DejanS

208.73.210.29 blocked by M.Anti-Malvare, cannot open some sites in any browser

80 posts in this topic

Hi :)

During the last few days M.Anti-Malware often blocked access to malicious address 208.73.210.29.

It didn’t happen before. At the same time, I have noticed that I cannot open Yahoo email page from messenger.

Also, I can't send any file in Yahoo messenger - every time I try, upload is stoped at the end.

Then it started making jokes with Isohunt site.

I can open their home page just if I cleaned cash/browsing history.

Every later attempt finishes with "Problem accessing page...".

No matter which browser I used (Mozilla, Chrome, IE..) I can’t get to that site, and often to some other where Isohunt is mentioned.

I attached friend’s laptop to my internet cable and there are no any similar problems, so it seems problem is in my PC.

I scanned it with Spybot S&D, with my AV (NOD32), with Ad-Aware... No infections.

Latest warning from NOD32 said that it blocked svchost.exe from connecting to malicious site.

Please, can you help me to find 'alien' or 'aliens'? Why I can't get to some sites?

Thanks, in advance :)

Dejan

P.S. I checked out "Hosts" file in windows, (I use XP) and its clean - no any entries there.

attach.txt

dds.txt

Share this post


Link to post
Share on other sites

Hello Dejan and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Step 1

I see you are running Teatimer.

I suggest you to disable it because it can interfere with the changes you'll make on your system.

When everything is done and your log is clean again, you can enable it again.

If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

How to disable TeaTimer <== click me for instructions.

After you disabled Teatimer, download ResetTeaTimer.exe to your desktop.

Then run ResetTeaTimer.exe.

This will only take a few seconds.

Step 2

Please uninstall µTorrent, because is against our policy:

http://forums.malwarebytes.org/index.php?showtopic=97700

Anti-Virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash. I suggest you to uninstall Ad-Aware and to leave ESET Smart Security.

Finally, reboot your PC.

Step 3

Download the latest version of TDSSKiller from here and save it to your Desktop.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg
  7. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 4

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

  • TDSSKiller log
  • Malwarebytes' Anti-Malware log
  • a new fresh DDS log file

Share this post


Link to post
Share on other sites

Hi :)

First, thank you so much for help with this problem.

I already had battles against viruses, and always succeed to remove those...

But, this one seems to be some stubborn beast :)

In first post I forgot to mention that my net-surf goes slower. For example, youtube videos need 10-15 sec to start (3-4 sec earlier) in all browsers.

I noticed that M.Anti-Malware didnt find anything suspicious. TDSSKiller found 35 suspicious processes, but I am sure some of those are quite harmless (like some processes connected to AMD processor).

I uninstalled uTorrent and Ad-Aware, adn did everythng else, as proposed.

I hope that attached fiels will help you to track down what could be problem here.

Thanks, again! :*

Dejan

dds.txt

attach.txt

mbam-log-2012-04-15 (14-04-34).txt

TDSSKiller.2.7.28.0_15.04.2012_13.58.41_log.txt

Share this post


Link to post
Share on other sites
Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
Please copy and paste its contents on your next reply.
In your next reply, post the following log files:

Share this post


Link to post
Share on other sites

I am sorry for missunderstanding...

TDSSKiller log:

13:58:41.0843 3792 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05

13:58:42.0062 3792 ============================================================

13:58:42.0062 3792 Current date / time: 2012/04/15 13:58:42.0062

13:58:42.0062 3792 SystemInfo:

13:58:42.0062 3792

13:58:42.0062 3792 OS Version: 5.1.2600 ServicePack: 2.0

13:58:42.0062 3792 Product type: Workstation

13:58:42.0062 3792 ComputerName: MOBILE

13:58:42.0062 3792 UserName: User

13:58:42.0062 3792 Windows directory: C:\WINDOWS

13:58:42.0062 3792 System windows directory: C:\WINDOWS

13:58:42.0062 3792 Processor architecture: Intel x86

13:58:42.0062 3792 Number of processors: 2

13:58:42.0062 3792 Page size: 0x1000

13:58:42.0062 3792 Boot type: Normal boot

13:58:42.0062 3792 ============================================================

13:58:43.0531 3792 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

13:58:43.0562 3792 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

13:58:43.0562 3792 \Device\Harddisk0\DR0:

13:58:43.0562 3792 MBR used

13:58:43.0562 3792 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x61A7927

13:58:43.0578 3792 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x61A79A5, BlocksNum 0x17018D1B

13:58:43.0578 3792 \Device\Harddisk1\DR1:

13:58:43.0578 3792 MBR used

13:58:43.0578 3792 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F00, BlocksNum 0x1869E559

13:58:43.0578 3792 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x186A2459, BlocksNum 0x1869E598

13:58:43.0578 3792 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x30D409F1, BlocksNum 0x9644250

13:58:43.0984 3792 Initialize success

13:58:43.0984 3792 ============================================================

13:59:14.0125 0596 ============================================================

13:59:14.0125 0596 Scan started

13:59:14.0125 0596 Mode: Manual; SigCheck; TDLFS;

13:59:14.0125 0596 ============================================================

13:59:14.0515 0596 Abiosdsk - ok

13:59:14.0531 0596 abp480n5 - ok

13:59:14.0578 0596 acedrv10 (b253d403cf527ff11921ceee193ef465) C:\WINDOWS\system32\drivers\acedrv10.sys

13:59:14.0875 0596 acedrv10 - ok

13:59:14.0921 0596 acehlp10 (77507733dc5e2953960c88da59a5c94b) C:\WINDOWS\system32\drivers\acehlp10.sys

13:59:15.0109 0596 acehlp10 - ok

13:59:15.0156 0596 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys

13:59:15.0328 0596 ACPI - ok

13:59:15.0359 0596 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

13:59:15.0515 0596 ACPIEC - ok

13:59:15.0546 0596 ACS (276a114fd1de8232211f299e90da8e3a) C:\WINDOWS\system32\acs.exe

13:59:15.0562 0596 ACS ( UnsignedFile.Multi.Generic ) - warning

13:59:15.0562 0596 ACS - detected UnsignedFile.Multi.Generic (1)

13:59:15.0609 0596 Adobe LM Service (c1eb9968ec89fba5f3a264e2e57923ab) C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

13:59:15.0625 0596 Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning

13:59:15.0625 0596 Adobe LM Service - detected UnsignedFile.Multi.Generic (1)

13:59:15.0640 0596 adpu160m - ok

13:59:15.0656 0596 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys

13:59:16.0078 0596 aec - ok

13:59:16.0109 0596 AegisP (91f3df93f40a74d222cd166fe95db633) C:\WINDOWS\system32\DRIVERS\AegisP.sys

13:59:16.0125 0596 AegisP ( UnsignedFile.Multi.Generic ) - warning

13:59:16.0125 0596 AegisP - detected UnsignedFile.Multi.Generic (1)

13:59:16.0156 0596 AFD (6a0397376853e604de8e1e7a87fc08ac) C:\WINDOWS\System32\drivers\afd.sys

13:59:16.0203 0596 AFD - ok

13:59:16.0203 0596 Aha154x - ok

13:59:16.0218 0596 aic78u2 - ok

13:59:16.0234 0596 aic78xx - ok

13:59:16.0250 0596 Alerter (c7ae0fd3867db0d42b03b73c18f3d671) C:\WINDOWS\system32\alrsvc.dll

13:59:16.0359 0596 Alerter - ok

13:59:16.0390 0596 ALG (f1958fbf86d5c004cf19a5951a9514b7) C:\WINDOWS\System32\alg.exe

13:59:16.0500 0596 ALG - ok

13:59:16.0500 0596 AliIde - ok

13:59:16.0578 0596 ALSysIO - ok

13:59:16.0625 0596 AmdK8 (0a4d13b388c814560bd69c3a496ecfa8) C:\WINDOWS\system32\DRIVERS\AmdK8.sys

13:59:16.0671 0596 AmdK8 ( UnsignedFile.Multi.Generic ) - warning

13:59:16.0671 0596 AmdK8 - detected UnsignedFile.Multi.Generic (1)

13:59:16.0687 0596 AmdLLD (ad8fa28d8ed0d0a689a0559085ce0f18) C:\WINDOWS\system32\DRIVERS\AmdLLD.sys

13:59:16.0765 0596 AmdLLD - ok

13:59:16.0781 0596 AMDPCI - ok

13:59:16.0796 0596 amdtools - ok

13:59:16.0828 0596 Amfilter (d716473c4f66c1173d3ca4e679f68743) C:\WINDOWS\system32\DRIVERS\Amfilter.sys

13:59:16.0859 0596 Amfilter ( UnsignedFile.Multi.Generic ) - warning

13:59:16.0859 0596 Amfilter - detected UnsignedFile.Multi.Generic (1)

13:59:16.0875 0596 Amps2prt (f0f3c6865acf65971b9570201dfae68f) C:\WINDOWS\system32\DRIVERS\Amps2prt.sys

13:59:16.0906 0596 Amps2prt ( UnsignedFile.Multi.Generic ) - warning

13:59:16.0906 0596 Amps2prt - detected UnsignedFile.Multi.Generic (1)

13:59:16.0906 0596 amsint - ok

13:59:16.0921 0596 Amusbprt (0e264a9acb592f3fd91e742983db6a96) C:\WINDOWS\system32\DRIVERS\Amusbprt.sys

13:59:16.0953 0596 Amusbprt ( UnsignedFile.Multi.Generic ) - warning

13:59:16.0953 0596 Amusbprt - detected UnsignedFile.Multi.Generic (1)

13:59:16.0968 0596 AppMgmt (9c3c12975c97119412802b181fbeeffe) C:\WINDOWS\System32\appmgmts.dll

13:59:17.0078 0596 AppMgmt - ok

13:59:17.0125 0596 AR5211 (3cb8e72b7c9887b42b90000e8cb1e7be) C:\WINDOWS\system32\DRIVERS\ar5211.sys

13:59:17.0187 0596 AR5211 ( UnsignedFile.Multi.Generic ) - warning

13:59:17.0187 0596 AR5211 - detected UnsignedFile.Multi.Generic (1)

13:59:17.0187 0596 asc - ok

13:59:17.0203 0596 asc3350p - ok

13:59:17.0203 0596 asc3550 - ok

13:59:17.0234 0596 ASNDIS5 (05a56c3156e1b6cc7bbd8e1d54d491f2) C:\WINDOWS\system32\ASNDIS5.SYS

13:59:17.0265 0596 ASNDIS5 ( UnsignedFile.Multi.Generic ) - warning

13:59:17.0265 0596 ASNDIS5 - detected UnsignedFile.Multi.Generic (1)

13:59:17.0328 0596 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe

13:59:17.0343 0596 aspnet_state - ok

13:59:17.0390 0596 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

13:59:17.0515 0596 AsyncMac - ok

13:59:17.0546 0596 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys

13:59:17.0671 0596 atapi - ok

13:59:17.0671 0596 Atdisk - ok

13:59:17.0703 0596 atksgt (3c4b9850a2631c2263507400d029057b) C:\WINDOWS\system32\DRIVERS\atksgt.sys

13:59:17.0765 0596 atksgt - ok

13:59:17.0796 0596 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

13:59:17.0937 0596 Atmarpc - ok

13:59:17.0953 0596 AudioSrv (db66db626e4882ebef55f136f12c1829) C:\WINDOWS\System32\audiosrv.dll

13:59:18.0078 0596 AudioSrv - ok

13:59:18.0109 0596 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

13:59:18.0265 0596 audstub - ok

13:59:18.0296 0596 BCM43XX (e7debb46b9ef1f28932e533be4a3d1a9) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys

13:59:18.0375 0596 BCM43XX - ok

13:59:18.0406 0596 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

13:59:18.0562 0596 Beep - ok

13:59:18.0625 0596 BITS (2c69ec7e5a311334d10dd95f338fccea) C:\WINDOWS\system32\qmgr.dll

13:59:18.0890 0596 BITS - ok

13:59:18.0953 0596 BlueletAudio (852a1bd08e7dfeb9e30b5440881c0501) C:\WINDOWS\system32\DRIVERS\blueletaudio.sys

13:59:18.0968 0596 BlueletAudio - ok

13:59:19.0000 0596 BlueletSCOAudio (8fc27b12a02b43947787f0ef1885df9b) C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys

13:59:19.0015 0596 BlueletSCOAudio - ok

13:59:19.0062 0596 Bonjour Service (73686fe0b2e0469f89fd2075be724704) C:\Program Files\Bonjour\mDNSResponder.exe

13:59:19.0078 0596 Bonjour Service ( UnsignedFile.Multi.Generic ) - warning

13:59:19.0078 0596 Bonjour Service - detected UnsignedFile.Multi.Generic (1)

13:59:19.0093 0596 Browser (39128b5a743545baedd3984c210f00a8) C:\WINDOWS\System32\browser.dll

13:59:19.0531 0596 Browser - ok

13:59:19.0546 0596 BT (c5cce2b26f73f8cf7f3c82159e79aa08) C:\WINDOWS\system32\DRIVERS\btnetdrv.sys

13:59:19.0562 0596 BT - ok

13:59:19.0593 0596 Btcsrusb (da473d279420234170da795f1cad4479) C:\WINDOWS\system32\Drivers\btcusb.sys

13:59:19.0593 0596 Btcsrusb - ok

13:59:19.0625 0596 BTHidEnum (ce643d0918123d76a5caab008fca9663) C:\WINDOWS\system32\Drivers\vbtenum.sys

13:59:19.0625 0596 BTHidEnum - ok

13:59:19.0640 0596 BTHidMgr (dfca4fe4c8aec786b4d0f432eb730f48) C:\WINDOWS\system32\Drivers\BTHidMgr.sys

13:59:19.0656 0596 BTHidMgr - ok

13:59:19.0671 0596 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

13:59:19.0843 0596 cbidf2k - ok

13:59:19.0843 0596 cd20xrnt - ok

13:59:19.0875 0596 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

13:59:20.0031 0596 Cdaudio - ok

13:59:20.0046 0596 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys

13:59:20.0156 0596 Cdfs - ok

13:59:20.0171 0596 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys

13:59:20.0328 0596 Cdrom - ok

13:59:20.0328 0596 Changer - ok

13:59:20.0343 0596 CiSvc (3192bd04d032a9c4a85a3278c268a13a) C:\WINDOWS\system32\cisvc.exe

13:59:20.0468 0596 CiSvc - ok

13:59:20.0484 0596 ClipSrv (c8dec22c4137d7a90f8bdf41ca4b82ae) C:\WINDOWS\system32\clipsrv.exe

13:59:20.0593 0596 ClipSrv - ok

13:59:20.0640 0596 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

13:59:20.0734 0596 clr_optimization_v2.0.50727_32 - ok

13:59:20.0765 0596 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

13:59:20.0828 0596 clr_optimization_v4.0.30319_32 - ok

13:59:20.0828 0596 CmdIde - ok

13:59:20.0843 0596 COMSysApp - ok

13:59:20.0859 0596 Cpqarray - ok

13:59:20.0890 0596 CryptSvc (87f3e2d2a3231f820f9248db90090f42) C:\WINDOWS\System32\cryptsvc.dll

13:59:21.0343 0596 CryptSvc - ok

13:59:21.0359 0596 dac2w2k - ok

13:59:21.0359 0596 dac960nt - ok

13:59:21.0390 0596 DcomLaunch (24b5d53b9accc1e2edcf0a878d6659d4) C:\WINDOWS\system32\rpcss.dll

13:59:21.0484 0596 DcomLaunch - ok

13:59:21.0500 0596 Dhcp (3f15a1dbd86f7bdaf404648282d11ece) C:\WINDOWS\System32\dhcpcsvc.dll

13:59:21.0984 0596 Dhcp - ok

13:59:22.0000 0596 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys

13:59:22.0125 0596 Disk - ok

13:59:22.0140 0596 dmadmin - ok

13:59:22.0171 0596 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys

13:59:22.0359 0596 dmboot - ok

13:59:22.0406 0596 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys

13:59:22.0531 0596 dmio - ok

13:59:22.0562 0596 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

13:59:22.0718 0596 dmload - ok

13:59:22.0734 0596 dmserver (1639d9964c9e1b2ecca95c8217d3e70d) C:\WINDOWS\System32\dmserver.dll

13:59:22.0843 0596 dmserver - ok

13:59:22.0875 0596 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys

13:59:22.0984 0596 DMusic - ok

13:59:23.0015 0596 Dnscache (6333c7e182e5b6247500188d28214def) C:\WINDOWS\System32\dnsrslvr.dll

13:59:23.0468 0596 Dnscache - ok

13:59:23.0515 0596 Dot4 (ad7fc1963b152b3728e3c4f83554a576) C:\WINDOWS\system32\DRIVERS\Dot4.sys

13:59:23.0640 0596 Dot4 - ok

13:59:23.0656 0596 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys

13:59:23.0812 0596 Dot4Print - ok

13:59:23.0828 0596 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys

13:59:24.0000 0596 dot4usb - ok

13:59:24.0000 0596 dpti2o - ok

13:59:24.0031 0596 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys

13:59:24.0156 0596 drmkaud - ok

13:59:24.0156 0596 dtscsi - ok

13:59:24.0203 0596 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys

13:59:24.0218 0596 dtsoftbus01 - ok

13:59:24.0250 0596 eamon (d42dd9021acd47683b33adf21bca49aa) C:\WINDOWS\system32\DRIVERS\eamon.sys

13:59:24.0265 0596 eamon - ok

13:59:24.0296 0596 ehdrv (fe7824239d132ad9ebd8645fe1199b30) C:\WINDOWS\system32\DRIVERS\ehdrv.sys

13:59:24.0328 0596 ehdrv - ok

13:59:24.0390 0596 EhttpSrv (68d91a34ce51cf15c45dd68f7f1257e8) C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe

13:59:24.0390 0596 EhttpSrv - ok

13:59:24.0437 0596 ekrn (191d8eccc40f05b52fac0513f35ba01d) C:\Program Files\ESET\ESET Smart Security\ekrn.exe

13:59:24.0640 0596 ekrn - ok

13:59:24.0687 0596 epfw (73411c14a8c6062bb6a510772cf2f38c) C:\WINDOWS\system32\DRIVERS\epfw.sys

13:59:24.0703 0596 epfw - ok

13:59:24.0718 0596 Epfwndis (490329bf80f333e788df9596a752a915) C:\WINDOWS\system32\DRIVERS\Epfwndis.sys

13:59:24.0765 0596 Epfwndis - ok

13:59:24.0796 0596 epfwtdi (bdde7dd8fcdb1de7e879bb320b0605c0) C:\WINDOWS\system32\DRIVERS\epfwtdi.sys

13:59:24.0828 0596 epfwtdi - ok

13:59:24.0859 0596 ERSvc (67dff7bbbd0e80aab7b3cf061448db8a) C:\WINDOWS\System32\ersvc.dll

13:59:24.0953 0596 ERSvc - ok

13:59:24.0984 0596 Eventlog (4712531ab7a01b7ee059853ca17d39bd) C:\WINDOWS\system32\services.exe

13:59:25.0046 0596 Eventlog - ok

13:59:25.0078 0596 EventSystem (a4ab3dca4a383f0df4988abdeb84f9a4) C:\WINDOWS\system32\es.dll

13:59:25.0109 0596 EventSystem - ok

13:59:25.0125 0596 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys

13:59:25.0250 0596 Fastfat - ok

13:59:25.0281 0596 FastUserSwitchingCompatibility (53d9184a21c5cbf600d918e51ef3a7e5) C:\WINDOWS\System32\shsvcs.dll

13:59:25.0765 0596 FastUserSwitchingCompatibility - ok

13:59:25.0812 0596 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys

13:59:25.0953 0596 Fdc - ok

13:59:25.0984 0596 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys

13:59:26.0109 0596 Fips - ok

13:59:26.0156 0596 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

13:59:26.0218 0596 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning

13:59:26.0218 0596 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)

13:59:26.0234 0596 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

13:59:26.0359 0596 Flpydisk - ok

13:59:26.0390 0596 FltMgr (5a85cd3d07273e3f6fe72ee9c6431632) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

13:59:26.0875 0596 FltMgr - ok

13:59:26.0953 0596 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

13:59:26.0953 0596 FontCache3.0.0.0 - ok

13:59:27.0015 0596 FreshIO (caac750e6d27866c28494e0de9fa802a) C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys

13:59:27.0031 0596 FreshIO ( UnsignedFile.Multi.Generic ) - warning

13:59:27.0031 0596 FreshIO - detected UnsignedFile.Multi.Generic (1)

13:59:27.0046 0596 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

13:59:27.0187 0596 Fs_Rec - ok

13:59:27.0187 0596 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

13:59:27.0343 0596 Ftdisk - ok

13:59:27.0406 0596 GarenaPEngine - ok

13:59:27.0453 0596 GGSAFERDriver - ok

13:59:27.0468 0596 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys

13:59:27.0484 0596 giveio ( UnsignedFile.Multi.Generic ) - warning

13:59:27.0484 0596 giveio - detected UnsignedFile.Multi.Generic (1)

13:59:27.0484 0596 GMSIPCI - ok

13:59:27.0500 0596 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys

13:59:27.0625 0596 Gpc - ok

13:59:27.0703 0596 gupdate1ca146cd430540 (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe

13:59:27.0703 0596 gupdate1ca146cd430540 - ok

13:59:27.0718 0596 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe

13:59:27.0718 0596 gupdatem - ok

13:59:27.0765 0596 gusvc (5467f1ff0af264566740f67e8b810735) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

13:59:27.0781 0596 gusvc - ok

13:59:27.0812 0596 ham50 (28449537b39572d5af6defd34ad509b7) C:\WINDOWS\system32\DRIVERS\IntelH51.sys

13:59:27.0859 0596 ham50 ( UnsignedFile.Multi.Generic ) - warning

13:59:27.0859 0596 ham50 - detected UnsignedFile.Multi.Generic (1)

13:59:27.0937 0596 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

13:59:28.0000 0596 HDAudBus - ok

13:59:28.0015 0596 helpsvc (8827911a8c37e40c027cbfc88e69d967) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

13:59:28.0125 0596 helpsvc - ok

13:59:28.0125 0596 HidServ - ok

13:59:28.0156 0596 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys

13:59:28.0296 0596 HidUsb - ok

13:59:28.0312 0596 hpn - ok

13:59:28.0421 0596 hpqcxs08 (58d4765ab87347db835d5693adf652c1) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll

13:59:28.0437 0596 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning

13:59:28.0437 0596 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)

13:59:28.0453 0596 hpqddsvc (99ed733f614660eb32199bf889dfb7e2) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll

13:59:28.0468 0596 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning

13:59:28.0468 0596 hpqddsvc - detected UnsignedFile.Multi.Generic (1)

13:59:28.0500 0596 HTTP (261bf53e1d1c21f04b4e748a6ed3d055) C:\WINDOWS\system32\Drivers\HTTP.sys

13:59:28.0562 0596 HTTP - ok

13:59:28.0578 0596 HTTPFilter (064d8581adf77c25133e7d751d917d83) C:\WINDOWS\System32\w3ssl.dll

13:59:28.0703 0596 HTTPFilter - ok

13:59:28.0734 0596 hwdatacard (60aec3f4ec355d9f46d545a0fa08ce87) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys

13:59:28.0812 0596 hwdatacard - ok

13:59:28.0843 0596 hwusbdev (b93d3c81ef1d372dc5bd5e6275362e1a) C:\WINDOWS\system32\DRIVERS\ewusbdev.sys

13:59:28.0890 0596 hwusbdev - ok

13:59:28.0890 0596 i2omgmt - ok

13:59:28.0906 0596 i2omp - ok

13:59:28.0921 0596 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

13:59:29.0078 0596 i8042prt - ok

13:59:29.0140 0596 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

13:59:29.0156 0596 IDriverT ( UnsignedFile.Multi.Generic ) - warning

13:59:29.0156 0596 IDriverT - detected UnsignedFile.Multi.Generic (1)

13:59:29.0250 0596 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

13:59:29.0312 0596 idsvc - ok

13:59:29.0375 0596 Imapi (12c59b8929121ace2f55acc86682cf12) C:\WINDOWS\system32\DRIVERS\imapi.sys

13:59:29.0828 0596 Imapi - ok

13:59:29.0843 0596 ImapiService (fa788520bcac0f5d9d5cde5615c0d931) C:\WINDOWS\system32\imapi.exe

13:59:29.0968 0596 ImapiService - ok

13:59:29.0984 0596 ini910u - ok

13:59:30.0109 0596 IntcAzAudAddService (a799e941c3d19bcf6f93cbe12b55bc17) C:\WINDOWS\system32\drivers\RtkHDAud.sys

13:59:30.0375 0596 IntcAzAudAddService - ok

13:59:30.0375 0596 IntelIde - ok

13:59:30.0406 0596 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

13:59:30.0562 0596 Ip6Fw - ok

13:59:30.0578 0596 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

13:59:30.0765 0596 IpFilterDriver - ok

13:59:30.0781 0596 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys

13:59:30.0906 0596 IpInIp - ok

13:59:30.0937 0596 IpNat (472c75f85e631f8aa87d21c9fee6238d) C:\WINDOWS\system32\DRIVERS\ipnat.sys

13:59:31.0406 0596 IpNat - ok

13:59:31.0421 0596 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys

13:59:31.0546 0596 IPSec - ok

13:59:31.0578 0596 irda (86c204836feec22510d434982d4221b8) C:\WINDOWS\system32\DRIVERS\irda.sys

13:59:31.0703 0596 irda - ok

13:59:31.0718 0596 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys

13:59:31.0859 0596 IRENUM - ok

13:59:31.0875 0596 Irmon (a02512c315c84f475bd89f847048b27b) C:\WINDOWS\System32\irmon.dll

13:59:31.0984 0596 Irmon - ok

13:59:32.0000 0596 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys

13:59:32.0156 0596 isapnp - ok

13:59:32.0203 0596 JavaQuickStarterService (44ffba62f0f426b581759c49aafec2e2) C:\Program Files\Java\jre6\bin\jqs.exe

13:59:32.0203 0596 JavaQuickStarterService - ok

13:59:32.0234 0596 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

13:59:32.0375 0596 Kbdclass - ok

13:59:32.0406 0596 kmixer (8531438246ce9474e41ee1599904c0c7) C:\WINDOWS\system32\drivers\kmixer.sys

13:59:32.0875 0596 kmixer - ok

13:59:32.0906 0596 KSecDD (1be7cc2535d760ae4d481576eb789f24) C:\WINDOWS\system32\drivers\KSecDD.sys

13:59:32.0984 0596 KSecDD - ok

13:59:33.0015 0596 lanmanserver (76b15ac51a74be936ea86ea6e08817cf) C:\WINDOWS\System32\srvsvc.dll

13:59:33.0515 0596 lanmanserver - ok

13:59:33.0531 0596 lanmanworkstation (4c79d9c38dc98cf1c035ec8470b7d1d5) C:\WINDOWS\System32\wkssvc.dll

13:59:33.0578 0596 lanmanworkstation - ok

13:59:33.0578 0596 Lbd - ok

13:59:33.0593 0596 lbrtfdc - ok

13:59:33.0625 0596 lirsgt (4127e8b6ddb4090e815c1f8852c277d3) C:\WINDOWS\system32\DRIVERS\lirsgt.sys

13:59:33.0640 0596 lirsgt - ok

13:59:33.0656 0596 LmHosts (b3eff6d938c572e90a07b3d87a3c7657) C:\WINDOWS\System32\lmhsvc.dll

13:59:33.0781 0596 LmHosts - ok

13:59:33.0859 0596 ltmodem5 (9ee18a5a45552673a67532ea37370377) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys

13:59:34.0000 0596 ltmodem5 - ok

13:59:34.0000 0596 MagicTune - ok

13:59:34.0031 0596 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys

13:59:34.0046 0596 MBAMProtector - ok

13:59:34.0109 0596 MBAMService (de199f3aa9c541a349af95a5c72a71af) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

13:59:34.0140 0596 MBAMService - ok

13:59:34.0203 0596 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe

13:59:34.0218 0596 McComponentHostService - ok

13:59:34.0234 0596 MEMSWEEP2 - ok

13:59:34.0265 0596 Messenger (95fd808e4ac22aba025a7b3eac0375d2) C:\WINDOWS\System32\msgsvc.dll

13:59:34.0390 0596 Messenger - ok

13:59:34.0406 0596 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

13:59:34.0578 0596 mnmdd - ok

13:59:34.0593 0596 mnmsrvc (f6415361201915b9fe3896b0e4e724ff) C:\WINDOWS\system32\mnmsrvc.exe

13:59:34.0703 0596 mnmsrvc - ok

13:59:34.0734 0596 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys

13:59:34.0875 0596 Modem - ok

13:59:34.0906 0596 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys

13:59:35.0046 0596 MODEMCSA - ok

13:59:35.0078 0596 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys

13:59:35.0203 0596 Mouclass - ok

13:59:35.0234 0596 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

13:59:35.0375 0596 mouhid - ok

13:59:35.0390 0596 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys

13:59:35.0500 0596 MountMgr - ok

13:59:35.0515 0596 mraid35x - ok

13:59:35.0546 0596 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

13:59:36.0015 0596 MRxDAV - ok

13:59:36.0046 0596 MRxSmb (3500e756812e716351f2d341ae1d5623) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

13:59:36.0093 0596 MRxSmb - ok

13:59:36.0125 0596 MSDTC (c7c3d89eb0a6f3dba622ea737fa335b1) C:\WINDOWS\system32\msdtc.exe

13:59:36.0234 0596 MSDTC - ok

13:59:36.0265 0596 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys

13:59:36.0375 0596 Msfs - ok

13:59:36.0406 0596 MSIRCOMM (ee55f5c64417cc369866d7eafe9b07ab) C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys

13:59:36.0531 0596 MSIRCOMM - ok

13:59:36.0531 0596 MSIServer - ok

13:59:36.0562 0596 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys

13:59:36.0687 0596 MSKSSRV - ok

13:59:36.0703 0596 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

13:59:36.0843 0596 MSPCLOCK - ok

13:59:36.0921 0596 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys

13:59:37.0031 0596 MSPQM - ok

13:59:37.0062 0596 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

13:59:37.0187 0596 mssmbios - ok

13:59:37.0218 0596 MSSQL$SQLEXPRESS - ok

13:59:37.0265 0596 MSSQLServerADHelper100 (f1761c8fb2b25a32c6d63e36bb88c3ae) C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE

13:59:37.0265 0596 MSSQLServerADHelper100 - ok

13:59:37.0281 0596 Mup (f66b6b1cddee6ca87cefc016eb7a0d8e) C:\WINDOWS\system32\drivers\Mup.sys

13:59:37.0718 0596 Mup - ok

13:59:37.0812 0596 NBService (7db7924793b9bd0ec991ad321664c486) C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

13:59:37.0828 0596 NBService ( UnsignedFile.Multi.Generic ) - warning

13:59:37.0828 0596 NBService - detected UnsignedFile.Multi.Generic (1)

13:59:37.0843 0596 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys

13:59:37.0968 0596 NDIS - ok

13:59:37.0984 0596 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

13:59:38.0109 0596 NdisTapi - ok

13:59:38.0125 0596 Ndisuio (77d9bf86b912104c229d4f0d25be3c12) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

13:59:38.0625 0596 Ndisuio - ok

13:59:38.0640 0596 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

13:59:38.0781 0596 NdisWan - ok

13:59:38.0781 0596 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys

13:59:38.0937 0596 NDProxy - ok

13:59:38.0937 0596 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys

13:59:39.0062 0596 NetBIOS - ok

13:59:39.0078 0596 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys

13:59:39.0218 0596 NetBT - ok

13:59:39.0234 0596 NetDDE (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe

13:59:39.0343 0596 NetDDE - ok

13:59:39.0359 0596 NetDDEdsdm (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe

13:59:39.0453 0596 NetDDEdsdm - ok

13:59:39.0484 0596 Netlogon (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe

13:59:39.0593 0596 Netlogon - ok

13:59:39.0609 0596 Netman (3516d8a18b36784b1005b950b84232e1) C:\WINDOWS\System32\netman.dll

13:59:40.0093 0596 Netman - ok

13:59:40.0156 0596 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

13:59:40.0187 0596 NetTcpPortSharing - ok

13:59:40.0218 0596 Nla (1dfca7713ea5a70d5d93b436aea0317a) C:\WINDOWS\System32\mswsock.dll

13:59:40.0281 0596 Nla - ok

13:59:40.0296 0596 nmwcd - ok

13:59:40.0312 0596 nmwcdc - ok

13:59:40.0312 0596 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys

13:59:40.0421 0596 Npfs - ok

13:59:40.0468 0596 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys

13:59:40.0953 0596 Ntfs - ok

13:59:40.0953 0596 NtLmSsp (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe

13:59:41.0062 0596 NtLmSsp - ok

13:59:41.0093 0596 NtmsSvc (b62f29c00ac55a761b2e45877d85ea0f) C:\WINDOWS\system32\ntmssvc.dll

13:59:41.0234 0596 NtmsSvc - ok

13:59:41.0265 0596 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

13:59:41.0421 0596 Null - ok

13:59:41.0578 0596 nv (ba1b732c1a70cfea0c1b64f2850bf44f) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

13:59:41.0796 0596 nv - ok

13:59:41.0812 0596 NVSvc (0febe37db6650faa5965c00545009d1d) C:\WINDOWS\system32\nvsvc32.exe

13:59:41.0828 0596 NVSvc - ok

13:59:41.0859 0596 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

13:59:42.0015 0596 NwlnkFlt - ok

13:59:42.0031 0596 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

13:59:42.0187 0596 NwlnkFwd - ok

13:59:42.0218 0596 nxsIO32 (f77e1270169604c87da56038dce99603) C:\WINDOWS\System32\DRIVERS\nxsIO32.sys

13:59:42.0234 0596 nxsIO32 ( UnsignedFile.Multi.Generic ) - warning

13:59:42.0234 0596 nxsIO32 - detected UnsignedFile.Multi.Generic (1)

13:59:42.0281 0596 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

13:59:42.0296 0596 ose - ok

13:59:42.0328 0596 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys

13:59:42.0468 0596 Parport - ok

13:59:42.0500 0596 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys

13:59:42.0625 0596 PartMgr - ok

13:59:42.0656 0596 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

13:59:42.0812 0596 ParVdm - ok

13:59:42.0843 0596 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys

13:59:42.0875 0596 pccsmcfd - ok

13:59:42.0890 0596 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys

13:59:43.0000 0596 PCI - ok

13:59:43.0015 0596 PCIDump - ok

13:59:43.0031 0596 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

13:59:43.0187 0596 PCIIde - ok

13:59:43.0203 0596 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys

13:59:43.0343 0596 Pcmcia - ok

13:59:43.0359 0596 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys

13:59:43.0406 0596 pcouffin ( UnsignedFile.Multi.Generic ) - warning

13:59:43.0406 0596 pcouffin - detected UnsignedFile.Multi.Generic (1)

13:59:43.0406 0596 PDCOMP - ok

13:59:43.0421 0596 PDFRAME - ok

13:59:43.0437 0596 PDRELI - ok

13:59:43.0437 0596 PDRFRAME - ok

13:59:43.0453 0596 perc2 - ok

13:59:43.0453 0596 perc2hib - ok

13:59:43.0500 0596 pfc (957b82ec80ad7ead64e5e47df6b0dc40) C:\WINDOWS\system32\drivers\pfc.sys

13:59:43.0515 0596 pfc ( UnsignedFile.Multi.Generic ) - warning

13:59:43.0515 0596 pfc - detected UnsignedFile.Multi.Generic (1)

13:59:43.0531 0596 PlugPlay (4712531ab7a01b7ee059853ca17d39bd) C:\WINDOWS\system32\services.exe

13:59:43.0609 0596 PlugPlay - ok

13:59:43.0609 0596 Pml Driver HPZ12 - ok

13:59:43.0640 0596 PnkBstrA (1713d9de407313138118d501b0e3c05b) C:\WINDOWS\system32\PnkBstrA.exe

13:59:43.0656 0596 PnkBstrA - ok

13:59:43.0671 0596 PolicyAgent (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe

13:59:43.0781 0596 PolicyAgent - ok

13:59:43.0859 0596 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys

13:59:44.0000 0596 PptpMiniport - ok

13:59:44.0015 0596 ProtectedStorage (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe

13:59:44.0109 0596 ProtectedStorage - ok

13:59:44.0125 0596 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys

13:59:44.0265 0596 PSched - ok

13:59:44.0328 0596 PSI_SVC_2 (543a4ef0923bf70d126625b034ef25af) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

13:59:44.0328 0596 PSI_SVC_2 - ok

13:59:44.0343 0596 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

13:59:44.0484 0596 Ptilink - ok

13:59:44.0515 0596 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys

13:59:44.0515 0596 PxHelp20 - ok

13:59:44.0515 0596 ql1080 - ok

13:59:44.0531 0596 Ql10wnt - ok

13:59:44.0546 0596 ql12160 - ok

13:59:44.0546 0596 ql1240 - ok

13:59:44.0562 0596 ql1280 - ok

13:59:44.0578 0596 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

13:59:44.0734 0596 RasAcd - ok

13:59:44.0765 0596 RasAuto (44db7a9bdd2fb58747d123fbf1d35adb) C:\WINDOWS\System32\rasauto.dll

13:59:44.0875 0596 RasAuto - ok

13:59:44.0906 0596 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys

13:59:44.0984 0596 Rasirda - ok

13:59:45.0000 0596 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

13:59:45.0140 0596 Rasl2tp - ok

13:59:45.0156 0596 RasMan (ed5e89dedb0111e2869cb37d62b46c7a) C:\WINDOWS\System32\rasmans.dll

13:59:45.0656 0596 RasMan - ok

13:59:45.0671 0596 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

13:59:45.0796 0596 RasPppoe - ok

13:59:45.0812 0596 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

13:59:45.0968 0596 Raspti - ok

13:59:45.0984 0596 Rdbss (b48441a6dc703ee4c36db14ee51a189c) C:\WINDOWS\system32\DRIVERS\rdbss.sys

13:59:46.0484 0596 Rdbss - ok

13:59:46.0500 0596 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

13:59:46.0656 0596 RDPCDD - ok

13:59:46.0671 0596 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

13:59:46.0812 0596 rdpdr - ok

13:59:46.0843 0596 RDPWD (047bea21274c8a4a233674a76c958c2c) C:\WINDOWS\system32\drivers\RDPWD.sys

13:59:47.0312 0596 RDPWD - ok

13:59:47.0328 0596 RDSessMgr (729798e0933076b8fcfcd9934698f164) C:\WINDOWS\system32\sessmgr.exe

13:59:47.0453 0596 RDSessMgr - ok

13:59:47.0468 0596 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys

13:59:47.0609 0596 redbook - ok

13:59:47.0625 0596 RemoteAccess (3046db917e3cfa040632799dd9b14865) C:\WINDOWS\System32\mprdim.dll

13:59:47.0765 0596 RemoteAccess - ok

13:59:47.0781 0596 RemoteRegistry (3151427db7d87107d1c5be58fac53960) C:\WINDOWS\system32\regsvc.dll

13:59:47.0906 0596 RemoteRegistry - ok

13:59:47.0968 0596 RichVideo (bd517c7fb119997effbe39d5e4b37b05) C:\Program Files\CyberLink\Shared files\RichVideo.exe

13:59:47.0968 0596 RichVideo ( UnsignedFile.Multi.Generic ) - warning

13:59:47.0968 0596 RichVideo - detected UnsignedFile.Multi.Generic (1)

13:59:48.0015 0596 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys

13:59:48.0156 0596 ROOTMODEM - ok

13:59:48.0187 0596 RpcLocator (793f04a09b15e7c6c11dbdffaf06c0ab) C:\WINDOWS\system32\locator.exe

13:59:48.0296 0596 RpcLocator - ok

13:59:48.0328 0596 RpcSs (24b5d53b9accc1e2edcf0a878d6659d4) C:\WINDOWS\system32\rpcss.dll

13:59:48.0390 0596 RpcSs - ok

13:59:48.0421 0596 RsFx0102 (fedd2710b75be3ecf078adace790c423) C:\WINDOWS\system32\DRIVERS\RsFx0102.sys

13:59:48.0437 0596 RsFx0102 - ok

13:59:48.0500 0596 rspndr (0e11b35e972796042044bc27ce13b065) C:\WINDOWS\system32\DRIVERS\rspndr.sys

13:59:48.0984 0596 rspndr - ok

13:59:49.0000 0596 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe

13:59:49.0125 0596 RSVP - ok

13:59:49.0156 0596 RTLE8023xp (25be98c05808c57e4d8d26477dc12d39) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys

13:59:49.0218 0596 RTLE8023xp - ok

13:59:49.0234 0596 SamSs (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe

13:59:49.0328 0596 SamSs - ok

13:59:49.0343 0596 SANDRA - ok

13:59:49.0375 0596 SASDIFSV (bfbc4be8d6ac6d33ad93f3f5f2e11499) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

13:59:49.0421 0596 SASDIFSV ( UnsignedFile.Multi.Generic ) - warning

13:59:49.0421 0596 SASDIFSV - detected UnsignedFile.Multi.Generic (1)

13:59:49.0421 0596 SASENUM (e9c2d75c748c3f0a4c34d6cf2ae1d754) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS

13:59:49.0453 0596 SASENUM ( UnsignedFile.Multi.Generic ) - warning

13:59:49.0453 0596 SASENUM - detected UnsignedFile.Multi.Generic (1)

13:59:49.0484 0596 SASKUTIL (c7d81c10d3befeee41f3408714637438) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys

13:59:49.0500 0596 SASKUTIL ( UnsignedFile.Multi.Generic ) - warning

13:59:49.0500 0596 SASKUTIL - detected UnsignedFile.Multi.Generic (1)

13:59:49.0531 0596 SAVRKBootTasks (0aef47e0a6b0cba8c9833d55298b2791) C:\WINDOWS\system32\SAVRKBootTasks.sys

13:59:49.0546 0596 SAVRKBootTasks ( UnsignedFile.Multi.Generic ) - warning

13:59:49.0546 0596 SAVRKBootTasks - detected UnsignedFile.Multi.Generic (1)

13:59:49.0562 0596 SCardSvr (25d8de134df108e3dbc8d7d23b1aa58e) C:\WINDOWS\System32\SCardSvr.exe

13:59:49.0671 0596 SCardSvr - ok

13:59:49.0718 0596 Schedule (92360854316611f6cc471612213c3d92) C:\WINDOWS\system32\schedsvc.dll

13:59:49.0828 0596 Schedule - ok

13:59:49.0859 0596 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

13:59:50.0312 0596 Secdrv - ok

13:59:50.0343 0596 seclogon (b1e0ce09895376871746f36dc5773b4f) C:\WINDOWS\System32\seclogon.dll

13:59:50.0453 0596 seclogon - ok

13:59:50.0468 0596 SENS (dfd9870cf39c791d86c4c209da9fa919) C:\WINDOWS\system32\sens.dll

13:59:50.0562 0596 SENS - ok

13:59:50.0578 0596 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys

13:59:50.0718 0596 serenum - ok

13:59:50.0734 0596 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys

13:59:50.0875 0596 Serial - ok

13:59:50.0906 0596 ServiceLayer (2d841b7b7f6dec32162edfcc69d61f42) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

13:59:50.0968 0596 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning

13:59:50.0968 0596 ServiceLayer - detected UnsignedFile.Multi.Generic (1)

13:59:51.0015 0596 sfdrv01 (9e7dee11fd5a4355941a45f13c0ed59a) C:\WINDOWS\system32\drivers\sfdrv01.sys

13:59:51.0015 0596 sfdrv01 ( UnsignedFile.Multi.Generic ) - warning

13:59:51.0015 0596 sfdrv01 - detected UnsignedFile.Multi.Generic (1)

13:59:51.0046 0596 sfhlp02 (ecefb59d2206d281e6d317af0ea0d8bd) C:\WINDOWS\system32\drivers\sfhlp02.sys

13:59:51.0062 0596 sfhlp02 ( UnsignedFile.Multi.Generic ) - warning

13:59:51.0062 0596 sfhlp02 - detected UnsignedFile.Multi.Generic (1)

13:59:51.0078 0596 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys

13:59:51.0218 0596 Sfloppy - ok

13:59:51.0218 0596 sfsync04 (05e3038180cd846b0bca0e915163606a) C:\WINDOWS\system32\drivers\sfsync04.sys

13:59:51.0234 0596 sfsync04 ( UnsignedFile.Multi.Generic ) - warning

13:59:51.0234 0596 sfsync04 - detected UnsignedFile.Multi.Generic (1)

13:59:51.0250 0596 sfvfs02 (d5a7e09d2c6a702809e49190d52adc9f) C:\WINDOWS\system32\drivers\sfvfs02.sys

13:59:51.0250 0596 sfvfs02 ( UnsignedFile.Multi.Generic ) - warning

13:59:51.0250 0596 sfvfs02 - detected UnsignedFile.Multi.Generic (1)

13:59:51.0281 0596 SharedAccess (36cc8c01b5e50163037bef56cb96deff) C:\WINDOWS\System32\ipnathlp.dll

13:59:51.0406 0596 SharedAccess - ok

13:59:51.0421 0596 ShellHWDetection (53d9184a21c5cbf600d918e51ef3a7e5) C:\WINDOWS\System32\shsvcs.dll

13:59:51.0937 0596 ShellHWDetection - ok

13:59:51.0953 0596 Simbad - ok

13:59:51.0968 0596 Sparrow - ok

13:59:51.0984 0596 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\WINDOWS\system32\speedfan.sys

13:59:51.0984 0596 speedfan ( UnsignedFile.Multi.Generic ) - warning

13:59:51.0984 0596 speedfan - detected UnsignedFile.Multi.Generic (1)

13:59:52.0031 0596 splitter (9bb1dd670cb7505a90fc4e61d4aa8227) C:\WINDOWS\system32\drivers\splitter.sys

13:59:52.0515 0596 splitter - ok

13:59:52.0578 0596 Spooler (ad3d9d191aea7b5445fe1d82ffbb4788) C:\WINDOWS\system32\spoolsv.exe

13:59:53.0078 0596 Spooler - ok

13:59:53.0125 0596 sptd (d390675b8ce45e5fb359338e5e649329) C:\WINDOWS\system32\Drivers\sptd.sys

13:59:53.0125 0596 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: d390675b8ce45e5fb359338e5e649329

13:59:53.0125 0596 sptd ( LockedFile.Multi.Generic ) - warning

13:59:53.0125 0596 sptd - detected LockedFile.Multi.Generic (1)

13:59:53.0203 0596 SQLAgent$SQLEXPRESS (eb2fd937449b7aceb39372f875eb8e78) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE

13:59:53.0234 0596 SQLAgent$SQLEXPRESS - ok

13:59:53.0265 0596 SQLBrowser (99de6acfa5ca83fad6a765c81c6f129f) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

13:59:53.0281 0596 SQLBrowser - ok

13:59:53.0312 0596 SQLWriter (637a0f23f9012358e92e6f99835494d1) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

13:59:53.0312 0596 SQLWriter - ok

13:59:53.0328 0596 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys

13:59:53.0468 0596 sr - ok

13:59:53.0484 0596 srservice (92bdf74f12d6cbec43c94d4b7f804838) C:\WINDOWS\system32\srsvc.dll

13:59:53.0593 0596 srservice - ok

13:59:53.0625 0596 Srv (d4af9861c3b6a2163d26dc6b9cf05e2a) C:\WINDOWS\system32\DRIVERS\srv.sys

13:59:53.0687 0596 Srv - ok

13:59:53.0718 0596 sscdbus (2d4027c46b4c6e45875e3c4ba3f67492) C:\WINDOWS\system32\DRIVERS\sscdbus.sys

13:59:53.0781 0596 sscdbus - ok

13:59:53.0796 0596 sscdmdfl (f548f1eba107bc19e91189e6a460bd0e) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys

13:59:53.0859 0596 sscdmdfl - ok

13:59:53.0875 0596 sscdmdm (71d348d53597379dfe1de255d70af13c) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys

13:59:53.0937 0596 sscdmdm - ok

13:59:53.0953 0596 SSDPSRV (4b8d61792f7175bed48859cc18ce4e38) C:\WINDOWS\System32\ssdpsrv.dll

13:59:54.0078 0596 SSDPSRV - ok

13:59:54.0109 0596 ss_bus (bd15182e9d2d3fabc1d1313badbd2415) C:\WINDOWS\system32\DRIVERS\ss_bus.sys

13:59:54.0156 0596 ss_bus - ok

13:59:54.0187 0596 ss_mdfl (67d1144f249a3c5e03ebd7a2304dee11) C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys

13:59:54.0250 0596 ss_mdfl - ok

13:59:54.0265 0596 ss_mdm (954b7ce2d54c703d6a8471d6b05a5e13) C:\WINDOWS\system32\DRIVERS\ss_mdm.sys

13:59:54.0296 0596 ss_mdm - ok

13:59:54.0328 0596 StarOpen (306521935042fc0a6988d528643619b3) C:\WINDOWS\system32\drivers\StarOpen.sys

13:59:54.0328 0596 StarOpen ( UnsignedFile.Multi.Generic ) - warning

13:59:54.0328 0596 StarOpen - detected UnsignedFile.Multi.Generic (1)

13:59:54.0343 0596 Steam Client Service - ok

13:59:54.0375 0596 STIrUsb (a1a16662c6b1a665d965d61b9eecc5a7) C:\WINDOWS\system32\DRIVERS\irstusb.sys

13:59:54.0453 0596 STIrUsb - ok

13:59:54.0484 0596 stisvc (b6763f8534ac547cf1af98afdff2edc8) C:\WINDOWS\system32\wiaservc.dll

13:59:54.0968 0596 stisvc - ok

13:59:55.0062 0596 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys

13:59:55.0187 0596 swenum - ok

13:59:55.0218 0596 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys

13:59:55.0375 0596 swmidi - ok

13:59:55.0375 0596 SwPrv - ok

13:59:55.0390 0596 symc810 - ok

13:59:55.0390 0596 symc8xx - ok

13:59:55.0406 0596 sym_hi - ok

13:59:55.0421 0596 sym_u3 - ok

13:59:55.0453 0596 SynasUSB (418bd80a7fefaa3fcbd3dcfc021cb294) C:\WINDOWS\system32\drivers\SynasUSB.sys

13:59:55.0484 0596 SynasUSB ( UnsignedFile.Multi.Generic ) - warning

13:59:55.0484 0596 SynasUSB - detected UnsignedFile.Multi.Generic (1)

13:59:55.0500 0596 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys

13:59:55.0609 0596 sysaudio - ok

13:59:55.0640 0596 SysmonLog (8b54aa346d1b1b113ffaa75501b8b1b2) C:\WINDOWS\system32\smlogsvc.exe

13:59:55.0750 0596 SysmonLog - ok

13:59:55.0781 0596 TapiSrv (1418a3a6e76e5a2e3f5e43866e793a8b) C:\WINDOWS\System32\tapisrv.dll

13:59:56.0281 0596 TapiSrv - ok

13:59:56.0312 0596 Tcpip (744e57c99232201ae98c49168b918f48) C:\WINDOWS\system32\DRIVERS\tcpip.sys

13:59:56.0406 0596 Tcpip - ok

13:59:56.0437 0596 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys

13:59:56.0562 0596 TDPIPE - ok

13:59:56.0578 0596 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys

13:59:56.0718 0596 TDTCP - ok

13:59:56.0734 0596 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys

13:59:56.0875 0596 TermDD - ok

13:59:56.0906 0596 TermService (c29a5286e64d97385178452d5f307b98) C:\WINDOWS\System32\termsrv.dll

13:59:57.0390 0596 TermService - ok

13:59:57.0421 0596 Themes (53d9184a21c5cbf600d918e51ef3a7e5) C:\WINDOWS\System32\shsvcs.dll

13:59:57.0921 0596 Themes - ok

13:59:57.0937 0596 TlntSvr (37db0a7d097310e8b4de803fc3119c78) C:\WINDOWS\system32\tlntsvr.exe

13:59:58.0046 0596 TlntSvr - ok

13:59:58.0062 0596 TosIde - ok

13:59:58.0078 0596 TrkWks (6d9ac544b30f96c57f8206566c1fb6a1) C:\WINDOWS\system32\trkwks.dll

13:59:58.0187 0596 TrkWks - ok

13:59:58.0203 0596 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys

13:59:58.0328 0596 Udfs - ok

13:59:58.0390 0596 UleadBurningHelper (45dc49296c70bc7990863aca79b7d907) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

13:59:58.0406 0596 UleadBurningHelper - ok

13:59:58.0406 0596 ultra - ok

13:59:58.0437 0596 Update (a4815a4884898f355a3513e60843a4fd) C:\WINDOWS\system32\DRIVERS\update.sys

13:59:58.0921 0596 Update - ok

13:59:58.0953 0596 upnphost (aca5d98663d879c6baafcea7e2f1b710) C:\WINDOWS\System32\upnphost.dll

13:59:59.0484 0596 upnphost - ok

13:59:59.0484 0596 upperdev - ok

13:59:59.0500 0596 UPS (3f5df65b0758675f95a2d43918a740a3) C:\WINDOWS\System32\ups.exe

13:59:59.0625 0596 UPS - ok

13:59:59.0656 0596 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

13:59:59.0781 0596 usbccgp - ok

13:59:59.0796 0596 usbehci (a45ea1550ea4b368c4fba7ca9d056bc9) C:\WINDOWS\system32\DRIVERS\usbehci.sys

14:00:00.0265 0596 usbehci - ok

14:00:00.0281 0596 usbhub (6d46b1f89134892a862ac56b00ac11fe) C:\WINDOWS\system32\DRIVERS\usbhub.sys

14:00:00.0812 0596 usbhub - ok

14:00:00.0875 0596 usbohci (555b2b2108c5085cc203202fec702d08) C:\WINDOWS\system32\DRIVERS\usbohci.sys

14:00:01.0359 0596 usbohci - ok

14:00:01.0406 0596 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys

14:00:01.0531 0596 usbprint - ok

14:00:01.0562 0596 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys

14:00:01.0687 0596 usbscan - ok

14:00:01.0718 0596 usbser (49106ee29074e6a3d3ac9e24c6d791d8) C:\WINDOWS\system32\drivers\usbser.sys

14:00:01.0859 0596 usbser - ok

14:00:01.0875 0596 UsbserFilt - ok

14:00:01.0906 0596 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

14:00:02.0031 0596 USBSTOR - ok

14:00:02.0093 0596 usnjsvc (9d19b042a4fd5c02195071ea2fe0c821) C:\Program Files\Windows Live\Messenger\usnsvc.exe

14:00:02.0109 0596 usnjsvc - ok

14:00:02.0125 0596 VComm (51750b0539986186c6931fc40d171521) C:\WINDOWS\system32\DRIVERS\VComm.sys

14:00:02.0140 0596 VComm - ok

14:00:02.0156 0596 VcommMgr (6d9c891c0a761afed1f3609c2e56f2b9) C:\WINDOWS\system32\Drivers\VcommMgr.sys

14:00:02.0171 0596 VcommMgr - ok

14:00:02.0203 0596 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys

14:00:02.0328 0596 VgaSave - ok

14:00:02.0328 0596 ViaIde - ok

14:00:02.0359 0596 vmm (817da66b1b889fad1dbf669e0e2f3228) C:\WINDOWS\system32\Drivers\vmm.sys

14:00:02.0390 0596 vmm - ok

14:00:02.0406 0596 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys

14:00:02.0531 0596 VolSnap - ok

14:00:02.0562 0596 VPCNetS2 (2abe8281db609d8bb1bd1b2f93800d5f) C:\WINDOWS\system32\DRIVERS\VMNetSrv.sys

14:00:02.0593 0596 VPCNetS2 - ok

14:00:02.0593 0596 vsc32 - ok

14:00:02.0625 0596 VSS (3ee00364ae0fd8d604f46cbaf512838a) C:\WINDOWS\System32\vssvc.exe

14:00:02.0765 0596 VSS - ok

14:00:02.0781 0596 W32Time (2b281958f5d0cf99ed626e3ef39d5c8d) C:\WINDOWS\system32\w32time.dll

14:00:02.0890 0596 W32Time - ok

14:00:02.0921 0596 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys

14:00:03.0046 0596 Wanarp - ok

14:00:03.0078 0596 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys

14:00:03.0125 0596 Wdf01000 - ok

14:00:03.0140 0596 WDICA - ok

14:00:03.0171 0596 wdmaud (0bfa8203b8148fb4e54bc212c41ce497) C:\WINDOWS\system32\drivers\wdmaud.sys

14:00:03.0640 0596 wdmaud - ok

14:00:03.0656 0596 WebClient (346e7d636adfe4e3b1b32af8326220ff) C:\WINDOWS\System32\webclnt.dll

14:00:04.0125 0596 WebClient - ok

14:00:04.0187 0596 winmgmt (f399242a80c4066fd155efa4cf96658e) C:\WINDOWS\system32\wbem\WMIsvc.dll

14:00:04.0296 0596 winmgmt - ok

14:00:04.0343 0596 WLSetupSvc (94a85e956a065e23e0010a6a7826243b) C:\Program Files\Windows Live\installer\WLSetupSvc.exe

14:00:04.0375 0596 WLSetupSvc - ok

14:00:04.0437 0596 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll

14:00:04.0484 0596 WmdmPmSN - ok

14:00:04.0531 0596 Wmi (e8e57b0f9eb03d1aabec28d550c75116) C:\WINDOWS\System32\advapi32.dll

14:00:04.0593 0596 Wmi - ok

14:00:04.0625 0596 WmiApSrv (ba8cecc3e813e1f7c441b20393d4f86c) C:\WINDOWS\system32\wbem\wmiapsrv.exe

14:00:04.0750 0596 WmiApSrv - ok

14:00:04.0859 0596 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

14:00:04.0875 0596 WpdUsb - ok

14:00:04.0984 0596 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

14:00:05.0062 0596 WPFFontCache_v0400 - ok

14:00:05.0093 0596 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

14:00:05.0265 0596 WS2IFSL - ok

14:00:05.0296 0596 wscsvc (478995b4555958e52388496618d9c678) C:\WINDOWS\system32\wscsvc.dll

14:00:05.0781 0596 wscsvc - ok

14:00:05.0828 0596 wuauserv (b72508649dad03bcb5d708edb1e3e57e) C:\WINDOWS\system32\wuauserv.dll

14:00:05.0828 0596 wuauserv - ok

14:00:05.0859 0596 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

14:00:05.0890 0596 WudfPf - ok

14:00:05.0921 0596 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

14:00:05.0937 0596 WudfRd - ok

14:00:05.0953 0596 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll

14:00:05.0984 0596 WudfSvc - ok

14:00:06.0000 0596 WZCSVC (b1f190a2bf52b8f4601c677f475ce5e5) C:\WINDOWS\System32\wzcsvc.dll

14:00:06.0484 0596 WZCSVC - ok

14:00:06.0515 0596 xmlprov (eef46dab68229a14da3d8e73c99e2959) C:\WINDOWS\System32\xmlprov.dll

14:00:06.0765 0596 xmlprov - ok

14:00:06.0843 0596 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

14:00:06.0890 0596 YahooAUService - ok

14:00:07.0046 0596 zlportio - ok

14:00:07.0093 0596 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

14:00:07.0484 0596 \Device\Harddisk0\DR0 - ok

14:00:07.0500 0596 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1

14:00:07.0609 0596 \Device\Harddisk1\DR1 - ok

14:00:07.0609 0596 Boot (0x1200) (f080bfb11453d9239f44d8d11d9c9930) \Device\Harddisk0\DR0\Partition0

14:00:07.0609 0596 \Device\Harddisk0\DR0\Partition0 - ok

14:00:07.0625 0596 Boot (0x1200) (431936025c5368b7cb95fc68f3e828a6) \Device\Harddisk0\DR0\Partition1

14:00:07.0625 0596 \Device\Harddisk0\DR0\Partition1 - ok

14:00:07.0640 0596 Boot (0x1200) (61b9a9bef0afb031df34ff25c480574b) \Device\Harddisk1\DR1\Partition0

14:00:07.0640 0596 \Device\Harddisk1\DR1\Partition0 - ok

14:00:07.0656 0596 Boot (0x1200) (bde42611e843c716384ec8a064bf457e) \Device\Harddisk1\DR1\Partition1

14:00:07.0671 0596 \Device\Harddisk1\DR1\Partition1 - ok

14:00:07.0687 0596 Boot (0x1200) (c6bfb3efae585498776d12724c5dd66e) \Device\Harddisk1\DR1\Partition2

14:00:07.0687 0596 \Device\Harddisk1\DR1\Partition2 - ok

14:00:07.0687 0596 ============================================================

14:00:07.0687 0596 Scan finished

14:00:07.0687 0596 ============================================================

14:00:07.0796 2424 Detected object count: 35

14:00:07.0796 2424 Actual detected object count: 35

14:02:11.0453 2424 ACS ( UnsignedFile.Multi.Generic ) - skipped by user

14:02:11.0453 2424 ACS ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:02:11.0453 2424 Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user

14:02:11.0453 2424 Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:02:11.0468 2424 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user

14:02:11.0468 2424 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:02:11.0468 2424 AmdK8 ( UnsignedFile.Multi.Generic ) - skipped by user

14:02:11.0468 2424 AmdK8 ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:02:11.0468 2424 Amfilter ( UnsignedFile.Multi.Generic ) - skipped by user

14:02:11.0468 2424 Amfilter ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:02:11.0468 2424 Amps2prt ( UnsignedFile.Multi.Generic ) - skipped by user

14:02:11.0468 2424 Amps2prt ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:02:11.0468 2424 Amusbprt ( UnsignedFile.Multi.Generic ) - skipped by user

14:02:11.0468 2424 Amusbprt ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:02:11.0468 2424 AR5211 ( UnsignedFile.Multi.Generic ) - skipped by user

14:02:11.0468 2424 AR5211 ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:02:11.0468 2424 ASNDIS5 ( UnsignedFile.Multi.Generic ) - skipped by user

14:02:11.0468 2424 ASNDIS5 ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:02:11.0484 2424 Bonjour Service ( UnsignedFile.Multi.Generic ) - skipped by user

14:02:11.0484 2424 Bonjour Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:02:11.0484 2424 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user

14:02:11.0484 2424 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:02:11.0484 2424 FreshIO ( UnsignedFile.Multi.Generic ) - skipped by user

14:02:11.0484 2424 FreshIO ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:02:11.0484 2424 giveio ( UnsignedFile.Multi.Generic ) - skipped by user

14:02:11.0484 2424 giveio ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:02:11.0484 2424 ham50 ( UnsignedFile.Multi.Generic ) - skipped by user

14:02:11.0484 2424 ham50 ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:02:11.0484 2424 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user

14:02:11.0484 2424 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:02:11.0484 2424 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user

14:02:11.0484 2424 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:02:11.0484 2424 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user

14:02:11.0484 2424 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:02:11.0500 2424 NBService ( UnsignedFile.Multi.Generic ) - skipped by user

14:02:11.0500 2424 NBService ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:02:11.0500 2424 nxsIO32 ( UnsignedFile.Multi.Generic ) - skipped by user

14:02:11.0500 2424 nxsIO32 ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:02:11.0500 2424 pcouffin ( UnsignedFile.Multi.Generic ) - skipped by user

14:02:11.0500 2424 pcouffin ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:02:11.0500 2424 pfc ( UnsignedFile.Multi.Generic ) - skipped by user

14:02:11.0500 2424 pfc ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:02:11.0500 2424 RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user

14:02:11.0500 2424 RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:02:11.0500 2424 SASDIFSV ( UnsignedFile.Multi.Generic ) - skipped by user

14:02:11.0500 2424 SASDIFSV ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:02:11.0500 2424 SASENUM ( UnsignedFile.Multi.Generic ) - skipped by user

14:02:11.0500 2424 SASENUM ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:02:11.0500 2424 SASKUTIL ( UnsignedFile.Multi.Generic ) - skipped by user

14:02:11.0500 2424 SASKUTIL ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:02:11.0515 2424 SAVRKBootTasks ( UnsignedFile.Multi.Generic ) - skipped by user

14:02:11.0515 2424 SAVRKBootTasks ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:02:11.0515 2424 ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user

14:02:11.0515 2424 ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:02:11.0515 2424 sfdrv01 ( UnsignedFile.Multi.Generic ) - skipped by user

14:02:11.0515 2424 sfdrv01 ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:02:11.0515 2424 sfhlp02 ( UnsignedFile.Multi.Generic ) - skipped by user

14:02:11.0515 2424 sfhlp02 ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:02:11.0515 2424 sfsync04 ( UnsignedFile.Multi.Generic ) - skipped by user

14:02:11.0515 2424 sfsync04 ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:02:11.0515 2424 sfvfs02 ( UnsignedFile.Multi.Generic ) - skipped by user

14:02:11.0515 2424 sfvfs02 ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:02:11.0515 2424 speedfan ( UnsignedFile.Multi.Generic ) - skipped by user

14:02:11.0515 2424 speedfan ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:02:11.0515 2424 sptd ( LockedFile.Multi.Generic ) - skipped by user

14:02:11.0515 2424 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

14:02:11.0531 2424 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user

14:02:11.0531 2424 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:02:11.0531 2424 SynasUSB ( UnsignedFile.Multi.Generic ) - skipped by user

14:02:11.0531 2424 SynasUSB ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:02:51.0125 2292 Deinitialize success

--------------------------------------------------------------------------------------------------------------------

Mbam log:

Malwarebytes Anti-Malware (PRO) 1.60.0.1800

www.malwarebytes.org

Database version: v2012.04.14.04

Windows XP Service Pack 2 x86 NTFS

Internet Explorer 6.0.2900.2180

User :: MOBILE [administrator]

Protection: Enabled

15.4.2012 14:04:34

mbam-log-2012-04-15 (14-04-34).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 210424

Time elapsed: 6 minute(s), 3 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

--------------------------------------------------------------------------------------------------------------------

dds log:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_14

Run by User at 14:17:30 on 2012-04-15

Microsoft Windows XP Professional 5.1.2600.2.1251.381.1033.18.2047.994 [GMT 2:00]

.

AV: ESET Smart Security 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FW: ESET Personal firewall *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\acs.exe

svchost.exe

C:\Program Files\Google\Update\1.3.21.111\GoogleCrashHandler.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\TP-LINK\TWCU\TWCU.exe

C:\Program Files\A4Tech\Mouse\Amoumain.exe

C:\program files\real\realplayer\update\realsched.exe

C:\Program Files\ESET\ESET Smart Security\ekrn.exe

C:\Program Files\ESET\ESET Smart Security\egui.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\DAEMON Tools Lite\DTLite.exe

C:\Program Files\Free Desktop Clock\DesktopClock.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil_.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

C:\Program Files\CyberLink\Shared files\RichVideo.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\msiexec.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.rs/

uSearch Page =

uSearch Bar =

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = local;*.local

mSearchAssistant =

uURLSearchHooks: H - No File

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\smart web printing\hpswp_printenhancer.dll

BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {C11483F7-D7D8-4804-98D8-6055470BB989} - No File

TB: {8C550565-107B-4FEE-B2CC-9B6B12CE53F6} - No File

TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet

uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun

uRun: [skinClock] c:\program files\free desktop clock\DesktopClock.exe

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

uRun: [steam] "c:\program files\steam\Steam.exe" -silent

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [TWCU] "c:\program files\tp-link\twcu\TWCU.exe" -nogui

mRun: [hpbdfawep] c:\program files\hp\dfawep\bin\hpbdfawep.exe 1

mRun: [WheelMouse] c:\program files\a4tech\mouse\Amoumain.exe

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice

mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [bonus.SSR.FR10] "c:\program files\abbyy finereader 10\Bonus.ScreenshotReader.exe" /autorun

mRun: [smart File Advisor] "c:\program files\smart file advisor\sfa.exe" /checkassoc

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueso~1.lnk - c:\program files\ivt corporation\bluesoleil\BlueSoleil.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office11\EXCEL.EXE/3000

IE: Sothink SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm

IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll

IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office11\REFIEBAR.DLL

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://test.catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1315113466093

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} - hxxp://pcpitstop.com/antivirus/PitPav.cab

TCP: DhcpNameServer = 82.117.194.2 82.117.194.3

TCP: Interfaces\{0E0A5C03-2F42-4E86-933C-CC9403ED7B2A} : DhcpNameServer = 82.117.194.2 82.117.194.3

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

LSA: Authentication Packages = msv1_0 c:\windows\system32\fccdaAtt

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\dm5592b1.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/cse?cx=partner-pub-9609672093949948%3A2pdkvfm6u5y&ie=ISO-8859-1&q=

FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/

FF - prefs.js: keyword.URL - hxxp://www.google.com/cse?cx=partner-pub-5528014799800033:cevktqnfrvl&ie=ISO-8859-1&q=

FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll

FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll

FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll

FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll

FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: c:\documents and settings\user\application data\mozilla\firefox\profiles\dm5592b1.default\extensions\{1bc9ba34-1eed-42ca-a505-6d2f1a935bbb}\plugins\npietab2.dll

FF - plugin: c:\documents and settings\user\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\common files\parallelgraphics\cortona\npCortona.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll

FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: c:\program files\microsoft silverlight\2.0.40115.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npCortona.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll

FF - plugin: c:\program files\opera\program\plugins\NPEvery.dll

FF - plugin: c:\program files\opera\program\plugins\NPExpFTP.dll

FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll

FF - plugin: c:\windows\system32\npmirage.dll

FF - plugin: c:\windows\system32\npptools.dll

FF - plugin: c:\windows\system32\npwmsdrm.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

============= SERVICES / DRIVERS ===============

.

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-2-18 218688]

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-12-21 115008]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-5-28 9968]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-5-28 74480]

R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [2011-7-2 18816]

R2 acedrv10;acedrv10;c:\windows\system32\drivers\ACEDRV10.sys [2007-7-24 328824]

R2 acehlp10;acehlp10;c:\windows\system32\drivers\acehlp10.sys [2007-7-11 201848]

R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2011-1-12 810144]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-4-27 652872]

R2 nxsIO32;NextSensor Kernel I/O Driver;c:\windows\system32\drivers\nxsIO32.sys [2007-10-7 2208]

R3 ham50;Intel V92 HaM Data Fax Voice;c:\windows\system32\drivers\IntelH51.sys [2007-10-6 454815]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-4-27 20464]

S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate1ca146cd430540;Услуга Google Update (gupdate1ca146cd430540);c:\program files\google\update\GoogleUpdate.exe [2009-8-3 133104]

S3 ALSysIO;ALSysIO;\??\c:\docume~1\user\locals~1\temp\alsysio.sys --> c:\docume~1\user\locals~1\temp\ALSysIO.sys [?]

S3 amdtools;AMD Special Tools Driver;c:\windows\system32\drivers\amdtools.sys --> c:\windows\system32\drivers\AmdTools.sys [?]

S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [2007-5-14 14336]

S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\user\locals~1\temp\yfh31bf.tmp --> c:\docume~1\user\locals~1\temp\YFH31BF.tmp [?]

S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\garena\safedrv.sys --> c:\program files\garena\safedrv.sys [?]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-8-3 133104]

S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [2011-5-19 100480]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\1151.tmp --> c:\windows\system32\1151.tmp [?]

S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-5-28 7408]

S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [2011-7-28 18432]

S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\windows live\messenger\usnsvc.exe [2007-10-18 98328]

S3 vsc32;Virtual Sound Canvas 3.2;c:\windows\system32\drivers\vsc.sys --> c:\windows\system32\drivers\vsc.sys [?]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S3 zlportio;zlportio;\??\d:\igrice\ultrastar deluxe\zlportio.sys --> d:\igrice\ultrastar deluxe\zlportio.sys [?]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-7-11 47128]

S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712]

S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2008-7-11 369688]

.

=============== File Associations ===============

.

.reg=Regedit.Document

.

=============== Created Last 30 ================

.

2012-04-14 16:35:35 -------- d-----w- C:\TDSSKiller_Quarantine

2012-04-14 16:14:07 1409 ----a-w- c:\windows\QTFont.for

2012-04-05 20:39:15 -------- d-----w- c:\program files\Freemake

2012-03-25 21:36:11 -------- d-----w- c:\program files\Smart File Advisor

2012-03-24 14:37:21 -------- d-----w- c:\program files\PITCH

2012-03-21 18:29:22 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll

2012-03-21 18:29:22 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll

2012-03-19 20:21:19 -------- d-----w- c:\program files\SopCast

.

==================== Find3M ====================

.

2011-03-23 14:05:20 92281056 --sh--w- c:\windows\setupa.exe

2006-05-03 10:06:54 163328 --sha-r- c:\windows\system32\flvDX.dll

2007-02-21 11:47:16 31232 --sha-r- c:\windows\system32\msfDX.dll

2008-03-16 13:30:52 216064 --sha-r- c:\windows\system32\nbDX.dll

2010-01-06 22:00:00 107520 --sha-r- c:\windows\system32\TAKDSDecoder.dll

.

============= FINISH: 14:18:29,40 ===============

--------------------------------------------------------------------------------------------------------------------

Thanks for fast answer, and again - I apologize for misunderstanding.

All the best :)

Dejan

Share this post


Link to post
Share on other sites

It is okay, Dejan! :)

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Share this post


Link to post
Share on other sites

Hi!

ComboFix finished its job, and after restart Anti-Malware gave me the same warning about blocked IP.

I tried to leave log file here, but from my pc it is impossible-I tried, but replying doesn't work in any browser...

I have no idea what happened...

I took neighbours laptop and I will try to do it from here.

ComboFix 12-04-16.01 - User 16.04.2012 21:12:23.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.2.1251.381.1033.18.2047.1168 [GMT 2:00]

Running from: c:\documents and settings\User\Desktop\ComboFix.exe

AV: ESET Smart Security 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FW: ESET Personal firewall *Disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\All Users\Application Data\TEMP\DFC5A2B2.TMP

c:\documents and settings\All Users\Application Data\xml11.tmp

c:\documents and settings\All Users\Application Data\xml2BD.tmp

c:\documents and settings\All Users\Application Data\xml2C2.tmp

c:\documents and settings\All Users\Application Data\xml5AF.tmp

c:\documents and settings\All Users\Application Data\xml5B4.tmp

c:\documents and settings\All Users\Application Data\xml5B8.tmp

c:\documents and settings\All Users\Application Data\xml715.tmp

c:\documents and settings\All Users\Application Data\xml716.tmp

c:\documents and settings\All Users\Application Data\xml717.tmp

c:\documents and settings\All Users\Application Data\xml718.tmp

c:\documents and settings\All Users\Application Data\xml719.tmp

c:\documents and settings\All Users\Application Data\xml71A.tmp

c:\documents and settings\All Users\Application Data\xml71F.tmp

c:\documents and settings\All Users\Application Data\xml720.tmp

c:\documents and settings\All Users\Application Data\xml721.tmp

c:\documents and settings\All Users\Application Data\xml725.tmp

c:\documents and settings\All Users\Application Data\xml726.tmp

c:\documents and settings\All Users\Application Data\xml727.tmp

c:\documents and settings\All Users\Application Data\xml869.tmp

c:\documents and settings\User\Application Data\.#

c:\documents and settings\User\Application Data\bsplayer_pro251.1022.exe

c:\documents and settings\User\Application Data\DVDSubEditLastFile0.txt

c:\documents and settings\User\Application Data\DVDSubEditLastFile1.txt

c:\documents and settings\User\Application Data\FFSJ

c:\documents and settings\User\Application Data\FFSJ\FFSJ.cfg

c:\documents and settings\User\Application Data\Toolbar4

c:\documents and settings\User\Local Settings\~GLH000b.TMP

c:\documents and settings\User\Local Settings\Application Data\ConduitInstaller.exe

c:\documents and settings\User\My Documents\~WRL2799.tmp

c:\documents and settings\User\My Documents\Readiris.DUS

c:\documents and settings\User\WINDOWS

C:\LOG430.tmp

C:\Win

c:\windows\system32\8A719877A1.dll

c:\windows\system32\tmp1408.tmp

c:\windows\system32\tmp1409.tmp

c:\windows\system32\tmp887.tmp

c:\windows\system32\tmp888.tmp

c:\windows\XSxS

c:\windows\ZIPDLL.DLL

H:\install.exe

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_USNJSVC

-------\Service_usnjsvc

.

.

((((((((((((((((((((((((( Files Created from 2012-03-16 to 2012-04-16 )))))))))))))))))))))))))))))))

.

.

2012-04-15 16:30 . 2012-04-15 16:30 -------- d-----w- c:\program files\Perfect Uninstaller

2012-04-14 16:35 . 2012-04-14 16:35 -------- d-----w- C:\TDSSKiller_Quarantine

2012-04-14 16:14 . 2012-04-14 16:14 1409 ----a-w- c:\windows\QTFont.for

2012-04-05 20:39 . 2012-04-05 20:39 -------- d-----w- c:\program files\Freemake

2012-03-25 21:36 . 2012-03-25 21:36 -------- d-----w- c:\program files\Smart File Advisor

2012-03-25 21:36 . 2012-03-25 21:36 -------- d-----w- c:\program files\Smart Projects

2012-03-25 01:51 . 2012-04-16 11:57 -------- d-----w- c:\documents and settings\User\Application Data\vlc

2012-03-24 14:37 . 2012-03-24 14:37 -------- d-----w- c:\program files\PITCH

2012-03-21 18:29 . 2012-03-21 18:29 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll

2012-03-21 18:29 . 2012-03-21 18:29 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll

2012-03-19 20:21 . 2012-03-19 20:21 -------- d-----w- c:\program files\SopCast

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-03-21 18:29 . 2011-11-15 18:09 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2011-03-23 14:05 92281056 --sh--w- c:\windows\setupa.exe

2006-05-03 10:06 163328 --sha-r- c:\windows\system32\flvDX.dll

2007-02-21 11:47 31232 --sha-r- c:\windows\system32\msfDX.dll

2008-03-16 13:30 216064 --sha-r- c:\windows\system32\nbDX.dll

2010-01-06 22:00 107520 --sha-r- c:\windows\system32\TAKDSDecoder.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]

"SkinClock"="c:\program files\Free Desktop Clock\DesktopClock.exe" [2010-11-21 1113600]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]

"Steam"="c:\program files\Steam\Steam.exe" [2011-11-02 1242448]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]

"nwiz"="nwiz.exe" [2006-10-22 1622016]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]

"RTHDCPL"="RTHDCPL.EXE" [2007-05-10 16342528]

"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]

"TWCU"="c:\program files\TP-LINK\TWCU\TWCU.exe" [2006-03-29 364544]

"hpbdfawep"="c:\program files\HP\Dfawep\bin\hpbdfawep.exe" [2007-04-25 954368]

"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2007-05-15 204800]

"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-06-01 273544]

"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-01-12 2219184]

"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-07-11 74752]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]

"Bonus.SSR.FR10"="c:\program files\ABBYY FineReader 10\Bonus.ScreenshotReader.exe" [2010-09-23 941320]

"Smart File Advisor"="c:\program files\Smart File Advisor\sfa.exe" [2011-04-04 280824]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-5-17 24576]

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-09 12:18 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^The Matrix_ Path of Neo Registration.lnk]

path=c:\documents and settings\User\Start Menu\Programs\Startup\The Matrix_ Path of Neo Registration.lnk

backup=c:\windows\pss\The Matrix_ Path of Neo Registration.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amd_dc_opt]

2008-07-22 11:53 77824 -c--a-w- c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"d:\\IGRICE\\Valve\\hl.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\ECR Tool\\ECRSrvAPI.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\WINDOWS\\system32\\mmc.exe"=

"d:\\IGRICE\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=

"d:\\IGRICE\\Midway Home Entertainment\\Stranglehold\\Binaries\\Retail-Stranglehold.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Program Files\\Counter-Strike 1.6\\hl.exe"=

"c:\\WINDOWS\\system32\\rtcshare.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1006MC.EXE"=

"d:\\IGRICE\\Valve\\hltv.exe"=

"d:\\IGRICE\\Valve\\hlds.exe"=

"c:\\Program Files\\Garena\\Garena.exe"=

"d:\\IGRICE\\Warcraft III\\Warcraft III.exe"=

"d:\\IGRICE\\Warcraft III\\War3.exe"=

"d:\\IGRICE\\Farkle\\farkle.exe"=

"d:\\IGRICE\\EA GAMES\\MOHAA\\MOHAA.exe"=

"d:\\IGRICE\\Deep Silver\\Sacred 2 - Fallen Angel\\system\\s2gs.exe"=

"d:\\IGRICE\\Deep Silver\\Sacred 2 - Fallen Angel\\system\\sacred2.exe"=

"h:\\IGRICE\\2K Sports\\NBA 2K10\\nba2k10.exe"=

"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=

"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil_.exe"=

"h:\\IGRICE\\Encore\\Hoyle Card Games 2009\\Hoyle Card Games.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"h:\\IGRICE\\Sports Interactive\\Football Manager 2010\\fm.exe"=

"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

"h:\\IGRICE\\League of Legends\\Air\\LolClient.exe"=

"h:\\IGRICE\\League of Legends\\Game\\League of Legends.exe"=

"h:\\IGRICE\\Empire of Sports\\EmpireOfSports.exe"=

"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=

"h:\\IGRICE\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Game.exe"=

"h:\\IGRICE\\NeutronGames\\HC Trainingscamp\\HCTrainingscamp.exe"=

"h:\\IGRICE\\NeutronGames\\HC Trainingscamp\\updater\\Updater.exe"=

"h:\\IGRICE\\KONAMI\\Pro Evolution Soccer 2011\\pes2011.exe"=

"h:\\IGRICE\\2K Sports\\NBA 2K11\\nba2k11.exe"=

"h:\\IGRICE\\KONAMI\\Pro Evolution Soccer 2011\\JSL-2011.exe"=

"h:\\IGRICE\\Atari\\Test Drive Unlimited\\TestDriveUnlimited.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

"h:\\IGRICE\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=

"h:\\IGRICE\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=

"h:\\IGRICE\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=

"c:\program files\Security Task Manager\TaskMan.exe"= c:\program files\Security Task Manager\TaskMan.exe:192.168.111.200/255.255.255.255:Enabled:Security Task Manager

"h:\\IGRICE\\Yu Gi Oh PoC Joey the Passion\\Yu-Gi-Oh! Power of Chaos JOEY THE PASSION\\joey_pc.exe"=

"c:\\Documents and Settings\\User\\Application Data\\GameRanger\\GameRanger\\GameRanger.exe"=

"h:\\IGRICE\\KONAMI\\Pro Evolution Soccer 2012\\pes2012.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Steam\\Steam.exe"=

"h:\\IGRICE\\2K Sports\\NBA 2K12\\nba2k12.exe"=

"c:\\Program Files\\Winamp\\winamp.exe"=

"c:\\Program Files\\SopCast\\SopCast.exe"=

"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"12799:TCP"= 12799:TCP:BitTorrent port

"57220:TCP"= 57220:TCP:Pando Media Booster

"57220:UDP"= 57220:UDP:Pando Media Booster

"8394:TCP"= 8394:TCP:League of Legends Launcher

"8394:UDP"= 8394:UDP:League of Legends Launcher

"6994:TCP"= 6994:TCP:League of Legends Launcher

"6994:UDP"= 6994:UDP:League of Legends Launcher

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

.

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [30.12.2007 17:21 685816]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [18.2.2011 16:12 218688]

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [21.12.2010 15:04 115008]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [28.5.2008 10:33 9968]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [28.5.2008 10:33 74480]

R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [2.7.2011 4:38 18816]

R2 acedrv10;acedrv10;c:\windows\system32\drivers\ACEDRV10.sys [24.7.2007 9:45 328824]

R2 acehlp10;acehlp10;c:\windows\system32\drivers\acehlp10.sys [11.7.2007 10:20 201848]

R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [12.1.2011 16:41 810144]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [27.4.2011 0:52 652872]

R2 nxsIO32;NextSensor Kernel I/O Driver;c:\windows\system32\drivers\nxsIO32.sys [7.10.2007 5:23 2208]

R3 ham50;Intel V92 HaM Data Fax Voice;c:\windows\system32\drivers\IntelH51.sys [6.10.2007 2:09 454815]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [27.4.2011 0:52 20464]

R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [9.6.2009 0:13 47360]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]

S2 gupdate1ca146cd430540;ÓńëÓăŕ Google Update (gupdate1ca146cd430540);c:\program files\Google\Update\GoogleUpdate.exe [3.8.2009 20:56 133104]

S3 ALSysIO;ALSysIO;\??\c:\docume~1\User\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\User\LOCALS~1\Temp\ALSysIO.sys [?]

S3 amdtools;AMD Special Tools Driver;c:\windows\system32\DRIVERS\AmdTools.sys --> c:\windows\system32\DRIVERS\AmdTools.sys [?]

S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [14.5.2007 23:40 14336]

S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\User\LOCALS~1\Temp\YFH31BF.tmp --> c:\docume~1\User\LOCALS~1\Temp\YFH31BF.tmp [?]

S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena\safedrv.sys --> c:\program files\Garena\safedrv.sys [?]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3.8.2009 20:56 133104]

S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [19.5.2011 19:57 100480]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15.1.2010 14:49 227232]

S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\1151.tmp --> c:\windows\system32\1151.tmp [?]

S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [28.5.2008 10:33 7408]

S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [28.7.2011 16:08 18432]

S3 vsc32;Virtual Sound Canvas 3.2;c:\windows\system32\DRIVERS\vsc.sys --> c:\windows\system32\DRIVERS\vsc.sys [?]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]

S3 zlportio;zlportio;\??\d:\igrice\UltraStar Deluxe\zlportio.sys --> d:\igrice\UltraStar Deluxe\zlportio.sys [?]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [11.7.2008 2:28 47128]

S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [10.7.2008 3:49 242712]

S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [11.7.2008 2:28 369688]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2012-04-16 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-28 00:50]

.

2012-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-03 18:55]

.

2012-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-03 18:55]

.

2012-04-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-527237240-725345543-1003Core.job

- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-29 21:18]

.

2012-04-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-527237240-725345543-1003UA.job

- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-29 21:18]

.

2012-02-24 c:\windows\Tasks\photostageShakeIcon.job

- c:\program files\NCH Software\PhotoStage\photostage.exe [2012-02-18 00:39]

.

2012-04-16 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1275210071-527237240-725345543-1003.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 08:47]

.

2012-04-16 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1275210071-527237240-725345543-1003.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 08:47]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.rs/

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = local;*.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm

TCP: DhcpNameServer = 82.117.194.2 82.117.194.3

FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/cse?cx=partner-pub-9609672093949948%3A2pdkvfm6u5y&ie=ISO-8859-1&q=

FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/

FF - prefs.js: keyword.URL - hxxp://www.google.com/cse?cx=partner-pub-5528014799800033:cevktqnfrvl&ie=ISO-8859-1&q=

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

.

.

------- File Associations -------

.

.reg=Regedit.Document

.

- - - - ORPHANS REMOVED - - - -

.

Notify-WgaLogon - (no file)

MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe

MSConfigStartUp-UpdateReminder - c:\program files\Eset\UpdateReminder.exe

AddRemove-Adobe Flash Player ActiveX - c:\windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe

AddRemove-Falling In Between Screensaver - c:\program files\Toto

AddRemove-HijackThis - f:\arhiva stari kompjuter\A L A T I\hijackthis_199\HijackThis.exe

AddRemove-Macromedia Shockwave Player - c:\windows\system32\Macromed\SHOCKW~1\UNWISE.EXE

AddRemove-Napoleon_is1 - h:\igrice\Napoleon\unins000.exe

AddRemove-Pandora's Box 1.0 - c:\program files\Microsoft Games\Pandora's Box\setup

AddRemove-PRIMATRON - Multimedijalni kurs za Excel - c:\primatron\Multimedijalni kurs za Excel\Uklanjanje\Uklanjanje.exe

AddRemove-StyleXP - c:\program files\TGTSoft\StyleXP\StyleXP-uninstall.exe

AddRemove-Testovi Srpski - h:\testovi srpski\Uninstal.exe

AddRemove-vis_milk.dllWinamp - c:\program files\Winamp\uninst-vis_milk.dll.exe

AddRemove-{13C85860-61FD-4110-892F-1EF2A80F066B}_is1 - h:\zip password recovery\unins000.exe

AddRemove-{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk - c:\program files\Google\Google Talk\uninstall.exe

AddRemove-{6A1DC8D4-9FA4-43C3-00B3-5993B4BBE7D4} - h:\igrice\FIFA 2003 { Pc Game } Full version\EAUninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-04-16 21:27

Windows 5.1.2600 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]

"ImagePath"="\??\c:\docume~1\User\LOCALS~1\Temp\YFH31BF.tmp"

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]

"ImagePath"="\??\c:\windows\system32\1151.tmp"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1612)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

- - - - - - - > 'explorer.exe'(2084)

c:\program files\CyberLink\PowerDVD\deskband.dll

c:\program files\Free Desktop Clock\Clock.dll

c:\windows\system32\msi.dll

c:\windows\system32\WPDShServiceObj.dll

c:\program files\Microsoft Virtual PC\VPCShExH.DLL

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\windows\system32\browselc.dll

c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

c:\program files\Microsoft Office\OFFICE11\msohev.dll

c:\program files\Common Files\Ahead\Lib\NeroDigitalExt.dll

c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\acs.exe

c:\program files\Google\Update\1.3.21.111\GoogleCrashHandler.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE

c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\PnkBstrA.exe

c:\program files\Common Files\Protexis\License Service\PsiService_2.exe

c:\program files\CyberLink\Shared files\RichVideo.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe

c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe

c:\windows\RTHDCPL.EXE

c:\program files\IVT Corporation\BlueSoleil\BlueSoleil_.exe

c:\progra~1\Yahoo!\Messenger\ymsgr_tray.exe

.

**************************************************************************

.

Completion time: 2012-04-16 21:35:29 - machine was rebooted

ComboFix-quarantined-files.txt 2012-04-16 19:35

.

Pre-Run: 3.343.396.864 bytes free

Post-Run: 3.364.167.680 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

.

- - End Of File - - E2117EF37A3540C18D84C09832DC5F9E

Share this post


Link to post
Share on other sites

It seems I can reply from neighbor's pc, but not from mine (just the same cable -connection to internet).

I tried to open sites which I couldn't open before. No success.

I really don't know what's going on.

Is it possible that ComboFix did something so I can't leave here posts anymore?

Share this post


Link to post
Share on other sites

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Share this post


Link to post
Share on other sites

Ok. I will post here EsetOnlineScanners's log file.

Thank you very much.

Share this post


Link to post
Share on other sites

P.S. I succeed to post last reply by using my own PC. Strange :)

Share this post


Link to post
Share on other sites

Eset Scanner finished its job.

Here is log file:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=b152f9db6c0671488130b1b770d0fc60

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-04-17 02:40:30

# local_time=2012-04-17 04:40:30 (+0100, Central Europe Daylight Time)

# country="Serbia and Montenegro"

# lang=1033

# osver=5.1.2600 NT Service Pack 2

# compatibility_mode=8201 39157077 100 100 18280 39773356 0 0

# scanned=653505

# found=5

# cleaned=5

# scan_time=17522

# nod_component=V3 Build:0x30000000

C:\Documents and Settings\User\Desktop\Eset_Login_Viewer_v1.4\Eset Login Viewer v1.4.exe Win32/RiskWare.HackAV.FI application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Program Files\Ubisoft\Ubisoft Game Launcher\ubiorbitapi_r2.dll a variant of Win32/Packed.VMProtect.AAA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

D:\NEW DOWNLOADS 5\Portable Flash4D v5.1 Pro Edition\Portable Flash4D v5.1 Pro Edition\Flash4D v5 - Flash Intro Builder.exe probably a variant of Win32/Agent.LWMQUCE trojan (deleted - quarantined) 00000000000000000000000000000000 C

D:\VJ\VJ\Virtually Jenna v2.029.002.exe probably a variant of Win32/Agent.DLCXJGL trojan (deleted - quarantined) 00000000000000000000000000000000 C

H:\IGRICE\KONAMI\Pro Evolution Soccer 2012\rld.dll a variant of Win32/Packed.VMProtect.AAH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

PC is in same state - after restart I got the same warning from M.Anti-Malware, and I cannot get to same sites...

I couldn't post this bz mz PC, I again have problem to replz here...

Any ideas?

Thanks in advance :)

Share this post


Link to post
Share on other sites

Adittional info - I can ping those sites which I cannot reach by browsers.

I reinstalled mozilla, but no difference...

I have no idea what is blocking my surfing...

Share this post


Link to post
Share on other sites

One question... Do you think I could 'move' my PC to normal (previous) state by using restore points?

Funny thing is that it seems Eset (NOD32) deleted old restore points so I now have just 12, 13, 14 15 and 16th April available...

I have noticed that problem about 3 days ago, so...

Also, maybe Hijack This log will help....

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 8:09:04, on 17.4.2012

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\acs.exe

C:\Program Files\Google\Update\1.3.21.111\GoogleCrashHandler.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\TP-LINK\TWCU\TWCU.exe

C:\Program Files\ESET\ESET Smart Security\ekrn.exe

C:\Program Files\A4Tech\Mouse\Amoumain.exe

C:\program files\real\realplayer\update\realsched.exe

C:\Program Files\ESET\ESET Smart Security\egui.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\DAEMON Tools Lite\DTLite.exe

C:\Program Files\Free Desktop Clock\DesktopClock.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil_.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

C:\Program Files\CyberLink\Shared files\RichVideo.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

C:\Program Files\HostsMan\hm.exe

C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.rs/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local

R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TWCU] "C:\Program Files\TP-LINK\TWCU\TWCU.exe" -nogui

O4 - HKLM\..\Run: [hpbdfawep] C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe 1

O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\Run: [bonus.SSR.FR10] "C:\Program Files\ABBYY FineReader 10\Bonus.ScreenshotReader.exe" /autorun

O4 - HKLM\..\Run: [smart File Advisor] "C:\Program Files\Smart File Advisor\sfa.exe" /checkassoc

O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKCU\..\Run: [skinClock] C:\Program Files\Free Desktop Clock\DesktopClock.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\Steam.exe" -silent

O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe

O4 - Global Startup: McAfee Security Scan Plus.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://test.catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1315113466093

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://pcpitstop.com/antivirus/PitPav.cab

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

O23 - Service: TP-LINK Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe

O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: ÓńëÓăŕ Google Update (gupdate1ca146cd430540) (gupdate1ca146cd430540) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\WINDOWS\system32\HPZipm12.exe (file missing)

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--

End of file - 12351 bytes

Bye

Share this post


Link to post
Share on other sites
I reinstalled mozilla, but no difference...

Don't make any changes to your system without my instructions. I can't control the whole cleaning process when you don't let me.

Do you think I could 'move' my PC to normal (previous) state by using restore points?

This is not a complete solution - no.

Funny thing is that it seems Eset (NOD32) deleted old restore points so I now have just 12, 13, 14 15 and 16th April available...

There is nothing fun about it. Restore points were infected and NOD32 has prevented return to it.

Also, maybe Hijack This log will help....

Don't run anything without my instructions.

Do not cause problems with downloading pirated software.

C:\Documents and Settings\User\Desktop\Eset_Login_Viewer_v1.4\Eset Login Viewer v1.4.exe Win32/RiskWare.HackAV.FI application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

If you don't want to buy NOD32 antivirus software, there are enough free alternatives that are also very good option. If you want, let me know.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

Share this post


Link to post
Share on other sites

<p> </p>

<div>MiniToolBox by Farbar  Version: 18-01-2012</div>

<div>Ran by User (administrator) on 17-04-2012 at 17:45:29</div>

<div>Microsoft Windows XP Professional Service Pack 2 (X86)</div>

<div>Boot Mode: Normal</div>

<div>***************************************************************************</div>

<div> </div>

<div>========================= Flush DNS: ===================================</div>

<div> </div>

<div> </div>

<div>Windows IP Configuration</div>

<div> </div>

<div> </div>

<div> </div>

<div>Successfully flushed the DNS Resolver Cache.</div>

<div> </div>

<div> </div>

<div>========================= IE Proxy Settings: ============================== </div>

<div> </div>

<div>Proxy is not enabled.</div>

<div>No Proxy Server is set.</div>

<div> </div>

<div>"Reset IE Proxy Settings": IE Proxy Settings were reset.</div>

<div> </div>

<div>========================= FF Proxy Settings: ============================== </div>

<div> </div>

<div> </div>

<div>"Reset FF Proxy Settings": Firefox Proxy settings were reset.</div>

<div> </div>

<div>========================= Hosts content: =================================</div>

<div> </div>

<div>127.0.0.1       localhost</div>

<div> </div>

<div>========================= IP Configuration: ================================</div>

<div> </div>

<div>Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC = Local Area Connection (Connected)</div>

<div>Bluetooth PAN Network Adapter = Local Area Connection 2 (Media disconnected)</div>

<div> </div>

<div> </div>

<div># ---------------------------------- </div>

<div># Interface IP Configuration         </div>

<div># ---------------------------------- </div>

<div>pushd interface ip</div>

<div> </div>

<div> </div>

<div># Interface IP Configuration for "Local Area Connection 2"</div>

<div> </div>

<div>set address name="Local Area Connection 2" source=dhcp </div>

<div>set dns name="Local Area Connection 2" source=dhcp register=PRIMARY</div>

<div>set wins name="Local Area Connection 2" source=dhcp</div>

<div> </div>

<div># Interface IP Configuration for "Local Area Connection"</div>

<div> </div>

<div>set address name="Local Area Connection" source=dhcp </div>

<div>set dns name="Local Area Connection" source=dhcp register=PRIMARY</div>

<div>set wins name="Local Area Connection" source=dhcp</div>

<div> </div>

<div> </div>

<div>popd</div>

<div># End of interface IP configuration</div>

<div> </div>

<div> </div>

<div> </div>

<div> </div>

<div>Windows IP Configuration</div>

<div> </div>

<div> </div>

<div> </div>

<div>        Host Name . . . . . . . . . . . . : mobile</div>

<div> </div>

<div>        Primary Dns Suffix  . . . . . . . : </div>

<div> </div>

<div>        Node Type . . . . . . . . . . . . : Unknown</div>

<div> </div>

<div>        IP Routing Enabled. . . . . . . . : No</div>

<div> </div>

<div>        WINS Proxy Enabled. . . . . . . . : No</div>

<div> </div>

<div> </div>

<div> </div>

<div>Ethernet adapter Local Area Connection 2:</div>

<div> </div>

<div> </div>

<div> </div>

<div>        Media State . . . . . . . . . . . : Media disconnected</div>

<div> </div>

<div>        Description . . . . . . . . . . . : Bluetooth PAN Network Adapter</div>

<div> </div>

<div>        Physical Address. . . . . . . . . : 10-11-11-11-11-11</div>

<div> </div>

<div> </div>

<div> </div>

<div>Ethernet adapter Local Area Connection:</div>

<div> </div>

<div> </div>

<div> </div>

<div>        Connection-specific DNS Suffix  . : </div>

<div> </div>

<div>        Description . . . . . . . . . . . : Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC</div>

<div> </div>

<div>        Physical Address. . . . . . . . . : 00-19-DB-CB-D1-5B</div>

<div> </div>

<div>        Dhcp Enabled. . . . . . . . . . . : Yes</div>

<div> </div>

<div>        Autoconfiguration Enabled . . . . : Yes</div>

<div> </div>

<div>        IP Address. . . . . . . . . . . . : 192.168.2.150</div>

<div> </div>

<div>        Subnet Mask . . . . . . . . . . . : 255.255.255.0</div>

<div> </div>

<div>        Default Gateway . . . . . . . . . : 192.168.2.1</div>

<div> </div>

<div>        DHCP Server . . . . . . . . . . . : 192.168.2.1</div>

<div> </div>

<div>        DNS Servers . . . . . . . . . . . : 82.117.194.2</div>

<div> </div>

<div>                                            82.117.194.3</div>

<div> </div>

<div>        Lease Obtained. . . . . . . . . . : 17. ŕďđčë 2012 17:01:54</div>

<div> </div>

<div>        Lease Expires . . . . . . . . . . : 17. ŕďđčë 2012 19:01:54</div>

<div> </div>

<div>Server:  dns1.sbb.rs</div>

<div>Address:  82.117.194.2</div>

<div> </div>

<div>Name:    google.com</div>

<div>Addresses:  74.125.79.101, 74.125.79.102, 74.125.79.113, 74.125.79.138</div>

<div> 74.125.79.139, 74.125.79.100</div>

<div> </div>

<div> </div>

<div> </div>

<div>Pinging google.com [74.125.79.100] with 32 bytes of data:</div>

<div> </div>

<div> </div>

<div> </div>

<div>Reply from 74.125.79.100: bytes=32 time=49ms TTL=51</div>

<div> </div>

<div>Reply from 74.125.79.100: bytes=32 time=115ms TTL=51</div>

<div> </div>

<div> </div>

<div> </div>

<div>Ping statistics for 74.125.79.100:</div>

<div> </div>

<div>    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),</div>

<div> </div>

<div>Approximate round trip times in milli-seconds:</div>

<div> </div>

<div>    Minimum = 49ms, Maximum = 115ms, Average = 82ms</div>

<div> </div>

<div>Server:  dns1.sbb.rs</div>

<div>Address:  82.117.194.2</div>

<div> </div>

<div>Name:    yahoo.com</div>

<div>Addresses:  209.191.122.70, 72.30.38.140, 98.139.183.24</div>

<div> </div>

<div> </div>

<div> </div>

<div>Pinging yahoo.com [98.139.183.24] with 32 bytes of data:</div>

<div> </div>

<div> </div>

<div> </div>

<div>Reply from 98.139.183.24: bytes=32 time=695ms TTL=37</div>

<div> </div>

<div>Reply from 98.139.183.24: bytes=32 time=656ms TTL=37</div>

<div> </div>

<div> </div>

<div> </div>

<div>Ping statistics for 98.139.183.24:</div>

<div> </div>

<div>    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),</div>

<div> </div>

<div>Approximate round trip times in milli-seconds:</div>

<div> </div>

<div>    Minimum = 656ms, Maximum = 695ms, Average = 675ms</div>

<div> </div>

<div>Server:  dns1.sbb.rs</div>

<div>Address:  82.117.194.2</div>

<div> </div>

<div>Name:    bleepingcomputer.com</div>

<div>Address:  208.43.87.2</div>

<div> </div>

<div> </div>

<div> </div>

<div>Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:</div>

<div> </div>

<div> </div>

<div> </div>

<div>Request timed out.</div>

<div> </div>

<div>Request timed out.</div>

<div> </div>

<div> </div>

<div> </div>

<div>Ping statistics for 208.43.87.2:</div>

<div> </div>

<div>    Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),</div>

<div> </div>

<div> </div>

<div> </div>

<div>Pinging 127.0.0.1 with 32 bytes of data:</div>

<div> </div>

<div> </div>

<div> </div>

<div>Reply from 127.0.0.1: bytes=32 time<1ms TTL=128</div>

<div> </div>

<div>Reply from 127.0.0.1: bytes=32 time<1ms TTL=128</div>

<div> </div>

<div> </div>

<div> </div>

<div>Ping statistics for 127.0.0.1:</div>

<div> </div>

<div>    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),</div>

<div> </div>

<div>Approximate round trip times in milli-seconds:</div>

<div> </div>

<div>    Minimum = 0ms, Maximum = 0ms, Average = 0ms</div>

<div> </div>

<div>===========================================================================</div>

<div>Interface List</div>

<div>0x1 ........................... MS TCP Loopback interface</div>

<div>0x3 ...10 11 11 11 11 11 ...... Bluetooth PAN Network Adapter - Packet Scheduler Miniport</div>

<div>0x20002 ...00 19 db cb d1 5b ...... Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC - Packet Scheduler Miniport</div>

<div>===========================================================================</div>

<div>===========================================================================</div>

<div>Active Routes:</div>

<div>Network Destination        Netmask          Gateway       Interface  Metric</div>

<div>          0.0.0.0          0.0.0.0      192.168.2.1   192.168.2.150<span class="Apple-tab-span" style="white-space:pre"> </span>  20</div>

<div>        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1<span class="Apple-tab-span" style="white-space:pre"> </span>  1</div>

<div>      169.254.0.0      255.255.0.0    192.168.2.150   192.168.2.150<span class="Apple-tab-span" style="white-space:pre"> </span>  30</div>

<div>      192.168.2.0    255.255.255.0    192.168.2.150   192.168.2.150<span class="Apple-tab-span" style="white-space:pre"> </span>  20</div>

<div>    192.168.2.150  255.255.255.255        127.0.0.1       127.0.0.1<span class="Apple-tab-span" style="white-space:pre"> </span>  20</div>

<div>    192.168.2.255  255.255.255.255    192.168.2.150   192.168.2.150<span class="Apple-tab-span" style="white-space:pre"> </span>  20</div>

<div>        224.0.0.0        240.0.0.0    192.168.2.150   192.168.2.150<span class="Apple-tab-span" style="white-space:pre"> </span>  20</div>

<div>  255.255.255.255  255.255.255.255    192.168.2.150   192.168.2.150<span class="Apple-tab-span" style="white-space:pre"> </span>  1</div>

<div>  255.255.255.255  255.255.255.255    192.168.2.150               3<span class="Apple-tab-span" style="white-space:pre"> </span>  1</div>

<div>Default Gateway:       192.168.2.1</div>

<div>===========================================================================</div>

<div>Persistent Routes:</div>

<div>  None</div>

<div>========================= Winsock entries =====================================</div>

<div> </div>

<div>Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)</div>

<div>Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)</div>

<div>Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)</div>

<div>Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.)</div>

<div>Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)</div>

<div>Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)</div>

<div>Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)</div>

<div>Catalog9 04 C:\Windows\system32\rsvpsp.dll [90112] (Microsoft Corporation)</div>

<div>Catalog9 05 C:\Windows\system32\rsvpsp.dll [90112] (Microsoft Corporation)</div>

<div>Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)</div>

<div>Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)</div>

<div>Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)</div>

<div>Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)</div>

<div>Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)</div>

<div>Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)</div>

<div>Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)</div>

<div>Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)</div>

<div>Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)</div>

<div>Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)</div>

<div>Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)</div>

<div>Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)</div>

<div>Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)</div>

<div>Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)</div>

<div>Catalog9 20 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)</div>

<div> </div>

<div>========================= Event log errors: ===============================</div>

<div> </div>

<div>Application errors:</div>

<div>==================</div>

<div>Error: (04/17/2012 04:53:58 PM) (Source: MsiInstaller) (User: User)User</div>

<div>Description: Product: ABBYY FineReader 10 Corporate Edition -- ABBYY Licensing Service is unavailable: The RPC server is unavailable.</div>

<div> </div>

<div>Error: (04/15/2012 00:35:56 PM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM</div>

<div>Description: Product: dj_sf_ProductContext -- Error 1719. The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance.</div>

<div> </div>

<div>Error: (04/14/2012 04:00:19 PM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM</div>

<div>Description: Product: dj_sf_ProductContext -- Error 1719. The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance.</div>

<div> </div>

<div>Error: (04/14/2012 01:32:26 PM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM</div>

<div>Description: Product: dj_sf_ProductContext -- Error 1719. The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance.</div>

<div> </div>

<div>Error: (04/14/2012 07:33:09 AM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM</div>

<div>Description: Product: dj_sf_ProductContext -- Error 1719. The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance.</div>

<div> </div>

<div>Error: (04/14/2012 05:43:10 AM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM</div>

<div>Description: Product: dj_sf_ProductContext -- Error 1719. The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance.</div>

<div> </div>

<div>Error: (04/13/2012 00:24:18 PM) (Source: Lavasoft Ad-Aware Service) (User: )</div>

<div>Description: Only one instance of service process is allowed.</div>

<div> </div>

<div>Error: (04/12/2012 04:38:29 PM) (Source: crypt32) (User: )</div>

<div>Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.</div>

<div> </div>

<div>Error: (04/11/2012 05:42:04 AM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM</div>

<div>Description: Product: dj_sf_ProductContext -- Error 1719. The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance.</div>

<div> </div>

<div> </div>

<div>System errors:</div>

<div>=============</div>

<div>Error: (04/17/2012 04:27:18 PM) (Source: Service Control Manager) (User: )</div>

<div>Description: The following boot-start or system-start driver(s) failed to load: </div>

<div>Lbd</div>

<div> </div>

<div>Error: (04/17/2012 01:46:58 PM) (Source: Service Control Manager) (User: )</div>

<div>Description: The following boot-start or system-start driver(s) failed to load: </div>

<div>Lbd</div>

<div> </div>

<div>Error: (04/17/2012 01:46:56 PM) (Source: Service Control Manager) (User: )</div>

<div>Description: The NVIDIA Display Driver Service service failed to start due to the following error: </div>

<div>%%1053</div>

<div> </div>

<div>Error: (04/17/2012 01:46:56 PM) (Source: Service Control Manager) (User: )</div>

<div>Description: Timeout (30000 milliseconds) waiting for the NVIDIA Display Driver Service service to connect.</div>

<div> </div>

<div>Error: (04/17/2012 05:24:58 AM) (Source: 0) (User: )</div>

<div>Description: 192.168.2.1504C:80:93:5E:86:39</div>

<div> </div>

<div>Error: (04/17/2012 05:24:58 AM) (Source: 0) (User: )</div>

<div>Description: 192.168.2.1504C:80:93:5E:86:39</div>

<div> </div>

<div>Error: (04/17/2012 05:24:58 AM) (Source: 0) (User: )</div>

<div>Description: 192.168.2.1504C:80:93:5E:86:39</div>

<div> </div>

<div>Error: (04/17/2012 05:24:58 AM) (Source: 0) (User: )</div>

<div>Description: 192.168.2.1504C:80:93:5E:86:39</div>

<div> </div>

<div>Error: (04/17/2012 04:53:00 AM) (Source: Service Control Manager) (User: )</div>

<div>Description: The following boot-start or system-start driver(s) failed to load: </div>

<div>Lbd</div>

<div> </div>

<div>Error: (04/16/2012 10:00:59 PM) (Source: Service Control Manager) (User: )</div>

<div>Description: The following boot-start or system-start driver(s) failed to load: </div>

<div>Lbd</div>

<div> </div>

<div> </div>

<div>Microsoft Office Sessions:</div>

<div>=========================</div>

<div>Error: (04/17/2012 04:53:58 PM) (Source: MsiInstaller)(User: User)User</div>

<div>Description: Product: ABBYY FineReader 10 Corporate Edition -- ABBYY Licensing Service is unavailable: The RPC server is unavailable.</div>

<div>(NULL)(NULL)(NULL)(NULL)</div>

<div> </div>

<div>Error: (04/15/2012 00:35:56 PM) (Source: MsiInstaller)(User: SYSTEM)SYSTEM</div>

<div>Description: Product: dj_sf_ProductContext -- Error 1719. The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance.(NULL)(NULL)(NULL)(NULL)</div>

<div> </div>

<div>Error: (04/14/2012 04:00:19 PM) (Source: MsiInstaller)(User: SYSTEM)SYSTEM</div>

<div>Description: Product: dj_sf_ProductContext -- Error 1719. The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance.(NULL)(NULL)(NULL)(NULL)</div>

<div> </div>

<div>Error: (04/14/2012 01:32:26 PM) (Source: MsiInstaller)(User: SYSTEM)SYSTEM</div>

<div>Description: Product: dj_sf_ProductContext -- Error 1719. The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance.(NULL)(NULL)(NULL)(NULL)</div>

<div> </div>

<div>Error: (04/14/2012 07:33:09 AM) (Source: MsiInstaller)(User: SYSTEM)SYSTEM</div>

<div>Description: Product: dj_sf_ProductContext -- Error 1719. The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance.(NULL)(NULL)(NULL)(NULL)</div>

<div> </div>

<div>Error: (04/14/2012 05:43:10 AM) (Source: MsiInstaller)(User: SYSTEM)SYSTEM</div>

<div>Description: Product: dj_sf_ProductContext -- Error 1719. The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance.(NULL)(NULL)(NULL)(NULL)</div>

<div> </div>

<div>Error: (04/13/2012 00:24:18 PM) (Source: Lavasoft Ad-Aware Service)(User: )</div>

<div>Description: Only one instance of service process is allowed.</div>

<div> </div>

<div>Error: (04/12/2012 04:38:29 PM) (Source: crypt32)(User: )</div>

<div>Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis operation returned because the timeout period expired.</div>

<div> </div>

<div>Error: (04/11/2012 05:42:04 AM) (Source: MsiInstaller)(User: SYSTEM)SYSTEM</div>

<div>Description: Product: dj_sf_ProductContext -- Error 1719. The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance.(NULL)(NULL)(NULL)(NULL)</div>

<div> </div>

<div> </div>

<div>=========================== Installed Programs ============================</div>

<div> </div>

<div>100% Free Rummy 7.30 (Version: 7.30)</div>

<div>18 WoS Extreme Trucker 2 (v.1.0) (Version: 1.0)</div>

<div>1st Free Solitaire 1.7.1 (Version: 1.7.1)</div>

<div>3D Flash Animator 4.9.8.7</div>

<div>3D Live Pool</div>

<div>7-Zip 4.65</div>

<div>7art Antic Clock ©  7art-screensavers.com (Version: 3.1)</div>

<div>Abdio PDF Editor v7.1 (Corporation License) (Version: Abdio PDF Editor)</div>

<div>AC3Filter (remove only)</div>

<div>ACDSee 9 Photo Manager (Version: 9.0.55)</div>

<div>Acoustica CD/DVD Label Maker</div>

<div>Add or Remove Adobe Creative Suite 3 Design Premium (Version: 1.0)</div>

<div>Adobe Anchor Service CS3 (Version: 1.0)</div>

<div>Adobe Asset Services CS3 (Version: 3)</div>

<div>Adobe Bridge 1.0 (Version: 001.000.004)</div>

<div>Adobe Bridge CS3 (Version: 2)</div>

<div>Adobe Bridge Start Meeting (Version: 1.0)</div>

<div>Adobe BridgeTalk Plugin CS3 (Version: 1.0)</div>

<div>Adobe Camera Raw 4.0 (Version: 4.0)</div>

<div>Adobe CMaps (Version: 1.0)</div>

<div>Adobe Color - Photoshop Specific (Version: 1.0)</div>

<div>Adobe Color Common Settings (Version: 1.0.1)</div>

<div>Adobe Color EU Extra Settings (Version: 1.0)</div>

<div>Adobe Color JA Extra Settings (Version: 1.0)</div>

<div>Adobe Color NA Recommended Settings (Version: 1.0)</div>

<div>Adobe Common File Installer (Version: 1.00.0000)</div>

<div>Adobe Default Language CS3 (Version: 1.0)</div>

<div>Adobe Device Central CS3 (Version: 1.0)</div>

<div>Adobe ExtendScript Toolkit 2 (Version: 2.0.2)</div>

<div>Adobe Extension Manager CS3 (Version: 1.8)</div>

<div>Adobe Flash CS3</div>

<div>Adobe Flash CS3 (Version: 9.0)</div>

<div>Adobe Flash Player 10 Plugin (Version: 10.3.183.10)</div>

<div>Adobe Flash Player 9 ActiveX (Version: 9.0.45.0)</div>

<div>Adobe Fonts All (Version: 1.0)</div>

<div>Adobe Help Center 1.0 (Version: 001.000.000)</div>

<div>Adobe Help Viewer CS3 (Version: 1)</div>

<div>Adobe InDesign CS3 Icon Handler (Version: 5.0)</div>

<div>Adobe Linguistics CS3 (Version: 3.0.0)</div>

<div>Adobe MotionPicture Color Files (Version: 1.0)</div>

<div>Adobe PDF Library Files (Version: 8.0)</div>

<div>Adobe Photoshop CS2 (Version: 9.0)</div>

<div>Adobe Reader 8.3.1 (Version: 8.3.1)</div>

<div>Adobe Setup (Version: 1.0)</div>

<div>Adobe Shockwave Player 11.6 (Version: 11.6.3.633)</div>

<div>Adobe SING CS3 (Version: 0.1)</div>

<div>Adobe Stock Photos 1.0 (Version: 001.000.000)</div>

<div>Adobe Stock Photos CS3 (Version: 1.5)</div>

<div>Adobe Type Support (Version: 1.0)</div>

<div>Adobe Update Manager CS3 (Version: 5.1.0)</div>

<div>Adobe Version Cue CS3 Client (Version: 3)</div>

<div>Adobe WAS CS3 (Version: 1.0)</div>

<div>Adobe WinSoft Linguistics Plugin (Version: 1.0)</div>

<div>Adobe XMP Panels CS3 (Version: 1.0)</div>

<div>Adorable Pets #6 Animated Wallpaper (Version: 1.0.0)</div>

<div>AHV content for Acrobat and Flash (Version: 1)</div>

<div>Air Conflicts</div>

<div>Air Guard Full</div>

<div>AKVIS Chameleon (Version: 6.0)</div>

<div>AKVIS Coloriage (Version: 7.5.906.6958)</div>

<div>AKVIS Retoucher (Version: 3.5)</div>

<div>Al´s Home</div>

<div>AllToAVI v4 r5394 (Version: v4 r5394)</div>

<div>Alpha Prime DEMO (Version: 0.01.000)</div>

<div>AMR to MP3 Converter 1.4</div>

<div>Amsterdam Street Racer 1.0 (Version: 1.0)</div>

<div>Angry Birds Space (Version: 1.0.0)</div>

<div>Animated Tropical Beaches</div>

<div>Animated Wallpaper - Space Journey 3D (Version: 1.30)</div>

<div>AniTuner 1.1 (Version: 1.1.0.0)</div>

<div>Antenna Magus (Evaluation) (Version: 3.2.1)</div>

<div>Anvil Studio 2011 (Version: 11.07.11)</div>

<div>AnyTV Free 2.14</div>

<div>Apple Software Update (Version: 2.1.1.116)</div>

<div>Are You Smarter Than A 5th Grader? - Make The Grade (Version: 1.00.0000)</div>

<div>ArtRage (Version: 3)</div>

<div>Astro Gemini Screensaver Manager 2.0</div>

<div>Attack on Pearl Harbor</div>

<div>Audacity 1.3.13 (Unicode)</div>

<div>Avi To MPEG Scout (Version: 1.00)</div>

<div>Aztec Bricks (Version: 1.0)</div>

<div>Back To The Future 1 Screen Saver</div>

<div>Back to the Future The Game - Episode 2 (Version: 1.0.0.0)</div>

<div>BackgammonMasters Client</div>

<div>Banner Maker Pro Version 7</div>

<div>Basic Card Set Pack 12.3 (Version: 12.3.0)</div>

<div>Battle for the Pacific (Version: 1.0.4)</div>

<div>BattleFleet:PACIFIC WAR</div>

<div>Beowulf TM (Version: 1.00)</div>

<div>BFE1 (Version: RePack)</div>

<div>BHODemon 1.0</div>

<div>Bluesoleil2.6.0.8 Release 070517 (Version: 2.6.0.8 Release 070517)</div>

<div>Boxing Manager</div>

<div>Bridge Builder</div>

<div>Bridge Building Game</div>

<div>BS.Player PRO (Version: 2.57.1049)</div>

<div>BufferChm (Version: 90.0.146.000)</div>

<div>CalendarPainter</div>

<div>Call of Duty® 2 (Version: 1.00.0000)</div>

<div>CCleaner (remove only)</div>

<div>CDCheck (remove only)</div>

<div>Champions Online</div>

<div>ChaosPro 3.3 (Version: 3.3 (Build 215))</div>

<div>CheMax 9.2 (Version: 9.2)</div>

<div>Chess Commander 1.24 (Version: 1.24)</div>

<div>Chess3D 2.6</div>

<div>Chessmaster 10th Edition (Version: 1.0.0)</div>

<div>Chessmaster Challenge</div>

<div>Cheveree V2.1</div>

<div>Chinese Simplified Fonts Support For Adobe Reader 8 (Version: 8.0.0)</div>

<div>CinemaForge</div>

<div>City Bus Simulator 2010 - New York (Version: 1.3)</div>

<div>CLUE Classic (Version: 1.0.0.0)</div>

<div>Comical 0.8</div>

<div>Command & Conquer Generals (Version: 0.50.0000)</div>

<div>Command and ConquerTM Generals Zero Hour (Version: 1.00.0000)</div>

<div>Commandos Strike Force (Version: 1.00.0000)</div>

<div>Common (Version: 14.0.0.342)</div>

<div>Compatibility Pack for the 2007 Office system (Version: 12.0.6514.5001)</div>

<div>Contents (Version: 14.0.0.342)</div>

<div>Contrast PlanPlus 2003</div>

<div>Contrast PlanPlus MMI</div>

<div>Convert DOC to PDF For Word 2.00</div>

<div>ConvertXtoDVD 3.0.0.7 (Version: 3.0.0.7)</div>

<div>Corel VideoStudio Pro X4 (Version: 14.0.0.342)</div>

<div>CorelDRAW Graphics Suite 12 (Version: 12.0.0.458)</div>

<div>Cortona® VRML Client (Version: 5.1.0.167)</div>

<div>Counter-Strike 1.6 (Version: 1.6)</div>

<div>Crazy Machines II (Version: 1.03)</div>

<div>Crysis WARHEAD®</div>

<div>Crysis WARHEAD® (Version: 1.0)</div>

<div>CursorXP</div>

<div>CustomerResearchQFolder (Version: 1.00.0000)</div>

<div>CZ-Pdf2Txt Simple for acrobat reader V1.1 Demo</div>

<div>DAEMON Tools Lite (Version: 4.40.2.0131)</div>

<div>Deep In Space Screensaver 1.0</div>

<div>DemonLisher</div>

<div>DeviceDiscovery (Version: 90.0.146.000)</div>

<div>DeviceIO (Version: 14.0.0.342)</div>

<div>DeviceManagementQFolder (Version: 1.00.0000)</div>

<div>Devil May Cry 3 Special Edition (Version: 1.00.000)</div>

<div>dj_sf_software (Version: 90.0.200.000)</div>

<div>dj_sf_software_req (Version: 90.0.200.000)</div>

<div>DkZ Studio</div>

<div>DMS DJ Promixer Full (Version: 1.0)</div>

<div>DOSShell 1.5 (Version: 1.5)</div>

<div>Dragon UnPACKer 5 (Version: 5.6.0 Exedra)</div>

<div>Draw Poker Gold Edition</div>

<div>Dual-Core Optimizer (Version: 1.1.4.0169)</div>

<div>Dungeon Rider (Version: 1.1)</div>

<div>DVD Catalyst 4.0.2 (Version: 4.0.2)</div>

<div>DVD Shrink 3.2</div>

<div>DXtris 1.5</div>

<div>E.M. Magic Swf2Avi V6.80</div>

<div>EA Download Manager (Version: 4.0.0.462)</div>

<div>EA SPORTS online 2007</div>

<div>Easy CD and DVD Cover Creator 4.13 (Version: 4.13)</div>

<div>EAX Unified</div>

<div>ECR Tool 1.15</div>

<div>El Dorado Quest</div>

<div>Empire of Sports</div>

<div>Enchanted Forest</div>

<div>ESET Online Scanner v3</div>

<div>ESET Smart Security (Version: 4.2.71.2)</div>

<div>eSupportQFolder (Version: 1.00.0000)</div>

<div>Eurobattle.net (Version: 1.26)</div>

<div>Evil days of Luckless John</div>

<div>Far Cry 2 (Version: 1.00.00)</div>

<div>Farkle 3.0.8.7</div>

<div>Farming-Simulator 2009</div>

<div>Fashion Cents 1.6.2 (Version: 1.60.2000)</div>

<div>FIFA 09 (Version: 1.0.1.1)</div>

<div>FIFA 10 (Version: 1.0.0.0)</div>

<div>File Splitter and Joiner (FFSJ v3.3)</div>

<div>FingerPower! Vol. 1</div>

<div>Fishdom 2 - Premium Edition (Version: 1.0.2905)</div>

<div>Flac Ripper 4.0.1</div>

<div>FlatOut2 (Version: 1.00.0000)</div>

<div>FLV Player 1.3.3</div>

<div>Football Manager 2010 (Version: 10.0.0.0)</div>

<div>Ford Racing 3</div>

<div>Fraps</div>

<div>Free Desktop Clock</div>

<div>Free Natural Text to Speech Reader 2008 (Version: 7.0)</div>

<div>Free PDF to Word Doc Converter v1.1 (Version: 1.1)</div>

<div>Free Video Joiner 1.0</div>

<div>Free&Easy Font Viewer 1.2</div>

<div>Freemake Video Converter version 1.3.0</div>

<div>FreshDiagnose</div>

<div>GameRanger</div>

<div>GameShadow (Version: 2.00.0000)</div>

<div>GameSpy Arcade</div>

<div>Garena (Version: 3.2)</div>

<div>Gish Demo 1.52</div>

<div>GNU Backgammon (MAIN branch, 20111003 code)</div>

<div>Google Chrome (Version: 9.0.597.98)</div>

<div>Google Earth (Version: 6.1.0.5001)</div>

<div>Google SketchUp 7 (Version: 2.0.10247)</div>

<div>Google Update Helper (Version: 1.3.21.111)</div>

<div>Google Updater (Version: 2.4.1536.6592)</div>

<div>Governor of Poker (Version: 1.0)</div>

<div>gPhotoShow v1.6.3</div>

<div>Grammatica</div>

<div>Grand Master Chess OnLine</div>

<div>Grand Theft Auto Vice City (Version: 1.00.000)</div>

<div>GTA San Andreas (Version: 1.00.00001)</div>

<div>GTAIII</div>

<div>Guitar Hero III (Version: 1.00.0000)</div>

<div>Guitar Pro 5.2</div>

<div>GUN (Version: 1.00.0000)</div>

<div>Handball-Simulator: European Tournament 2010</div>

<div>Handball Challenge Trainingscamp</div>

<div>Handball Manager 2.0.1  (Version: 2.0.1)</div>

<div>Harry Potter and the Half-Blood Prince™ (Version: 1.0.0.0)</div>

<div>Helldorado</div>

<div>Heroes of Newerth (Version: 2.0.33)</div>

<div>Hidden Expedition - Titanic (Version: 1.0.0)</div>

<div>HijackThis 2.0.2 (Version: 2.0.2)</div>

<div>Hornil StylePix (Version: 1.6.9.2355)</div>

<div>HostsMan 3.2.73 (Version: 3.2.73)</div>

<div>Hoyle Board Games 2005 (Version: 1.0.0.0)</div>

<div>Hoyle Card Games</div>

<div>HP Customer Participation Program 9.0 (Version: 9.0)</div>

<div>HP Deskjet Printer Driver Software 9.0 (Version: 9.0)</div>

<div>HP Imaging Device Functions 9.0 (Version: 9.0)</div>

<div>HP LaserJet P1000 series</div>

<div>HP Photosmart Essential 2.01 (Version: 2.01)</div>

<div>HP Photosmart Essential2.01 (Version: 1.01.0000)</div>

<div>HP Smart Web Printing (Version: 2.15.7.0)</div>

<div>HP Solution Center 9.0 (Version: 9.0)</div>

<div>HP Update (Version: 4.000.006.002)</div>

<div>HPCarePackCore (Version: 10.0.0.1)</div>

<div>HPCarePackProducts (Version: 1.0.0.1)</div>

<div>hppMSRedist (Version: 1.00.0000)</div>

<div>HPProductAssistant (Version: 90.0.146.000)</div>

<div>hppusgP1000 (Version: 000.000.00003)</div>

<div>HPSSupply (Version: 2.2.0.0000)</div>

<div>Hunting Unlimited 2009 1.0 (Version: 1.0)</div>

<div>ICA (Version: 14.0.0.342)</div>

<div>Icon Restore 1.0</div>

<div>IconArt (Version: 1.4)</div>

<div>Ignite</div>

<div>IL-2 Sturmovik: Forgotten Battles (Version: 1.00.0000)</div>

<div>Inside The Beast (Version: 1.0.0)</div>

<div>InstantStorm 1.5 (Version: 1.5.3)</div>

<div>Intelore - Millions of Light Years v1.6 (remove only)</div>

<div>International Volleyball 2010</div>

<div>Internet Jamb 2006</div>

<div>IPM_VS_Pro (Version: 13.0)</div>

<div>Ipref 2.59</div>

<div>IrfanView (remove only)</div>

<div>ISCOM (Version: 14.0.0.342)</div>

<div>IsoBuster 2.8.5 (Version: 2.8.5)</div>

<div>Java 6 Update 14 (Version: 6.0.140)</div>

<div>JDownloader (Version: 0.89)</div>

<div>jetAudio (Version: 6.1)</div>

<div>John Deere Drive Green (Version: 1.00.0000)</div>

<div>K-Lite Codec Pack 2.82 Standard (Version: 2.82)</div>

<div>KGB Archiver 2 (Version: 2.0.2)</div>

<div>Knights Of Honor (Version: 1.00)</div>

<div>Kudos Rock Legend</div>

<div>Kung Fu Panda (Version: 1.00.0000)</div>

<div>LAME v3.98.3 for Audacity</div>

<div>League of Legends</div>

<div>Little Fighter 2 1.9c (Version: 1.9c)</div>

<div>LockHunter version 1.0 beta 3, 32 bit edition</div>

<div>LOTR The Return of the King tm</div>

<div>Madden NFL 08</div>

<div>Mafia Game</div>

<div>Mail Commander Deluxe 10.6</div>

<div>MailWasher Pro</div>

<div>Majestic Chess (Version: 1.01.0003)</div>

<div>Malwarebytes Anti-Malware version 1.60.0.1800 (Version: 1.60.0.1800)</div>

<div>Mario Forever 4.0 (Version: 4.0)</div>

<div>MarketResearch (Version: 90.0.146.000)</div>

<div>Mastermind Version 1.01</div>

<div>Max Payne 2 (Version: 1.0.97)</div>

<div>McAfee Security Scan Plus (Version: 2.0.181.2)</div>

<div>Medal of Honor Allied Assault</div>

<div>MediaCoder 0.6.0 (Version: 0.6.0)</div>

<div>MediaJoin</div>

<div>MediaJoin (Version: 2.0)</div>

<div>MeggieSoft Games Rummy 500 (Version: Version 16.4)</div>

<div>Metal Slug Complete PC 1.0 (Version: 1.0)</div>

<div>Microsoft .NET Framework 1.1 (Version: 1.1.4322)</div>

<div>Microsoft .NET Framework 1.1 Security Update (KB979906)</div>

<div>Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)</div>

<div>Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)</div>

<div>Microsoft .NET Framework 3.5 SP1</div>

<div>Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)</div>

<div>Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)</div>

<div>Microsoft .NET Framework 4 Extended (Version: 4.0.30319)</div>

<div>Microsoft Application Error Reporting (Version: 12.0.6012.5000)</div>

<div>Microsoft Game Studios Common Redistributables Pack 1 (Version: 1.0.0)</div>

<div>Microsoft Games for Windows - LIVE (Version: 3.0.86.0)</div>

<div>Microsoft Games for Windows - LIVE Redistributable (Version: 3.0.17.0)</div>

<div>Microsoft Kernel-Mode Driver Framework Feature Pack 1.9</div>

<div>Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)</div>

<div>Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)</div>

<div>Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014)</div>

<div>Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)</div>

<div>Microsoft Office Visual Web Developer 2007 (Version: 12.0.4518.1066)</div>

<div>Microsoft Office Visual Web Developer MUI (English) 2007 (Version: 12.0.4518.1066)</div>

<div>Microsoft Reader</div>

<div>Microsoft Reader Text-to-Speech for English (Version: 01.00.0000)</div>

<div>Microsoft Silverlight (Version: 2.0.40115.0)</div>

<div>Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)</div>

<div>Microsoft SQL Server 2008</div>

<div>Microsoft SQL Server 2008 Browser (Version: 10.0.1600.22)</div>

<div>Microsoft SQL Server 2008 Common Files (Version: 10.0.1600.22)</div>

<div>Microsoft SQL Server 2008 Database Engine Services (Version: 10.0.1600.22)</div>

<div>Microsoft SQL Server 2008 Database Engine Shared (Version: 10.0.1600.22)</div>

<div>Microsoft SQL Server 2008 Management Objects (Version: 10.0.1600.22)</div>

<div>Microsoft SQL Server 2008 Native Client (Version: 10.0.1600.22)</div>

<div>Microsoft SQL Server 2008 RsFx Driver (Version: 10.0.1600.22)</div>

<div>Microsoft SQL Server 2008 Setup Support Files (English) (Version: 10.0.1600.22)</div>

<div>Microsoft SQL Server Compact 3.5 SP1 Design Tools English (Version: 3.5.5692.0)</div>

<div>Microsoft SQL Server Compact 3.5 SP1 English (Version: 3.5.5692.0)</div>

<div>Microsoft SQL Server Database Publishing Wizard 1.3 (Version: 10.0.1600.22)</div>

<div>Microsoft SQL Server VSS Writer (Version: 10.0.1600.22)</div>

<div>Microsoft User-Mode Driver Framework Feature Pack 1.0</div>

<div>Microsoft Virtual PC 2007 SP1 (Version: 6.0.192.0)</div>

<div>Microsoft Visual C# 2008 Express Edition with SP1 - ENU</div>

<div>Microsoft Visual C# 2008 Express Edition with SP1 - ENU (Version: 9.0.30729)</div>

<div>Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)</div>

<div>Microsoft Visual C++ 2005 Redistributable - KB2467175 (Version: 8.0.51011)</div>

<div>Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)</div>

<div>Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)</div>

<div>Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)</div>

<div>Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)</div>

<div>Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)</div>

<div>Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)</div>

<div>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)</div>

<div>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)</div>

<div>Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (Version: 10.0.30319)</div>

<div>Microsoft Visual Studio Web Authoring Component (Version: 12.0.4518.1066)</div>

<div>Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU</div>

<div>Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (Version: 9.0.30729)</div>

<div>Microsoft Web Publishing Wizard 1.52</div>

<div>Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu (Version: 3.5.30729)</div>

<div>Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Web - enu (Version: 3.5.30729)</div>

<div>Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32 (Version: 6.1.5295.17011)</div>

<div>Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)</div>

<div>Microsoft XML Parser (Version: 8.20.8730.4)</div>

<div>Mini Ninjas Demo 1.0 (Version: 1.0)</div>

<div>MIT MathML Fonts 1.0 (Version: 1.0.0)</div>

<div>MKV Converter Studio V2.0.1 (Version: 2.0.1)</div>

<div>MKV TO AVI CONVERTER version 3.2</div>

<div>MKVtoolnix 2.9.0 (Version: 2.9.0)</div>

<div>MMANA-GAL_Basic version 3 (Version: 3)</div>

<div>Monopoly</div>

<div>Mortimer Beckett And The Secrets Of Spooky Manor (Version: 1.0.0)</div>

<div>Mount&Blade</div>

<div>Mount&Blade Warband</div>

<div>Mount&Blade With Fire and Sword</div>

<div>MovieSpot 0.7</div>

<div>Mozilla Firefox 11.0 (x86 en-US) (Version: 11.0)</div>

<div>Mp3tag v2.46a (Version: v2.46a)</div>

<div>MrvlUsgTracking (Version: 1.0.0)</div>

<div>MSVC80_x86_v2 (Version: 1.0.3.0)</div>

<div>MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)</div>

<div>MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)</div>

<div>MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)</div>

<div>MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)</div>

<div>MSXML 6 Service Pack 2 (KB973686) (Version: 6.20.2003.0)</div>

<div>MSXML4 Parser (Version: 1.0.0)</div>

<div>Mystery Case Files - Ravenhearst</div>

<div>Mystery Case Files Prime Suspects</div>

<div>Mystery In London</div>

<div>Mystical 2.0</div>

<div>Mystick v1.05</div>

<div>NBA 2K10 (Version: 1.0.0)</div>

<div>NBA 2K11 (Version: 1.0.0)</div>

<div>NBA 2K12 (Version: 1.0.0)</div>

<div>Need for Speed Underground 2</div>

<div>Need for Speed Underground 2 Demo</div>

<div>Need For Speed™ World (Version: 1.0.0.776)</div>

<div>Neighbours From Hell (Version: 1.0)</div>

<div>Neighbours From Hell 2 (Version: 1.0)</div>

<div>Nero 7 Premium (Version: 7.01.4029)</div>

<div>Network Play System (Patching)</div>

<div>Neverball 1.5.3 (Version: 1.5.3)</div>

<div>Nicktoons Basketball</div>

<div>NickToons Racing</div>

<div>Nitro PDF Professional (Version: 4.91.0007)</div>

<div>nLite 1.4.9.1 (Version: 1.4.9.1)</div>

<div>Nokia Series 40 Theme Studio 2.2 (Version: 2.20.0000)</div>

<div>NokiaFREE Unlock Codes Calculator</div>

<div>NRadioBox (Version: 1.0.0)</div>

<div>NVIDIA Drivers</div>

<div>NVIDIA PhysX (Version: 9.09.0814)</div>

<div>NVIDIA PhysX (Version: 9.10.0513)</div>

<div>Oblivion (Version: 1.00.0000)</div>

<div>OJOsoft MKV Converter (Version: 1,5,3,0118)</div>

<div>OMSI - Der Omnibussimulator (Version: 1.00)</div>

<div>OpenAL</div>

<div>Opera 10.00 (Version: 10.00)</div>

<div>Opsta Uplatnica 1.00</div>

<div>OtsTurntables Free 1.00.012</div>

<div>Oxelon Media Converter 1.1</div>

<div>P2PFilter 3.0.5 (Version: 3.0.5)</div>

<div>PAK Explorer (Version: 1.3.0.0)</div>

<div>Pando Media Booster (Version: 2.3.4.1)</div>

<div>PanoStandAlone (Version: 90.0.146.000)</div>

<div>PC Connectivity Solution (Version: 10.24.0.0)</div>

<div>PC Inspector File Recovery (Version: 4.0)</div>

<div>PCPitstop Panda AntiVirus Scan (remove only)</div>

<div>Pcsx2 0.9.6 (Version: 1.0.0)</div>

<div>PDF Settings (Version: 1.0)</div>

<div>Perfect Uninstaller v6.3.3.8</div>

<div>Persian Puzzle (Version: 1.0)</div>

<div>Pharaoh's Mystery (Version: 1.0)</div>

<div>PhotoKit Color 2 Plug-in Module</div>

<div>PhotoKit Plug-in Module</div>

<div>PhotoKit Sharpener Plug-in Module</div>

<div>PhotoStage Slideshow Producer</div>

<div>Pidgin-Musictracker plugin (remove only)</div>

<div>Pidgin (Version: 2.7.2)</div>

<div>Pirates of the Caribbean</div>

<div>PITCH 1.1.2.1</div>

<div>Pizza Morgana Episode 1</div>

<div>Pontifex</div>

<div>Pontifex II</div>

<div>PowerDVD (Version: 7.0.1702.0)</div>

<div>Pretty Good Solitaire version 13.0.0 (Version: 13.0.0)</div>

<div>Pro Evolution Soccer 2011 (Version: 1.01.0000)</div>

<div>Pro Evolution Soccer 2012 (Version: 1.00.0000)</div>

<div>ProtectDisc Helper Driver 10 (Version: 10.0.0.1)</div>

<div>PSSWCORE (Version: 2.01.0000)</div>

<div>PunkBuster Services (Version: 0.986)</div>

<div>Pure Sudoku 1.51</div>

<div>PureHD (Version: 14.0.0.342)</div>

<div>PySol Fan Club edition v.1.1</div>

<div>Quick Solitaire (remove only)</div>

<div>QuickSnooker</div>

<div>QuickTime (Version: 7.2.0.240)</div>

<div>RAR Password Cracker 4.12</div>

<div>Readiris Pro 11 Corporate Edition (Version: 11.00.4787)</div>

<div>Readon TV Movie Radio Player 7.4.0.0 (Version: 7.4.0)</div>

<div>Real Backgammon (Version: 1.0)</div>

<div>Real Pool (Version: 1.0)</div>

<div>RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)</div>

<div>RealPlayer</div>

<div>Realtek High Definition Audio Driver (Version: 5.10.0.5413)</div>

<div>RealUpgrade 1.1 (Version: 1.1.0)</div>

<div>Retail Virtual EVE (Version: 1.0.0)</div>

<div>Rhapsody Player Engine (Version: 1.1.0)</div>

<div>Road To El Dorado</div>

<div>Robin Hood - Defender of the Crown</div>

<div>Robin Hood: The Legend Of Sherwood</div>

<div>Rock Tour (Version: 1.0)</div>

<div>Rockstar Games Social Club (Version: 1.00.0000)</div>

<div>Room Arranger (Version: 5.02)</div>

<div>RummyRoyal.com (Version: 20.1)</div>

<div>RUNAWAY - A road adventure</div>

<div>Sacred 2 (Version: 2.0.2.0)</div>

<div>Safari (Version: 4.28.16.0)</div>

<div>Safecracker 1.00  Patriot Games</div>

<div>SAMSUNG CDMA Modem Driver Set</div>

<div>Samsung Mobile phone USB driver Software</div>

<div>SAMSUNG Mobile USB Modem 1.0 Software</div>

<div>SAMSUNG Mobile USB Modem Software</div>

<div>Samsung PC Studio (Version: 3.0.0.61111)</div>

<div>Samsung PC Studio (Version: 3.2.3.90502)</div>

<div>Sandlot Connect Version 1.2.6</div>

<div>Security Task Manager 1.7h (Version: 1.7h)</div>

<div>SereneScreen Marine Aquarium 2 (Version: 2.0)</div>

<div>SereneScreen Marine Aquarium 3 (Version: 3.0)</div>

<div>Serious Sam 2</div>

<div>Setup (Version: 14.0.0.342)</div>

<div>Sexy Poker 5</div>

<div>Shank (Version: RePack)</div>

<div>Share (Version: 14.0.0.342)</div>

<div>Showoff Home Design 1.0 (Version: 1.0)</div>

<div>Sid Meier's Pirates! (Version: 1.00.0000)</div>

<div>Simon3D</div>

<div>SimpleOCR 3.1</div>

<div>SizeFixer XL (Version: 1.0.0001)</div>

<div>Skotovi (Version: 1.00.0000)</div>

<div>Sky Battle</div>

<div>Skype Click to Call (Version: 5.6.8442)</div>

<div>Skype Launcher (Version: 1.6.3)</div>

<div>Skype™ 5.5 (Version: 5.5.124)</div>

<div>Slot Machine 98 v5.2</div>

<div>Smart-X7 7.80</div>

<div>Smart File Advisor 1.1.1 (Version: 1.1.1)</div>

<div>SmartSound Common Data (Version: 1.1.0)</div>

<div>SmartSound Quicktracks 5 (Version: 5.1.6)</div>

<div>SmartSound Quicktracks Plugin (Version: 3.0.2.6)</div>

<div>Snowboarding Championship 2004</div>

<div>Software Update for Web Folders (Version: 9.60.6715.0)</div>

<div>Solar System 3D Screensaver 1.4</div>

<div>Solitaire Plus! version 2.4.3 (Version: 2.4.3)</div>

<div>SolutionCenter (Version: 90.0.146.000)</div>

<div>Sony Ericsson Themes Creator 1.92 (Version: 1.92)</div>

<div>SopCast 3.5.0 (Version: 3.5.0)</div>

<div>Sophos Anti-Rootkit 1.5.4 (Version: 1.5.4)</div>

<div>Sothink SWF Quicker (Version: 4.7)</div>

<div>Space Interceptor (remove only)</div>

<div>SpeedFan (remove only)</div>

<div>Spybot - Search & Destroy (Version: 1.6.0)</div>

<div>Sql Server Customer Experience Improvement Program (Version: 10.0.1600.22)</div>

<div>SQL Server System CLR Types (Version: 10.0.1600.22)</div>

<div>Star Wars 3D Screensaver 1.3</div>

<div>Status (Version: 90.0.146.000)</div>

<div>Steam (Version: 1.0.0.0)</div>

<div>Steinberg Cubase 5 (Version: 5.1.0)</div>

<div>Steinberg Drum Loop Expansion 01 (Version: 1.0.0.1)</div>

<div>Steinberg Groove Agent ONE Content (Version: 1.0.0.003)</div>

<div>Steinberg HALionOne (Version: 1.1.0.457)</div>

<div>Steinberg HALionOne Additional Content Set 01 (Version: 1.0.0.001)</div>

<div>Steinberg HALionOne Expression Set (Version: 1.0.1.0)</div>

<div>Steinberg HALionOne GM Drum Set (Version: 1.0.1.457)</div>

<div>Steinberg HALionOne GM Set (Version: 1.0.1.457)</div>

<div>Steinberg HALionOne Pro Set (Version: 1.0.1.457)</div>

<div>Steinberg HALionOne Studio Drum Set (Version: 1.0.1.457)</div>

<div>Steinberg HALionOne Studio Set (Version: 1.0.1.457)</div>

<div>Steinberg LoopMash Content (Version: 1.0.0.005)</div>

<div>Steinberg REVerence Content 01 (Version: 1.0.0.006)</div>

<div>StyleBuilder (remove only)</div>

<div>Subtitle Workshop 2.51</div>

<div>SUPER © v2011.build.49 (July 1st, 2011) version v2011.build.49 (Version: v2011.build.49)</div>

<div>SUPERAntiSpyware Free Edition (Version: 4.15.0.1000)</div>

<div>SWAT 4 (Version: 1.0.31763)</div>

<div>SWF & FLV Toolbox 3.5 (build 3.5.25.503) (Version: 3.5.25.503)</div>

<div>swMSM (Version: 12.0.0.1)</div>

<div>Syberia</div>

<div>Sylvester & Tweety Screen Saver</div>

<div>Syncrosoft License Control</div>

<div>Synthesia (remove only)</div>

<div>Telenor Internet (Version: 11.030.01.13.208)</div>

<div>Tennis Titans</div>

<div>Test Drive Unlimited (Version: 0.10.0000)</div>

<div>The Gladiators of Rome</div>

<div>The Incredibles (Version: 1.00.0000)</div>

<div>THE KING OF FIGHTERS XIII 1.00</div>

<div>The KMPlayer (remove only)</div>

<div>The Mystery of the Crystal Portal (Version: 1.0.0)</div>

<div>The Print Shop 21 (Version: 21.00.0000)</div>

<div>The Shadow of Zorro</div>

<div>The Simpsons Hit & Run (Version: 1.00.000)</div>

<div>The Sum of All Fears</div>

<div>The Weather Channel Screensaver</div>

<div>Theme Maker</div>

<div>Thief - Deadly Shadows (Version: 1.0)</div>

<div>thriXXX VirtuallyJenna-029.002</div>

<div>TMNT (Version: 1.00.0000)</div>

<div>TMPGEnc 4.0 XPress (Version: 4.4.1.237)</div>

<div>TMPGEnc DVD Author 1.6 (Version: 1.6.0026)</div>

<div>Toolbox (Version: 90.0.146.000)</div>

<div>Top Spin 2 (Version: 1.00.0000)</div>

<div>TopOCR Release 3 (Version: Release 3)</div>

<div>Torchlight (Version: 0.0.66.192)</div>

<div>Total Commander (Remove or Repair)</div>

<div>Total Video Converter 3.12 080330</div>

<div>Toto 3</div>

<div>Toto Dejan Screen 2</div>

<div>Toto februar 2010</div>

<div>Toto screensaver 2</div>

<div>Toto Screensaver 4</div>

<div>Toto X</div>

<div>TP-LINK Client Installation Program</div>

<div>Transcribe! 7.32 (Version: 7.32)</div>

<div>TrayApp (Version: 90.0.146.000)</div>

<div>Trucks & Trailers 1.00 (Version: 1.00)</div>

<div>Tunatic</div>

<div>ubi.com</div>

<div>Ubisoft Game Launcher (Version: 1.0.0.0)</div>

<div>UDPixel_en.exe</div>

<div>Ulead DVD DiskRecorder 2.1.1</div>

<div>Ulead VideoStudio 9.0 SE DVD (Version: 9.0 SE)</div>

<div>UltraStar Deluxe (Version: 1.1)</div>

<div>UnloadSupport (Version: 9.0.0)</div>

<div>Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)</div>

<div>Update for Microsoft Visual Studio Web Authoring Component (KB945140)</div>

<div>Update for Windows XP (KB925720) (Version: 1)</div>

<div>Update for Windows XP (KB927891) (Version: 3)</div>

<div>Update for Windows XP (KB930916) (Version: 1)</div>

<div>Update for Windows XP (KB933360) (Version: 1)</div>

<div>Update for Windows XP (KB938828) (Version: 1)</div>

<div>Update for Windows XP (KB942763) (Version: 1)</div>

<div>Update for Windows XP (KB942840) (Version: 1)</div>

<div>Update for Windows XP (KB946627) (Version: 1)</div>

<div>Update for Windows XP (KB951072-v2) (Version: 2)</div>

<div>Update for Windows XP (KB955759) (Version: 1)</div>

<div>Update for Windows XP (KB955839) (Version: 1)</div>

<div>Update for Windows XP (KB967715) (Version: 1)</div>

<div>Update for Windows XP (KB968389) (Version: 1)</div>

<div>Update for Windows XP (KB971737) (Version: 1)</div>

<div>Update for Windows XP (KB973687) (Version: 1)</div>

<div>Update for Windows XP (KB973815) (Version: 1)</div>

<div>Update for Windows XP (KB976749) (Version: 1)</div>

<div>Update for Windows XP (KB978207) (Version: 1)</div>

<div>Update for Windows XP (KB980182) (Version: 1)</div>

<div>Urban Freestyle Soccer</div>

<div>vanBasco's MIDI Player</div>

<div>VideoToolkit01 (Version: 90.0.146.000)</div>

<div>VIO (Version: 14.0.0.342)</div>

<div>Virtual Sound Canvas DXi</div>

<div>VLC media player 2.0.1 (Version: 2.0.1)</div>

<div>VSClassic (Version: 14.0.0.342)</div>

<div>VSPro (Version: 14.0.0.342)</div>

<div>Warcraft III: All Products</div>

<div>Warkeys 1.15.7.0b (Version: 1.15.7.0b)</div>

<div>WAV MP3 Converter v4.2 build 1259</div>

<div>WebReg (Version: 90.0.146.000)</div>

<div>WhereIsIt? 3.68 (Version: 3.68)</div>

<div>Winamp (Version: 5.621 )</div>

<div>Winamp Detector Plug-in (Version: 1.0.0.1)</div>

<div>Winamp Skin Maker</div>

<div>Windows Driver Package - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0)</div>

<div>Windows Imaging Component (Version: 3.0.0.0)</div>

<div>Windows Installer Clean Up (Version: 3.00.00.0000)</div>

<div>Windows Live installer (Version: 12.0.1471.1025)</div>

<div>Windows Live Mail (Version: 12.0.1606.1023)</div>

<div>Windows Live Messenger (Version: 8.5.1302.1018)</div>

<div>Windows Live Photo Gallery (Version: 12.0.1329.0201)</div>

<div>Windows Live Sign-in Assistant (Version: 5.000.818.6)</div>

<div>Windows Live Writer (Version: 12.0.1370.0325)</div>

<div>Windows Media Encoder 9 Series</div>

<div>Windows Media Encoder 9 Series (Version: 9.00.2980)</div>

<div>Windows Media Format 11 runtime</div>

<div>Windows Media Player Firefox Plugin (Version: 1.0.0.8)</div>

<div>Windows Presentation Foundation (Version: 3.0.6920.0)</div>

<div>Windows Updates Downloader (Version: 2.50 Build 1002)</div>

<div>Winemaker Extraordinaire 1.00</div>

<div>WinRAR archiver</div>

<div>WordBiz version 1.8 (Version: 1.8)</div>

<div>Worms Reloaded</div>

<div>X3mE Yamb (Version: 1.8.0)</div>

<div>Xbox 360 Controller for Windows</div>

<div>Xfire (remove only)</div>

<div>Xiph QuickTime Components</div>

<div>XMedia Recode 2.1.2.9 (Version: 2.1.2.9)</div>

<div>XML Paper Specification Shared Components Pack 1.0</div>

<div>Yahoo! Messenger</div>

<div>Yahoo! Software Update</div>

<div>Yu-Gi-Oh! Power of Chaos KAIBA THE REVENGE (Version: 1.00.0000)</div>

<div>Yu-Gi-Oh! Power of Chaos YUGI THE DESTINY (Version: 1.00.0000)</div>

<div>Yu Gi Oh PoC Joey the Passion 1.00</div>

<div>Zelda Forever</div>

<div>Zilla PDF to TXT Converter V1.0.7</div>

<div>Zune Desktop Theme (Version: 1.0.5341.0)</div>

<div> </div>

<div>========================= Devices: ================================</div>

<div> </div>

<div>Name: Floppy disk drive</div>

<div>Description: Floppy disk drive</div>

<div>Class Guid: {4D36E980-E325-11CE-BFC1-08002BE10318}</div>

<div>Manufacturer: (Standard floppy disk drives)</div>

<div>Service: flpydisk</div>

<div>Problem: : This device is disabled. (Code 22)</div>

<div>Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.</div>

<div> </div>

<div> </div>

<div>========================= Memory info: ===================================</div>

<div> </div>

<div>Percentage of memory in use: 42%</div>

<div>Total physical RAM: 2047.29 MB</div>

<div>Available physical RAM: 1185.21 MB</div>

<div>Total Pagefile: 4893.46 MB</div>

<div>Available Pagefile: 4185.27 MB</div>

<div>Total Virtual: 2047.88 MB</div>

<div>Available Virtual: 1977.89 MB</div>

<div> </div>

<div>========================= Partitions: =====================================</div>

<div> </div>

<div>1 Drive c: () (Fixed) (Total:48.83 GB) (Free:3.37 GB) NTFS</div>

<div>2 Drive d: () (Fixed) (Total:184.05 GB) (Free:4.78 GB) NTFS</div>

<div>4 Drive f: (Particija F) (Fixed) (Total:195.31 GB) (Free:3.08 GB) NTFS</div>

<div>5 Drive g: (Particija G) (Fixed) (Total:75.13 GB) (Free:7.15 GB) NTFS</div>

<div>6 Drive h: (Particija H) (Fixed) (Total:195.31 GB) (Free:7.71 GB) NTFS</div>

<div> </div>

<div>========================= Users: ========================================</div>

<div> </div>

<div>User accounts for \\MOBILE</div>

<div> </div>

<div>Administrator            ASPNET                   Guest                    </div>

<div>HelpAssistant            SUPPORT_388945a0         User                     </div>

<div> </div>

<div>========================= Minidump Files ==================================</div>

<div> </div>

<div>No minidump file found</div>

<div> </div>

<div>**** End of log ****</div>

<div> </div>

Share this post


Link to post
Share on other sites

<p>Hi!</p>

<p>I posted results up there.</p>

<p>Thanks for info about system restore-no, I won't do it without your approval. Thats why I asked about it.</p>

<p>I didn't know HijackThis is not good, sorry. I saw many use it for reports on forums. My mistake...</p>

<p>I have nod32 and I am pleased with it. What would be free AV of your choice?</p>

<p> </p>

<p> </p>

<div>Update... I can't get to facebook page. If I clear cookies (and browser's cash) I can get to facebook, but all other navigation on site is impossible. If I dont clear cookies I cant get to facebook home page at all.</div>

<div>If I try to send email by using Outlook (by my gmail account), it says i have conectivity problem. If i try to go to gmail site in browser I can log in but cannot send email (again, connectivity problem).</div>

<div>I checked out on other PC, same cable. Both facebook and gmail are working fine.</div>

<div>It seems its getting worse...</div>

<div>Thank you so much for your help :)</div>

Share this post


Link to post
Share on other sites

I don't know why that reply looked so bad... with all those adittional signs...

Share this post


Link to post
Share on other sites

Use "Toggle editing mode" (button above the text box) before you start writing.

I will send you more information about AV when we complete here.

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update

    [*]Press "Scan".

    [*]It will create a log (FSS.txt) in the same directory the tool is run.

    [*]Please copy and paste the log to your reply.

Share this post


Link to post
Share on other sites

I hope this will help:

I just got warning from nod32

Threat found

Alert

Object:

D:\System Volume Information\_restore... (it is probably the last System Restore Point XP made).

Threat:

probably a variant of Win32/Agent.LWMQUCE trojan

Comment:

Event occured on a file modified by the application C:\\Windows\system32\svchost.exe.

So, maybe it could be that one?

Share this post


Link to post
Share on other sites

After that warning I got another one.

This one is about win32/Agent.DLCXJGL trojan, again at svchost.exe.

Share this post


Link to post
Share on other sites

<p>FSS</p>

<p> </p>

<p> </p>

<div>Farbar Service Scanner Version: 16-04-2012</div>

<div>Ran by User (administrator) on 17-04-2012 at 18:39:56</div>

<div>Running from "C:\Documents and Settings\User\Desktop"</div>

<div>Microsoft Windows XP Professional Service Pack 2 (X86)</div>

<div>Boot Mode: Normal</div>

<div>****************************************************************</div>

<div> </div>

<div>Internet Services:</div>

<div>============</div>

<div> </div>

<div>Connection Status:</div>

<div>==============</div>

<div>Localhost is accessible.</div>

<div>LAN connected.</div>

<div>Google IP is accessible.</div>

<div>Yahoo IP is accessible.</div>

<div> </div>

<div> </div>

<div>Windows Firewall:</div>

<div>=============</div>

<div> </div>

<div>Firewall Disabled Policy: </div>

<div>==================</div>

<div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]</div>

<div>"EnableFirewall"=DWORD:0</div>

<div> </div>

<div> </div>

<div>System Restore:</div>

<div>============</div>

<div> </div>

<div>System Restore Disabled Policy: </div>

<div>========================</div>

<div> </div>

<div> </div>

<div>Security Center:</div>

<div>============</div>

<div> </div>

<div>Windows Update:</div>

<div>============</div>

<div> </div>

<div>Windows Autoupdate Disabled Policy: </div>

<div>============================</div>

<div> </div>

<div> </div>

<div>File Check:</div>

<div>========</div>

<div>C:\WINDOWS\system32\dhcpcsvc.dll</div>

<div>[2007-01-15 04:31] - [2007-01-15 04:31] - 0112128 ____N (Microsoft Corporation) 3F15A1DBD86F7BDAF404648282D11ECE</div>

<div> </div>

<div>C:\WINDOWS\system32\Drivers\afd.sys</div>

<div>[2004-08-04 14:00] - [2008-08-14 11:48] - 0138368 ____N (Microsoft Corporation) 6A0397376853E604DE8E1E7A87FC08AC</div>

<div> </div>

<div>C:\WINDOWS\system32\Drivers\netbt.sys</div>

<div>[2004-08-04 14:00] - [2004-08-04 14:00] - 0162816 ____N (Microsoft Corporation) 0C80E410CD2F47134407EE7DD19CC86B</div>

<div> </div>

<div>C:\WINDOWS\system32\Drivers\tcpip.sys</div>

<div>[2007-01-15 07:32] - [2008-06-20 12:44] - 0360960 ____N (Microsoft Corporation) 744E57C99232201AE98C49168B918F48</div>

<div> </div>

<div>C:\WINDOWS\system32\Drivers\ipsec.sys</div>

<div>[2004-08-04 14:00] - [2004-08-04 14:00] - 0074752 ____N (Microsoft Corporation) 64537AA5C003A6AFEEE1DF819062D0D1</div>

<div> </div>

<div>C:\WINDOWS\system32\dnsrslvr.dll</div>

<div>[2004-08-04 14:00] - [2008-02-20 20:49] - 0045568 ____N (Microsoft Corporation) 6333C7E182E5B6247500188D28214DEF</div>

<div> </div>

<div>C:\WINDOWS\system32\ipnathlp.dll</div>

<div>[2004-08-04 14:00] - [2004-08-04 14:00] - 0331264 ____N (Microsoft Corporation) 36CC8C01B5E50163037BEF56CB96DEFF</div>

<div> </div>

<div>C:\WINDOWS\system32\netman.dll</div>

<div>[2007-01-15 04:32] - [2007-01-15 04:32] - 0197632 ____N (Microsoft Corporation) 3516D8A18B36784B1005B950B84232E1</div>

<div> </div>

<div>C:\WINDOWS\system32\wbem\WMIsvc.dll</div>

<div>[2007-10-04 05:10] - [2004-08-04 14:00] - 0144896 ____N (Microsoft Corporation) F399242A80C4066FD155EFA4CF96658E</div>

<div> </div>

<div>C:\WINDOWS\system32\srsvc.dll</div>

<div>[2007-10-04 05:12] - [2004-08-04 14:00] - 0170496 ____N (Microsoft Corporation) 92BDF74F12D6CBEC43C94D4B7F804838</div>

<div> </div>

<div>C:\WINDOWS\system32\Drivers\sr.sys</div>

<div>[2007-10-04 05:12] - [2004-08-04 14:00] - 0073472 ____N (Microsoft Corporation) E41B6D037D6CD08461470AF04500DC24</div>

<div> </div>

<div>C:\WINDOWS\system32\wscsvc.dll</div>

<div>[2007-01-15 04:33] - [2007-01-15 04:33] - 0080896 ____N (Microsoft Corporation) 478995B4555958E52388496618D9C678</div>

<div> </div>

<div>C:\WINDOWS\system32\wbem\WMIsvc.dll</div>

<div>[2007-10-04 05:10] - [2004-08-04 14:00] - 0144896 ____N (Microsoft Corporation) F399242A80C4066FD155EFA4CF96658E</div>

<div> </div>

<div>C:\WINDOWS\system32\wuauserv.dll</div>

<div>[2007-10-04 05:12] - [2007-01-15 04:33] - 0018392 ____N (Microsoft Corporation) B72508649DAD03BCB5D708EDB1E3E57E</div>

<div> </div>

<div>C:\WINDOWS\system32\qmgr.dll</div>

<div>[2007-10-04 05:12] - [2004-08-04 14:00] - 0382464 ____N (Microsoft Corporation) 2C69EC7E5A311334D10DD95F338FCCEA</div>

<div> </div>

<div>C:\WINDOWS\system32\es.dll</div>

<div>[2007-01-15 04:31] - [2008-07-07 22:06] - 0253952 ____N (Microsoft Corporation) A4AB3DCA4A383F0DF4988ABDEB84F9A4</div>

<div> </div>

<div>C:\WINDOWS\system32\cryptsvc.dll</div>

<div>[2007-01-15 04:31] - [2007-01-15 04:31] - 0062464 ____N (Microsoft Corporation) 87F3E2D2A3231F820F9248DB90090F42</div>

<div> </div>

<div>C:\WINDOWS\system32\svchost.exe</div>

<div>[2004-08-04 14:00] - [2004-08-04 14:00] - 0014336 ____N (Microsoft Corporation) 8F078AE4ED187AAABC0A305146DE6716</div>

<div> </div>

<div>C:\WINDOWS\system32\rpcss.dll</div>

<div>[2007-01-15 04:32] - [2009-02-09 12:01] - 0401408 ____N (Microsoft Corporation) 24B5D53B9ACCC1E2EDCF0A878D6659D4</div>

<div> </div>

<div>C:\WINDOWS\system32\services.exe</div>

<div>[2004-08-04 14:00] - [2009-02-06 12:22] - 0110592 ____N (Microsoft Corporation) 4712531AB7A01B7EE059853CA17D39BD</div>

<div> </div>

<div> </div>

<div>Extra List:</div>

<div>=======</div>

<div>AegisP(12) Epfwndis(14) epfwtdi(15) Gpc(6) IPSec(4) irda(8) NetBT(5) PSched(7) Tcpip(3) VPCNetS2(13) </div>

<div>0x0F000000040000000100000002000000030000000F00000005000000060000000700000008000000090000000A0000000B0000000C0000000D0000000E000000</div>

<div>IpSec Tag value is correct.</div>

<div> </div>

<div>**** End of log ****</div>

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.