32\images\toolbar\Search.gif c:\windows\system32\images\toolbar\search_over.gif c:\windows\system32\images\toolbar\searchd.gif c:\windows\system32\images\toolbar\up.gif c:\windows\system32\images\toolbar\up_over.gif c:\windows\system32\images\toolbar\upd.gif c:\windows\system32\images\tree\begindots.gif c:\windows\system32\images\tree\beginminus.gif c:\windows\system32\images\tree\beginplus.gif c:\windows\system32\images\tree\blank.gif c:\windows\system32\images\tree\blankdots.gif c:\windows\system32\images\tree\dots.gif c:\windows\system32\images\tree\lastdots.gif c:\windows\system32\images\tree\lastminus.gif c:\windows\system32\images\tree\lastplus.gif c:\windows\system32\images\tree\Magnify.gif c:\windows\system32\images\tree\minus.gif c:\windows\system32\images\tree\minusbox.gif c:\windows\system32\images\tree\plus.gif c:\windows\system32\images\tree\plusbox.gif c:\windows\system32\images\tree\singleminus.gif c:\windows\system32\images\tree\singleplus.gif c:\windows\system32\logs c:\windows\system32\MSOffice c:\windows\system32\MUI\0424\tourstart.exe c:\windows\system32\npkpdb.dll c:\windows\system32\SET1CA.tmp c:\windows\system32\SET1CB.tmp c:\windows\system32\SET1CC.tmp c:\windows\system32\SET1CD.tmp c:\windows\system32\SET1CE.tmp c:\windows\system32\SET1D1.tmp c:\windows\system32\SET1D3.tmp c:\windows\system32\SET1D4.tmp c:\windows\system32\SET1D5.tmp c:\windows\system32\SET1D9.tmp c:\windows\system32\SET1DB.tmp c:\windows\system32\SET1DC.tmp c:\windows\system32\SET1DE.tmp c:\windows\system32\SET1DF.tmp c:\windows\system32\SET1E4.tmp c:\windows\system32\SET1E5.tmp c:\windows\system32\SET1E6.tmp c:\windows\system32\SET1E8.tmp c:\windows\system32\shimg.dll c:\windows\system32\system c:\windows\usgwmt c:\windows\usgwmt\BReWErS.dll c:\windows\Web\ddid c:\windows\Web\ddnm c:\windows\Web\ddsn . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_AMSERVICE -------\Legacy_HOST_GENERIC_PROCESS -------\Legacy_NVUPDSERVICE -------\Service_AMService . . ((((((((((((((((((((((((( Files Created from 2012-05-21 to 2012-06-21 ))))))))))))))))))))))))))))))) . . 2012-06-21 10:57 . 2012-06-21 10:57 -------- d-----w- C:\TDSSKiller_Quarantine 2012-06-20 21:00 . 2012-06-20 23:05 -------- d-----w- c:\documents and settings\Silvo\Application Data\vlc 2012-06-20 16:45 . 2005-05-04 01:43 69632 ----a-w- c:\windows\Alcmtr.exe 2012-06-19 08:47 . 2012-06-19 08:47 14080 ----a-w- c:\windows\system32\drivers\TrueSight.sys 2012-06-18 16:32 . 2012-04-26 21:08 37336 ----a-w- c:\windows\system32\CleanMFT32.exe 2012-06-18 16:32 . 2008-09-18 04:17 658432 ----a-w- c:\windows\system32\MSCOMCT2.OCX 2012-06-18 16:32 . 2008-04-02 22:54 1101824 ----a-w- c:\windows\system32\UniBox210.ocx 2012-06-18 16:32 . 2008-04-02 22:53 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx 2012-06-18 16:32 . 2008-04-02 22:53 880640 ----a-w- c:\windows\system32\UniBox10.ocx 2012-06-18 16:31 . 2012-06-18 16:33 -------- d-----w- c:\program files\PC Tools Registry Mechanic 2012-06-18 16:31 . 2012-06-18 16:32 -------- d-----w- c:\program files\Common Files\PC Tools 2012-06-18 09:16 . 2012-06-18 09:16 -------- d-----w- c:\documents and settings\Silvo\Local Settings\Application Data\Opera 2012-06-18 09:15 . 2012-06-18 09:16 -------- d-----w- c:\program files\Opera 2012-06-17 22:45 . 2012-06-17 22:45 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys 2012-06-17 22:45 . 2012-06-17 22:45 -------- d-----w- c:\documents and settings\Silvo\Local Settings\Application Data\eSupport.com 2012-06-17 21:44 . 2012-06-17 21:44 -------- d-----w- C:\Rbackup 2012-06-17 21:41 . 2012-06-18 09:52 -------- d-----w- c:\program files\Perfect Uninstaller 2012-06-16 22:44 . 2012-06-16 22:44 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\QuickScan 2012-06-16 21:19 . 2012-06-16 21:19 -------- d-----w- c:\documents and settings\Maja\Application Data\Bitdefender 2012-06-15 10:36 . 2012-06-15 10:36 340624 ----a-w- c:\windows\system32\drivers\trufos.sys 2012-06-15 10:36 . 2012-06-15 10:36 360976 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys 2012-06-15 10:04 . 2012-06-15 10:04 -------- d-----w- c:\documents and settings\All Users\Application Data\BDLogging 2012-06-15 10:03 . 2008-11-08 01:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll 2012-06-15 10:03 . 2012-06-15 10:03 -------- d-----w- c:\documents and settings\Silvo\Application Data\Bitdefender 2012-06-15 10:00 . 2012-06-15 10:00 -------- d-----w- c:\documents and settings\Silvo\Application Data\QuickScan 2012-06-15 09:21 . 2012-06-15 09:22 -------- d-----w- c:\documents and settings\Maja\Local Settings\Application Data\AskToolbar 2012-06-15 09:20 . 2012-06-15 09:19 73728 ----a-w- c:\windows\system32\javacpl.cpl 2012-06-15 09:20 . 2012-06-15 09:19 476936 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-06-15 09:19 . 2012-06-15 09:19 -------- d-----w- c:\program files\Java 2012-05-23 19:45 . 2012-06-16 22:40 -------- d-----w- c:\documents and settings\Silvo\Application Data\Mumble 2012-05-23 19:33 . 2012-05-23 19:44 -------- d-----w- c:\program files\Mumble . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-21 11:02 . 2004-08-03 21:59 36352 ----a-w- c:\windows\system32\drivers\disk.sys 2012-06-15 09:19 . 2011-11-10 13:40 472840 ----a-w- c:\windows\system32\deployJava1.dll 2012-06-14 13:55 . 2012-04-19 13:28 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-14 13:55 . 2011-05-22 20:57 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-05-15 10:18 . 2012-03-10 09:11 883008 ----a-w- c:\windows\system32\nvgenco32.dll 2012-05-15 10:18 . 2012-03-10 09:11 65536 ----a-w- c:\windows\system32\OpenCL.dll 2012-05-15 10:18 . 2012-03-10 09:11 1000768 ----a-w- c:\windows\system32\nvdispco32.dll 2012-05-15 10:18 . 2012-03-10 09:11 17543168 ----a-w- c:\windows\system32\nvcompiler.dll 2012-05-15 10:18 . 2009-08-11 09:20 2530624 ----a-w- c:\windows\system32\nvcuvid.dll 2012-05-15 10:18 . 2009-08-11 09:20 2445120 ----a-w- c:\windows\system32\nvcuvenc.dll 2012-05-15 10:18 . 2008-08-04 12:27 18771968 ----a-w- c:\windows\system32\nvoglnt.dll 2012-05-15 10:18 . 2008-08-04 12:27 6012928 ----a-w- c:\windows\system32\nvcuda.dll 2012-05-15 10:18 . 2008-08-04 12:27 2359808 ----a-w- c:\windows\system32\nvapi.dll 2012-05-15 10:18 . 2008-08-04 12:27 14014656 ----a-w- c:\windows\system32\drivers\nv4_mini.sys 2012-05-15 10:18 . 2008-08-04 12:27 4373248 ----a-w- c:\windows\system32\nv4_disp.dll 2012-05-15 09:43 . 2008-08-04 12:27 229376 ----a-w- c:\windows\system32\nvrszhc.dll 2012-05-15 09:43 . 2008-08-04 12:27 282624 ----a-w- c:\windows\system32\nvrsit.dll 2012-05-15 09:43 . 2008-08-04 12:27 253952 ----a-w- c:\windows\system32\nvrsth.dll 2012-05-15 09:43 . 2008-08-04 12:27 253952 ----a-w- c:\windows\system32\nvrssv.dll 2012-05-15 09:43 . 2008-08-04 12:27 126976 ----a-w- c:\windows\system32\nvrszht.dll 2012-05-15 09:43 . 2008-08-04 12:27 274432 ----a-w- c:\windows\system32\nvrsnl.dll 2012-05-15 09:43 . 2008-08-04 12:27 266240 ----a-w- c:\windows\system32\nvrsko.dll 2012-05-15 09:43 . 2008-08-04 12:27 335872 ----a-w- c:\windows\system32\nvrsar.dll 2012-05-15 09:43 . 2008-08-04 12:27 282624 ----a-w- c:\windows\system32\nvrsel.dll 2012-05-15 09:43 . 2008-08-04 12:27 274432 ----a-w- c:\windows\system32\nvrsesm.dll 2012-05-15 09:43 . 2008-08-04 12:27 249856 ----a-w- c:\windows\system32\nvrseng.dll 2012-05-15 09:43 . 2008-08-04 12:27 335872 ----a-w- c:\windows\system32\nvrshe.dll 2012-05-15 09:43 . 2008-08-04 12:27 286720 ----a-w- c:\windows\system32\nvrsfr.dll 2012-05-15 09:43 . 2008-08-04 12:27 274432 ----a-w- c:\windows\system32\nvrspt.dll 2012-05-15 09:43 . 2008-08-04 12:27 258048 ----a-w- c:\windows\system32\nvrssl.dll 2012-05-15 09:43 . 2008-08-04 12:27 253952 ----a-w- c:\windows\system32\nvrsno.dll 2012-05-15 09:43 . 2008-08-04 12:27 249856 ----a-w- c:\windows\system32\nvrsfi.dll 2012-05-15 09:43 . 2008-08-04 12:27 282624 ----a-w- c:\windows\system32\nvrses.dll 2012-05-15 09:43 . 2008-08-04 12:27 270336 ----a-w- c:\windows\system32\nvrsru.dll 2012-05-15 09:43 . 2008-08-04 12:27 258048 ----a-w- c:\windows\system32\nvrssk.dll 2012-05-15 09:43 . 2008-08-04 12:27 262144 ----a-w- c:\windows\system32\nvrshu.dll 2012-05-15 09:43 . 2008-08-04 12:27 258048 ----a-w- c:\windows\system32\nvrstr.dll 2012-05-15 09:43 . 2008-08-04 12:27 253952 ----a-w- c:\windows\system32\nvrsda.dll 2012-05-15 09:43 . 2008-08-04 12:27 274432 ----a-w- c:\windows\system32\nvrsja.dll 2012-05-15 09:43 . 2008-08-04 12:27 258048 ----a-w- c:\windows\system32\nvrspl.dll 2012-05-15 09:43 . 2008-08-04 12:27 270336 ----a-w- c:\windows\system32\nvrsptb.dll 2012-05-15 09:43 . 2008-08-04 12:27 278528 ----a-w- c:\windows\system32\nvrsde.dll 2012-05-15 09:43 . 2008-08-04 12:27 249856 ----a-w- c:\windows\system32\nvrscs.dll 2012-05-15 09:40 . 2009-07-14 11:35 54272 ----a-w- c:\windows\system32\nvwddi.dll 2012-05-15 09:40 . 2009-07-14 11:34 15504192 ----a-w- c:\windows\system32\nvcpl.dll 2012-05-15 09:40 . 2009-07-14 11:34 143680 ----a-w- c:\windows\system32\nvcolor.exe 2012-05-15 09:40 . 2009-07-14 11:34 164160 ----a-w- c:\windows\system32\nvsvc32.exe 2012-05-15 09:40 . 2009-07-14 11:34 108352 ----a-w- c:\windows\system32\nvmctray.dll 2012-04-04 13:56 . 2011-07-08 20:25 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-29 08:53 . 2012-03-29 08:53 72136 ----a-w- C:\GEMC011.sys 2012-03-24 15:51 . 2012-03-18 21:44 72136 ----a-w- C:\GEMC009.sys 2012-03-24 15:47 . 2012-03-18 16:37 72136 ----a-w- C:\GEMC005.sys 2012-03-24 15:45 . 2012-03-18 16:32 72136 ----a-w- C:\GEMC003.sys 2012-03-24 15:45 . 2012-03-18 16:32 72136 ----a-w- C:\GEMC001.sys 2011-11-21 22:19 . 2011-11-21 21:27 86405736 ----a-w- c:\program files\APB_Reloaded_Installer.exe 2012-02-19 12:56 . 2011-05-05 22:11 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2008-08-13 17:02 . 2008-08-13 17:02 35840 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 528384] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824] "SkyTel"="SkyTel.EXE" [2006-05-17 2879488] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-04-15 296056] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-05-15 15504192] "NvMediaCenter"="NvMCTray.dll" [2012-05-15 108352] "nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-05-15 1634112] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "BDAgent"="c:\program files\Bitdefender\Bitdefender 2012\bdagent.exe" [2012-03-22 1183616] "RTHDCPL"="RTHDCPL.EXE" [2007-03-08 16125952] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OE1FSC1SNkJGRS1IV1VIRi1EUE5EQS1WRlVXWC0yRU1CUg&inst=NzYtODg4NDYwOTgwLVhPMzYrMS1OMUQrMS1QTCs5LUNJUCsyLUREVCsyMzM1OS1UVUcrMy1MU0QrMi1EMzgxTCs2LUkxMCsxLUREMTArMS1TVDEwQVBQKzEtRlVJKzItUDEwVEIrMg∏=94&ver=10.0.1415" [?] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "ShowDeskFix"="shell32" [X] "RunNarrator"="Narrator.exe" [2008-04-14 53760] . c:\documents and settings\Maja\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\documents and settings\Silvo_2\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\documents and settings\Silvo\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ AVerQuick.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2008-8-4 618496] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-2-25 813584] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk backup=c:\windows\pss\GamersFirst LIVE!.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk backup=c:\windows\pss\McAfee Security Scan.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^Silvo^Start Menu^Programs^Startup^MagicDisc.lnk] path=c:\documents and settings\Silvo\Start Menu\Programs\Startup\MagicDisc.lnk backup=c:\windows\pss\MagicDisc.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^Silvo^Start Menu^Programs^Startup^Xfire.lnk] path=c:\documents and settings\Silvo\Start Menu\Programs\Startup\Xfire.lnk backup=c:\windows\pss\Xfire.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe] 2007-06-29 13:03 36864 ----a-w- c:\program files\GameSpy\Comrade\Comrade.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2008-07-24 15:02 490952 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware] 2012-04-04 13:56 462408 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2010-04-16 21:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2009-01-29 13:01 23975720 ----a-r- c:\program files\Skype\Phone\Skype.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] 2012-06-14 13:42 3905920 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "scan"=3 (0x3) "LIVESRV"=2 (0x2) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\Games-Masters.com\\CABAL Online (Europe)\\launcher\\update\\ESTdnheadless.exe"= "c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"= "c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"= "c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"= "c:\\Program Files\\Steam\\Steam.exe"= "c:\\Program Files\\Microsoft Games\\Halo 2\\halo2.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\ICQ7.2\\ICQ.exe"= "c:\\Program Files\\ICQ7.2\\aolload.exe"= "c:\\Program Files\\Xfire\\Xfire.exe"= "c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"= "c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"= "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\apb reloaded\\Launcher\\APBLauncher.exe"= "c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\apb reloaded\\Binaries\\APB.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\apb reloaded\\Binaries\\VivoxVoiceService.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"= "c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"= "c:\\Program Files\\tera fake\\TERA-Launcher.exe"= "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"= "c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"= "c:\\Program Files\\Opera\\pluginwrapper\\opera_plugin_wrapper.exe"= "c:\\Program Files\\Opera\\opera.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "13677:TCP"= 13677:TCP:BitComet 13677 TCP "13677:UDP"= 13677:UDP:BitComet 13677 UDP "57769:TCP"= 57769:TCP:Pando Media Booster "57769:UDP"= 57769:UDP:Pando Media Booster "57495:TCP"= 57495:TCP:Pando Media Booster "57495:UDP"= 57495:UDP:Pando Media Booster "56799:TCP"= 56799:TCP:Pando Media Booster "56799:UDP"= 56799:UDP:Pando Media Booster "21688:TCP"= 21688:TCP:@xpsp2res.dll,-22009 "56191:TCP"= 56191:TCP:Pando Media Booster "56191:UDP"= 56191:UDP:Pando Media Booster "57819:TCP"= 57819:TCP:Pando Media Booster "57819:UDP"= 57819:UDP:Pando Media Booster . R0 avc3;avc3;c:\windows\system32\drivers\avc3.sys [20/03/2012 20:22 611520] R1 BDVEDISK;BDVEDISK;c:\windows\system32\drivers\bdvedisk.sys [19/01/2010 19:32 85128] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 09:27 12880] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 14:55 67664] R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [11/08/2011 16:38 116608] R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [18/03/2012 05:49 21992] R2 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [24/11/2010 07:07 20088] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [08/07/2011 13:25 654408] R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [10/03/2012 02:27 1262400] R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [18/06/2012 09:32 793048] R2 UPDATESRV;BitDefender Desktop Update Service;c:\program files\BitDefender\Bitdefender 2012\updatesrv.exe [13/03/2012 18:24 53224] R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [04/08/2008 05:21 37376] R3 avchv;avchv Function Driver;c:\windows\system32\drivers\avchv.sys [25/11/2011 14:59 240184] R3 AVerBDA3x;AVerMedia SAA713x BDA Service;c:\windows\system32\drivers\AVerBDA3x.sys [04/08/2008 05:38 1180672] R3 kbdcap;kbdcap;c:\windows\system32\drivers\KbdCap.sys [14/09/2010 11:21 109440] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [08/07/2011 13:25 22344] S0 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?] S1 ShldDrv;Panda File Shield Driver;c:\windows\system32\DRIVERS\ShlDrv51.sys --> c:\windows\system32\DRIVERS\ShlDrv51.sys [?] S2 17891;IpSectPro service new;c:\windows\system\178918.exe --> c:\windows\system\178918.exe [?] S2 CardBusService;CardBusService;c:\program files\Common Files\AVerMedia\Service\CardBusService.exe [04/08/2008 07:18 188416] S2 gupdate1ca19f0d79b2096;Storitev Google Update Service (gupdate1ca19f0d79b2096);c:\program files\Google\Update\GoogleUpdate.exe [10/08/2009 12:29 133104] S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [19/07/2009 09:01 247096] S2 jakfcswx;jakfcswx;"c:\docume~1\Silvo\LOCALS~1\Temp\DAT9A2.tmp.exe" --SERVICE --> c:\docume~1\Silvo\LOCALS~1\Temp\DAT9A2.tmp.exe [?] S2 PavProc;Panda Process Protection Driver;\??\c:\windows\system32\DRIVERS\PavProc.sys --> c:\windows\system32\DRIVERS\PavProc.sys [?] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [19/04/2012 06:28 257224] S3 avckf;avckf;c:\windows\system32\drivers\avckf.sys [17/02/2012 16:45 447208] S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe --> c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [?] S3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys --> c:\windows\system32\drivers\bdfm.sys [?] S3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\bdfndisf.sys --> c:\windows\system32\DRIVERS\bdfndisf.sys [?] S3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys [17/11/2011 17:38 63056] S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18/12/2009 03:58 11336] S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [17/06/2012 15:45 23456] S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [02/10/2009 08:46 36608] S3 GEMC001;GEMC001;C:\GEMC001.sys [18/03/2012 09:32 72136] S3 GEMC002;GEMC002;C:\GEMC002.sys [19/03/2012 01:19 72136] S3 GEMC003;GEMC003;C:\GEMC003.sys [18/03/2012 09:32 72136] S3 GEMC004;GEMC004;C:\GEMC004.sys [19/03/2012 01:20 72136] S3 GEMC005;GEMC005;C:\GEMC005.sys [18/03/2012 09:37 72136] S3 GEMC007;GEMC007;C:\GEMC007.sys [18/03/2012 11:24 72136] S3 GEMC009;GEMC009;C:\GEMC009.sys [18/03/2012 14:44 72136] S3 GEMC011;GEMC011;C:\GEMC011.sys [29/03/2012 01:53 72136] S3 gupdatem;Storitev Posodobitve za Google (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/08/2009 12:29 133104] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [29/07/2011 13:07 27064] S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\DRIVERS\wg111v2.sys --> c:\windows\system32\DRIVERS\wg111v2.sys [?] S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\drivers\s816bus.sys [07/08/2008 06:27 81832] S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\drivers\s816mdfl.sys [07/08/2008 06:27 13864] S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\drivers\s816mdm.sys [07/08/2008 06:27 107304] S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s816mgmt.sys [07/08/2008 06:27 99112] S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\drivers\s816nd5.sys [07/08/2008 06:28 21928] S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\drivers\s816obex.sys [07/08/2008 06:27 97320] S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\drivers\s816unic.sys [07/08/2008 06:27 97704] S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 04:37 517096] S3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\BitDefender\Bitdefender Arrakis Server\bin\arrakis3.exe [14/10/2011 23:57 307544] S3 vtany;vtany;\??\c:\windows\vtany.sys --> c:\windows\vtany.sys [?] S3 XDva190;XDva190;\??\c:\windows\system32\XDva190.sys --> c:\windows\system32\XDva190.sys [?] S3 XDva275;XDva275;\??\c:\windows\system32\XDva275.sys --> c:\windows\system32\XDva275.sys [?] S3 XDva279;XDva279;\??\c:\windows\system32\XDva279.sys --> c:\windows\system32\XDva279.sys [?] S3 XDva288;XDva288;\??\c:\windows\system32\XDva288.sys --> c:\windows\system32\XDva288.sys [?] S3 XDva351;XDva351;\??\c:\windows\system32\XDva351.sys --> c:\windows\system32\XDva351.sys [?] S3 XDva380;XDva380;\??\c:\windows\system32\XDva380.sys --> c:\windows\system32\XDva380.sys [?] S3 XDva385;XDva385;\??\c:\windows\system32\XDva385.sys --> c:\windows\system32\XDva385.sys [?] S3 XDva387;XDva387;\??\c:\windows\system32\XDva387.sys --> c:\windows\system32\XDva387.sys [?] S3 XDva389;XDva389;\??\c:\windows\system32\XDva389.sys --> c:\windows\system32\XDva389.sys [?] S3 XDva391;XDva391;\??\c:\windows\system32\XDva391.sys --> c:\windows\system32\XDva391.sys [?] S3 XDva392;XDva392;\??\c:\windows\system32\XDva392.sys --> c:\windows\system32\XDva392.sys [?] S3 XDva393;XDva393;\??\c:\windows\system32\XDva393.sys --> c:\windows\system32\XDva393.sys [?] S3 XDva394;XDva394;\??\c:\windows\system32\XDva394.sys --> c:\windows\system32\XDva394.sys [?] S3 xhunter1;xhunter1;\??\c:\windows\xhunter1.sys --> c:\windows\xhunter1.sys [?] S4 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [02/10/2009 08:46 233472] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bdx REG_MULTI_SZ scan . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs modyurvh . Contents of the 'Scheduled Tasks' folder . 2012-06-21 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 13:55] . 2012-06-09 c:\windows\Tasks\AdobeAAMUpdater-1.0-SILVO1-Nadja.job - c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-08-27 01:44] . 2012-06-09 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] . 2012-06-14 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-22 11:56] . 2012-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd08335e74765c.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-10 19:29] . 2012-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-10 19:29] . 2012-06-21 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1060284298-362288127-839522115-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 15:45] . 2012-06-21 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1060284298-362288127-839522115-1005.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 15:45] . 2012-06-21 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1060284298-362288127-839522115-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 15:45] . 2012-06-03 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1060284298-362288127-839522115-1005.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 15:45] . 2012-06-21 c:\windows\Tasks\RMAutoUpdate.job - c:\program files\PC Tools Registry Mechanic\SULauncher.exe [2012-06-18 21:08] . 2012-06-21 c:\windows\Tasks\RMSchedule.job - c:\program files\PC Tools Registry Mechanic\RegMech.exe [2012-06-18 21:08] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ mStart Page = about:blank IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: Interfaces\{BC30E4D0-6780-42EB-9733-F8D55434BB60}: NameServer = 193.189.160.13,193.189.160.23 DPF: {7A0D1738-10EA-47FF-92BE-4E137B5BE1A4} - hxxps://mpsnare.iesnare.com/StmOCX.cab DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://disteng.nefficient.com/disteng/neffy/NeffyLauncher.cab FF - ProfilePath - c:\documents and settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\ FF - prefs.js: browser.search.selectedEngine - ICQ Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.3&q= . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file) Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) HKCU-Run-AdobeBridge - (no file) HKLM-Run-AFEC-CEAB - c:\documents and settings\Silvo\Application Data\Seven.exe HKLM-Run-ApnUpdater - c:\program files\Ask.com\Updater\Updater.exe HKLM-Explorer_Run-AFEC-CEAB - c:\documents and settings\Silvo\Application Data\Seven.exe AddRemove-FindXplorer - c:\program files\FindXplorer\uninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-06-21 06:32 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1060284298-362288127-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "??"=hex:8c,33,68,01,b0,79,c2,6e,8d,dc,26,ec,bc,fc,38,92,35,0c,fd,60,4a,41,50, 25,12,86,a3,7a,91,f7,42,11,72,ce,ce,7f,c7,a7,c1,ed,98,dc,c7,bc,52,4b,d4,c4,\ "??"=hex:8c,2e,ba,30,30,f7,7b,cf,e6,5b,fc,8c,37,11,23,7d . [HKEY_USERS\S-1-5-21-1060284298-362288127-839522115-1003\Software\SecuROM\License information*] "datasecu"=hex:c4,43,8b,be,c7,fb,7c,e8,d1,c0,c4,1d,7b,4a,fb,8d,e0,b8,8f,23,f5, 34,38,31,7a,41,71,bd,57,6c,84,13,02,db,70,67,05,d1,fd,38,83,6d,9d,d4,39,4e,\ "rkeysecu"=hex:8b,72,cf,6f,94,82,52,08,a8,f0,54,62,b4,bb,5f,33 . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(2252) c:\windows\system32\WININET.dll c:\program files\Logitech\SetPoint\lgscroll.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll c:\windows\system32\msi.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Bitdefender\Bitdefender 2012\vsserv.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe c:\windows\system32\npkcmsvc.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\PnkBstrA.exe c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\windows\system32\wscntfy.exe c:\windows\system32\RunDLL32.exe c:\windows\RTHDCPL.EXE c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE c:\program files\Common Files\Teleca Shared\Generic.exe c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe . ************************************************************************** . Completion time: 2012-06-21 06:42:43 - machine was rebooted ComboFix-quarantined-files.txt 2012-06-21 13:42 . Pre-Run: 115,469,697,024 bytes free Post-Run: 115,648,008,192 bytes free . - - End Of File - - C8E17B9B5DF63E1778E338AB6374398B
  17. Abbey
    My computer crashed at stage 6 or 7. Should I try to run it again?
  18. Abbey
    Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Različica baze: v2012.06.21.03 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Silvo :: SILVO1 [skrbnik] 21/06/2012 04:18:44 mbam-log-2012-06-21 (04-18-44).txt Tip pregleda: Hitri pregled Možnosti pregleda omogočene: Spomin | Zagon | Register | Datotečni sistem | Hevristika/Dodatno | Hevristika/Shuriken | PUP | PUM Možnosti pregleda onemogočene: P2P Preverjenih objektov: 306867 Pretečen čas: 11 minut, 55 sekund Odkritih spominskih procesov: 0 (Ni bilo najdenih zlonamernih objektov) Odkritih spominskih modulov: 0 (Ni bilo najdenih zlonamernih objektov) Odkritih ključev registra: 0 (Ni bilo najdenih zlonamernih objektov) Odkritih vrednosti registra: 0 (Ni bilo najdenih zlonamernih objektov) Odkritih vnosov v register: 0 (Ni bilo najdenih zlonamernih objektov) Odkritih map: 0 (Ni bilo najdenih zlonamernih objektov) Odkritih datotek: 1 C:\Documents and Settings\Silvo\My Documents\Downloads\SoftonicDownloader_for_vlc-media-player.exe (PUP.ToolbarDownloader) -> Poslano v karanteno in uspešno izbrisano. (konec)
  19. Abbey
    Oh and thank you so much for fast response. I can already see the difference.
  20. Abbey
    03:55:37.0062 5440 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32 03:55:37.0140 5440 ============================================================ 03:55:37.0140 5440 Current date / time: 2012/06/21 03:55:37.0140 03:55:37.0140 5440 SystemInfo: 03:55:37.0140 5440 03:55:37.0140 5440 OS Version: 5.1.2600 ServicePack: 3.0 03:55:37.0140 5440 Product type: Workstation 03:55:37.0140 5440 ComputerName: SILVO1 03:55:37.0140 5440 UserName: Silvo 03:55:37.0140 5440 Windows directory: C:\WINDOWS 03:55:37.0140 5440 System windows directory: C:\WINDOWS 03:55:37.0140 5440 Processor architecture: Intel x86 03:55:37.0140 5440 Number of processors: 2 03:55:37.0140 5440 Page size: 0x1000 03:55:37.0140 5440 Boot type: Normal boot 03:55:37.0140 5440 ============================================================ 03:55:39.0984 5440 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 03:55:40.0000 5440 ============================================================ 03:55:40.0000 5440 \Device\Harddisk0\DR0: 03:55:40.0000 5440 MBR partitions: 03:55:40.0000 5440 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41 03:55:40.0000 5440 ============================================================ 03:55:40.0015 5440 C: <-> \Device\Harddisk0\DR0\Partition0 03:55:40.0015 5440 ============================================================ 03:55:40.0015 5440 Initialize success 03:55:40.0015 5440 ============================================================ 03:56:15.0906 7628 ============================================================ 03:56:15.0906 7628 Scan started 03:56:15.0906 7628 Mode: Manual; SigCheck; TDLFS; 03:56:15.0906 7628 ============================================================ 03:56:16.0281 7628 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE 03:56:16.0390 7628 !SASCORE - ok 03:56:16.0437 7628 17891 - ok 03:56:16.0500 7628 Abiosdsk - ok 03:56:16.0500 7628 abp480n5 - ok 03:56:16.0546 7628 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 03:56:23.0187 7628 ACPI - ok 03:56:23.0218 7628 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 03:56:23.0328 7628 ACPIEC - ok 03:56:23.0406 7628 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe 03:56:23.0437 7628 AdobeFlashPlayerUpdateSvc - ok 03:56:23.0453 7628 adpu160m - ok 03:56:23.0484 7628 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 03:56:23.0609 7628 aec - ok 03:56:23.0640 7628 AegisP (30bb1bde595ca65fd5549462080d94e5) C:\WINDOWS\system32\DRIVERS\AegisP.sys 03:56:23.0671 7628 AegisP ( UnsignedFile.Multi.Generic ) - warning 03:56:23.0671 7628 AegisP - detected UnsignedFile.Multi.Generic (1) 03:56:23.0703 7628 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys 03:56:23.0781 7628 AFD - ok 03:56:23.0781 7628 Aha154x - ok 03:56:23.0781 7628 aic78u2 - ok 03:56:23.0781 7628 aic78xx - ok 03:56:23.0828 7628 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll 03:56:23.0921 7628 Alerter - ok 03:56:23.0937 7628 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe 03:56:23.0984 7628 ALG - ok 03:56:23.0984 7628 AliIde - ok 03:56:24.0000 7628 AMService - ok 03:56:24.0000 7628 amsint - ok 03:56:24.0031 7628 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll 03:56:24.0093 7628 AppMgmt - ok 03:56:24.0093 7628 asc - ok 03:56:24.0093 7628 asc3350p - ok 03:56:24.0093 7628 asc3550 - ok 03:56:24.0234 7628 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe 03:56:24.0250 7628 aspnet_state - ok 03:56:24.0265 7628 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 03:56:24.0375 7628 AsyncMac - ok 03:56:24.0406 7628 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 03:56:24.0500 7628 atapi - ok 03:56:24.0531 7628 AtcL001 (f732284e3ca19b38239853e2711041d4) C:\WINDOWS\system32\DRIVERS\l151x86.sys 03:56:24.0578 7628 AtcL001 - ok 03:56:24.0578 7628 Atdisk - ok 03:56:24.0593 7628 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 03:56:24.0671 7628 Atmarpc - ok 03:56:24.0718 7628 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll 03:56:24.0812 7628 AudioSrv - ok 03:56:24.0843 7628 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 03:56:24.0921 7628 audstub - ok 03:56:24.0968 7628 avc3 (f0c0e213d6d811384a49981adff0b6c0) C:\WINDOWS\system32\DRIVERS\avc3.sys 03:56:25.0046 7628 avc3 - ok 03:56:25.0062 7628 avchv (a64529781e5b9cc454666a33a24e3e1d) C:\WINDOWS\system32\DRIVERS\avchv.sys 03:56:25.0078 7628 avchv - ok 03:56:25.0109 7628 avckf (2bce314a25e71298add6794bfbd66266) C:\WINDOWS\system32\DRIVERS\avckf.sys 03:56:25.0109 7628 avckf - ok 03:56:25.0187 7628 AVerBDA3x (87a76ec8bf8ed0f67e548c4a8e1efb90) C:\WINDOWS\system32\DRIVERS\AVerBDA3x.sys 03:56:25.0343 7628 AVerBDA3x - ok 03:56:25.0375 7628 AVG Security Toolbar Service - ok 03:56:25.0375 7628 bdfm - ok 03:56:25.0375 7628 Bdfndisf - ok 03:56:25.0421 7628 bdfsfltr (5ef7ac38b4a7dc80860d7ffafac78c36) C:\WINDOWS\system32\drivers\bdfsfltr.sys 03:56:25.0421 7628 bdfsfltr - ok 03:56:25.0484 7628 bdftdif (f7d825f7e47d8a7865f5d2156b1b7a24) C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys 03:56:25.0500 7628 bdftdif - ok 03:56:25.0546 7628 bdsandbox (e260c0079b5c1107b87e98f356292004) C:\WINDOWS\system32\drivers\bdsandbox.sys 03:56:25.0562 7628 bdsandbox - ok 03:56:25.0640 7628 bdselfpr (042941c8e50f38e34c3c345f45e16cf3) C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys 03:56:25.0656 7628 bdselfpr - ok 03:56:25.0671 7628 BDVEDISK (375cd0b9f433465ec6f50d4df44e9448) C:\WINDOWS\system32\DRIVERS\bdvedisk.sys 03:56:25.0687 7628 BDVEDISK - ok 03:56:25.0718 7628 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 03:56:25.0812 7628 Beep - ok 03:56:25.0859 7628 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll 03:56:25.0968 7628 BITS - ok 03:56:26.0000 7628 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll 03:56:26.0078 7628 Browser - ok 03:56:26.0156 7628 CardBusService (c0acddc7e54cdd9c580e069bd1ea0056) C:\Program Files\Common Files\AVerMedia\Service\CardBusService.exe 03:56:26.0171 7628 CardBusService ( UnsignedFile.Multi.Generic ) - warning 03:56:26.0171 7628 CardBusService - detected UnsignedFile.Multi.Generic (1) 03:56:26.0187 7628 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 03:56:26.0281 7628 cbidf2k - ok 03:56:26.0328 7628 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 03:56:26.0437 7628 CCDECODE - ok 03:56:26.0437 7628 cd20xrnt - ok 03:56:26.0453 7628 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 03:56:26.0546 7628 Cdaudio - ok 03:56:26.0546 7628 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 03:56:26.0984 7628 Cdfs - ok 03:56:27.0000 7628 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 03:56:27.0109 7628 Cdrom - ok 03:56:27.0109 7628 Changer - ok 03:56:27.0125 7628 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe 03:56:27.0218 7628 CiSvc - ok 03:56:27.0234 7628 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe 03:56:27.0328 7628 ClipSrv - ok 03:56:27.0453 7628 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 03:56:27.0468 7628 clr_optimization_v2.0.50727_32 - ok 03:56:27.0500 7628 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 03:56:27.0531 7628 clr_optimization_v4.0.30319_32 - ok 03:56:27.0531 7628 CmdIde - ok 03:56:27.0531 7628 COMSysApp - ok 03:56:27.0531 7628 Cpqarray - ok 03:56:27.0593 7628 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys 03:56:27.0609 7628 cpudrv - ok 03:56:27.0625 7628 cpuz135 (3411fdf098aa20193eee5ffa36ba43b2) C:\WINDOWS\system32\drivers\cpuz135_x32.sys 03:56:27.0640 7628 cpuz135 - ok 03:56:27.0656 7628 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll 03:56:27.0734 7628 CryptSvc - ok 03:56:27.0734 7628 dac2w2k - ok 03:56:27.0734 7628 dac960nt - ok 03:56:27.0781 7628 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll 03:56:27.0843 7628 DcomLaunch - ok 03:56:27.0890 7628 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll 03:56:27.0984 7628 Dhcp - ok 03:56:28.0000 7628 Disk (b0f0f54f12e1ffe1ec5c214e3abd56b5) C:\WINDOWS\system32\DRIVERS\disk.sys 03:56:28.0000 7628 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\disk.sys. Real md5: b0f0f54f12e1ffe1ec5c214e3abd56b5, Fake md5: 044452051f3e02e7963599fc8f4f3e25 03:56:28.0000 7628 Disk ( Rootkit.Win32.TDSS.tdl3 ) - infected 03:56:28.0000 7628 Disk - detected Rootkit.Win32.TDSS.tdl3 (0) 03:56:28.0015 7628 dmadmin - ok 03:56:28.0062 7628 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 03:56:28.0156 7628 dmboot - ok 03:56:28.0187 7628 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 03:56:28.0296 7628 dmio - ok 03:56:28.0312 7628 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 03:56:28.0406 7628 dmload - ok 03:56:28.0437 7628 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll 03:56:28.0515 7628 dmserver - ok 03:56:28.0546 7628 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 03:56:28.0640 7628 DMusic - ok 03:56:28.0671 7628 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll 03:56:28.0703 7628 Dnscache - ok 03:56:28.0734 7628 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll 03:56:28.0828 7628 Dot3svc - ok 03:56:28.0828 7628 dpti2o - ok 03:56:28.0828 7628 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 03:56:28.0906 7628 drmkaud - ok 03:56:28.0921 7628 DrvAgent32 (651554e483712b708ede864d0ca1aa73) C:\WINDOWS\system32\Drivers\DrvAgent32.sys 03:56:28.0953 7628 DrvAgent32 ( UnsignedFile.Multi.Generic ) - warning 03:56:28.0953 7628 DrvAgent32 - detected UnsignedFile.Multi.Generic (1) 03:56:28.0953 7628 EagleNT - ok 03:56:28.0984 7628 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll 03:56:29.0078 7628 EapHost - ok 03:56:29.0093 7628 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll 03:56:29.0187 7628 ERSvc - ok 03:56:29.0218 7628 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe 03:56:29.0234 7628 Eventlog - ok 03:56:29.0281 7628 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll 03:56:29.0328 7628 EventSystem - ok 03:56:29.0359 7628 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 03:56:29.0453 7628 Fastfat - ok 03:56:29.0484 7628 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 03:56:29.0531 7628 FastUserSwitchingCompatibility - ok 03:56:29.0562 7628 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 03:56:29.0640 7628 Fdc - ok 03:56:29.0656 7628 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 03:56:29.0734 7628 Fips - ok 03:56:29.0734 7628 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 03:56:29.0828 7628 Flpydisk - ok 03:56:29.0875 7628 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 03:56:29.0953 7628 FltMgr - ok 03:56:30.0078 7628 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 03:56:30.0093 7628 FontCache3.0.0.0 - ok 03:56:30.0125 7628 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\WINDOWS\system32\FsUsbExDisk.SYS 03:56:30.0140 7628 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning 03:56:30.0140 7628 FsUsbExDisk - detected UnsignedFile.Multi.Generic (1) 03:56:30.0171 7628 FsUsbExService (d3f9205cc4cb07553f2f9472c767ea87) C:\WINDOWS\system32\FsUsbExService.Exe 03:56:30.0218 7628 FsUsbExService ( UnsignedFile.Multi.Generic ) - warning 03:56:30.0218 7628 FsUsbExService - detected UnsignedFile.Multi.Generic (1) 03:56:30.0250 7628 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 03:56:30.0343 7628 Fs_Rec - ok 03:56:30.0359 7628 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 03:56:30.0484 7628 Ftdisk - ok 03:56:30.0500 7628 GEMC001 (e13d7a6ce0fa36326c56532595a2ca73) C:\GEMC001.sys 03:56:30.0531 7628 GEMC001 ( UnsignedFile.Multi.Generic ) - warning 03:56:30.0531 7628 GEMC001 - detected UnsignedFile.Multi.Generic (1) 03:56:30.0578 7628 GEMC002 (b937bdd541da5a423ba8c887df59f1e0) C:\GEMC002.sys 03:56:30.0609 7628 GEMC002 ( UnsignedFile.Multi.Generic ) - warning 03:56:30.0609 7628 GEMC002 - detected UnsignedFile.Multi.Generic (1) 03:56:30.0625 7628 GEMC003 (de204595d48ae1714e21da4bd7bf1a7b) C:\GEMC003.sys 03:56:30.0656 7628 GEMC003 ( UnsignedFile.Multi.Generic ) - warning 03:56:30.0656 7628 GEMC003 - detected UnsignedFile.Multi.Generic (1) 03:56:30.0671 7628 GEMC004 (e91d4b3d552fb303d203fd69c744201f) C:\GEMC004.sys 03:56:30.0703 7628 GEMC004 ( UnsignedFile.Multi.Generic ) - warning 03:56:30.0703 7628 GEMC004 - detected UnsignedFile.Multi.Generic (1) 03:56:30.0718 7628 GEMC005 (f7e62c64b36fe6e3e28bbf695e845561) C:\GEMC005.sys 03:56:30.0750 7628 GEMC005 ( UnsignedFile.Multi.Generic ) - warning 03:56:30.0750 7628 GEMC005 - detected UnsignedFile.Multi.Generic (1) 03:56:30.0796 7628 GEMC007 (f57292cab90e63a28fd9af9f30bc1ac8) C:\GEMC007.sys 03:56:30.0843 7628 GEMC007 ( UnsignedFile.Multi.Generic ) - warning 03:56:30.0843 7628 GEMC007 - detected UnsignedFile.Multi.Generic (1) 03:56:30.0890 7628 GEMC009 (d555d20a58b376064cc5650c476ca95f) C:\GEMC009.sys 03:56:30.0921 7628 GEMC009 ( UnsignedFile.Multi.Generic ) - warning 03:56:30.0921 7628 GEMC009 - detected UnsignedFile.Multi.Generic (1) 03:56:30.0953 7628 GEMC011 (083bd2ddf3ed2fe5f9a93d5e2cd63517) C:\GEMC011.sys 03:56:30.0968 7628 GEMC011 ( UnsignedFile.Multi.Generic ) - warning 03:56:30.0968 7628 GEMC011 - detected UnsignedFile.Multi.Generic (1) 03:56:31.0000 7628 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 03:56:31.0093 7628 Gpc - ok 03:56:31.0296 7628 gupdate1ca19f0d79b2096 (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe 03:56:31.0296 7628 gupdate1ca19f0d79b2096 - ok 03:56:31.0312 7628 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe 03:56:31.0312 7628 gupdatem - ok 03:56:31.0375 7628 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 03:56:31.0390 7628 gusvc - ok 03:56:31.0437 7628 hamachi (d30b31375c40309425c21efe75db90bb) C:\WINDOWS\system32\DRIVERS\hamachi.sys 03:56:31.0453 7628 hamachi - ok 03:56:31.0484 7628 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 03:56:31.0515 7628 HDAudBus ( UnsignedFile.Multi.Generic ) - warning 03:56:31.0515 7628 HDAudBus - detected UnsignedFile.Multi.Generic (1) 03:56:31.0562 7628 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 03:56:31.0656 7628 helpsvc - ok 03:56:31.0687 7628 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll 03:56:31.0796 7628 HidServ - ok 03:56:31.0828 7628 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 03:56:31.0921 7628 HidUsb - ok 03:56:31.0937 7628 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll 03:56:32.0031 7628 hkmsvc - ok 03:56:32.0156 7628 hpdj - ok 03:56:32.0156 7628 hpn - ok 03:56:32.0203 7628 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 03:56:32.0250 7628 HTTP - ok 03:56:32.0312 7628 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll 03:56:32.0406 7628 HTTPFilter - ok 03:56:32.0484 7628 HWiNFO32 (ac1e9496ba0ac3b27b45f2228ed51b2c) C:\Program Files\HWiNFO32\HWiNFO32.SYS 03:56:32.0484 7628 HWiNFO32 - ok 03:56:32.0484 7628 i2omgmt - ok 03:56:32.0484 7628 i2omp - ok 03:56:32.0500 7628 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 03:56:32.0593 7628 i8042prt - ok 03:56:32.0671 7628 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe 03:56:32.0703 7628 IDriverT ( UnsignedFile.Multi.Generic ) - warning 03:56:32.0703 7628 IDriverT - detected UnsignedFile.Multi.Generic (1) 03:56:32.0828 7628 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 03:56:32.0875 7628 idsvc - ok 03:56:32.0890 7628 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 03:56:32.0984 7628 Imapi - ok 03:56:33.0015 7628 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe 03:56:33.0093 7628 ImapiService - ok 03:56:33.0093 7628 ini910u - ok 03:56:33.0453 7628 IntcAzAudAddService (6ed742d93bcf9af7718bbbe8f080dbbd) C:\WINDOWS\system32\drivers\RtkHDAud.sys 03:56:33.0718 7628 IntcAzAudAddService ( UnsignedFile.Multi.Generic ) - warning 03:56:33.0718 7628 IntcAzAudAddService - detected UnsignedFile.Multi.Generic (1) 03:56:33.0796 7628 IntelIde - ok 03:56:33.0843 7628 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 03:56:33.0921 7628 intelppm - ok 03:56:33.0953 7628 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 03:56:34.0046 7628 Ip6Fw - ok 03:56:34.0078 7628 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 03:56:34.0171 7628 IpFilterDriver - ok 03:56:34.0187 7628 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 03:56:34.0265 7628 IpInIp - ok 03:56:34.0296 7628 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 03:56:34.0390 7628 IpNat - ok 03:56:34.0406 7628 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 03:56:34.0500 7628 IPSec - ok 03:56:34.0500 7628 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 03:56:34.0562 7628 IRENUM - ok 03:56:34.0578 7628 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 03:56:34.0656 7628 isapnp - ok 03:56:34.0796 7628 jakfcswx - ok 03:56:34.0906 7628 JavaQuickStarterService (de5d05fd449798ef88cc34ad4b1e7f85) C:\Program Files\Java\jre6\bin\jqs.exe 03:56:34.0921 7628 JavaQuickStarterService - ok 03:56:34.0968 7628 kbdcap (d96ad2e7e91b994f81779144f56bed73) C:\WINDOWS\system32\drivers\kbdcap.sys 03:56:35.0000 7628 kbdcap ( UnsignedFile.Multi.Generic ) - warning 03:56:35.0000 7628 kbdcap - detected UnsignedFile.Multi.Generic (1) 03:56:35.0031 7628 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 03:56:35.0109 7628 Kbdclass - ok 03:56:35.0125 7628 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 03:56:35.0218 7628 kbdhid - ok 03:56:35.0250 7628 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 03:56:35.0343 7628 kmixer - ok 03:56:35.0375 7628 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 03:56:35.0437 7628 KSecDD - ok 03:56:35.0437 7628 L8042Kbd (0c6e346cde730cf1356dd69ad6e9bc42) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys 03:56:35.0453 7628 L8042Kbd - ok 03:56:35.0484 7628 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll 03:56:35.0515 7628 lanmanserver - ok 03:56:35.0546 7628 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll 03:56:35.0578 7628 lanmanworkstation - ok 03:56:35.0593 7628 lbrtfdc - ok 03:56:35.0687 7628 LBTServ (3af6b73a3ad1fc37c5933441f66ceb91) C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe 03:56:35.0718 7628 LBTServ - ok 03:56:35.0750 7628 LHidFilt (7f9c7b28cf1c859e1c42619eea946dc8) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys 03:56:35.0765 7628 LHidFilt - ok 03:56:35.0812 7628 LIVESRV - ok 03:56:35.0859 7628 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll 03:56:35.0937 7628 LmHosts - ok 03:56:35.0937 7628 lmimirr - ok 03:56:35.0937 7628 LMouFilt (ab33792a87285344f43b5ce23421bab0) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys 03:56:35.0953 7628 LMouFilt - ok 03:56:35.0953 7628 LUsbFilt (77030525cd86a93f1af34fa9b96d33ce) C:\WINDOWS\system32\Drivers\LUsbFilt.Sys 03:56:35.0968 7628 LUsbFilt - ok 03:56:36.0000 7628 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys 03:56:36.0000 7628 MBAMProtector - ok 03:56:36.0078 7628 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 03:56:36.0093 7628 MBAMService - ok 03:56:36.0140 7628 mcdbus (af61a1c34e2d3f7543f9ccfc323170b8) C:\WINDOWS\system32\DRIVERS\mcdbus.sys 03:56:36.0187 7628 mcdbus ( UnsignedFile.Multi.Generic ) - warning 03:56:36.0187 7628 mcdbus - detected UnsignedFile.Multi.Generic (1) 03:56:36.0203 7628 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll 03:56:36.0281 7628 Messenger - ok 03:56:36.0390 7628 Microsoft Office Groove Audit Service (7c4c76b39d5525c4a465e0be32528e19) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe 03:56:36.0406 7628 Microsoft Office Groove Audit Service - ok 03:56:36.0437 7628 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 03:56:36.0531 7628 mnmdd - ok 03:56:36.0593 7628 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe 03:56:36.0687 7628 mnmsrvc - ok 03:56:36.0718 7628 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 03:56:36.0796 7628 Modem - ok 03:56:36.0812 7628 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 03:56:36.0906 7628 Mouclass - ok 03:56:36.0937 7628 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 03:56:37.0000 7628 mouhid - ok 03:56:37.0015 7628 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 03:56:37.0109 7628 MountMgr - ok 03:56:37.0125 7628 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys 03:56:37.0218 7628 MPE - ok 03:56:37.0218 7628 mraid35x - ok 03:56:37.0234 7628 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 03:56:37.0343 7628 MRxDAV - ok 03:56:37.0375 7628 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 03:56:37.0421 7628 MRxSmb - ok 03:56:37.0437 7628 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe 03:56:37.0531 7628 MSDTC - ok 03:56:37.0531 7628 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 03:56:37.0609 7628 Msfs - ok 03:56:37.0609 7628 MSIServer - ok 03:56:37.0625 7628 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 03:56:37.0703 7628 MSKSSRV - ok 03:56:37.0718 7628 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 03:56:37.0812 7628 MSPCLOCK - ok 03:56:37.0812 7628 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 03:56:37.0890 7628 MSPQM - ok 03:56:37.0937 7628 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 03:56:38.0000 7628 mssmbios - ok 03:56:38.0093 7628 MSSQL$SQLEXPRESS - ok 03:56:38.0109 7628 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe 03:56:38.0140 7628 MSSQLServerADHelper - ok 03:56:38.0156 7628 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 03:56:38.0234 7628 MSTEE - ok 03:56:38.0437 7628 msvsmon90 (e514d0493c272aecbac7c6c1dac635d1) C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe 03:56:38.0562 7628 msvsmon90 - ok 03:56:38.0671 7628 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys 03:56:38.0703 7628 MTsensor - ok 03:56:38.0750 7628 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 03:56:38.0828 7628 Mup - ok 03:56:38.0843 7628 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 03:56:38.0953 7628 NABTSFEC - ok 03:56:38.0984 7628 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll 03:56:39.0078 7628 napagent - ok 03:56:39.0125 7628 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 03:56:39.0218 7628 NDIS - ok 03:56:39.0234 7628 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 03:56:39.0328 7628 NdisIP - ok 03:56:39.0375 7628 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 03:56:39.0453 7628 NdisTapi - ok 03:56:39.0453 7628 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 03:56:39.0531 7628 Ndisuio - ok 03:56:39.0531 7628 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 03:56:39.0609 7628 NdisWan - ok 03:56:39.0656 7628 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 03:56:39.0687 7628 NDProxy - ok 03:56:39.0875 7628 Nero BackItUp Scheduler 4.0 (c7f5c284b6f46fcaf6910ea4e644700b) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe 03:56:39.0937 7628 Nero BackItUp Scheduler 4.0 - ok 03:56:39.0953 7628 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 03:56:40.0046 7628 NetBIOS - ok 03:56:40.0078 7628 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 03:56:40.0171 7628 NetBT - ok 03:56:40.0203 7628 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe 03:56:40.0281 7628 NetDDE - ok 03:56:40.0281 7628 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe 03:56:40.0359 7628 NetDDEdsdm - ok 03:56:40.0390 7628 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 03:56:40.0484 7628 Netlogon - ok 03:56:40.0500 7628 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll 03:56:40.0593 7628 Netman - ok 03:56:40.0718 7628 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 03:56:40.0718 7628 NetTcpPortSharing - ok 03:56:40.0765 7628 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll 03:56:40.0781 7628 Nla - ok 03:56:40.0796 7628 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 03:56:40.0875 7628 Npfs - ok 03:56:40.0875 7628 npggsvc - ok 03:56:40.0906 7628 npkcmsvc (93b9a6b06c873a425ab18a834cd381d0) C:\WINDOWS\system32\npkcmsvc.exe 03:56:40.0921 7628 npkcmsvc - ok 03:56:40.0968 7628 npkcrypt (08cb29081d252a1f672eed9e18446f99) C:\WINDOWS\system32\npkcrypt.sys 03:56:40.0984 7628 npkcrypt - ok 03:56:41.0000 7628 npkcusb (c0d56b1f64c986ab7ca169a5e7a8ebd8) C:\WINDOWS\system32\npkcusb.sys 03:56:41.0015 7628 npkcusb - ok 03:56:41.0046 7628 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 03:56:41.0156 7628 Ntfs - ok 03:56:41.0187 7628 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 03:56:41.0265 7628 NtLmSsp - ok 03:56:41.0328 7628 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll 03:56:41.0468 7628 NtmsSvc - ok 03:56:41.0578 7628 nTuneService - ok 03:56:41.0625 7628 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 03:56:41.0718 7628 Null - ok 03:56:42.0406 7628 nv (7b5a17bd54bb9142843dbe99a1caaed8) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 03:56:43.0062 7628 nv - ok 03:56:43.0140 7628 NVR0Dev (61d6b1c71ad94f8485e966bebc36d092) C:\WINDOWS\nvoclock.sys 03:56:43.0156 7628 NVR0Dev ( UnsignedFile.Multi.Generic ) - warning 03:56:43.0156 7628 NVR0Dev - detected UnsignedFile.Multi.Generic (1) 03:56:43.0250 7628 NVSvc (5150b108ea88831e1c599603d8b89621) C:\WINDOWS\system32\nvsvc32.exe 03:56:43.0265 7628 NVSvc - ok 03:56:43.0468 7628 nvUpdatusService (83e8ab7bb3c8956c53fec071c94f0bbb) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe 03:56:43.0531 7628 nvUpdatusService - ok 03:56:43.0609 7628 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 03:56:43.0703 7628 NwlnkFlt - ok 03:56:43.0718 7628 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 03:56:43.0812 7628 NwlnkFwd - ok 03:56:43.0906 7628 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 03:56:43.0968 7628 odserv - ok 03:56:44.0000 7628 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 03:56:44.0031 7628 ose - ok 03:56:44.0078 7628 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys 03:56:44.0171 7628 Parport - ok 03:56:44.0187 7628 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 03:56:44.0265 7628 PartMgr - ok 03:56:44.0296 7628 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 03:56:44.0390 7628 ParVdm - ok 03:56:44.0390 7628 PavProc - ok 03:56:44.0390 7628 PavPrSrv - ok 03:56:44.0421 7628 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 03:56:44.0515 7628 PCI - ok 03:56:44.0515 7628 PCIDump - ok 03:56:44.0531 7628 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 03:56:44.0640 7628 PCIIde - ok 03:56:44.0656 7628 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 03:56:44.0734 7628 Pcmcia - ok 03:56:44.0828 7628 PCToolsSSDMonitorSvc (953615a27d3e873e71320e2fe464049c) C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe 03:56:44.0875 7628 PCToolsSSDMonitorSvc - ok 03:56:44.0875 7628 PDCOMP - ok 03:56:44.0875 7628 PDFRAME - ok 03:56:44.0875 7628 PDRELI - ok 03:56:44.0875 7628 PDRFRAME - ok 03:56:44.0875 7628 perc2 - ok 03:56:44.0875 7628 perc2hib - ok 03:56:44.0921 7628 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe 03:56:44.0937 7628 PlugPlay - ok 03:56:44.0968 7628 PnkBstrA (3a2e85f7d90d15460c337ce80c2e3b29) C:\WINDOWS\system32\PnkBstrA.exe 03:56:44.0984 7628 PnkBstrA - ok 03:56:45.0015 7628 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 03:56:45.0093 7628 PolicyAgent - ok 03:56:45.0093 7628 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 03:56:45.0171 7628 PptpMiniport - ok 03:56:45.0234 7628 Profos - ok 03:56:45.0250 7628 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 03:56:45.0312 7628 ProtectedStorage - ok 03:56:45.0343 7628 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 03:56:45.0437 7628 PSched - ok 03:56:45.0453 7628 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 03:56:45.0546 7628 Ptilink - ok 03:56:45.0578 7628 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys 03:56:45.0593 7628 PxHelp20 - ok 03:56:45.0609 7628 ql1080 - ok 03:56:45.0609 7628 Ql10wnt - ok 03:56:45.0609 7628 ql12160 - ok 03:56:45.0609 7628 ql1240 - ok 03:56:45.0609 7628 ql1280 - ok 03:56:45.0625 7628 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 03:56:45.0703 7628 RasAcd - ok 03:56:45.0734 7628 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll 03:56:45.0828 7628 RasAuto - ok 03:56:45.0843 7628 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 03:56:45.0921 7628 Rasl2tp - ok 03:56:45.0953 7628 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll 03:56:46.0046 7628 RasMan - ok 03:56:46.0046 7628 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 03:56:46.0125 7628 RasPppoe - ok 03:56:46.0125 7628 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 03:56:46.0203 7628 Raspti - ok 03:56:46.0218 7628 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 03:56:46.0312 7628 Rdbss - ok 03:56:46.0312 7628 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 03:56:46.0390 7628 RDPCDD - ok 03:56:46.0421 7628 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 03:56:46.0500 7628 rdpdr - ok 03:56:46.0515 7628 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 03:56:46.0609 7628 RDPWD - ok 03:56:46.0625 7628 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe 03:56:46.0703 7628 RDSessMgr - ok 03:56:46.0718 7628 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 03:56:46.0796 7628 redbook - ok 03:56:46.0812 7628 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll 03:56:46.0890 7628 RemoteAccess - ok 03:56:46.0921 7628 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll 03:56:47.0000 7628 RemoteRegistry - ok 03:56:47.0031 7628 Revoflt (8b5b8a11306190c6963d3473f052d3c8) C:\WINDOWS\system32\DRIVERS\revoflt.sys 03:56:47.0046 7628 Revoflt - ok 03:56:47.0046 7628 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe 03:56:47.0125 7628 RpcLocator - ok 03:56:47.0187 7628 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll 03:56:47.0203 7628 RpcSs - ok 03:56:47.0234 7628 rspndr (0e11b35e972796042044bc27ce13b065) C:\WINDOWS\system32\DRIVERS\rspndr.sys 03:56:47.0265 7628 rspndr ( UnsignedFile.Multi.Generic ) - warning 03:56:47.0265 7628 rspndr - detected UnsignedFile.Multi.Generic (1) 03:56:47.0312 7628 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe 03:56:47.0375 7628 RSVP - ok 03:56:47.0390 7628 RTLWUSB - ok 03:56:47.0437 7628 s116bus (815445f4676cc96bc9aeec303c727e19) C:\WINDOWS\system32\DRIVERS\s116bus.sys 03:56:47.0453 7628 s116bus - ok 03:56:47.0484 7628 s116mdfl (333d1e0743e6de1779c3c418ac601c3a) C:\WINDOWS\system32\DRIVERS\s116mdfl.sys 03:56:47.0500 7628 s116mdfl - ok 03:56:47.0531 7628 s116mdm (50d6e5b021e9ec7553ab8a3553cc1b6b) C:\WINDOWS\system32\DRIVERS\s116mdm.sys 03:56:47.0546 7628 s116mdm - ok 03:56:47.0593 7628 s816bus (8c156e6b568aa927eb5deadeb870bdd2) C:\WINDOWS\system32\DRIVERS\s816bus.sys 03:56:47.0609 7628 s816bus - ok 03:56:47.0640 7628 s816mdfl (d4ed429953a2b8b09c702805813a26c8) C:\WINDOWS\system32\DRIVERS\s816mdfl.sys 03:56:47.0656 7628 s816mdfl - ok 03:56:47.0671 7628 s816mdm (94306f371a6ff8b690bea81157111b3b) C:\WINDOWS\system32\DRIVERS\s816mdm.sys 03:56:47.0687 7628 s816mdm - ok 03:56:47.0703 7628 s816mgmt (fafdd00abad1b6029bf7f4067764ab41) C:\WINDOWS\system32\DRIVERS\s816mgmt.sys 03:56:47.0718 7628 s816mgmt - ok 03:56:47.0750 7628 s816nd5 (fd0d1e39cb22558d79bff59b66a5874a) C:\WINDOWS\system32\DRIVERS\s816nd5.sys 03:56:47.0765 7628 s816nd5 - ok 03:56:47.0781 7628 s816obex (8eacd5e46764463e75f171d9bf305348) C:\WINDOWS\system32\DRIVERS\s816obex.sys 03:56:47.0796 7628 s816obex - ok 03:56:47.0812 7628 s816unic (e2090b041b935430abc8e184b7d6cd75) C:\WINDOWS\system32\DRIVERS\s816unic.sys 03:56:47.0828 7628 s816unic - ok 03:56:47.0875 7628 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 03:56:47.0937 7628 SamSs - ok 03:56:48.0031 7628 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 03:56:48.0046 7628 SASDIFSV - ok 03:56:48.0062 7628 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 03:56:48.0078 7628 SASKUTIL - ok 03:56:48.0203 7628 scan (33695c0f02be88a07a75bc793d616ed0) C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll 03:56:48.0234 7628 scan - ok 03:56:48.0296 7628 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe 03:56:48.0375 7628 SCardSvr - ok 03:56:48.0406 7628 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll 03:56:48.0500 7628 Schedule - ok 03:56:48.0546 7628 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 03:56:48.0609 7628 Secdrv - ok 03:56:48.0625 7628 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll 03:56:48.0703 7628 seclogon - ok 03:56:48.0734 7628 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll 03:56:48.0812 7628 SENS - ok 03:56:48.0828 7628 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 03:56:48.0906 7628 serenum - ok 03:56:48.0921 7628 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 03:56:49.0000 7628 Serial - ok 03:56:49.0015 7628 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 03:56:49.0109 7628 Sfloppy - ok 03:56:49.0156 7628 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll 03:56:49.0265 7628 SharedAccess - ok 03:56:49.0312 7628 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 03:56:49.0312 7628 ShellHWDetection - ok 03:56:49.0312 7628 ShldDrv - ok 03:56:49.0328 7628 Simbad - ok 03:56:49.0359 7628 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 03:56:49.0437 7628 SLIP - ok 03:56:49.0437 7628 Sparrow - ok 03:56:49.0468 7628 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 03:56:49.0531 7628 splitter - ok 03:56:49.0578 7628 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe 03:56:49.0593 7628 Spooler - ok 03:56:49.0593 7628 sptd - ok 03:56:49.0781 7628 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe 03:56:49.0796 7628 SQLBrowser - ok 03:56:49.0812 7628 SQLWriter (d89083c4eb02daca8f944b0e05e57f9d) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe 03:56:49.0828 7628 SQLWriter - ok 03:56:49.0843 7628 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 03:56:49.0921 7628 sr - ok 03:56:49.0937 7628 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll 03:56:49.0984 7628 srservice - ok 03:56:50.0015 7628 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 03:56:50.0062 7628 Srv - ok 03:56:50.0093 7628 sscdbus (92b69020fc480219683d429dca068d71) C:\WINDOWS\system32\DRIVERS\sscdbus.sys 03:56:50.0109 7628 sscdbus - ok 03:56:50.0140 7628 sscdmdfl (77a2869d40cc84af711c321f9b0c7a78) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys 03:56:50.0140 7628 sscdmdfl - ok 03:56:50.0171 7628 sscdmdm (b4255635195a8413fcde7af5b7c4e382) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys 03:56:50.0203 7628 sscdmdm - ok 03:56:50.0218 7628 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll 03:56:50.0265 7628 SSDPSRV - ok 03:56:50.0296 7628 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll 03:56:50.0390 7628 stisvc - ok 03:56:50.0468 7628 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 03:56:50.0562 7628 streamip - ok 03:56:50.0578 7628 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 03:56:50.0671 7628 swenum - ok 03:56:50.0812 7628 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe 03:56:50.0843 7628 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning 03:56:50.0843 7628 SwitchBoard - detected UnsignedFile.Multi.Generic (1) 03:56:50.0890 7628 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 03:56:50.0968 7628 swmidi - ok 03:56:50.0968 7628 SwPrv - ok 03:56:50.0968 7628 symc810 - ok 03:56:50.0968 7628 symc8xx - ok 03:56:50.0968 7628 sym_hi - ok 03:56:50.0968 7628 sym_u3 - ok 03:56:50.0984 7628 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 03:56:51.0078 7628 sysaudio - ok 03:56:51.0078 7628 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe 03:56:51.0156 7628 SysmonLog - ok 03:56:51.0187 7628 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll 03:56:51.0265 7628 TapiSrv - ok 03:56:51.0312 7628 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 03:56:51.0328 7628 Tcpip - ok 03:56:51.0343 7628 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 03:56:51.0453 7628 TDPIPE - ok 03:56:51.0468 7628 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 03:56:51.0562 7628 TDTCP - ok 03:56:51.0578 7628 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 03:56:51.0656 7628 TermDD - ok 03:56:51.0687 7628 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll 03:56:51.0765 7628 TermService - ok 03:56:51.0796 7628 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 03:56:51.0812 7628 Themes - ok 03:56:51.0859 7628 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe 03:56:51.0921 7628 TlntSvr - ok 03:56:51.0921 7628 TosIde - ok 03:56:51.0937 7628 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll 03:56:52.0031 7628 TrkWks - ok 03:56:52.0062 7628 TrueSight (b3c9c35dc93563b8d19ad414edf2fc82) c:\windows\system32\drivers\TrueSight.sys 03:56:52.0062 7628 TrueSight ( UnsignedFile.Multi.Generic ) - warning 03:56:52.0062 7628 TrueSight - detected UnsignedFile.Multi.Generic (1) 03:56:52.0187 7628 Trufos - ok 03:56:52.0203 7628 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 03:56:52.0281 7628 Udfs - ok 03:56:52.0281 7628 ultra - ok 03:56:52.0328 7628 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 03:56:52.0406 7628 Update - ok 03:56:52.0453 7628 Update Server (3cc00597a30b23757aa23cb677918bef) C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe 03:56:52.0484 7628 Update Server - ok 03:56:52.0546 7628 UPDATESRV (6a4b184261a29968b288a93d648dc5a1) C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe 03:56:52.0546 7628 UPDATESRV - ok 03:56:52.0609 7628 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll 03:56:52.0671 7628 upnphost - ok 03:56:52.0687 7628 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe 03:56:52.0765 7628 UPS - ok 03:56:52.0796 7628 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 03:56:52.0890 7628 usbccgp - ok 03:56:52.0921 7628 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 03:56:53.0000 7628 usbehci - ok 03:56:53.0031 7628 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 03:56:53.0125 7628 usbhub - ok 03:56:53.0156 7628 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 03:56:53.0250 7628 usbprint - ok 03:56:53.0281 7628 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 03:56:53.0390 7628 usbscan - ok 03:56:53.0390 7628 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 03:56:53.0484 7628 USBSTOR - ok 03:56:53.0500 7628 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 03:56:53.0578 7628 usbuhci - ok 03:56:53.0593 7628 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 03:56:53.0671 7628 VgaSave - ok 03:56:53.0671 7628 ViaIde - ok 03:56:53.0671 7628 VMnetAdapter - ok 03:56:53.0687 7628 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 03:56:53.0781 7628 VolSnap - ok 03:56:53.0796 7628 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe 03:56:53.0843 7628 VSS - ok 03:56:53.0859 7628 VSSERV - ok 03:56:53.0859 7628 vtany - ok 03:56:53.0875 7628 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll 03:56:53.0953 7628 W32Time - ok 03:56:53.0968 7628 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 03:56:54.0046 7628 Wanarp - ok 03:56:54.0093 7628 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 03:56:54.0125 7628 Wdf01000 - ok 03:56:54.0125 7628 WDICA - ok 03:56:54.0140 7628 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 03:56:54.0421 7628 wdmaud - ok 03:56:54.0437 7628 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll 03:56:54.0531 7628 WebClient - ok 03:56:54.0609 7628 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll 03:56:54.0703 7628 winmgmt - ok 03:56:54.0734 7628 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll 03:56:54.0765 7628 WmdmPmSN - ok 03:56:54.0812 7628 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll 03:56:54.0828 7628 Wmi - ok 03:56:54.0859 7628 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe 03:56:54.0953 7628 WmiApSrv - ok 03:56:55.0078 7628 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe 03:56:55.0125 7628 WMPNetworkSvc - ok 03:56:55.0312 7628 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 03:56:55.0359 7628 WPFFontCache_v0400 - ok 03:56:55.0453 7628 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 03:56:55.0546 7628 WS2IFSL - ok 03:56:55.0593 7628 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll 03:56:55.0671 7628 wscsvc - ok 03:56:55.0718 7628 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 03:56:55.0812 7628 WSTCODEC - ok 03:56:55.0843 7628 wuauserv (b72508649dad03bcb5d708edb1e3e57e) C:\WINDOWS\system32\wuauserv.dll 03:56:55.0843 7628 wuauserv - ok 03:56:55.0890 7628 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 03:56:55.0937 7628 WudfPf - ok 03:56:55.0953 7628 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 03:56:55.0968 7628 WudfRd - ok 03:56:56.0000 7628 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll 03:56:56.0015 7628 WudfSvc - ok 03:56:56.0078 7628 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll 03:56:56.0156 7628 WZCSVC - ok 03:56:56.0171 7628 XDva190 - ok 03:56:56.0171 7628 XDva275 - ok 03:56:56.0171 7628 XDva279 - ok 03:56:56.0171 7628 XDva288 - ok 03:56:56.0171 7628 XDva351 - ok 03:56:56.0171 7628 XDva380 - ok 03:56:56.0187 7628 XDva385 - ok 03:56:56.0187 7628 XDva387 - ok 03:56:56.0187 7628 XDva389 - ok 03:56:56.0187 7628 XDva391 - ok 03:56:56.0187 7628 XDva392 - ok 03:56:56.0187 7628 XDva393 - ok 03:56:56.0203 7628 XDva394 - ok 03:56:56.0203 7628 xhunter1 - ok 03:56:56.0234 7628 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll 03:56:56.0328 7628 xmlprov - ok 03:56:56.0359 7628 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0 03:56:56.0687 7628 \Device\Harddisk0\DR0 ( TDSS File System ) - warning 03:56:56.0687 7628 \Device\Harddisk0\DR0 - detected TDSS File System (1) 03:56:56.0687 7628 Boot (0x1200) (fda853b3cbc4c69a37ac98933a59178c) \Device\Harddisk0\DR0\Partition0 03:56:56.0718 7628 \Device\Harddisk0\DR0\Partition0 - ok 03:56:56.0718 7628 ============================================================ 03:56:56.0718 7628 Scan finished 03:56:56.0718 7628 ============================================================ 03:56:56.0828 5596 Detected object count: 24 03:56:56.0828 5596 Actual detected object count: 24 03:57:51.0812 5596 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user 03:57:51.0812 5596 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip 03:57:51.0812 5596 CardBusService ( UnsignedFile.Multi.Generic ) - skipped by user 03:57:51.0812 5596 CardBusService ( UnsignedFile.Multi.Generic ) - User select action: Skip 03:57:51.0859 5596 C:\WINDOWS\system32\DRIVERS\disk.sys - copied to quarantine 03:57:51.0906 5596 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine 03:57:51.0906 5596 \Device\Harddisk0\DR0\TDLFS\tdl - copied to quarantine 03:57:51.0906 5596 \Device\Harddisk0\DR0\TDLFS\rsrc.dat - copied to quarantine 03:57:51.0906 5596 \Device\Harddisk0\DR0\TDLFS\bckfg.tmp - copied to quarantine 03:57:51.0906 5596 \Device\Harddisk0\DR0\TDLFS\tdlcmd.dll - copied to quarantine 03:57:51.0921 5596 \Device\Harddisk0\DR0\TDLFS\keywords - copied to quarantine 03:57:53.0015 5596 Backup copy not found, trying to cure infected file.. 03:57:53.0015 5596 Cure success, using it.. 03:57:53.0046 5596 C:\WINDOWS\system32\DRIVERS\disk.sys - will be cured on reboot 03:57:53.0046 5596 Disk ( Rootkit.Win32.TDSS.tdl3 ) - User select action: Cure 03:57:53.0046 5596 DrvAgent32 ( UnsignedFile.Multi.Generic ) - skipped by user 03:57:53.0046 5596 DrvAgent32 ( UnsignedFile.Multi.Generic ) - User select action: Skip 03:57:53.0046 5596 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user 03:57:53.0046 5596 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip 03:57:53.0046 5596 FsUsbExService ( UnsignedFile.Multi.Generic ) - skipped by user 03:57:53.0046 5596 FsUsbExService ( UnsignedFile.Multi.Generic ) - User select action: Skip 03:57:53.0046 5596 GEMC001 ( UnsignedFile.Multi.Generic ) - skipped by user 03:57:53.0046 5596 GEMC001 ( UnsignedFile.Multi.Generic ) - User select action: Skip 03:57:53.0046 5596 GEMC002 ( UnsignedFile.Multi.Generic ) - skipped by user 03:57:53.0046 5596 GEMC002 ( UnsignedFile.Multi.Generic ) - User select action: Skip 03:57:53.0046 5596 GEMC003 ( UnsignedFile.Multi.Generic ) - skipped by user 03:57:53.0046 5596 GEMC003 ( UnsignedFile.Multi.Generic ) - User select action: Skip 03:57:53.0046 5596 GEMC004 ( UnsignedFile.Multi.Generic ) - skipped by user 03:57:53.0046 5596 GEMC004 ( UnsignedFile.Multi.Generic ) - User select action: Skip 03:57:53.0046 5596 GEMC005 ( UnsignedFile.Multi.Generic ) - skipped by user 03:57:53.0046 5596 GEMC005 ( UnsignedFile.Multi.Generic ) - User select action: Skip 03:57:53.0046 5596 GEMC007 ( UnsignedFile.Multi.Generic ) - skipped by user 03:57:53.0046 5596 GEMC007 ( UnsignedFile.Multi.Generic ) - User select action: Skip 03:57:53.0046 5596 GEMC009 ( UnsignedFile.Multi.Generic ) - skipped by user 03:57:53.0046 5596 GEMC009 ( UnsignedFile.Multi.Generic ) - User select action: Skip 03:57:53.0046 5596 GEMC011 ( UnsignedFile.Multi.Generic ) - skipped by user 03:57:53.0046 5596 GEMC011 ( UnsignedFile.Multi.Generic ) - User select action: Skip 03:57:53.0062 5596 HDAudBus ( UnsignedFile.Multi.Generic ) - skipped by user 03:57:53.0062 5596 HDAudBus ( UnsignedFile.Multi.Generic ) - User select action: Skip 03:57:53.0062 5596 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user 03:57:53.0062 5596 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 03:57:53.0062 5596 IntcAzAudAddService ( UnsignedFile.Multi.Generic ) - skipped by user 03:57:53.0062 5596 IntcAzAudAddService ( UnsignedFile.Multi.Generic ) - User select action: Skip 03:57:53.0062 5596 kbdcap ( UnsignedFile.Multi.Generic ) - skipped by user 03:57:53.0062 5596 kbdcap ( UnsignedFile.Multi.Generic ) - User select action: Skip 03:57:53.0062 5596 mcdbus ( UnsignedFile.Multi.Generic ) - skipped by user 03:57:53.0062 5596 mcdbus ( UnsignedFile.Multi.Generic ) - User select action: Skip 03:57:53.0062 5596 NVR0Dev ( UnsignedFile.Multi.Generic ) - skipped by user 03:57:53.0062 5596 NVR0Dev ( UnsignedFile.Multi.Generic ) - User select action: Skip 03:57:53.0062 5596 rspndr ( UnsignedFile.Multi.Generic ) - skipped by user 03:57:53.0062 5596 rspndr ( UnsignedFile.Multi.Generic ) - User select action: Skip 03:57:53.0062 5596 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user 03:57:53.0062 5596 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip 03:57:53.0062 5596 TrueSight ( UnsignedFile.Multi.Generic ) - skipped by user 03:57:53.0062 5596 TrueSight ( UnsignedFile.Multi.Generic ) - User select action: Skip 03:57:53.0062 5596 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user 03:57:53.0062 5596 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip 03:58:50.0125 5728 Deinitialize success ----------------------------------------------------------------------- Malwarebytes: Možnosti pregleda omogočene: Spomin | Zagon | Register | Datotečni sistem | Hevristika/Dodatno | Hevristika/Shuriken | PUP | PUM Možnosti pregleda onemogočene: P2P Scanned files: 306867 Pretečen čas: 11 minut, 55 sekund Odkritih spominskih procesov: 0 (Ni bilo najdenih zlonamernih objektov) Odkritih spominskih modulov: 0 (Ni bilo najdenih zlonamernih objektov) Odkritih ključev registra: 0 (Ni bilo najdenih zlonamernih objektov) Odkritih vrednosti registra: 0 (Ni bilo najdenih zlonamernih objektov) Odkritih vnosov v register: 0 (Ni bilo najdenih zlonamernih objektov) Odkritih map: 0 (Ni bilo najdenih zlonamernih objektov) Detected files: 1 C:\Documents and Settings\Silvo\My Documents\Downloads\SoftonicDownloader_for_vlc-media-player.exe (PUP.ToolbarDownloader) -> sent to karantene and successfully deleted, (The end) I translated the important parts to english. ------------------------------------------------------------ . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_33 Run by Silvo at 4:48:49 on 2012-06-21 Microsoft Windows XP Professional 5.1.2600.3.1250.386.1033.18.3327.2363 [GMT -7:00] . AV: Bitdefender Antivirus *Enabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB} FW: AVG Firewall *Disabled* . ============== Running Processes =============== . C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\SUPERAntiSpyware\SASCORE.EXE C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\WINDOWS\system32\npkcmsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\WINDOWS\system32\PnkBstrA.exe C:\program files\real\realplayer\update\realsched.exe C:\WINDOWS\system32\RunDLL32.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ mStart Page = about:blank uURLSearchHooks: H - No File uURLSearchHooks: H - No File uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - mURLSearchHooks: H - No File mURLSearchHooks: H - No File mURLSearchHooks: H - No File BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Windows Live - Pomoc pri vpisu: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll TB: {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - No File TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background uRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\nTuneCmd.exe" clear uRun: [AdobeBridge] mRun: [sony Ericsson PC Suite] "c:\program files\sony ericsson\mobile2\application launcher\Application Launcher.exe" /startoptions mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [MSOffice] c:\windows\system32\msoffice\update.exe mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe" mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE mRun: [skyTel] SkyTel.EXE mRun: [AFEC-CEAB] c:\documents and settings\silvo\application data\Seven.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [<NO NAME>] mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe" mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [bDAgent] "c:\program files\bitdefender\bitdefender 2012\bdagent.exe" mRun: [RTHDCPL] RTHDCPL.EXE mRun: [Alcmtr] ALCMTR.EXE mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OE1FSC1SNkJGRS1IV1VIRi1EUE5EQS1WRlVXWC0yRU1CUg"&"inst=NzYtODg4NDYwOTgwLVhPMzYrMS1OMUQrMS1QTCs5LUNJUCsyLUREVCsyMzM1OS1UVUcrMy1MU0QrMi1EMzgxTCs2LUkxMCsxLUREMTArMS1TVDEwQVBQKzEtRlVJKzItUDEwVEIrMg"&"prod=94"&"ver=10.0.1415 dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t dRun: [bDFFBC5DC7] c:\documents and settings\localservice\application data\Windows.exe dRun: [Google Update] c:\documents and settings\localservice\local settings\application data\google\update\gupdate.exe /app 16DA36A7C6637CD4F26B9C1699938645 dRun: [Java] c:\documents and settings\networkservice\application data\Java.exe dRunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 dRunOnce: [RunNarrator] Narrator.exe mExplorerRun: [AFEC-CEAB] c:\documents and settings\silvo\application data\Seven.exe StartupFolder: c:\docume~1\silvo\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\averqu~1.lnk - c:\program files\common files\avermedia\averquick\AVerQuick.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - c:\program files\icq7.2\ICQ.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.srtest.com/srl_bin/sysreqlab3.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1217854800937 DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} - hxxp://www.acclaim.com/cabs/acclaim_v4.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1217854781968 DPF: {7A0D1738-10EA-47FF-92BE-4E137B5BE1A4} - hxxps://mpsnare.iesnare.com/StmOCX.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://disteng.nefficient.com/disteng/neffy/NeffyLauncher.cab DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} - hxxp://update.nprotect.net/keycrypt/cabal/npkcx_inca.cab DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab TCP: Interfaces\{BC30E4D0-6780-42EB-9733-F8D55434BB60} : NameServer = 193.189.160.13,193.189.160.23 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\silvo\application data\mozilla\firefox\profiles\keudrcdb.default\ FF - prefs.js: browser.search.selectedEngine - ICQ Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.3&q= FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll FF - component: c:\documents and settings\silvo\application data\mozilla\firefox\profiles\keudrcdb.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko19.dll FF - component: c:\documents and settings\silvo\application data\mozilla\firefox\profiles\keudrcdb.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll FF - component: c:\documents and settings\silvo\application data\mozilla\firefox\profiles\keudrcdb.default\extensions\ffxtlbr@facemoods.com\components\FFHst.dll FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll . ============= SERVICES / DRIVERS =============== . R0 avc3;avc3;c:\windows\system32\drivers\avc3.sys [2012-3-20 611520] R1 BDVEDISK;BDVEDISK;c:\windows\system32\drivers\bdvedisk.sys [2010-1-19 85128] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664] R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608] R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2012-3-18 21992] R2 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\hwinfo32\HWiNFO32.SYS [2010-11-24 20088] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-7-8 654408] R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-3-10 1262400] R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2012-6-18 793048] R2 UPDATESRV;BitDefender Desktop Update Service;c:\program files\bitdefender\bitdefender 2012\updatesrv.exe [2012-3-13 53224] R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [2008-8-4 37376] R3 avchv;avchv Function Driver;c:\windows\system32\drivers\avchv.sys [2011-11-25 240184] R3 avckf;avckf;c:\windows\system32\drivers\avckf.sys [2012-2-17 447208] R3 AVerBDA3x;AVerMedia SAA713x BDA Service;c:\windows\system32\drivers\AVerBDA3x.sys [2008-8-4 1180672] R3 kbdcap;kbdcap;c:\windows\system32\drivers\KbdCap.sys [2010-9-14 109440] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-7-8 22344] S1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\shldrv51.sys --> c:\windows\system32\drivers\ShlDrv51.sys [?] S2 17891;IpSectPro service new;c:\windows\system\178918.exe --> c:\windows\system\178918.exe [?] S2 AMService;AMService;c:\windows\temp\poky\setup.exe run --> c:\windows\temp\poky\setup.exe run [?] S2 CardBusService;CardBusService;c:\program files\common files\avermedia\service\CardBusService.exe [2008-8-4 188416] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate1ca19f0d79b2096;Storitev Google Update Service (gupdate1ca19f0d79b2096);c:\program files\google\update\GoogleUpdate.exe [2009-8-10 133104] S2 ICQ Service;ICQ Service;c:\program files\icq6toolbar\ICQ Service.exe [2009-7-19 247096] S2 jakfcswx;jakfcswx;"c:\docume~1\silvo\locals~1\temp\dat9a2.tmp.exe" --service --> c:\docume~1\silvo\locals~1\temp\DAT9A2.tmp.exe [?] S2 PavProc;Panda Process Protection Driver;\??\c:\windows\system32\drivers\pavproc.sys --> c:\windows\system32\drivers\PavProc.sys [?] S2 PavPrSrv;Panda Process Protection Service;"c:\program files\common files\panda software\pavshld\pavprsrv.exe" --> c:\program files\common files\panda software\pavshld\pavprsrv.exe [?] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-19 257224] S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\toolbarbroker.exe --> c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [?] S3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys --> c:\windows\system32\drivers\bdfm.sys [?] S3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys --> c:\windows\system32\drivers\bdfndisf.sys [?] S3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys [2011-11-17 63056] S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336] S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2012-6-17 23456] S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2009-10-2 36608] S3 GEMC001;GEMC001;C:\GEMC001.sys [2012-3-18 72136] S3 GEMC002;GEMC002;C:\GEMC002.sys [2012-3-19 72136] S3 GEMC003;GEMC003;C:\GEMC003.sys [2012-3-18 72136] S3 GEMC004;GEMC004;C:\GEMC004.sys [2012-3-19 72136] S3 GEMC005;GEMC005;C:\GEMC005.sys [2012-3-18 72136] S3 GEMC007;GEMC007;C:\GEMC007.sys [2012-3-18 72136] S3 GEMC009;GEMC009;C:\GEMC009.sys [2012-3-18 72136] S3 GEMC011;GEMC011;C:\GEMC011.sys [2012-3-29 72136] S3 gupdatem;Storitev Posodobitve za Google (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-8-10 133104] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-7-29 27064] S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys --> c:\windows\system32\drivers\wg111v2.sys [?] S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\drivers\s816bus.sys [2008-8-7 81832] S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\drivers\s816mdfl.sys [2008-8-7 13864] S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\drivers\s816mdm.sys [2008-8-7 107304] S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s816mgmt.sys [2008-8-7 99112] S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\drivers\s816nd5.sys [2008-8-7 21928] S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\drivers\s816obex.sys [2008-8-7 97320] S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\drivers\s816unic.sys [2008-8-7 97704] S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096] S3 Update Server;BitDefender Update Server v2;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe [2011-10-14 307544] S3 vtany;vtany;\??\c:\windows\vtany.sys --> c:\windows\vtany.sys [?] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] S3 XDva190;XDva190;\??\c:\windows\system32\xdva190.sys --> c:\windows\system32\XDva190.sys [?] S3 XDva275;XDva275;\??\c:\windows\system32\xdva275.sys --> c:\windows\system32\XDva275.sys [?] S3 XDva279;XDva279;\??\c:\windows\system32\xdva279.sys --> c:\windows\system32\XDva279.sys [?] S3 XDva288;XDva288;\??\c:\windows\system32\xdva288.sys --> c:\windows\system32\XDva288.sys [?] S3 XDva351;XDva351;\??\c:\windows\system32\xdva351.sys --> c:\windows\system32\XDva351.sys [?] S3 XDva380;XDva380;\??\c:\windows\system32\xdva380.sys --> c:\windows\system32\XDva380.sys [?] S3 XDva385;XDva385;\??\c:\windows\system32\xdva385.sys --> c:\windows\system32\XDva385.sys [?] S3 XDva387;XDva387;\??\c:\windows\system32\xdva387.sys --> c:\windows\system32\XDva387.sys [?] S3 XDva389;XDva389;\??\c:\windows\system32\xdva389.sys --> c:\windows\system32\XDva389.sys [?] S3 XDva391;XDva391;\??\c:\windows\system32\xdva391.sys --> c:\windows\system32\XDva391.sys [?] S3 XDva392;XDva392;\??\c:\windows\system32\xdva392.sys --> c:\windows\system32\XDva392.sys [?] S3 XDva393;XDva393;\??\c:\windows\system32\xdva393.sys --> c:\windows\system32\XDva393.sys [?] S3 XDva394;XDva394;\??\c:\windows\system32\xdva394.sys --> c:\windows\system32\XDva394.sys [?] S3 xhunter1;xhunter1;\??\c:\windows\xhunter1.sys --> c:\windows\xhunter1.sys [?] S4 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-10-2 233472] . =============== Created Last 30 ================ . 2012-06-21 10:57:51 -------- d-----w- C:\TDSSKiller_Quarantine 2012-06-20 16:45:33 69632 ----a-w- c:\windows\Alcmtr.exe 2012-06-19 08:47:00 14080 ----a-w- c:\windows\system32\drivers\TrueSight.sys 2012-06-18 16:32:01 880640 ----a-w- c:\windows\system32\UniBox10.ocx 2012-06-18 16:32:01 658432 ----a-w- c:\windows\system32\MSCOMCT2.OCX 2012-06-18 16:32:01 37336 ----a-w- c:\windows\system32\CleanMFT32.exe 2012-06-18 16:32:01 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx 2012-06-18 16:32:01 1101824 ----a-w- c:\windows\system32\UniBox210.ocx 2012-06-18 16:31:58 -------- d-----w- c:\program files\PC Tools Registry Mechanic 2012-06-18 16:31:58 -------- d-----w- c:\program files\common files\PC Tools 2012-06-18 09:16:01 -------- d-----w- c:\documents and settings\silvo\local settings\application data\Opera 2012-06-17 22:45:24 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys 2012-06-17 22:45:24 -------- d-----w- c:\documents and settings\silvo\local settings\application data\eSupport.com 2012-06-17 21:44:55 -------- d-----w- C:\Rbackup 2012-06-17 21:41:22 -------- d-----w- c:\program files\Perfect Uninstaller 2012-06-15 10:36:04 340624 ----a-w- c:\windows\system32\drivers\trufos.sys 2012-06-15 10:36:03 360976 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys 2012-06-15 10:04:47 200593 ----a-w- c:\documents and settings\all users\application data\1339754446.bdinstall.bin 2012-06-15 10:04:12 -------- d-----w- c:\documents and settings\all users\application data\BDLogging 2012-06-15 10:03:38 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll 2012-06-15 10:03:13 -------- d-----w- c:\documents and settings\silvo\application data\Bitdefender 2012-06-15 10:00:58 -------- d-----w- c:\documents and settings\silvo\application data\QuickScan 2012-06-15 09:20:02 73728 ----a-w- c:\windows\system32\javacpl.cpl 2012-06-15 09:20:02 476936 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-05-23 19:45:13 -------- d-----w- c:\documents and settings\silvo\application data\Mumble 2012-05-23 19:33:50 -------- d-----w- c:\program files\Mumble . ==================== Find3M ==================== . 2012-06-21 11:02:34 36352 ----a-w- c:\windows\system32\drivers\disk.sys 2012-06-15 09:19:51 472840 ----a-w- c:\windows\system32\deployJava1.dll 2012-06-14 13:55:14 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-14 13:55:13 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-05-25 13:12:36 1074636 ----a-w- c:\windows\system32\nvdrsdb0.bin 2012-05-25 13:12:36 1 ----a-w- c:\windows\system32\nvdrssel.bin 2012-05-25 13:09:16 1074636 ----a-w- c:\windows\system32\nvdrsdb1.bin 2012-05-15 10:18:00 883008 ----a-w- c:\windows\system32\nvgenco32.dll 2012-05-15 10:18:00 65536 ----a-w- c:\windows\system32\OpenCL.dll 2012-05-15 10:18:00 6012928 ----a-w- c:\windows\system32\nvcuda.dll 2012-05-15 10:18:00 4373248 ----a-w- c:\windows\system32\nv4_disp.dll 2012-05-15 10:18:00 2530624 ----a-w- c:\windows\system32\nvcuvid.dll 2012-05-15 10:18:00 2445120 ----a-w- c:\windows\system32\nvcuvenc.dll 2012-05-15 10:18:00 2359808 ----a-w- c:\windows\system32\nvapi.dll 2012-05-15 10:18:00 18771968 ----a-w- c:\windows\system32\nvoglnt.dll 2012-05-15 10:18:00 17543168 ----a-w- c:\windows\system32\nvcompiler.dll 2012-05-15 10:18:00 14014656 ----a-w- c:\windows\system32\drivers\nv4_mini.sys 2012-05-15 10:18:00 1000768 ----a-w- c:\windows\system32\nvdispco32.dll 2012-05-15 09:40:26 54272 ----a-w- c:\windows\system32\nvwddi.dll 2012-05-15 09:40:02 15504192 ----a-w- c:\windows\system32\nvcpl.dll 2012-05-15 09:40:02 143680 ----a-w- c:\windows\system32\nvcolor.exe 2012-05-15 09:40:01 164160 ----a-w- c:\windows\system32\nvsvc32.exe 2012-05-15 09:40:01 108352 ----a-w- c:\windows\system32\nvmctray.dll 2012-04-04 13:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-29 08:53:35 72136 ----a-w- C:\GEMC011.sys 2012-03-24 15:51:51 72136 ----a-w- C:\GEMC009.sys 2012-03-24 15:47:39 72136 ----a-w- C:\GEMC005.sys 2012-03-24 15:45:49 72136 ----a-w- C:\GEMC003.sys 2012-03-24 15:45:20 72136 ----a-w- C:\GEMC001.sys 2011-11-21 22:19:43 86405736 ----a-w- c:\program files\APB_Reloaded_Installer.exe . ============= FINISH: 4:52:33.78 ===============
  21. Abbey
    Hello. I have alot of problems with my computer wich I believe are caused by malwares. Any help would be appreciated. - I hear audio in the background that randomly turns on and off - I keep on getting svchost.exe errors and chrome.exe errors when I use google Chrome. - Audio often doesn't work at all and in order to fix it i need to reinstall my sound drivers (updating does not help) - Whenever I turn my computer on I have to wait approximately 10mins for winows bar and desktop icons to show (I can only see my desktop background and nothing but task manager works) . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_33 Run by Silvo at 2:24:59 on 2012-06-21 Microsoft Windows XP Professional 5.1.2600.3.1250.386.1033.18.3327.2160 [GMT -7:00] . AV: Bitdefender Antivirus *Enabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB} FW: AVG Firewall *Disabled* . ============== Running Processes =============== . C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\SUPERAntiSpyware\SASCORE.EXE C:\Program Files\Google\Update\GoogleUpdate.exe C:\Program Files\ICQ6Toolbar\ICQ Service.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\WINDOWS\system32\npkcmsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\program files\real\realplayer\update\realsched.exe C:\WINDOWS\system32\RunDLL32.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\tera fake\TERA-Launcher.exe C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\DAEMON Tools Pro\DTProShellHlp.exe C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe C:\Program Files\Microsoft Office\Office12\WINWORD.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\WINDOWS\system32\svchost.exe -k netsvcs C:\Program Files\Bitdefender\Bitdefender 2012\seccenter.exe c:\program files\real\realplayer\RealPlay.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uURLSearchHooks: H - No File uURLSearchHooks: H - No File uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - uURLSearchHooks: Softonic English Toolbar: {930f1200-f5f1-4870-bac6-e233ec8e7023} - c:\program files\softonic_english\prxtbSof1.dll uURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll uURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\prxtbBit2.dll mURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll mURLSearchHooks: H - No File mURLSearchHooks: H - No File BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: {2bbf0fe2-09c9-4467-843a-992bb82b44cc} - c:\windows\system32\nvwrsard.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\prxtbBit2.dll BHO: Windows Live - Pomoc pri vpisu: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Softonic English Toolbar: {930f1200-f5f1-4870-bac6-e233ec8e7023} - c:\program files\softonic_english\prxtbSof1.dll BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll BHO: MyPlayCity Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll TB: Softonic English Toolbar: {930f1200-f5f1-4870-bac6-e233ec8e7023} - c:\program files\softonic_english\prxtbSof1.dll TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll TB: {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - No File TB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\prxtbBit2.dll TB: MyPlayCity Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll EB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background uRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\nTuneCmd.exe" clear uRun: [AdobeBridge] mRun: [sony Ericsson PC Suite] "c:\program files\sony ericsson\mobile2\application launcher\Application Launcher.exe" /startoptions mRun: [iso data fast cast] c:\documents and settings\all users\application data\save time iso data\trans save.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [MSOffice] c:\windows\system32\msoffice\update.exe mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe" mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE mRun: [skyTel] SkyTel.EXE mRun: [AFEC-CEAB] c:\documents and settings\silvo\application data\Seven.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [<NO NAME>] mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe" mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [bDAgent] "c:\program files\bitdefender\bitdefender 2012\bdagent.exe" mRun: [RTHDCPL] RTHDCPL.EXE mRun: [soundMan] SOUNDMAN.EXE mRun: [AlcWzrd] ALCWZRD.EXE mRun: [Alcmtr] ALCMTR.EXE mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OE1FSC1SNkJGRS1IV1VIRi1EUE5EQS1WRlVXWC0yRU1CUg"&"inst=NzYtODg4NDYwOTgwLVhPMzYrMS1OMUQrMS1QTCs5LUNJUCsyLUREVCsyMzM1OS1UVUcrMy1MU0QrMi1EMzgxTCs2LUkxMCsxLUREMTArMS1TVDEwQVBQKzEtRlVJKzItUDEwVEIrMg"&"prod=94"&"ver=10.0.1415 dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t dRun: [bDFFBC5DC7] c:\documents and settings\localservice\application data\Windows.exe dRun: [Google Update] c:\documents and settings\localservice\local settings\application data\google\update\gupdate.exe /app 16DA36A7C6637CD4F26B9C1699938645 dRun: [Java] c:\documents and settings\networkservice\application data\Java.exe dRunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 dRunOnce: [RunNarrator] Narrator.exe mExplorerRun: [AFEC-CEAB] c:\documents and settings\silvo\application data\Seven.exe StartupFolder: c:\docume~1\silvo\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\averqu~1.lnk - c:\program files\common files\avermedia\averquick\AVerQuick.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - c:\program files\icq7.2\ICQ.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.srtest.com/srl_bin/sysreqlab3.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1217854800937 DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} - hxxp://www.acclaim.com/cabs/acclaim_v4.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1217854781968 DPF: {7A0D1738-10EA-47FF-92BE-4E137B5BE1A4} - hxxps://mpsnare.iesnare.com/StmOCX.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://disteng.nefficient.com/disteng/neffy/NeffyLauncher.cab DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} - hxxp://update.nprotect.net/keycrypt/cabal/npkcx_inca.cab DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab TCP: Interfaces\{BC30E4D0-6780-42EB-9733-F8D55434BB60} : NameServer = 193.189.160.13,193.189.160.23 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL Notify: cryptnet32 - cryptnet32.dll Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL mASetup: {4J2W12JN-24YC-1KEY-3W83-4A0007DEHM43} - c:\windows\system32\msoffice\update.exe Restart mASetup: {8BD6E6C0-F9FC-AFEC-CEAB-D5AFF0CDDEBD} - c:\documents and settings\silvo\application data\Seven.exe mASetup: {B4F75571-4C73-7783-DA52-40731B332416} - c:\windows\system32\martin.exe . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\silvo\application data\mozilla\firefox\profiles\keudrcdb.default\ FF - prefs.js: browser.search.selectedEngine - ICQ Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.3&q= FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll FF - component: c:\documents and settings\silvo\application data\mozilla\firefox\profiles\keudrcdb.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko19.dll FF - component: c:\documents and settings\silvo\application data\mozilla\firefox\profiles\keudrcdb.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll FF - component: c:\documents and settings\silvo\application data\mozilla\firefox\profiles\keudrcdb.default\extensions\ffxtlbr@facemoods.com\components\FFHst.dll FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll . ============= SERVICES / DRIVERS =============== . R0 avc3;avc3;c:\windows\system32\drivers\avc3.sys [2012-3-20 611520] R1 BDVEDISK;BDVEDISK;c:\windows\system32\drivers\bdvedisk.sys [2010-1-19 85128] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664] R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608] R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2012-3-18 21992] R2 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\hwinfo32\HWiNFO32.SYS [2010-11-24 20088] R2 ICQ Service;ICQ Service;c:\program files\icq6toolbar\ICQ Service.exe [2009-7-19 247096] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-7-8 654408] R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-3-10 1262400] R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2012-6-18 793048] R2 UPDATESRV;BitDefender Desktop Update Service;c:\program files\bitdefender\bitdefender 2012\updatesrv.exe [2012-3-13 53224] R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [2008-8-4 37376] R3 avchv;avchv Function Driver;c:\windows\system32\drivers\avchv.sys [2011-11-25 240184] R3 avckf;avckf;c:\windows\system32\drivers\avckf.sys [2012-2-17 447208] R3 AVerBDA3x;AVerMedia SAA713x BDA Service;c:\windows\system32\drivers\AVerBDA3x.sys [2008-8-4 1180672] R3 kbdcap;kbdcap;c:\windows\system32\drivers\KbdCap.sys [2010-9-14 109440] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-7-8 22344] S1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\shldrv51.sys --> c:\windows\system32\drivers\ShlDrv51.sys [?] S2 17891;IpSectPro service new;c:\windows\system\178918.exe --> c:\windows\system\178918.exe [?] S2 AMService;AMService;c:\windows\temp\poky\setup.exe run --> c:\windows\temp\poky\setup.exe run [?] S2 CardBusService;CardBusService;c:\program files\common files\avermedia\service\CardBusService.exe [2008-8-4 188416] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate1ca19f0d79b2096;Storitev Google Update Service (gupdate1ca19f0d79b2096);c:\program files\google\update\GoogleUpdate.exe [2009-8-10 133104] S2 jakfcswx;jakfcswx;"c:\docume~1\silvo\locals~1\temp\dat9a2.tmp.exe" --service --> c:\docume~1\silvo\locals~1\temp\DAT9A2.tmp.exe [?] S2 PavProc;Panda Process Protection Driver;\??\c:\windows\system32\drivers\pavproc.sys --> c:\windows\system32\drivers\PavProc.sys [?] S2 PavPrSrv;Panda Process Protection Service;"c:\program files\common files\panda software\pavshld\pavprsrv.exe" --> c:\program files\common files\panda software\pavshld\pavprsrv.exe [?] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-19 257224] S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\toolbarbroker.exe --> c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [?] S3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys --> c:\windows\system32\drivers\bdfm.sys [?] S3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys --> c:\windows\system32\drivers\bdfndisf.sys [?] S3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys [2011-11-17 63056] S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336] S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2012-6-17 23456] S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2009-10-2 36608] S3 GEMC001;GEMC001;C:\GEMC001.sys [2012-3-18 72136] S3 GEMC002;GEMC002;C:\GEMC002.sys [2012-3-19 72136] S3 GEMC003;GEMC003;C:\GEMC003.sys [2012-3-18 72136] S3 GEMC004;GEMC004;C:\GEMC004.sys [2012-3-19 72136] S3 GEMC005;GEMC005;C:\GEMC005.sys [2012-3-18 72136] S3 GEMC007;GEMC007;C:\GEMC007.sys [2012-3-18 72136] S3 GEMC009;GEMC009;C:\GEMC009.sys [2012-3-18 72136] S3 GEMC011;GEMC011;C:\GEMC011.sys [2012-3-29 72136] S3 gupdatem;Storitev Posodobitve za Google (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-8-10 133104] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-7-29 27064] S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys --> c:\windows\system32\drivers\wg111v2.sys [?] S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\drivers\s816bus.sys [2008-8-7 81832] S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\drivers\s816mdfl.sys [2008-8-7 13864] S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\drivers\s816mdm.sys [2008-8-7 107304] S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s816mgmt.sys [2008-8-7 99112] S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\drivers\s816nd5.sys [2008-8-7 21928] S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\drivers\s816obex.sys [2008-8-7 97320] S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\drivers\s816unic.sys [2008-8-7 97704] S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096] S3 Update Server;BitDefender Update Server v2;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe [2011-10-14 307544] S3 vtany;vtany;\??\c:\windows\vtany.sys --> c:\windows\vtany.sys [?] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] S3 XDva190;XDva190;\??\c:\windows\system32\xdva190.sys --> c:\windows\system32\XDva190.sys [?] S3 XDva275;XDva275;\??\c:\windows\system32\xdva275.sys --> c:\windows\system32\XDva275.sys [?] S3 XDva279;XDva279;\??\c:\windows\system32\xdva279.sys --> c:\windows\system32\XDva279.sys [?] S3 XDva288;XDva288;\??\c:\windows\system32\xdva288.sys --> c:\windows\system32\XDva288.sys [?] S3 XDva351;XDva351;\??\c:\windows\system32\xdva351.sys --> c:\windows\system32\XDva351.sys [?] S3 XDva380;XDva380;\??\c:\windows\system32\xdva380.sys --> c:\windows\system32\XDva380.sys [?] S3 XDva385;XDva385;\??\c:\windows\system32\xdva385.sys --> c:\windows\system32\XDva385.sys [?] S3 XDva387;XDva387;\??\c:\windows\system32\xdva387.sys --> c:\windows\system32\XDva387.sys [?] S3 XDva389;XDva389;\??\c:\windows\system32\xdva389.sys --> c:\windows\system32\XDva389.sys [?] S3 XDva391;XDva391;\??\c:\windows\system32\xdva391.sys --> c:\windows\system32\XDva391.sys [?] S3 XDva392;XDva392;\??\c:\windows\system32\xdva392.sys --> c:\windows\system32\XDva392.sys [?] S3 XDva393;XDva393;\??\c:\windows\system32\xdva393.sys --> c:\windows\system32\XDva393.sys [?] S3 XDva394;XDva394;\??\c:\windows\system32\xdva394.sys --> c:\windows\system32\XDva394.sys [?] S3 xhunter1;xhunter1;\??\c:\windows\xhunter1.sys --> c:\windows\xhunter1.sys [?] S4 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-10-2 233472] . =============== Created Last 30 ================ . 2012-06-20 16:45:33 69632 ----a-w- c:\windows\Alcmtr.exe 2012-06-19 08:47:00 14080 ----a-w- c:\windows\system32\drivers\TrueSight.sys 2012-06-18 16:32:01 880640 ----a-w- c:\windows\system32\UniBox10.ocx 2012-06-18 16:32:01 658432 ----a-w- c:\windows\system32\MSCOMCT2.OCX 2012-06-18 16:32:01 37336 ----a-w- c:\windows\system32\CleanMFT32.exe 2012-06-18 16:32:01 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx 2012-06-18 16:32:01 1101824 ----a-w- c:\windows\system32\UniBox210.ocx 2012-06-18 16:31:58 -------- d-----w- c:\program files\PC Tools Registry Mechanic 2012-06-18 16:31:58 -------- d-----w- c:\program files\common files\PC Tools 2012-06-18 09:16:01 -------- d-----w- c:\documents and settings\silvo\local settings\application data\Opera 2012-06-17 22:45:24 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys 2012-06-17 22:45:24 -------- d-----w- c:\documents and settings\silvo\local settings\application data\eSupport.com 2012-06-17 21:44:55 -------- d-----w- C:\Rbackup 2012-06-17 21:41:22 -------- d-----w- c:\program files\Perfect Uninstaller 2012-06-15 10:36:04 340624 ----a-w- c:\windows\system32\drivers\trufos.sys 2012-06-15 10:36:03 360976 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys 2012-06-15 10:04:47 200593 ----a-w- c:\documents and settings\all users\application data\1339754446.bdinstall.bin 2012-06-15 10:04:12 -------- d-----w- c:\documents and settings\all users\application data\BDLogging 2012-06-15 10:03:38 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll 2012-06-15 10:03:13 -------- d-----w- c:\documents and settings\silvo\application data\Bitdefender 2012-06-15 10:00:58 -------- d-----w- c:\documents and settings\silvo\application data\QuickScan 2012-06-15 09:20:02 73728 ----a-w- c:\windows\system32\javacpl.cpl 2012-06-15 09:20:02 476936 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-05-23 19:45:13 -------- d-----w- c:\documents and settings\silvo\application data\Mumble 2012-05-23 19:33:50 -------- d-----w- c:\program files\Mumble . ==================== Find3M ==================== . 2012-06-15 09:19:51 472840 ----a-w- c:\windows\system32\deployJava1.dll 2012-06-14 13:55:14 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-14 13:55:13 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-05-25 13:12:36 1074636 ----a-w- c:\windows\system32\nvdrsdb0.bin 2012-05-25 13:12:36 1 ----a-w- c:\windows\system32\nvdrssel.bin 2012-05-25 13:09:16 1074636 ----a-w- c:\windows\system32\nvdrsdb1.bin 2012-05-15 10:18:00 883008 ----a-w- c:\windows\system32\nvgenco32.dll 2012-05-15 10:18:00 65536 ----a-w- c:\windows\system32\OpenCL.dll 2012-05-15 10:18:00 6012928 ----a-w- c:\windows\system32\nvcuda.dll 2012-05-15 10:18:00 4373248 ----a-w- c:\windows\system32\nv4_disp.dll 2012-05-15 10:18:00 2530624 ----a-w- c:\windows\system32\nvcuvid.dll 2012-05-15 10:18:00 2445120 ----a-w- c:\windows\system32\nvcuvenc.dll 2012-05-15 10:18:00 2359808 ----a-w- c:\windows\system32\nvapi.dll 2012-05-15 10:18:00 18771968 ----a-w- c:\windows\system32\nvoglnt.dll 2012-05-15 10:18:00 17543168 ----a-w- c:\windows\system32\nvcompiler.dll 2012-05-15 10:18:00 14014656 ----a-w- c:\windows\system32\drivers\nv4_mini.sys 2012-05-15 10:18:00 1000768 ----a-w- c:\windows\system32\nvdispco32.dll 2012-05-15 09:40:26 54272 ----a-w- c:\windows\system32\nvwddi.dll 2012-05-15 09:40:02 15504192 ----a-w- c:\windows\system32\nvcpl.dll 2012-05-15 09:40:02 143680 ----a-w- c:\windows\system32\nvcolor.exe 2012-05-15 09:40:01 164160 ----a-w- c:\windows\system32\nvsvc32.exe 2012-05-15 09:40:01 108352 ----a-w- c:\windows\system32\nvmctray.dll 2012-04-04 13:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-29 08:53:35 72136 ----a-w- C:\GEMC011.sys 2012-03-24 15:51:51 72136 ----a-w- C:\GEMC009.sys 2012-03-24 15:47:39 72136 ----a-w- C:\GEMC005.sys 2012-03-24 15:45:49 72136 ----a-w- C:\GEMC003.sys 2012-03-24 15:45:20 72136 ----a-w- C:\GEMC001.sys 2011-11-21 22:19:43 86405736 ----a-w- c:\program files\APB_Reloaded_Installer.exe . =================== ROOTKIT ==================== . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 5.1.2600 Disk: SAMSUNG_HD502IJ rev.1AA01109 -> Harddisk0\DR0 -> \Device\Ide\IdePort2 P2T0L0-7 . device: opened successfully user: MBR read successfully . Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8AE9AEE4]<< _asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x50; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x89b83820; SUB DWORD [EBP-0x4], 0x89b8312e; PUSH EDI; CALL 0xffffffffffffe10c; } 1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8AF02AB8] 3 CLASSPNP[0xF74C7FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000093[0x8AF37560] 5 ACPI[0xF735E620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8AF4E030] [0x8AF04CE0] -> IRP_MJ_CREATE -> 0x8AE9AEE4 kernel: MBR read successfully _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; } detected disk devices: \Device\Ide\IdeDeviceP2T0L0-7 -> \??\IDE#DiskSAMSUNG_HD502IJ_________________________1AA01109#31535433444a5157313331353237202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found detected hooks: \Driver\atapi DriverStartIo -> 0x8AE9ACE2 user & kernel MBR OK sectors 976773166 (+255): user != kernel Warning: possible TDL3 rootkit infection ! . ============= FINISH: 2:26:32.35 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 04/08/2008 05:08:59 System Uptime: 20/06/2012 03:07:58 (23 hours ago) . Motherboard: ASUSTeK Computer INC. | | P5K SE/EPU Processor: Procesor Intel Pentium III Xeon | LGA775 | 2666/333mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 466 GiB total, 99.067 GiB free. D: is CDROM () E: is Removable F: is Removable G: is Removable H: is Removable L: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318} Description: PS/2 Keyboard Device ID: ACPI\PNP0303\4&1400782C&0 Manufacturer: Logitech Name: PS/2 Keyboard PNP Device ID: ACPI\PNP0303\4&1400782C&0 Service: i8042prt . ==== System Restore Points =================== . RP9: 15/03/2012 15:27:01 - Installed Realtek High Definition Audio Driver RP10: 18/03/2012 15:32:00 - Installed Realtek High Definition Audio Driver RP18: 06/04/2012 10:48:06 - Installed TuneUp Utilities 2012 RP19: 06/04/2012 10:59:30 - Removed TuneUp Utilities 2012 RP20: 06/04/2012 10:59:58 - Removed TuneUp Utilities Language Pack (en-US) RP21: 07/04/2012 17:39:03 - System Checkpoint RP22: 08/04/2012 18:22:54 - System Checkpoint RP23: 09/04/2012 18:33:12 - System Checkpoint RP24: 10/04/2012 19:33:11 - System Checkpoint RP25: 12/04/2012 01:53:54 - System Checkpoint RP26: 13/04/2012 02:35:48 - System Checkpoint RP27: 14/04/2012 03:17:56 - System Checkpoint RP28: 15/04/2012 01:02:13 - Removed Java 6 Update 29 RP29: 16/04/2012 01:53:53 - System Checkpoint RP30: 17/04/2012 02:58:38 - System Checkpoint RP31: 18/04/2012 05:15:07 - System Checkpoint RP32: 19/04/2012 06:35:20 - Installed Realtek High Definition Audio Driver RP33: 20/04/2012 17:54:25 - System Checkpoint RP34: 21/04/2012 18:45:01 - System Checkpoint RP35: 22/04/2012 19:44:59 - System Checkpoint RP36: 23/04/2012 20:45:01 - System Checkpoint RP37: 24/04/2012 21:43:56 - System Checkpoint RP38: 25/04/2012 22:41:46 - System Checkpoint RP39: 26/04/2012 23:41:49 - System Checkpoint RP40: 27/04/2012 23:42:01 - System Checkpoint RP41: 28/04/2012 09:54:21 - Installed Realtek High Definition Audio Driver RP42: 02/05/2012 05:23:13 - Installed Realtek High Definition Audio Driver RP43: 02/05/2012 05:26:04 - Installed Realtek High Definition Audio Driver RP44: 03/05/2012 04:04:05 - Installed Realtek High Definition Audio Driver RP45: 03/05/2012 07:49:49 - Installed Realtek High Definition Audio Driver RP46: 03/05/2012 12:34:30 - Installed Realtek High Definition Audio Driver RP47: 03/05/2012 13:19:06 - Installed Realtek High Definition Audio Driver RP48: 10/05/2012 02:24:12 - Installed Realtek High Definition Audio Driver RP49: 10/05/2012 02:33:49 - Installed Realtek High Definition Audio Driver RP50: 18/05/2012 18:25:03 - System Checkpoint RP51: 19/05/2012 18:47:14 - System Checkpoint RP52: 20/05/2012 18:50:59 - System Checkpoint RP53: 21/05/2012 19:05:29 - System Checkpoint RP54: 22/05/2012 19:09:24 - System Checkpoint RP55: 23/05/2012 12:33:43 - Installed Mumble 1.2.3 RP56: 24/05/2012 19:35:01 - System Checkpoint RP57: 25/05/2012 06:06:40 - Installed Realtek High Definition Audio Driver RP58: 25/05/2012 07:21:33 - Installed Realtek High Definition Audio Driver RP59: 29/05/2012 16:54:50 - System Checkpoint RP60: 30/05/2012 18:35:02 - System Checkpoint RP61: 31/05/2012 18:46:34 - System Checkpoint RP62: 01/06/2012 19:47:59 - System Checkpoint RP63: 02/06/2012 20:47:56 - System Checkpoint RP64: 03/06/2012 21:47:56 - System Checkpoint RP65: 04/06/2012 22:47:58 - System Checkpoint RP66: 05/06/2012 23:47:55 - System Checkpoint RP67: 07/06/2012 00:48:07 - System Checkpoint RP68: 08/06/2012 01:52:48 - System Checkpoint RP69: 09/06/2012 02:48:12 - System Checkpoint RP70: 09/06/2012 09:54:54 - Installed Realtek High Definition Audio Driver RP71: 14/06/2012 10:11:27 - Installed Realtek High Definition Audio Driver RP72: 15/06/2012 02:19:17 - Removed Java 6 Update 31 RP73: 17/06/2012 00:21:33 - Installed Realtek High Definition Audio Driver RP74: 20/06/2012 03:14:42 - Installed Realtek High Definition Audio Driver . ==== Installed Programs ====================== . "Nero SoundTrax Help AAC Decoder ABBYY FineReader 6.0 Sprint AC3Filter (remove only) Adobe AIR Adobe Community Help Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Media Player Adobe Photoshop CS5 Adobe Reader 8.3.1 Adobe Shockwave Player 11.6 Advertising Center Aion Aion (Europe) Aion (North America) APB Reloaded Apple Software Update Ask Toolbar Atheros Communications Inc.® L1 Gigabit Ethernet Driver AVerMedia M135-Series PCI TV Tuner 3.5.0.65 AVerMedia MCE Encoder 3.2.1.62 AVerTV Bitdefender Antivirus Plus 2012 BitTorrent BitTorrentBar Toolbar Born To Be Big BS.Player FREE powered by AdVantage CCleaner CDDRV_Installer Cheat Engine 5.6 CPUID CPU-Z 1.60 Critical Update for Windows Media Player 11 (KB959772) Crystal Reports Basic for Visual Studio 2008 DAEMON Tools Toolbar DirectVobSub 2.40.4209 DivX Codec DivX Converter DivX Player DivX Plus DirectShow Filters DivX Setup DivX Version Checker DolbyFiles DriverAgent by eSupport.com EA Download Manager Epson Easy Photo Print 2 EPSON Scan Epson Stylus SX210_SX410_TX210_TX410 Priročnik EPSON SX410 Series Printer Uninstall EPSON Web-To-Page FindXplorer 1.0 build 111 GamersFirst LIVE! GameSpy Arcade GameSpy Comrade globaldk Google Chrome Google Update Helper Google Updater Google Zemlja Granado Espada H.264 Decoder Halo 2 for Windows Vista Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB971091) Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB973674) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB942288-v3) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976002-v5) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) hp print screen utility HWiNFO32 Version 3.62 ICQ Toolbar ICQ7.2 ImagXpress Java Auto Updater Java 6 Update 33 Junk Mail filter update KhalInstallWrapper LiveSearch Notification Tool Logitech Registration Logitech SetPoint Macro Wizard 4.1 Magic ISO Maker v5.5 (build 0272) Magic ISO Maker v5.5 (build 0281) MagicDisc 2.7.105 MegaTrainer eXperience V1.0.9.0 Menu Templates - Starter Kit Messenger Plus! Live Microsoft .NET Compact Framework 2.0 SP2 Microsoft .NET Compact Framework 3.5 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2416447) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Device Emulator version 3.0 - ENU Microsoft Document Explorer 2008 Microsoft Games for Windows - LIVE Microsoft Games for Windows - LIVE Redistributable Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2) Microsoft Office Visual Web Developer 2007 Microsoft Office Visual Web Developer MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Software Update for Web Folders (English) 12 Microsoft SQL Server 2005 Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) Microsoft SQL Server 2005 Tools Express Edition Microsoft SQL Server Compact 3.5 Design Tools ENU Microsoft SQL Server Compact 3.5 ENU Microsoft SQL Server Compact 3.5 for Devices ENU Microsoft SQL Server Database Publishing Wizard 1.2 Microsoft SQL Server Native Client Microsoft SQL Server Setup Support Files (English) Microsoft SQL Server VSS Writer Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual Studio 2005 Tools for Office Runtime Microsoft Visual Studio 2008 Professional Edition - ENU Microsoft Visual Studio Web Authoring Component Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense Microsoft Windows SDK for Visual Studio 2008 Tools Microsoft Windows SDK for Visual Studio 2008 Win32 Tools Microsoft WSE 3.0 Runtime Microsoft_VC80_ATL_x86 Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_ATL_x86 Microsoft_VC90_CRT_x86 Microsoft_VC90_MFC_x86 Minecraft Beta Cracked MKV Splitter Movie Templates - Starter Kit Mozilla Firefox 10.0.2 (x86 sl) MSVCRT MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 6.0 Parser Mumble 1.2.3 NCsoft Launcher Neffy 1,2,0,22 Nero - Burning Rom Nero 9 Nero BurningROM Nero BurnRights Nero ControlCenter Nero CoverDesigner Nero CoverDesigner Help Nero Disc Copy Gadget Nero Disc Copy Gadget Help Nero DiscSpeed Nero DriveSpeed Nero Express Nero InfoTool Nero Installer Nero Live Nero Live Help Nero PhotoSnap Nero PhotoSnap Help Nero Recode Nero Recode Help Nero Rescue Agent Nero RescueAgent Help Nero ShowTime Nero StartSmart Nero StartSmart Help Nero Vision Nero WaveEditor Nero WaveEditor Help NeroBurningROM NeroExpress neroxml Nexus Mod Manager nProtect KeyCrypt NVIDIA Graphic driver 301.42 NVIDIA Install Application NVIDIA control panel 301.42 NVIDIA nTune NVIDIA nView Desktop Manager NVIDIA PhysX NVIDIA update 1.8.15 NVIDIA Programa nView 136.27 NVIDIA System software PhysX 9.12.0213 NVIDIA Update Components Opera 12.00 Transfer service for Windows Live Paint.NET v3.5.1 Pando Media Booster PC Tools Registry Mechanic 11.0 PDF Settings CS5 PhotoScape Pocket Theme Organizer Pošta Windows Live PunkBuster Services QuickTime RealNetworks - Microsoft Visual C++ 2008 Runtime RealPlayer Realtek High Definition Audio Driver RealUpgrade 1.1 Revo Uninstaller Pro 2.5.3 Rockstar Games Social Club SAMSUNG Mobile Composite Device Software SAMSUNG Mobile Modem Driver Set Samsung Mobile phone USB driver Software SAMSUNG Mobile USB Modem 1.0 Software SAMSUNG Mobile USB Modem Software Samsung New PC Studio Samsung New PC Studio USB Driver Installer Sanctum © Coffee Stain Studios version 1 Security Update for 2007 Microsoft Office System (KB2288621) Security Update for 2007 Microsoft Office System (KB2288931) Security Update for 2007 Microsoft Office System (KB2345043) Security Update for 2007 Microsoft Office System (KB2466156) Security Update for 2007 Microsoft Office System (KB2509488) Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB976321) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) Security Update for Microsoft Office Access 2007 (KB979440) Security Update for Microsoft Office Excel 2007 (KB2464583) Security Update for Microsoft Office Groove 2007 (KB2494047) Security Update for Microsoft Office InfoPath 2007 (KB979441) Security Update for Microsoft Office PowerPoint 2007 (KB2464594) Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623) Security Update for Microsoft Office Publisher 2007 (KB2284697) Security Update for Microsoft Office system 2007 (972581) Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft Office Visio Viewer 2007 (KB973709) Security Update for Microsoft Office Word 2007 (KB2344993) Security Update for Windows Internet Explorer 7 (KB938127-v2) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 7 (KB969897) Security Update for Windows Internet Explorer 7 (KB972260) Security Update for Windows Internet Explorer 7 (KB974455) Security Update for Windows Internet Explorer 8 (KB2497640) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB974455) Security Update for Windows Internet Explorer 8 (KB976325) Security Update for Windows Internet Explorer 8 (KB978207) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977165) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982665) Segoe UI Ski Challenge 2009 (zurnal24.si) Skype™ 4.0 Softonic_English Toolbar Software Update for Web Folders Sony Ericsson Device Data Sony Ericsson Drivers Sony Ericsson PC Suite SoundTrax Steam SUPERAntiSpyware swMSM Sword 2 System Requirements Lab System Requirements Lab CYRI System Requirements Lab for Intel TeamSpeak 2 RC2 TeamSpeak 3 Client TeamViewer 6 TeamViewer 7 TERA Tweak UI Ubisoft Game Launcher Update for 2007 Microsoft Office System (KB2284654) Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Office OneNote 2007 (KB980729) Update for Microsoft Office Outlook 2007 (KB2412171) Update for Microsoft Visual Studio 2008 Professional Edition - ENU (KB972221) Update for Outlook 2007 Junk Email Filter (KB2522999) Update for Windows Internet Explorer 7 (KB976749) Update for Windows Internet Explorer 8 (KB975364) Update for Windows Internet Explorer 8 (KB976662) Update for Windows Internet Explorer 8 (KB976749) Update for Windows Internet Explorer 8 (KB980182) Update for Windows XP (KB2345886) Update for Windows XP (KB942763) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB961503) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) USB Mass Storage Toolbox VC80CRTRedist - 8.0.50727.6195 Visual Studio Tools for the Office system 3.0 Runtime VLC media player 2.0.1 VMware Player Wallery WebFldrs XP Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0) Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0) Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 8 Windows Live - Pomocnik za vpis Windows Live Communications Platform Windows Live Essentials Windows Live Messenger Windows Live OneCare safety scanner Windows Media Format 11 runtime Windows Mobile 5.0 SDK R2 for Pocket PC Windows Mobile 5.0 SDK R2 for Smartphone Windows Presentation Foundation Windows XP Service Pack 3 WinFast® Display Driver WinFox Setup WinRAR archiver Xfire (remove only) XML Paper Specification Shared Components Pack 1.0 . ==== Event Viewer Messages From Past Week ======== . 18/06/2012 10:43:46, informacija: Windows File Protection [64018] - Windows File Protection file scan was cancelled by user interaction, user name is Silvo. 18/06/2012 10:43:45, informacija: Windows File Protection [64021] - The System file c:\windows\system32\inetsrv\certmap.ocx could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability. 18/06/2012 10:43:41, informacija: Windows File Protection [64016] - Windows File Protection file scan was started. 18/06/2012 10:43:22, informacija: Windows File Protection [64018] - Windows File Protection file scan was cancelled by user interaction, user name is Silvo. 18/06/2012 10:43:21, informacija: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\certmap.ocx could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user.]. This file is necessary to maintain system stability. . ==== End Of File ===========================
  22. Abbey
    Hello. I have alot of problems with my computer wich I believe are caused by malwares. Any help would be appreciated. - I hear audio in the background that randomly turns on and off - I keep on getting svchost.exe errors and chrome.exe errors when I use google Chrome. - Audio often doesn't work at all and in order to fix it i need to reinstall my sound drivers (updating does not help) - Whenever I turn my computer on I have to wait approximately 10mins for winows bar and desktop icons to show (I can only see my desktop background and nothing but task manager works) I have Windows XP 32bit. Computer is around 4 years old. I regulary use Malwarebytes, SuperAntiSpyware and Bitdefender Antivirus Plus 2012.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.