Abbey
-
Posts
22 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by Abbey
-
-
My computer is runing great now. Inside C:\Qoobox\Quarantine there are 2 folders: Registry_backups and C wich is empty.
-
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=505332834e52e241990eb287990bfbc6
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-22 12:41:13
# local_time=2012-06-21 05:41:13 (-0800, Pacific Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=768 16777215 100 0 121535983 121535983 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=206542
# found=6
# cleaned=6
# scan_time=8870
C:\Documents and Settings\Silvo\Desktop\USE\MsgPlusLive-470.exe a variant of Win32/Adware.CiDHelp application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Silvo\My Documents\Downloads\Iron_Sky_2012_DVDRiP_XViD-PSiG.exe Win32/Adware.1ClickDownload.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Silvo\My Documents\Downloads\The.Mentalist.S04E22.HDTV.exe Win32/Adware.1ClickDownload.C application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Silvo\My Documents\Prenosi\MsgPlusLive-483.exe a variant of Win32/Adware.CiDHelp application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Silvo\My Documents\Prenosi\waterscenes.exe probably a variant of Win32/InstallIQ application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{5B41B8E3-4872-4858-BE5E-54AB66E304D9}\RP3\A0000843.exe a variant of Win32/Adware.CiDHelp application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
-
BackEnv folder wich is inside the Qoobox is protected so I gues Ill skip that.
-
Ok. Will do. Thank you sooo much for your help. All the problems are gone and my computer hasn't worked this fast since bought it.
-
ComboFix 12-06-21.01 - Silvo 21/06/2012 10:06:57.6.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.386.1033.18.3327.2484 [GMT -7:00]
Running from: c:\documents and settings\Silvo\My Documents\Downloads\ComboFix.exe
AV: Bitdefender Antivirus *Disabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
.
.
((((((((((((((((((((((((( Files Created from 2012-05-21 to 2012-06-21 )))))))))))))))))))))))))))))))
.
.
2012-06-21 16:40 . 2012-06-21 16:40 -------- d-----w- C:\_OTL
2012-06-21 10:57 . 2012-06-21 10:57 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-20 21:00 . 2012-06-20 23:05 -------- d-----w- c:\documents and settings\Silvo\Application Data\vlc
2012-06-20 16:45 . 2005-05-04 01:43 69632 ----a-w- c:\windows\Alcmtr.exe
2012-06-19 08:47 . 2012-06-19 08:47 14080 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2012-06-18 16:32 . 2012-04-26 21:08 37336 ----a-w- c:\windows\system32\CleanMFT32.exe
2012-06-18 16:32 . 2008-09-18 04:17 658432 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2012-06-18 16:32 . 2008-04-02 22:54 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
2012-06-18 16:32 . 2008-04-02 22:53 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
2012-06-18 16:32 . 2008-04-02 22:53 880640 ----a-w- c:\windows\system32\UniBox10.ocx
2012-06-18 16:31 . 2012-06-18 16:33 -------- d-----w- c:\program files\PC Tools Registry Mechanic
2012-06-18 16:31 . 2012-06-18 16:32 -------- d-----w- c:\program files\Common Files\PC Tools
2012-06-18 09:16 . 2012-06-18 09:16 -------- d-----w- c:\documents and settings\Silvo\Local Settings\Application Data\Opera
2012-06-18 09:15 . 2012-06-18 09:16 -------- d-----w- c:\program files\Opera
2012-06-17 22:45 . 2012-06-17 22:45 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2012-06-17 22:45 . 2012-06-17 22:45 -------- d-----w- c:\documents and settings\Silvo\Local Settings\Application Data\eSupport.com
2012-06-17 21:44 . 2012-06-17 21:44 -------- d-----w- C:\Rbackup
2012-06-17 21:41 . 2012-06-18 09:52 -------- d-----w- c:\program files\Perfect Uninstaller
2012-06-16 22:44 . 2012-06-16 22:44 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\QuickScan
2012-06-16 21:19 . 2012-06-16 21:19 -------- d-----w- c:\documents and settings\Maja\Application Data\Bitdefender
2012-06-15 10:36 . 2012-06-15 10:36 340624 ----a-w- c:\windows\system32\drivers\trufos.sys
2012-06-15 10:36 . 2012-06-15 10:36 360976 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
2012-06-15 10:04 . 2012-06-15 10:04 -------- d-----w- c:\documents and settings\All Users\Application Data\BDLogging
2012-06-15 10:03 . 2008-11-08 01:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2012-06-15 10:03 . 2012-06-15 10:03 -------- d-----w- c:\documents and settings\Silvo\Application Data\Bitdefender
2012-06-15 10:00 . 2012-06-15 10:00 -------- d-----w- c:\documents and settings\Silvo\Application Data\QuickScan
2012-06-15 09:20 . 2012-06-15 09:19 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-06-15 09:20 . 2012-06-15 09:19 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-15 09:19 . 2012-06-15 09:19 -------- d-----w- c:\program files\Java
2012-05-23 19:45 . 2012-06-16 22:40 -------- d-----w- c:\documents and settings\Silvo\Application Data\Mumble
2012-05-23 19:33 . 2012-05-23 19:44 -------- d-----w- c:\program files\Mumble
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-21 11:02 . 2004-08-03 21:59 36352 ----a-w- c:\windows\system32\drivers\disk.sys
2012-06-15 09:19 . 2011-11-10 13:40 472840 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-14 13:55 . 2012-04-19 13:28 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-14 13:55 . 2011-05-22 20:57 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-15 10:18 . 2012-03-10 09:11 883008 ----a-w- c:\windows\system32\nvgenco32.dll
2012-05-15 10:18 . 2012-03-10 09:11 65536 ----a-w- c:\windows\system32\OpenCL.dll
2012-05-15 10:18 . 2012-03-10 09:11 1000768 ----a-w- c:\windows\system32\nvdispco32.dll
2012-05-15 10:18 . 2012-03-10 09:11 17543168 ----a-w- c:\windows\system32\nvcompiler.dll
2012-05-15 10:18 . 2009-08-11 09:20 2530624 ----a-w- c:\windows\system32\nvcuvid.dll
2012-05-15 10:18 . 2009-08-11 09:20 2445120 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-05-15 10:18 . 2008-08-04 12:27 18771968 ----a-w- c:\windows\system32\nvoglnt.dll
2012-05-15 10:18 . 2008-08-04 12:27 6012928 ----a-w- c:\windows\system32\nvcuda.dll
2012-05-15 10:18 . 2008-08-04 12:27 2359808 ----a-w- c:\windows\system32\nvapi.dll
2012-05-15 10:18 . 2008-08-04 12:27 14014656 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2012-05-15 10:18 . 2008-08-04 12:27 4373248 ----a-w- c:\windows\system32\nv4_disp.dll
2012-05-15 09:43 . 2008-08-04 12:27 229376 ----a-w- c:\windows\system32\nvrszhc.dll
2012-05-15 09:43 . 2008-08-04 12:27 282624 ----a-w- c:\windows\system32\nvrsit.dll
2012-05-15 09:43 . 2008-08-04 12:27 253952 ----a-w- c:\windows\system32\nvrsth.dll
2012-05-15 09:43 . 2008-08-04 12:27 253952 ----a-w- c:\windows\system32\nvrssv.dll
2012-05-15 09:43 . 2008-08-04 12:27 126976 ----a-w- c:\windows\system32\nvrszht.dll
2012-05-15 09:43 . 2008-08-04 12:27 274432 ----a-w- c:\windows\system32\nvrsnl.dll
2012-05-15 09:43 . 2008-08-04 12:27 266240 ----a-w- c:\windows\system32\nvrsko.dll
2012-05-15 09:43 . 2008-08-04 12:27 335872 ----a-w- c:\windows\system32\nvrsar.dll
2012-05-15 09:43 . 2008-08-04 12:27 282624 ----a-w- c:\windows\system32\nvrsel.dll
2012-05-15 09:43 . 2008-08-04 12:27 274432 ----a-w- c:\windows\system32\nvrsesm.dll
2012-05-15 09:43 . 2008-08-04 12:27 249856 ----a-w- c:\windows\system32\nvrseng.dll
2012-05-15 09:43 . 2008-08-04 12:27 335872 ----a-w- c:\windows\system32\nvrshe.dll
2012-05-15 09:43 . 2008-08-04 12:27 286720 ----a-w- c:\windows\system32\nvrsfr.dll
2012-05-15 09:43 . 2008-08-04 12:27 274432 ----a-w- c:\windows\system32\nvrspt.dll
2012-05-15 09:43 . 2008-08-04 12:27 258048 ----a-w- c:\windows\system32\nvrssl.dll
2012-05-15 09:43 . 2008-08-04 12:27 253952 ----a-w- c:\windows\system32\nvrsno.dll
2012-05-15 09:43 . 2008-08-04 12:27 249856 ----a-w- c:\windows\system32\nvrsfi.dll
2012-05-15 09:43 . 2008-08-04 12:27 282624 ----a-w- c:\windows\system32\nvrses.dll
2012-05-15 09:43 . 2008-08-04 12:27 270336 ----a-w- c:\windows\system32\nvrsru.dll
2012-05-15 09:43 . 2008-08-04 12:27 258048 ----a-w- c:\windows\system32\nvrssk.dll
2012-05-15 09:43 . 2008-08-04 12:27 262144 ----a-w- c:\windows\system32\nvrshu.dll
2012-05-15 09:43 . 2008-08-04 12:27 258048 ----a-w- c:\windows\system32\nvrstr.dll
2012-05-15 09:43 . 2008-08-04 12:27 253952 ----a-w- c:\windows\system32\nvrsda.dll
2012-05-15 09:43 . 2008-08-04 12:27 274432 ----a-w- c:\windows\system32\nvrsja.dll
2012-05-15 09:43 . 2008-08-04 12:27 258048 ----a-w- c:\windows\system32\nvrspl.dll
2012-05-15 09:43 . 2008-08-04 12:27 270336 ----a-w- c:\windows\system32\nvrsptb.dll
2012-05-15 09:43 . 2008-08-04 12:27 278528 ----a-w- c:\windows\system32\nvrsde.dll
2012-05-15 09:43 . 2008-08-04 12:27 249856 ----a-w- c:\windows\system32\nvrscs.dll
2012-05-15 09:40 . 2009-07-14 11:35 54272 ----a-w- c:\windows\system32\nvwddi.dll
2012-05-15 09:40 . 2009-07-14 11:34 15504192 ----a-w- c:\windows\system32\nvcpl.dll
2012-05-15 09:40 . 2009-07-14 11:34 143680 ----a-w- c:\windows\system32\nvcolor.exe
2012-05-15 09:40 . 2009-07-14 11:34 164160 ----a-w- c:\windows\system32\nvsvc32.exe
2012-05-15 09:40 . 2009-07-14 11:34 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-04-04 13:56 . 2011-07-08 20:25 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-29 08:53 . 2012-03-29 08:53 72136 ----a-w- C:\GEMC011.sys
2012-03-24 15:51 . 2012-03-18 21:44 72136 ----a-w- C:\GEMC009.sys
2012-03-24 15:47 . 2012-03-18 16:37 72136 ----a-w- C:\GEMC005.sys
2012-03-24 15:45 . 2012-03-18 16:32 72136 ----a-w- C:\GEMC003.sys
2012-03-24 15:45 . 2012-03-18 16:32 72136 ----a-w- C:\GEMC001.sys
2011-11-21 22:19 . 2011-11-21 21:27 86405736 ----a-w- c:\program files\APB_Reloaded_Installer.exe
2012-02-19 12:56 . 2011-05-05 22:11 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2008-08-13 17:02 . 2008-08-13 17:02 35840 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 528384]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"SkyTel"="SkyTel.EXE" [2006-05-17 2879488]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-04-15 296056]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-05-15 15504192]
"NvMediaCenter"="NvMCTray.dll" [2012-05-15 108352]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-05-15 1634112]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"BDAgent"="c:\program files\Bitdefender\Bitdefender 2012\bdagent.exe" [2012-03-22 1183616]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-08 16125952]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\Maja\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\Silvo_2\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\Silvo\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
AVerQuick.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2008-8-4 618496]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-2-25 813584]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
backup=c:\windows\pss\GamersFirst LIVE!.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk
backup=c:\windows\pss\McAfee Security Scan.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Silvo^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\Silvo\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Silvo^Start Menu^Programs^Startup^Xfire.lnk]
path=c:\documents and settings\Silvo\Start Menu\Programs\Startup\Xfire.lnk
backup=c:\windows\pss\Xfire.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe]
2007-06-29 13:03 36864 ----a-w- c:\program files\GameSpy\Comrade\Comrade.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-07-24 15:02 490952 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-04-04 13:56 462408 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 21:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-01-29 13:01 23975720 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-06-14 13:42 3905920 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"scan"=3 (0x3)
"LIVESRV"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Games-Masters.com\\CABAL Online (Europe)\\launcher\\update\\ESTdnheadless.exe"=
"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Microsoft Games\\Halo 2\\halo2.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\apb reloaded\\Launcher\\APBLauncher.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\apb reloaded\\Binaries\\APB.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\apb reloaded\\Binaries\\VivoxVoiceService.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Program Files\\tera fake\\TERA-Launcher.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\Opera\\pluginwrapper\\opera_plugin_wrapper.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57769:TCP"= 57769:TCP:Pando Media Booster
"57769:UDP"= 57769:UDP:Pando Media Booster
"57495:TCP"= 57495:TCP:Pando Media Booster
"57495:UDP"= 57495:UDP:Pando Media Booster
"56799:TCP"= 56799:TCP:Pando Media Booster
"56799:UDP"= 56799:UDP:Pando Media Booster
"21688:TCP"= 21688:TCP:@xpsp2res.dll,-22009
"56191:TCP"= 56191:TCP:Pando Media Booster
"56191:UDP"= 56191:UDP:Pando Media Booster
"57819:TCP"= 57819:TCP:Pando Media Booster
"57819:UDP"= 57819:UDP:Pando Media Booster
.
R0 avc3;avc3;c:\windows\system32\drivers\avc3.sys [20/03/2012 20:22 611520]
R1 BDVEDISK;BDVEDISK;c:\windows\system32\drivers\bdvedisk.sys [19/01/2010 19:32 85128]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 09:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 14:55 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [11/08/2011 16:38 116608]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [18/03/2012 05:49 21992]
R2 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [24/11/2010 07:07 20088]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [10/03/2012 02:27 1262400]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [18/06/2012 09:32 793048]
R2 UPDATESRV;BitDefender Desktop Update Service;c:\program files\BitDefender\Bitdefender 2012\updatesrv.exe [13/03/2012 18:24 53224]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [04/08/2008 05:21 37376]
R3 avchv;avchv Function Driver;c:\windows\system32\drivers\avchv.sys [25/11/2011 14:59 240184]
R3 AVerBDA3x;AVerMedia SAA713x BDA Service;c:\windows\system32\drivers\AVerBDA3x.sys [04/08/2008 05:38 1180672]
R3 kbdcap;kbdcap;c:\windows\system32\drivers\KbdCap.sys [14/09/2010 11:21 109440]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [08/07/2011 13:25 22344]
S0 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
S2 CardBusService;CardBusService;c:\program files\Common Files\AVerMedia\Service\CardBusService.exe [04/08/2008 07:18 188416]
S2 gupdate1ca19f0d79b2096;Storitev Google Update Service (gupdate1ca19f0d79b2096);c:\program files\Google\Update\GoogleUpdate.exe [10/08/2009 12:29 133104]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [19/07/2009 09:01 247096]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [08/07/2011 13:25 654408]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [19/04/2012 06:28 257224]
S3 avckf;avckf;c:\windows\system32\drivers\avckf.sys [17/02/2012 16:45 447208]
S3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys --> c:\windows\system32\drivers\bdfm.sys [?]
S3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\bdfndisf.sys --> c:\windows\system32\DRIVERS\bdfndisf.sys [?]
S3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys [17/11/2011 17:38 63056]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18/12/2009 03:58 11336]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [17/06/2012 15:45 23456]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [02/10/2009 08:46 36608]
S3 GEMC001;GEMC001;C:\GEMC001.sys [18/03/2012 09:32 72136]
S3 GEMC002;GEMC002;C:\GEMC002.sys [19/03/2012 01:19 72136]
S3 GEMC003;GEMC003;C:\GEMC003.sys [18/03/2012 09:32 72136]
S3 GEMC004;GEMC004;C:\GEMC004.sys [19/03/2012 01:20 72136]
S3 GEMC005;GEMC005;C:\GEMC005.sys [18/03/2012 09:37 72136]
S3 GEMC007;GEMC007;C:\GEMC007.sys [18/03/2012 11:24 72136]
S3 GEMC009;GEMC009;C:\GEMC009.sys [18/03/2012 14:44 72136]
S3 GEMC011;GEMC011;C:\GEMC011.sys [29/03/2012 01:53 72136]
S3 gupdatem;Storitev Posodobitve za Google (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/08/2009 12:29 133104]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [29/07/2011 13:07 27064]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\DRIVERS\wg111v2.sys --> c:\windows\system32\DRIVERS\wg111v2.sys [?]
S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\drivers\s816bus.sys [07/08/2008 06:27 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\drivers\s816mdfl.sys [07/08/2008 06:27 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\drivers\s816mdm.sys [07/08/2008 06:27 107304]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s816mgmt.sys [07/08/2008 06:27 99112]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\drivers\s816nd5.sys [07/08/2008 06:28 21928]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\drivers\s816obex.sys [07/08/2008 06:27 97320]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\drivers\s816unic.sys [07/08/2008 06:27 97704]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 04:37 517096]
S3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\BitDefender\Bitdefender Arrakis Server\bin\arrakis3.exe [14/10/2011 23:57 307544]
S3 vtany;vtany;\??\c:\windows\vtany.sys --> c:\windows\vtany.sys [?]
S3 XDva190;XDva190;\??\c:\windows\system32\XDva190.sys --> c:\windows\system32\XDva190.sys [?]
S3 XDva275;XDva275;\??\c:\windows\system32\XDva275.sys --> c:\windows\system32\XDva275.sys [?]
S3 XDva279;XDva279;\??\c:\windows\system32\XDva279.sys --> c:\windows\system32\XDva279.sys [?]
S3 XDva288;XDva288;\??\c:\windows\system32\XDva288.sys --> c:\windows\system32\XDva288.sys [?]
S3 XDva351;XDva351;\??\c:\windows\system32\XDva351.sys --> c:\windows\system32\XDva351.sys [?]
S3 XDva380;XDva380;\??\c:\windows\system32\XDva380.sys --> c:\windows\system32\XDva380.sys [?]
S3 XDva385;XDva385;\??\c:\windows\system32\XDva385.sys --> c:\windows\system32\XDva385.sys [?]
S3 XDva387;XDva387;\??\c:\windows\system32\XDva387.sys --> c:\windows\system32\XDva387.sys [?]
S3 XDva389;XDva389;\??\c:\windows\system32\XDva389.sys --> c:\windows\system32\XDva389.sys [?]
S3 XDva391;XDva391;\??\c:\windows\system32\XDva391.sys --> c:\windows\system32\XDva391.sys [?]
S3 XDva392;XDva392;\??\c:\windows\system32\XDva392.sys --> c:\windows\system32\XDva392.sys [?]
S3 XDva393;XDva393;\??\c:\windows\system32\XDva393.sys --> c:\windows\system32\XDva393.sys [?]
S3 XDva394;XDva394;\??\c:\windows\system32\XDva394.sys --> c:\windows\system32\XDva394.sys [?]
S3 xhunter1;xhunter1;\??\c:\windows\xhunter1.sys --> c:\windows\xhunter1.sys [?]
S4 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [02/10/2009 08:46 233472]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 13:55]
.
2012-06-09 c:\windows\Tasks\AdobeAAMUpdater-1.0-SILVO1-Nadja.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-08-27 01:44]
.
2012-06-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
2012-06-14 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-22 11:56]
.
2012-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd08335e74765c.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-10 19:29]
.
2012-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-10 19:29]
.
2012-06-21 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1060284298-362288127-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 15:45]
.
2012-06-21 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1060284298-362288127-839522115-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 15:45]
.
2012-06-21 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1060284298-362288127-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 15:45]
.
2012-06-03 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1060284298-362288127-839522115-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 15:45]
.
2012-06-21 c:\windows\Tasks\RMAutoUpdate.job
- c:\program files\PC Tools Registry Mechanic\SULauncher.exe [2012-06-18 21:08]
.
2012-06-21 c:\windows\Tasks\RMSchedule.job
- c:\program files\PC Tools Registry Mechanic\RegMech.exe [2012-06-18 21:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: Interfaces\{BC30E4D0-6780-42EB-9733-F8D55434BB60}: NameServer = 193.189.160.13,193.189.160.23
DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://disteng.nefficient.com/disteng/neffy/NeffyLauncher.cab
FF - ProfilePath - c:\documents and settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Explorer_Run-AFEC-CEAB - c:\documents and settings\Silvo\Application Data\Seven.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-21 10:16
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1060284298-362288127-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:8c,33,68,01,b0,79,c2,6e,8d,dc,26,ec,bc,fc,38,92,35,0c,fd,60,4a,41,50,
25,12,86,a3,7a,91,f7,42,11,72,ce,ce,7f,c7,a7,c1,ed,98,dc,c7,bc,52,4b,d4,c4,\
"??"=hex:8c,2e,ba,30,30,f7,7b,cf,e6,5b,fc,8c,37,11,23,7d
.
[HKEY_USERS\S-1-5-21-1060284298-362288127-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:c4,43,8b,be,c7,fb,7c,e8,d1,c0,c4,1d,7b,4a,fb,8d,e0,b8,8f,23,f5,
34,38,31,7a,41,71,bd,57,6c,84,13,02,db,70,67,05,d1,fd,38,83,6d,9d,d4,39,4e,\
"rkeysecu"=hex:8b,72,cf,6f,94,82,52,08,a8,f0,54,62,b4,bb,5f,33
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1908)
c:\windows\system32\WININET.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-06-21 10:25:10
ComboFix-quarantined-files.txt 2012-06-21 17:25
ComboFix2.txt 2012-06-21 15:31
.
Pre-Run: 116,157,849,600 bytes free
Post-Run: 116,137,689,088 bytes free
.
- - End Of File - - 9CF44EE04D3D5C15D6F181971D1D6A25
-
I clicked Run Scan at first by mistake. I hope this didn't ruin something. But here are the results:
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF739809-1C6C-47C0-85B9-569DBB141420}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\S-1-5-21-1060284298-362288127-839522115-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1060284298-362288127-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{4EA00044-4BB9-4E9A-A818-CAA3F7950317}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4EA00044-4BB9-4E9A-A818-CAA3F7950317}\ not found.
Registry key HKEY_USERS\S-1-5-21-1060284298-362288127-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_USERS\S-1-5-21-1060284298-362288127-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB9}\ not found.
Registry key HKEY_USERS\S-1-5-21-1060284298-362288127-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_USERS\S-1-5-21-1060284298-362288127-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF739809-1C6C-47C0-85B9-569DBB141420}\ not found.
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872 removed from extensions.enabledItems
Prefs.js: avg@igeared:6.103.018.001 removed from extensions.enabledItems
Prefs.js: {CA60F577-1B28-41D6-8C78-C49E63304FCF}:1.0 removed from extensions.enabledItems
Prefs.js: ffxtlbr@Facemoods.com:1.1.0 removed from extensions.enabledItems
Prefs.js: engine@conduit.com:3.2.3.3 removed from extensions.enabledItems
Prefs.js: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.2.3.3 removed from extensions.enabledItems
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared not found.
Folder move failed. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\searchplugin scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\modules scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\META-INF scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\defaults scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\chrome scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\ffxtlbr@Facemoods.com\defaults\preferences scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\ffxtlbr@Facemoods.com\defaults scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\ffxtlbr@Facemoods.com\content\preferences scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\ffxtlbr@Facemoods.com\content\images scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\ffxtlbr@Facemoods.com\content scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\ffxtlbr@Facemoods.com\components scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\ffxtlbr@Facemoods.com\chrome scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\ffxtlbr@Facemoods.com scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\toolbar@ask.com\searchplugins scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\toolbar@ask.com\logs scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\toolbar@ask.com\defaults\preferences scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\toolbar@ask.com\defaults scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\toolbar@ask.com\datastore scheduled to be moved on reboot.
C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Wed-12-Oct-2011-21-45-18-GMT folder moved successfully.
C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Tue-08-Nov-2011-12-41-51-GMT folder moved successfully.
C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Tue-08-Nov-2011-09-49-05-GMT folder moved successfully.
C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Thu-21-Jun-2012-14-15-26-GMT folder moved successfully.
C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\toolbar@ask.com\chrome\temp folder moved successfully.
Folder move failed. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\toolbar@ask.com\chrome\skin scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\toolbar@ask.com\chrome\content scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\toolbar@ask.com\chrome scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\toolbar@ask.com scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Mozilla Firefox\extensions\{CA60F577-1B28-41D6-8C78-C49E63304FCF}\defaults\preferences scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Mozilla Firefox\extensions\{CA60F577-1B28-41D6-8C78-C49E63304FCF}\defaults scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Mozilla Firefox\extensions\{CA60F577-1B28-41D6-8C78-C49E63304FCF}\chrome scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Mozilla Firefox\extensions\{CA60F577-1B28-41D6-8C78-C49E63304FCF} scheduled to be moved on reboot.
Unable to fix default_search_provider items.
Unable to fix default_search_provider items.
Registry value HKEY_USERS\S-1-5-21-1060284298-362288127-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
C:\Documents and Settings\Silvo\Application Data\1 moved successfully.
C:\Documents and Settings\NetworkService\Application Data\1 moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
->Temp folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41661 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1425475 bytes
->Flash cache emptied: 877 bytes
User: Maja
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 214461 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 1259610 bytes
->Google Chrome cache emptied: 11734036 bytes
->Flash cache emptied: 2954 bytes
User: Nadja
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 192579 bytes
->Java cache emptied: 11830 bytes
->FireFox cache emptied: 149999401 bytes
->Google Chrome cache emptied: 9221883 bytes
->Flash cache emptied: 2119 bytes
User: NetworkService
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 540806 bytes
->Flash cache emptied: 706 bytes
User: Silvo
->Temp folder emptied: 46063 bytes
->Temporary Internet Files folder emptied: 647873 bytes
->Java cache emptied: 5462419 bytes
->FireFox cache emptied: 73143583 bytes
->Google Chrome cache emptied: 41407262 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 10252 bytes
User: Silvo_2
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 138543 bytes
->FireFox cache emptied: 98156649 bytes
->Flash cache emptied: 3351 bytes
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes
->Flash cache emptied: 41661 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2518635 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 378.00 mb
Restore point Set: OTL Restore Point
OTL by OldTimer - Version 3.2.50.0 log created on 06212012_094055
Files\Folders moved on Reboot...
C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\searchplugin folder moved successfully.
C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\modules folder moved successfully.
C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\META-INF folder moved successfully.
C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\defaults folder moved successfully.
C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components folder moved successfully.
C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\chrome folder moved successfully.
C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} folder moved successfully.
C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\ffxtlbr@Facemoods.com\defaults\preferences folder moved successfully.
C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\ffxtlbr@Facemoods.com\defaults folder moved successfully.
C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\ffxtlbr@Facemoods.com\content\preferences folder moved successfully.
C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\ffxtlbr@Facemoods.com\content\images folder moved successfully.
C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\ffxtlbr@Facemoods.com\content folder moved successfully.
C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\ffxtlbr@Facemoods.com\components folder moved successfully.
C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\ffxtlbr@Facemoods.com\chrome folder moved successfully.
C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\ffxtlbr@Facemoods.com folder moved successfully.
C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\toolbar@ask.com\searchplugins folder moved successfully.
C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\toolbar@ask.com\logs folder moved successfully.
C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\toolbar@ask.com\defaults\preferences folder moved successfully.
C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\toolbar@ask.com\defaults folder moved successfully.
C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\toolbar@ask.com\datastore folder moved successfully.
C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\toolbar@ask.com\chrome\skin folder moved successfully.
C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\toolbar@ask.com\chrome\content folder moved successfully.
C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\toolbar@ask.com\chrome folder moved successfully.
C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\toolbar@ask.com folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CA60F577-1B28-41D6-8C78-C49E63304FCF}\defaults\preferences folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CA60F577-1B28-41D6-8C78-C49E63304FCF}\defaults folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CA60F577-1B28-41D6-8C78-C49E63304FCF}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CA60F577-1B28-41D6-8C78-C49E63304FCF} folder moved successfully.
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_888.dat not found!
File\Folder C:\WINDOWS\temp\~bd14C.tmp not found!
Registry entries deleted on Reboot...
-
OTL Extras logfile created on: 21/06/2012 09:05:38 - Run 1
OTL by OldTimer - Version 3.2.50.0 Folder = C:\Documents and Settings\Silvo\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: Združeno kraljestvo | Language: ENG | Date Format: dd/MM/yyyy
3.25 Gb Total Physical Memory | 2.66 Gb Available Physical Memory | 81.80% Memory free
5.09 Gb Paging File | 4.54 Gb Available in Paging File | 89.17% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 107.68 Gb Free Space | 23.12% Space Free | Partition Type: NTFS
Computer Name: SILVO1 | User Name: Silvo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_USERS\S-1-5-21-1060284298-362288127-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"57769:TCP" = 57769:TCP:*:Enabled:Pando Media Booster
"57769:UDP" = 57769:UDP:*:Enabled:Pando Media Booster
"57495:TCP" = 57495:TCP:*:Enabled:Pando Media Booster
"57495:UDP" = 57495:UDP:*:Enabled:Pando Media Booster
"56799:TCP" = 56799:TCP:*:Enabled:Pando Media Booster
"56799:UDP" = 56799:UDP:*:Enabled:Pando Media Booster
"21688:TCP" = 21688:TCP:*:Enabled:@xpsp2res.dll,-22009
"80:TCP" = 80:TCP:*:Enabled:@xpsp2res.dll,-22009
"56191:TCP" = 56191:TCP:*:Enabled:Pando Media Booster
"56191:UDP" = 56191:UDP:*:Enabled:Pando Media Booster
"57819:TCP" = 57819:TCP:*:Enabled:Pando Media Booster
"57819:UDP" = 57819:UDP:*:Enabled:Pando Media Booster
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"57769:TCP" = 57769:TCP:*:Enabled:Pando Media Booster
"57769:UDP" = 57769:UDP:*:Enabled:Pando Media Booster
"57495:TCP" = 57495:TCP:*:Enabled:Pando Media Booster
"57495:UDP" = 57495:UDP:*:Enabled:Pando Media Booster
"56799:TCP" = 56799:TCP:*:Enabled:Pando Media Booster
"56799:UDP" = 56799:UDP:*:Enabled:Pando Media Booster
"21688:TCP" = 21688:TCP:*:Enabled:@xpsp2res.dll,-22009
"56191:TCP" = 56191:TCP:*:Enabled:Pando Media Booster
"56191:UDP" = 56191:UDP:*:Enabled:Pando Media Booster
"57819:TCP" = 57819:TCP:*:Enabled:Pando Media Booster
"57819:UDP" = 57819:UDP:*:Enabled:Pando Media Booster
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\ICQ7.2\ICQ.exe" = C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.)
"C:\Program Files\ICQ7.2\aolload.exe" = C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Games-Masters.com\CABAL Online (Europe)\launcher\update\ESTdnheadless.exe" = C:\Program Files\Games-Masters.com\CABAL Online (Europe)\launcher\update\ESTdnheadless.exe:*:Enabled:EST! download engine -- ()
"C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" = C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club -- (Take-Two Interactive Software, Inc.)
"C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server -- (PeeringPortal)
"C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server -- (PeeringPortal)
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files\Microsoft Games\Halo 2\halo2.exe" = C:\Program Files\Microsoft Games\Halo 2\halo2.exe:*:Enabled:Halo 2 -- (Microsoft Corporation)
"C:\Program Files\ICQ7.2\ICQ.exe" = C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.)
"C:\Program Files\ICQ7.2\aolload.exe" = C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
"C:\Program Files\Xfire\Xfire.exe" = C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire -- (Xfire Inc.)
"C:\Program Files\TeamViewer\Version6\TeamViewer.exe" = C:\Program Files\TeamViewer\Version6\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe" = C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Steam\steamapps\common\apb reloaded\Launcher\APBLauncher.exe" = C:\Program Files\Steam\steamapps\common\apb reloaded\Launcher\APBLauncher.exe:*:Enabled:APB Reloaded -- (K2 Network, Inc.)
"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe" = C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher -- ()
"C:\Program Files\Steam\steamapps\common\apb reloaded\Binaries\APB.exe" = C:\Program Files\Steam\steamapps\common\apb reloaded\Binaries\APB.exe:*:Enabled:APB: APB.exe -- (K2 Network, Inc.)
"C:\Program Files\Steam\steamapps\common\apb reloaded\Binaries\VivoxVoiceService.exe" = C:\Program Files\Steam\steamapps\common\apb reloaded\Binaries\VivoxVoiceService.exe:*:Enabled:APB: VivoxVoiceService.exe -- (Vivox Inc.)
"C:\Program Files\TeamViewer\Version7\TeamViewer.exe" = C:\Program Files\TeamViewer\Version7\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe" = C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
"C:\Program Files\tera fake\TERA-Launcher.exe" = C:\Program Files\tera fake\TERA-Launcher.exe:*:Enabled:TERA -- (Solid State Networks)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)
"C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe" = C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe:*:Enabled:Opera Internet Browser - Plugin wrapper -- (Opera Software)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{02627ee5-eaca-4742-a9cc-e687631773e4}" = Nero ShowTime
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05EC21B8-4593-3037-A781-A6B5AFFCB19D}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
"{086a7d8c-0a38-4c7f-819a-620275550d5c}" = Nero BurningROM
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0CA38F52-F0FA-4B9F-8A36-EC8A9609FBBC}" = Halo 2 for Windows Vista
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0FCDA0F8-F3E5-402E-B9B6-13CB2B01182B}" = TERA
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1c00c7c5-e615-4139-b817-7f4003de68c0}" = Nero PhotoSnap Help
"{1C9FE8CC-2578-41E6-AB28-3B927B055224}" = Windows Live - Pomocnik za vpis
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Orodje za prenos storitve Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java 6 Update 33
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}" = Bitdefender Antivirus Plus 2012
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{359cfc0a-beb1-440d-95ba-cf63a86da34f}" = Nero Recode
"{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C867F60-267A-11D4-BF03-0080C84D9C69}" = WinFox Setup
"{3CB519B3-1475-4D45-B0D5-9405A2C8F704}" = Pošta Windows Live
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = Logitech Registration
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Zemlja
"{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51EAF221-C37C-43B2-A1AE-2885610AD7D7}" = Aion
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5BFB956C-3AB9-492A-9E91-5D8C87DCC598}" = Paint.NET v3.5.1
"{5d9be3c1-8ba4-4e7e-82fd-9f74fa6815d1}" = Nero Vision
"{5e08ecd1-c98e-4711-bf65-8fd736b3f969}" = Nero RescueAgent Help
"{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}" = GameSpy Comrade
"{60c731fb-c951-41ce-ad41-8e54c8594609}" = Nero Disc Copy Gadget Help
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
"{62B002C5-1AB3-11D8-8092-00E018B21FC0}" = USB Mass Storage Toolbox
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64c5b887-b5ee-42b8-8596-78905a6b5f1f}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C9F6D23-E9AD-43C9-B43A-011562AAF876}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{6CAFFBCE-FC5B-41D5-ACC6-1F02E521C4D5}" = Windows Live Messenger
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77e33d87-255e-413e-9c8d-eed2a7f9bebf}" = Nero Live Help
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"{7CCEBC24-62DB-4280-A8EC-BFA49F167920}" = Software Update for Web Folders
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-0021-0409-0000-0000000FF1CE}_VisualWebDeveloper_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{93FC6253-D5BA-4569-94B7-A087934A49D7}" = Pocket Theme Organizer
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{98a67610-a3b5-4098-a423-3708040026d3}" = "Nero SoundTrax Help
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2
"{9e82b934-9a25-445b-b8df-8012808074ac}" = Nero PhotoSnap
"{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{a209525b-3377-43f4-b886-32f6b6e7356f}" = Nero WaveEditor
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{ad6bc5cc-2ef0-49c4-b33d-cdc8b2c4dc80}" = Nero Recode Help
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles
"{B268E9A1-04A9-40D0-9866-846BE2B74BA7}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA nadzorna plošča 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafični gonilnik 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA Programa nView 136.27
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Sistemske opreme PhysX 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA posodobitve 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B32E7732-B2FB-3FD0-81AC-6025B1104C66}" = Microsoft Device Emulator version 3.0 - ENU
"{B354FB16-3027-47AF-AF3F-7AD1209B886E}" = globaldk
"{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}" = Mumble 1.2.3
"{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}" = SoundTrax
"{C60BA916-9E44-4DA4-B11A-9E27B7624EF5}" = Sony Ericsson Drivers
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}" = Sony Ericsson Device Data
"{C9FB868B-2086-4EE2-BD4F-BFBA36B131F4}" = NCsoft Launcher
"{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}" = Microsoft Windows SDK for Visual Studio 2008 Tools
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed
"{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{ce96f5a5-584d-4f8f-aa3e-9baed413db72}" = Nero CoverDesigner Help
"{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D59AC9E9-FFAE-471B-B1FF-4B311D23417A}" = Sony Ericsson PC Suite
"{D6BF6477-8369-489F-8DE6-3731F4B88560}" = Sony Ericsson PC Suite
"{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}" = Microsoft Visual Studio 2008 Professional Edition - ENU
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}" = Nero ShowTime
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{df6a95f5-adc1-406a-bdc6-2aa7cc0182aa}" = Nero Live
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{e8631efb-6b9a-426c-b1ce-e7173ca26bf8}" = Nero WaveEditor Help
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EBC92729-E677-415C-8A60-CEF034B33E49}" = Windows Live Essentials
"{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f1861f30-3419-44db-b2a1-c274825698b3}" = Nero Disc Copy Gadget
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F69FD33C-8815-46BF-9134-A643DE68F3C0}" = WinFast® Display Driver
"{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights
"{faf0b65c-072b-4f7e-bd05-6a56f28d4233}" = Wallery
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"{FC87BEA8-5582-476C-A754-41F3A9D976D4}" = AVerTV
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"6194C28A8F62DD817EA1B918E6E46E806A21B452" = Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
"65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"AC3Filter" = AC3Filter (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AVerMedia M135-Series PCI TV Tuner" = AVerMedia M135-Series PCI TV Tuner 3.5.0.65
"AVerMedia MCE Encoder" = AVerMedia MCE Encoder 3.2.1.62
"Bitdefender" = Bitdefender Antivirus Plus 2012
"Born To Be Big_is1" = Born To Be Big
"BSPlayerf" = BS.Player FREE powered by AdVantage
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Cheat Engine 5.6_is1" = Cheat Engine 5.6
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.60
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX Setup
"DriverAgent.exe" = DriverAgent by eSupport.com
"EADM" = EA Download Manager
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Scanner" = EPSON Scan
"Epson Stylus SX210_SX410_TX210_TX410 Navodila za uporabo" = Epson Stylus SX210_SX410_TX210_TX410 Priročnik
"EPSON SX410 Series" = EPSON SX410 Series Printer Uninstall
"GamersFirst LIVE!" = GamersFirst LIVE!
"GamersFirst Sword 2" = Sword 2
"GameSpy Arcade" = GameSpy Arcade
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"Granado Espada_is1" = Granado Espada
"Halo 2" = Halo 2 for Windows Vista
"hp print screen utility" = hp print screen utility
"HWiNFO32_is1" = HWiNFO32 Version 3.62
"ie8" = Windows Internet Explorer 8
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"InstallShield_{FC87BEA8-5582-476C-A754-41F3A9D976D4}" = AVerTV
"Macro Wizard 4.1_is1" = Macro Wizard 4.1
"Magic ISO Maker v5.5 (build 0272)" = Magic ISO Maker v5.5 (build 0272)
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"MagicDisc 2.7.105" = MagicDisc 2.7.105
"MegaTrainer eXperience_is1" = MegaTrainer eXperience V1.0.9.0
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Microsoft Visual Studio 2005 Tools for Office Runtime
"Microsoft Visual Studio 2008 Professional Edition - ENU" = Microsoft Visual Studio 2008 Professional Edition - ENU
"Minecraft Beta Cracked" = Minecraft Beta Cracked
"Mozilla Firefox 10.0.2 (x86 sl)" = Mozilla Firefox 10.0.2 (x86 sl)
"Neffy" = Neffy 1,2,0,22
"Nero - Burning Rom" = Nero - Burning Rom
"npkcxp" = nProtect KeyCrypt
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Opera 12.00.1467" = Opera 12.00
"PhotoScape" = PhotoScape
"RealPlayer 15.0" = RealPlayer
"Registry Mechanic_is1" = PC Tools Registry Mechanic 11.0
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Sanctum © Coffee Stain Studios_is1" = Sanctum © Coffee Stain Studios version 1
"Steam App 113400" = APB Reloaded
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamViewer 6" = TeamViewer 6
"TeamViewer 7" = TeamViewer 7
"Tweak UI 2.10" = Tweak UI
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"VLC media player" = VLC media player 2.0.1
"VMware_Player" = VMware Player
"vsfilter_is1" = DirectVobSub 2.40.4209
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Xfire" = Xfire (remove only)
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1060284298-362288127-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"NCsoft-Aion" = Aion (North America)
"NCsoft-AionEU" = Aion (Europe)
"sc09-SLO_ZURNAL_MAIN" = Ski Challenge 2009 (zurnal24.si)
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Techno Design IP Notify" = LiveSearch Notification Tool
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 18/06/2012 00:12:42 | Computer Name = SILVO1 | Source = VsJITDebugger | ID = 4096
Description = An unhandled win32 exception occurred in svchost.exe [11096]. Just-In-Time
debugging this exception failed with the following error: Debugger could not be
started because no user is logged on. Check the documentation index for 'Just-in-time
debugging, errors' for more information.
Error - 18/06/2012 00:26:07 | Computer Name = SILVO1 | Source = VsJITDebugger | ID = 4096
Description = An unhandled win32 exception occurred in svchost.exe [3184]. Just-In-Time
debugging this exception failed with the following error: Debugger could not be
started because no user is logged on. Check the documentation index for 'Just-in-time
debugging, errors' for more information.
Error - 18/06/2012 01:49:29 | Computer Name = SILVO1 | Source = VsJITDebugger | ID = 4096
Description = An unhandled win32 exception occurred in svchost.exe [4784]. Just-In-Time
debugging this exception failed with the following error: Debugger could not be
started because no user is logged on. Check the documentation index for 'Just-in-time
debugging, errors' for more information.
Error - 18/06/2012 04:28:02 | Computer Name = SILVO1 | Source = VsJITDebugger | ID = 4096
Description = An unhandled win32 exception occurred in svchost.exe [6164]. Just-In-Time
debugging this exception failed with the following error: Debugger could not be
started because no user is logged on. Check the documentation index for 'Just-in-time
debugging, errors' for more information.
Error - 18/06/2012 04:28:02 | Computer Name = SILVO1 | Source = VsJITDebugger | ID = 4096
Description = An unhandled win32 exception occurred in svchost.exe [6164]. Just-In-Time
debugging this exception failed with the following error: Debugger could not be
started because no user is logged on. Check the documentation index for 'Just-in-time
debugging, errors' for more information.
Error - 18/06/2012 06:53:21 | Computer Name = SILVO1 | Source = VsJITDebugger | ID = 4096
Description = An unhandled win32 exception occurred in svchost.exe [1940]. Just-In-Time
debugging this exception failed with the following error: Napaka pri klicu oddaljene
procedure. Check the documentation index for 'Just-in-time debugging, errors' for
more information.
Error - 20/06/2012 05:05:42 | Computer Name = SILVO1 | Source = VsJITDebugger | ID = 4096
Description = An unhandled win32 exception occurred in svchost.exe [2628]. Just-In-Time
debugging this exception failed with the following error: Debugger could not be
started because no user is logged on. Check the documentation index for 'Just-in-time
debugging, errors' for more information.
Error - 20/06/2012 07:26:42 | Computer Name = SILVO1 | Source = VsJITDebugger | ID = 4096
Description = An unhandled win32 exception occurred in svchost.exe [1856]. Just-In-Time
debugging this exception failed with the following error: Napaka pri klicu oddaljene
procedure. Check the documentation index for 'Just-in-time debugging, errors' for
more information.
Error - 21/06/2012 03:49:06 | Computer Name = SILVO1 | Source = VsJITDebugger | ID = 4096
Description = Failed to load user32.dll into the vsjitdebugger.exe process.
Error - 21/06/2012 03:49:36 | Computer Name = SILVO1 | Source = VsJITDebugger | ID = 4096
Description = An unhandled win32 exception occurred in svchost.exe [8000]. Just-In-Time
debugging this exception failed with the following error: Izvajanje strežnika ni
uspelo Check the documentation index for 'Just-in-time debugging, errors' for more
information.
[ OSession Events ]
Error - 28/08/2009 08:25:37 | Computer Name = SILVO1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.
Error - 28/08/2009 08:25:43 | Computer Name = SILVO1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.
Error - 28/08/2009 08:25:46 | Computer Name = SILVO1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 21/06/2012 11:16:40 | Computer Name = SILVO1 | Source = Service Control Manager | ID = 7034
Description = NVIDIA Driver Helper Service storitev se je nepričakovano prekinila.
To je storila 1 krat.
Error - 21/06/2012 11:16:40 | Computer Name = SILVO1 | Source = Service Control Manager | ID = 7034
Description = PC Tools Startup and Shutdown Monitor service storitev se je nepričakovano
prekinila. To je storila 1 krat.
Error - 21/06/2012 11:16:40 | Computer Name = SILVO1 | Source = Service Control Manager | ID = 7034
Description = Java Quick Starter storitev se je nepričakovano prekinila. To je storila
1 krat.
Error - 21/06/2012 11:16:40 | Computer Name = SILVO1 | Source = Service Control Manager | ID = 7034
Description = SQL Server (SQLEXPRESS) storitev se je nepričakovano prekinila. To
je storila 1 krat.
Error - 21/06/2012 11:16:40 | Computer Name = SILVO1 | Source = Service Control Manager | ID = 7034
Description = Print Spooler storitev se je nepričakovano prekinila. To je storila
1 krat.
Error - 21/06/2012 11:16:40 | Computer Name = SILVO1 | Source = Service Control Manager | ID = 7034
Description = Application Layer Gateway Service storitev se je nepričakovano prekinila.
To je storila 1 krat.
Error - 21/06/2012 11:16:40 | Computer Name = SILVO1 | Source = Service Control Manager | ID = 7034
Description = NVIDIA Update Service Daemon storitev se je nepričakovano prekinila.
To je storila 1 krat.
Error - 21/06/2012 11:16:40 | Computer Name = SILVO1 | Source = Service Control Manager | ID = 7031
Description = SQL Server Browser storitev se je nepričakovano prekinila. To je storila
že 1 krat. Ta popravljalna dejanja bodo izvedena v 60000 milisekundah: Ponovni
zagon storitve.
Error - 21/06/2012 11:16:40 | Computer Name = SILVO1 | Source = Service Control Manager | ID = 7031
Description = SAS Core Service storitev se je nepričakovano prekinila. To je storila
že 1 krat. Ta popravljalna dejanja bodo izvedena v 1000 milisekundah: Ponovni zagon
storitve.
Error - 21/06/2012 11:23:38 | Computer Name = SILVO1 | Source = Service Control Manager | ID = 7009
Description = Časovna omejitev (30000 milisekund) pri čakanju, da storitev CardBusService
vzpostavi povezavo.
< End of report >
-
OTL logfile created on: 21/06/2012 09:05:38 - Run 1
OTL by OldTimer - Version 3.2.50.0 Folder = C:\Documents and Settings\Silvo\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: Združeno kraljestvo | Language: ENG | Date Format: dd/MM/yyyy
3.25 Gb Total Physical Memory | 2.66 Gb Available Physical Memory | 81.80% Memory free
5.09 Gb Paging File | 4.54 Gb Available in Paging File | 89.17% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 107.68 Gb Free Space | 23.12% Space Free | Partition Type: NTFS
Computer Name: SILVO1 | User Name: Silvo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/06/21 09:03:40 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Silvo\My Documents\Downloads\OTL.exe
PRC - [2012/05/15 03:18:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/04/26 14:08:24 | 000,793,048 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2012/04/15 02:05:18 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe
PRC - [2012/04/04 06:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/03/23 16:38:58 | 001,553,392 | ---- | M] (Bitdefender) -- C:\Program Files\BitDefender\Bitdefender 2012\vsserv.exe
PRC - [2012/03/22 14:32:12 | 001,183,616 | ---- | M] (Bitdefender) -- C:\Program Files\BitDefender\Bitdefender 2012\bdagent.exe
PRC - [2012/03/13 18:24:14 | 000,053,224 | ---- | M] (Bitdefender) -- C:\Program Files\BitDefender\Bitdefender 2012\updatesrv.exe
PRC - [2011/08/11 16:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/07/28 16:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2009/07/20 04:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009/07/10 04:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2009/06/28 06:50:19 | 000,191,008 | ---- | M] (INCA Internet Co., Ltd.) -- C:\WINDOWS\system32\npkcmsvc.exe
PRC - [2008/09/30 04:48:28 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/22 23:54:14 | 000,618,496 | ---- | M] () -- C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
PRC - [2007/07/11 06:57:42 | 000,880,640 | R--- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
PRC - [2007/06/12 23:16:02 | 000,528,384 | R--- | M] () -- C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
PRC - [2007/03/15 18:23:20 | 000,983,040 | R--- | M] (Teleca AB) -- C:\Program Files\Common Files\Teleca Shared\Generic.exe
========== Modules (No Company Name) ==========
MOD - [2012/06/15 03:36:02 | 000,139,480 | ---- | M] () -- \\?\C:\Program Files\Bitdefender\Bitdefender 2012\bdnc.dll
MOD - [2012/03/29 19:58:34 | 000,573,904 | ---- | M] () -- C:\Program Files\Common Files\BitDefender\Bitdefender Threat Scanner\bdsmartdb.dll
MOD - [2012/03/28 00:07:08 | 000,107,520 | ---- | M] () -- C:\Program Files\BitDefender\Bitdefender 2012\UI\popup.ui
MOD - [2012/03/28 00:07:06 | 000,004,608 | ---- | M] () -- C:\Program Files\BitDefender\Bitdefender 2012\UI\imsecurityal.ui
MOD - [2012/03/28 00:07:04 | 000,003,072 | ---- | M] () -- C:\Program Files\BitDefender\Bitdefender 2012\UI\accessl.ui
MOD - [2012/03/22 12:30:52 | 002,063,872 | ---- | M] () -- C:\Program Files\BitDefender\Bitdefender 2012\as2core\ashttpf.mdl
MOD - [2012/03/22 12:30:52 | 001,917,952 | ---- | M] () -- C:\Program Files\BitDefender\Bitdefender 2012\as2core\ashttpph.mdl
MOD - [2012/03/22 12:30:52 | 001,867,776 | ---- | M] () -- C:\Program Files\BitDefender\Bitdefender 2012\as2core\asimf.mdl
MOD - [2012/03/22 12:30:52 | 000,956,928 | ---- | M] () -- C:\Program Files\BitDefender\Bitdefender 2012\as2core\ashttprbl.mdl
MOD - [2012/03/22 12:30:52 | 000,634,880 | ---- | M] () -- C:\Program Files\BitDefender\Bitdefender 2012\as2core\ashttpbr.mdl
MOD - [2012/03/22 12:30:52 | 000,513,536 | ---- | M] () -- C:\Program Files\BitDefender\Bitdefender 2012\as2core\ashttpdsp.mdl
MOD - [2012/03/22 12:30:52 | 000,446,464 | ---- | M] () -- C:\Program Files\BitDefender\Bitdefender 2012\as2core\asimdsp.mdl
MOD - [2012/03/22 12:30:52 | 000,391,168 | ---- | M] () -- C:\Program Files\BitDefender\Bitdefender 2012\as2core\asimbr.mdl
MOD - [2012/03/12 15:14:58 | 000,270,536 | ---- | M] () -- C:\Program Files\BitDefender\Bitdefender 2012\avc3al.dll
MOD - [2012/02/09 13:49:02 | 000,092,328 | ---- | M] () -- C:\Program Files\BitDefender\Bitdefender 2012\bdmetrics.dll
MOD - [2012/01/31 16:45:16 | 001,226,400 | ---- | M] () -- \\?\C:\Program Files\Bitdefender\Bitdefender 2012\wslib.dll
MOD - [2012/01/23 20:27:20 | 000,035,208 | ---- | M] () -- C:\Program Files\BitDefender\Bitdefender 2012\procinfo.dll
MOD - [2012/01/23 20:20:54 | 000,139,208 | ---- | M] () -- C:\Program Files\BitDefender\Bitdefender 2012\popup.dll
MOD - [2012/01/23 20:15:40 | 000,059,392 | ---- | M] () -- C:\Program Files\BitDefender\Bitdefender 2012\bdmltusrsrv.dll
MOD - [2012/01/23 20:14:56 | 000,110,880 | ---- | M] () -- C:\Program Files\BitDefender\Bitdefender 2012\connector.dll
MOD - [2012/01/23 20:14:00 | 000,061,440 | ---- | M] () -- C:\Program Files\BitDefender\Bitdefender 2012\excludemgr.dll
MOD - [2012/01/23 20:13:40 | 000,154,152 | ---- | M] () -- C:\Program Files\BitDefender\Bitdefender 2012\framework.dll
MOD - [2012/01/06 16:27:34 | 000,035,720 | ---- | M] () -- C:\Program Files\BitDefender\Bitdefender 2012\strdecoder.dll
MOD - [2012/01/06 16:27:28 | 000,202,032 | ---- | M] () -- C:\Program Files\BitDefender\Bitdefender 2012\txmlutil.dll
MOD - [2011/10/27 15:07:06 | 000,362,736 | ---- | M] () -- \\?\C:\Program Files\Common Files\Bitdefender\Bitdefender Threat Scanner\trufos.dll
MOD - [2011/07/28 16:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 16:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/05/19 19:34:22 | 000,056,224 | ---- | M] () -- \\?\C:\Program Files\Common Files\Bitdefender\Bitdefender Threat Scanner\Antivirus_09430_073\avxdisk.dll
MOD - [2009/07/20 04:27:14 | 000,017,936 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\khalwrapper.dll
MOD - [2008/04/13 17:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 17:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/07/22 23:54:14 | 000,618,496 | ---- | M] () -- C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
MOD - [2007/07/22 23:40:30 | 000,053,248 | ---- | M] () -- C:\Program Files\Common Files\AVerMedia\Dll\MsgLog.dll
MOD - [2007/06/12 23:16:02 | 000,528,384 | R--- | M] () -- C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
MOD - [2007/05/22 23:23:34 | 004,591,616 | R--- | M] () -- C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application LauncherBmp.dll
MOD - [2007/05/22 06:44:50 | 000,023,552 | R--- | M] () -- C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application LauncherLg.dll
MOD - [2006/03/09 09:45:36 | 000,081,920 | R--- | M] () -- C:\Program Files\Common Files\Teleca Shared\boost_log-vc71-mt-1_33.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe /service -- (LIVESRV)
SRV - File not found [Auto | Stopped] -- C:\DOCUME~1\Silvo\LOCALS~1\Temp\hpdj.exe -- (hpdj)
SRV - [2012/06/14 06:55:22 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/05/15 03:18:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/04/26 14:08:24 | 000,793,048 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2012/04/04 14:08:37 | 000,356,984 | ---- | M] (BitDefender) [Disabled | Stopped] -- C:\Program Files\Common Files\BitDefender\Bitdefender Threat Scanner\scan.dll -- (scan)
SRV - [2012/04/04 06:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/23 16:38:58 | 001,553,392 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe -- (VSSERV)
SRV - [2012/03/13 18:24:14 | 000,053,224 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe -- (UPDATESRV)
SRV - [2011/10/14 23:57:36 | 000,307,544 | ---- | M] (BitDefender) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\Bitdefender Arrakis Server\bin\arrakis3.exe -- (Update Server)
SRV - [2011/08/11 16:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2010/09/06 10:56:38 | 000,247,096 | ---- | M] () [Auto | Stopped] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010/06/20 08:41:00 | 003,813,096 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\system32\GameMon.des -- (npggsvc)
SRV - [2010/02/19 04:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/07/20 04:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009/06/28 06:50:19 | 000,191,008 | ---- | M] (INCA Internet Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\npkcmsvc.exe -- (npkcmsvc)
SRV - [2009/01/08 00:42:54 | 000,233,472 | ---- | M] (Teruten) [Disabled | Stopped] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2008/09/30 04:48:28 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2007/11/06 23:58:18 | 003,004,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90)
SRV - [2007/09/04 10:25:44 | 000,131,072 | ---- | M] (NVIDIA) [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2007/04/22 10:15:50 | 000,188,416 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\AVerMedia\Service\CardBusService.exe -- (CardBusService)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\xhunter1.sys -- (xhunter1)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva394.sys -- (XDva394)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva393.sys -- (XDva393)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva392.sys -- (XDva392)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva391.sys -- (XDva391)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva389.sys -- (XDva389)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva387.sys -- (XDva387)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva385.sys -- (XDva385)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva380.sys -- (XDva380)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva351.sys -- (XDva351)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva288.sys -- (XDva288)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva279.sys -- (XDva279)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva275.sys -- (XDva275)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva190.sys -- (XDva190)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\vtany.sys -- (vtany)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vmnetadapter.sys -- (VMnetAdapter)
DRV - File not found [Kernel | Boot | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys -- (Trufos)
DRV - File not found [Kernel | Boot | Stopped] -- System32\Drivers\sptd.sys -- (sptd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wg111v2.sys -- (RTLWUSB)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys -- (Profos)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\Silvo\LOCALS~1\Temp\mbr.sys -- (mbr)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lmimirr.sys -- (lmimirr)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\bdfndisf.sys -- (Bdfndisf)
DRV - File not found [File_System | On_Demand | Stopped] -- system32\drivers\bdfm.sys -- (bdfm)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\Silvo\LOCALS~1\Temp\aswMBR.sys -- (aswMBR)
DRV - [2012/06/21 04:02:34 | 000,036,352 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\disk.sys -- (Disk)
DRV - [2012/06/19 01:47:00 | 000,014,080 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\TrueSight.sys -- (TrueSight)
DRV - [2012/06/17 15:45:24 | 000,023,456 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DrvAgent32.sys -- (DrvAgent32)
DRV - [2012/06/15 03:36:03 | 000,360,976 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV - [2012/04/04 06:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/03/29 01:53:35 | 000,072,136 | ---- | M] (www.wiselogic.co.kr) [Kernel | On_Demand | Stopped] -- C:\GEMC011.sys -- (GEMC011)
DRV - [2012/03/24 08:51:51 | 000,072,136 | ---- | M] (www.wiselogic.co.kr) [Kernel | On_Demand | Stopped] -- C:\GEMC009.sys -- (GEMC009)
DRV - [2012/03/24 08:47:39 | 000,072,136 | ---- | M] (www.wiselogic.co.kr) [Kernel | On_Demand | Stopped] -- C:\GEMC005.sys -- (GEMC005)
DRV - [2012/03/24 08:45:49 | 000,072,136 | ---- | M] (www.wiselogic.co.kr) [Kernel | On_Demand | Stopped] -- C:\GEMC003.sys -- (GEMC003)
DRV - [2012/03/24 08:45:20 | 000,072,136 | ---- | M] (www.wiselogic.co.kr) [Kernel | On_Demand | Stopped] -- C:\GEMC001.sys -- (GEMC001)
DRV - [2012/03/20 20:22:08 | 000,611,520 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avc3.sys -- (avc3)
DRV - [2012/03/20 09:54:50 | 000,072,136 | ---- | M] (www.wiselogic.co.kr) [Kernel | On_Demand | Stopped] -- C:\GEMC007.sys -- (GEMC007)
DRV - [2012/03/19 01:20:03 | 000,072,136 | ---- | M] (www.wiselogic.co.kr) [Kernel | On_Demand | Stopped] -- C:\GEMC004.sys -- (GEMC004)
DRV - [2012/03/19 01:19:44 | 000,072,136 | ---- | M] (www.wiselogic.co.kr) [Kernel | On_Demand | Stopped] -- C:\GEMC002.sys -- (GEMC002)
DRV - [2012/03/01 16:30:37 | 000,130,664 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\BitDefender\Bitdefender 2012\bdselfpr.sys -- (BDSelfPr)
DRV - [2012/02/17 16:45:12 | 000,447,208 | ---- | M] (BitDefender) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avckf.sys -- (avckf)
DRV - [2011/11/25 14:59:40 | 000,240,184 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avchv.sys -- (avchv)
DRV - [2011/11/17 17:38:34 | 000,063,056 | ---- | M] (BitDefender SRL) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bdsandbox.sys -- (bdsandbox)
DRV - [2011/11/14 20:16:28 | 000,130,640 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys -- (bdftdif)
DRV - [2011/09/21 02:25:34 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2011/07/22 09:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 14:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/09/29 15:13:46 | 000,020,088 | ---- | M] (REALiX) [Kernel | Auto | Running] -- C:\Program Files\HWiNFO32\HWiNFO32.SYS -- (HWiNFO32)
DRV - [2010/09/14 11:21:09 | 000,109,440 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\KbdCap.sys -- (kbdcap)
DRV - [2010/02/20 07:49:33 | 000,017,480 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2010/01/19 19:32:40 | 000,085,128 | ---- | M] (BitDefender) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\bdvedisk.sys -- (BDVEDISK)
DRV - [2009/12/30 02:20:56 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/12/18 03:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009/06/17 09:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2009/06/17 09:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 09:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/06/17 09:55:18 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2009/04/15 04:53:20 | 000,043,424 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\npkcusb.sys -- (npkcusb)
DRV - [2009/04/15 04:52:36 | 000,053,664 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\npkcrypt.sys -- (npkcrypt)
DRV - [2009/01/08 00:42:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2008/07/28 08:19:28 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/04/13 11:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2008/02/24 05:27:00 | 000,037,376 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l151x86.sys -- (AtcL001)
DRV - [2008/02/22 06:33:02 | 000,114,304 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2008/02/22 06:33:02 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2008/02/22 06:33:00 | 000,087,936 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2007/09/04 10:26:32 | 000,029,696 | ---- | M] (NVidia Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\nvoclock.sys -- (NVR0Dev)
DRV - [2007/06/19 00:51:20 | 000,107,304 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s816mdm.sys -- (s816mdm)
DRV - [2007/06/19 00:51:18 | 000,099,112 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s816mgmt.sys -- (s816mgmt) Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM)
DRV - [2007/06/19 00:51:18 | 000,097,704 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s816unic.sys -- (s816unic) Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM)
DRV - [2007/06/19 00:51:18 | 000,097,320 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s816obex.sys -- (s816obex)
DRV - [2007/06/19 00:51:18 | 000,021,928 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s816nd5.sys -- (s816nd5) Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS)
DRV - [2007/06/19 00:51:18 | 000,013,864 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s816mdfl.sys -- (s816mdfl)
DRV - [2007/06/19 00:51:16 | 000,081,832 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s816bus.sys -- (s816bus) Sony Ericsson Device 816 driver (WDM)
DRV - [2007/05/21 01:42:46 | 001,180,672 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVerBDA3x.sys -- (AVerBDA3x)
DRV - [2007/04/03 04:57:48 | 000,108,680 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116mdm.sys -- (s116mdm)
DRV - [2007/04/03 04:57:48 | 000,015,112 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116mdfl.sys -- (s116mdfl)
DRV - [2007/04/03 04:57:42 | 000,083,336 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116bus.sys -- (s116bus) Sony Ericsson Device 116 driver (WDM)
DRV - [2007/03/08 17:27:56 | 004,485,120 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2004/08/13 11:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q={searchTerms}&crm=1
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\.DEFAULT\..\URLSearchHook: - No CLSID value found
IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-18\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/enterprise/security_response/index.jsp
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/enterprise/security_response/index.jsp
IE - HKU\S-1-5-21-1060284298-362288127-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-21-1060284298-362288127-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1060284298-362288127-839522115-1003\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-1060284298-362288127-839522115-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-21-1060284298-362288127-839522115-1003\..\SearchScopes,DefaultScope = Bing
IE - HKU\S-1-5-21-1060284298-362288127-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IEFM1&src=IE-SearchBox
IE - HKU\S-1-5-21-1060284298-362288127-839522115-1003\..\SearchScopes\{4EA00044-4BB9-4E9A-A818-CAA3F7950317}: "URL" = http://search.avg.com/route/?d=4e0383a6&v=7.5.30.4&i=26&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us
IE - HKU\S-1-5-21-1060284298-362288127-839522115-1003\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-1060284298-362288127-839522115-1003\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB9}: "URL" = http://www.daemon-search.com/search/web?q={searchTerms}
IE - HKU\S-1-5-21-1060284298-362288127-839522115-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1142338
IE - HKU\S-1-5-21-1060284298-362288127-839522115-1003\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q={searchTerms}&crm=1
IE - HKU\S-1-5-21-1060284298-362288127-839522115-1003\..\SearchScopes\{DB4131FF-29F0-4874-AA0B-D0A1910EEEE7}: "URL" = http://www.google.si/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=
IE - HKU\S-1-5-21-1060284298-362288127-839522115-1003\..\SearchScopes\{F5A9DC2B-3409-4DFC-A1EE-0114439EE65B}: "URL" = http://www.najdi.si/search.jsp?q={searchTerms}&foxsbar=ie
IE - HKU\S-1-5-21-1060284298-362288127-839522115-1003\..\SearchScopes\Bing: "URL" = http://www.bing.com/search?q={searchTerms}&mkt=sl-SI&FORM=MIC2G5
IE - HKU\S-1-5-21-1060284298-362288127-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1060284298-362288127-839522115-1016\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: avg@igeared:6.103.018.001
FF - prefs.js..extensions.enabledItems: {CA60F577-1B28-41D6-8C78-C49E63304FCF}:1.0
FF - prefs.js..extensions.enabledItems: ffxtlbr@Facemoods.com:1.1.0
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.3.3
FF - prefs.js..extensions.enabledItems: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.2.3.3
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files\GamersFirst\LIVE!\nplivelauncher.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2009\FFToolbar\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/02/20 18:33:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/04/15 02:05:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/15 02:04:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/15 02:20:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2009\tbextension\
[2009/02/09 06:41:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Silvo\Application Data\Mozilla\Extensions
[2012/06/21 07:15:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions
[2012/06/21 07:15:19 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012/06/21 07:15:21 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2010/07/28 14:29:25 | 000,000,000 | ---D | M] (Facemoods) -- C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\ffxtlbr@Facemoods.com
[2012/06/21 07:15:26 | 000,000,000 | ---D | M] ("MyPlayCity Toolbar") -- C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\toolbar@ask.com
[2012/05/18 01:34:25 | 000,000,000 | ---D | M] (LavaFox V2-Green) -- C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\extensions\zigboom@ymail.com
[2012/05/12 16:05:59 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\searchplugins\icqplugin-1.xml
[2011/06/23 11:48:39 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\searchplugins\icqplugin-10.xml
[2011/08/19 01:18:13 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\searchplugins\icqplugin-11.xml
[2011/08/31 14:29:09 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\searchplugins\icqplugin-12.xml
[2011/09/07 03:02:00 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\searchplugins\icqplugin-13.xml
[2011/09/19 13:20:19 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\searchplugins\icqplugin-14.xml
[2011/10/01 00:22:15 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\searchplugins\icqplugin-15.xml
[2011/10/14 09:47:05 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\searchplugins\icqplugin-16.xml
[2011/11/08 05:41:50 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\searchplugins\icqplugin-17.xml
[2011/11/08 13:33:34 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\searchplugins\icqplugin-18.xml
[2011/11/09 11:45:48 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\searchplugins\icqplugin-19.xml
[2011/03/05 02:28:03 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\searchplugins\icqplugin-2.xml
[2011/12/06 07:58:03 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\searchplugins\icqplugin-20.xml
[2012/01/29 04:17:01 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\searchplugins\icqplugin-21.xml
[2012/02/02 08:05:13 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\searchplugins\icqplugin-22.xml
[2012/02/13 11:35:12 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\searchplugins\icqplugin-23.xml
[2012/02/19 05:57:57 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\searchplugins\icqplugin-24.xml
[2012/02/21 02:19:50 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\searchplugins\icqplugin-25.xml
[2011/03/24 12:41:36 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\searchplugins\icqplugin-3.xml
[2011/04/29 09:07:55 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\searchplugins\icqplugin-4.xml
[2011/05/01 03:24:06 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\searchplugins\icqplugin-5.xml
[2011/05/01 11:23:38 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\searchplugins\icqplugin-6.xml
[2011/05/05 15:12:10 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\searchplugins\icqplugin-7.xml
[2011/05/10 01:00:43 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\searchplugins\icqplugin-8.xml
[2011/06/22 02:21:24 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\searchplugins\icqplugin-9.xml
[2011/02/24 21:07:13 | 000,001,056 | ---- | M] () -- C:\Documents and Settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\searchplugins\icqplugin.xml
[2012/06/21 07:15:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/28 14:29:28 | 000,000,000 | ---D | M] (FindXplorer) -- C:\Program Files\Mozilla Firefox\extensions\{CA60F577-1B28-41D6-8C78-C49E63304FCF}
[2012/06/15 02:20:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/04/15 02:05:36 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2011/09/15 12:09:09 | 000,035,641 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\SILVO\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KEUDRCDB.DEFAULT\EXTENSIONS\TINYURL.ADDON@FAST-CHAT.CO.UK.XPI
[2012/06/15 02:19:53 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012/02/19 05:56:39 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2008/08/13 10:02:10 | 000,035,840 | ---- | M] () -- C:\Program Files\mozilla firefox\components\FFComm.dll
[2008/01/22 23:20:30 | 000,491,520 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2011/10/01 00:19:22 | 000,010,799 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\ceneji.xml
[2011/10/01 00:19:22 | 000,001,420 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\najdi-si.xml
[2011/10/01 00:19:22 | 000,003,584 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\odpiralni.xml
[2011/11/09 05:52:09 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2011/10/01 00:19:22 | 000,001,328 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-sl.xml
========== Chrome ==========
CHR - default_search_provider: AVG Secure Search (Enabled)
CHR - default_search_provider: search_url = http://search.avg.com/?d=4e0383cf&v=7.5.30.4&i=26&tp=ggl-chrome&q={searchTerms}
CHR - default_search_provider: suggest_url = http://suggestqueries.google.com/complete/search?output=chrome&client=chrome&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Silvo\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: BitCometAgent (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: RealNetworks Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: DNA Plug-in (Enabled) = C:\Program Files\DNA\plugins\npbtdna.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Program Files\Yahoo!\Common\npyaxmpb.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\Silvo\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Iskanje Google = C:\Documents and Settings\Silvo\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\Silvo\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Documents and Settings\Silvo\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Documents and Settings\Silvo\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2012/06/21 08:22:59 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\S-1-5-21-1060284298-362288127-839522115-1003\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\S-1-5-21-1060284298-362288127-839522115-1003\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [bDAgent] C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe (Bitdefender)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: [sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe ()
O4 - HKLM..\Run: [switchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-1060284298-362288127-839522115-1003..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 File not found
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 File not found
O4 - HKU\S-1-5-21-1060284298-362288127-839522115-1016..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AVerQuick.lnk = C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: AFEC-CEAB = C:\Documents and Settings\Silvo\Application Data\Seven.exe
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1060284298-362288127-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1060284298-362288127-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1060284298-362288127-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1060284298-362288127-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1060284298-362288127-839522115-1016\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1060284298-362288127-839522115-1016\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.srtest.com/srl_bin/sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1217854800937 (WUWebControl Class)
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} http://www.acclaim.com/cabs/acclaim_v4.cab (GameLauncher Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1217854781968 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} http://disteng.nefficient.com/disteng/neffy/NeffyLauncher.cab (NeffyLauncherCtl Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} http://update.nprotect.net/keycrypt/cabal/npkcx_inca.cab (NPKCX Control)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC30E4D0-6780-42EB-9733-F8D55434BB60}: NameServer = 193.189.160.13,193.189.160.23
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Silvo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Silvo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012/06/21 06:16:14 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/06/21 06:16:14 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/06/21 06:16:14 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/06/21 06:16:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/06/21 06:16:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/21 06:08:59 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Silvo\Recent
[2012/06/21 05:52:27 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/06/21 05:47:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012/06/21 03:57:51 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/06/20 14:00:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Silvo\Application Data\vlc
[2012/06/20 14:00:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2012/06/20 09:45:33 | 000,069,632 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\Alcmtr.exe
[2012/06/20 03:15:28 | 001,191,936 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RtlUpd.exe
[2012/06/20 03:15:26 | 009,709,568 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTLCPL.EXE
[2012/06/20 03:15:26 | 002,808,832 | ---- | C] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
[2012/06/20 03:15:26 | 000,299,008 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\ALSNDMGR.CPL
[2012/06/20 03:15:26 | 000,282,624 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RTSndMgr.CPL
[2012/06/20 03:15:26 | 000,086,016 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
[2012/06/20 03:15:25 | 002,157,568 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\MicCal.exe
[2012/06/20 03:15:23 | 004,485,120 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys
[2012/06/20 03:15:23 | 000,146,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\portcls.sys
[2012/06/20 03:15:23 | 000,049,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\stream.sys
[2012/06/20 03:15:22 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksuser.dll
[2012/06/20 03:15:21 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksproxy.ax
[2012/06/20 03:15:20 | 000,141,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ks.sys
[2012/06/20 03:15:20 | 000,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys
[2012/06/19 01:46:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Silvo\Desktop\RK_Quarantine
[2012/06/18 09:32:01 | 001,101,824 | ---- | C] (Woodbury Associates Limited) -- C:\WINDOWS\System32\UniBox210.ocx
[2012/06/18 09:32:01 | 000,880,640 | ---- | C] (Woodbury Associates Limited) -- C:\WINDOWS\System32\UniBox10.ocx
[2012/06/18 09:32:01 | 000,658,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCOMCT2.OCX
[2012/06/18 09:32:01 | 000,212,992 | ---- | C] (Woodbury Associates Limited) -- C:\WINDOWS\System32\UniBoxVB12.ocx
[2012/06/18 09:32:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PC Tools Registry Mechanic
[2012/06/18 09:31:58 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Registry Mechanic
[2012/06/18 09:31:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2012/06/18 02:18:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/06/18 02:16:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Silvo\Local Settings\Application Data\Opera
[2012/06/18 02:16:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Silvo\Application Data\Opera
[2012/06/18 02:15:53 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2012/06/18 01:13:22 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Silvo\Start Menu\Programs\Administrative Tools
[2012/06/17 15:45:24 | 000,023,456 | ---- | C] (Phoenix Technologies) -- C:\WINDOWS\System32\drivers\DrvAgent32.sys
[2012/06/17 15:45:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Silvo\Local Settings\Application Data\eSupport.com
[2012/06/17 14:44:55 | 000,000,000 | ---D | C] -- C:\Rbackup
[2012/06/17 14:41:22 | 000,000,000 | ---D | C] -- C:\Program Files\Perfect Uninstaller
[2012/06/15 03:36:04 | 000,340,624 | ---- | C] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\trufos.sys
[2012/06/15 03:36:03 | 000,360,976 | ---- | C] (BitDefender) -- C:\WINDOWS\System32\drivers\bdfsfltr.sys
[2012/06/15 03:04:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BDLogging
[2012/06/15 03:03:38 | 000,016,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsgXP_2k3.dll
[2012/06/15 03:03:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Bitdefender 2012
[2012/06/15 03:03:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Silvo\Application Data\Bitdefender
[2012/06/15 03:00:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Silvo\Application Data\QuickScan
[2012/06/15 02:20:02 | 000,476,936 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\npdeployJava1.dll
[2012/06/15 02:20:02 | 000,157,448 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/06/15 02:20:02 | 000,149,256 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/06/15 02:20:02 | 000,149,256 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/06/15 02:20:02 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012/06/15 02:19:48 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/06/13 16:17:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2012/05/23 12:45:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Silvo\Application Data\Mumble
[2012/05/23 12:41:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mumble
[2012/05/23 12:33:50 | 000,000,000 | ---D | C] -- C:\Program Files\Mumble
[2011/11/21 14:27:38 | 086,405,736 | ---- | C] (K2 Network, Inc.) -- C:\Program Files\APB_Reloaded_Installer.exe
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/06/21 09:06:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/06/21 09:03:23 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Silvo\Desktop\MBR.dat
[2012/06/21 08:23:57 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/21 08:22:59 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/06/21 08:22:25 | 000,001,040 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cd08335e74765c.job
[2012/06/21 08:22:25 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1060284298-362288127-839522115-1005.job
[2012/06/21 08:22:25 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1060284298-362288127-839522115-1003.job
[2012/06/21 08:22:25 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\RMAutoUpdate.job
[2012/06/21 08:21:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/21 07:21:00 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/21 05:52:30 | 000,000,339 | RHS- | M] () -- C:\boot.ini
[2012/06/21 04:11:54 | 003,587,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/06/21 04:11:48 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1060284298-362288127-839522115-1003.job
[2012/06/21 04:11:48 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RMSchedule.job
[2012/06/21 04:02:34 | 000,036,352 | ---- | M] () -- C:\WINDOWS\System32\drivers\disk.sys
[2012/06/21 03:09:55 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/06/20 14:00:10 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2012/06/20 13:57:21 | 022,259,528 | ---- | M] () -- C:\Documents and Settings\Silvo\Desktop\vlc-2.0.1-win32.exe
[2012/06/20 13:48:58 | 000,174,592 | ---- | M] () -- C:\Documents and Settings\Silvo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/19 01:47:00 | 000,014,080 | ---- | M] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2012/06/18 09:32:02 | 000,000,869 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PC Tools Registry Mechanic.lnk
[2012/06/18 09:23:37 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/06/18 02:15:59 | 000,001,510 | ---- | M] () -- C:\Documents and Settings\Silvo\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2012/06/18 02:15:59 | 000,001,492 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2012/06/17 15:45:24 | 000,023,456 | ---- | M] (Phoenix Technologies) -- C:\WINDOWS\System32\drivers\DrvAgent32.sys
[2012/06/17 14:41:36 | 000,000,042 | ---- | M] () -- C:\WINDOWS\System32\AK083E209605E394C.lie
[2012/06/16 21:38:47 | 000,000,223 | ---- | M] () -- C:\Boot.bak
[2012/06/15 03:36:04 | 000,340,624 | ---- | M] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\trufos.sys
[2012/06/15 03:36:03 | 000,360,976 | ---- | M] (BitDefender) -- C:\WINDOWS\System32\drivers\bdfsfltr.sys
[2012/06/15 03:03:43 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_avchv_01009.Wdf
[2012/06/15 03:03:42 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2012/06/15 03:03:15 | 000,001,863 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Bitdefender Antivirus Plus 2012.lnk
[2012/06/15 02:19:52 | 000,157,448 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/06/15 02:19:52 | 000,149,256 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/06/15 02:19:52 | 000,149,256 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/06/15 02:19:52 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012/06/15 02:19:51 | 000,476,936 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\npdeployJava1.dll
[2012/06/15 02:19:51 | 000,472,840 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2012/06/14 11:59:33 | 000,057,108 | ---- | M] () -- C:\Documents and Settings\Silvo\Desktop\Bambuk.jpg
[2012/06/14 10:42:00 | 000,000,960 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2012/06/14 06:55:14 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/06/14 06:55:13 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/06/12 03:33:49 | 000,002,533 | ---- | M] () -- C:\Documents and Settings\Silvo\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2012/06/09 09:29:12 | 000,553,158 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/06/09 09:29:12 | 000,107,556 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/06/09 02:00:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-SILVO1-Nadja.job
[2012/06/08 17:46:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/06/03 08:43:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1060284298-362288127-839522115-1005.job
[2012/05/30 06:30:01 | 000,308,142 | ---- | M] () -- C:\Documents and Settings\Silvo\Desktop\123.bmp
[2012/05/25 06:12:36 | 001,074,636 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012/05/25 06:12:36 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012/05/25 06:09:16 | 001,074,636 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012/05/23 12:47:12 | 000,002,379 | ---- | M] () -- C:\Documents and Settings\Silvo\My Documents\MumbleAutomaticCertificateBackup.p12
[2012/05/23 12:44:59 | 000,000,656 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mumble.lnk
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/06/21 09:03:23 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Silvo\Desktop\MBR.dat
[2012/06/21 06:16:14 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/06/21 06:16:14 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/06/21 06:16:14 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/06/21 06:16:14 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/06/21 06:16:14 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/06/21 05:52:30 | 000,000,223 | ---- | C] () -- C:\Boot.bak
[2012/06/21 05:52:28 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/06/20 14:00:10 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2012/06/20 13:57:11 | 022,259,528 | ---- | C] () -- C:\Documents and Settings\Silvo\Desktop\vlc-2.0.1-win32.exe
[2012/06/19 01:47:00 | 000,014,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2012/06/18 09:32:24 | 000,000,272 | ---- | C] () -- C:\WINDOWS\tasks\RMAutoUpdate.job
[2012/06/18 09:32:13 | 000,000,274 | ---- | C] () -- C:\WINDOWS\tasks\RMSchedule.job
[2012/06/18 09:32:02 | 000,000,869 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PC Tools Registry Mechanic.lnk
[2012/06/18 09:32:01 | 000,037,336 | ---- | C] () -- C:\WINDOWS\System32\CleanMFT32.exe
[2012/06/18 02:15:59 | 000,001,510 | ---- | C] () -- C:\Documents and Settings\Silvo\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2012/06/18 02:15:59 | 000,001,498 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Opera.lnk
[2012/06/18 02:15:59 | 000,001,492 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2012/06/17 14:41:36 | 000,000,042 | ---- | C] () -- C:\WINDOWS\System32\AK083E209605E394C.lie
[2012/06/15 03:03:43 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_avchv_01009.Wdf
[2012/06/15 03:03:42 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2012/06/15 03:03:15 | 000,001,863 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Bitdefender Antivirus Plus 2012.lnk
[2012/06/14 11:59:22 | 000,057,108 | ---- | C] () -- C:\Documents and Settings\Silvo\Desktop\Bambuk.jpg
[2012/05/30 06:30:01 | 000,308,142 | ---- | C] () -- C:\Documents and Settings\Silvo\Desktop\123.bmp
[2012/05/23 12:47:12 | 000,002,379 | ---- | C] () -- C:\Documents and Settings\Silvo\My Documents\MumbleAutomaticCertificateBackup.p12
[2012/05/23 12:41:26 | 000,000,656 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mumble.lnk
[2012/03/31 09:45:09 | 000,178,688 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2012/03/10 02:12:46 | 001,074,636 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012/03/10 02:12:46 | 001,074,636 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012/03/10 02:12:46 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012/03/10 02:11:56 | 002,807,708 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2012/01/14 03:58:59 | 001,844,091 | ---- | C] () -- C:\Documents and Settings\Silvo\Application Data\1
[2012/01/12 14:03:18 | 000,180,539 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\1
[2011/12/28 09:38:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\Access.dat
[2011/11/21 14:27:38 | 3830,088,838 | ---- | C] () -- C:\Program Files\Client1.5.3.569583.7z
[2011/11/16 10:33:56 | 000,000,512 | ---- | C] () -- C:\WINDOWS\unlss.ini
[2010/09/18 13:26:02 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\mf.dll
[2010/09/14 11:21:09 | 000,109,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\KbdCap.sys
[2010/07/09 12:04:40 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2010/06/25 11:56:43 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2012/03/13 14:44:21 | 000,001,024 | ---- | M] () -- C:\.rnd
[2011/09/21 08:45:21 | 000,040,448 | ---- | M] () -- C:\Accountlist Yonichi + Takehito 14-09-2011.doc
[2012/06/21 08:20:38 | 000,006,894 | ---- | M] () -- C:\bdlog.txt
[2012/06/16 21:38:47 | 000,000,223 | ---- | M] () -- C:\Boot.bak
[2012/06/21 05:52:30 | 000,000,339 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2012/06/21 08:31:03 | 000,030,648 | ---- | M] () -- C:\ComboFix.txt
[2007/11/06 23:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/06 23:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/06 23:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/06 23:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/06 23:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/06 23:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/06 23:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/06 23:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/06 23:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2012/03/24 08:45:20 | 000,072,136 | ---- | M] (www.wiselogic.co.kr) -- C:\GEMC001.sys
[2012/03/19 01:19:44 | 000,072,136 | ---- | M] (www.wiselogic.co.kr) -- C:\GEMC002.sys
[2012/03/24 08:45:49 | 000,072,136 | ---- | M] (www.wiselogic.co.kr) -- C:\GEMC003.sys
[2012/03/19 01:20:03 | 000,072,136 | ---- | M] (www.wiselogic.co.kr) -- C:\GEMC004.sys
[2012/03/24 08:47:39 | 000,072,136 | ---- | M] (www.wiselogic.co.kr) -- C:\GEMC005.sys
[2012/03/20 09:54:50 | 000,072,136 | ---- | M] (www.wiselogic.co.kr) -- C:\GEMC007.sys
[2012/03/24 08:51:51 | 000,072,136 | ---- | M] (www.wiselogic.co.kr) -- C:\GEMC009.sys
[2012/03/29 01:53:35 | 000,072,136 | ---- | M] (www.wiselogic.co.kr) -- C:\GEMC011.sys
[2007/11/06 23:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2010/02/24 13:26:06 | 000,001,459 | ---- | M] () -- C:\hpfr5100.log
[2010/07/06 01:44:34 | 000,497,640 | ---- | M] () -- C:\img083.jpg
[2007/11/06 23:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/06 23:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/06 23:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/06 23:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/06 23:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/06 23:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/06 23:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/06 23:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/06 23:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/06 23:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2008/08/04 05:07:26 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/08/04 05:07:26 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/03 14:38:34 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/08/04 06:47:34 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2012/06/21 08:21:44 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2008/08/07 10:10:39 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2008/08/07 23:47:07 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2008/09/05 05:16:49 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2008/09/19 12:13:01 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2008/12/14 09:36:05 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2008/12/16 06:53:52 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2008/12/18 11:30:21 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2008/08/07 10:10:39 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2008/08/07 23:47:07 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2008/09/05 05:16:49 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2008/09/19 12:13:01 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2008/12/14 09:36:05 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2008/12/16 06:53:52 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2008/12/18 11:30:21 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2012/06/21 03:58:50 | 000,112,304 | ---- | M] () -- C:\TDSSKiller.2.7.41.0_21.06.2012_03.55.37_log.txt
[2007/11/06 23:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/06 23:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/06 23:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI
[2012/01/23 12:14:04 | 000,000,162 | -H-- | M] () -- C:\~$Codes.docx
< %USERPROFILE%\*.* >
[2010/10/24 02:41:28 | 000,000,034 | ---- | M] () -- C:\Documents and Settings\Silvo\logging.txt
[2012/06/21 08:20:34 | 012,582,912 | ---- | M] () -- C:\Documents and Settings\Silvo\ntuser.dat
[2012/06/21 09:06:33 | 000,001,024 | -H-- | M] () -- C:\Documents and Settings\Silvo\ntuser.dat.LOG
[2012/06/21 08:20:35 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Silvo\ntuser.ini
[2010/07/21 01:32:17 | 000,000,001 | ---- | M] () -- C:\Documents and Settings\Silvo\SI.bin
< %USERPROFILE%\Application Data\*.* >
[2009/10/02 08:46:43 | 000,002,528 | ---- | M] () -- C:\Documents and Settings\Silvo\Application Data\$_hpcst$.hpc
[2012/03/07 07:33:05 | 001,844,091 | ---- | M] () -- C:\Documents and Settings\Silvo\Application Data\1
[2010/08/04 07:27:56 | 000,000,131 | ---- | M] () -- C:\Documents and Settings\Silvo\Application Data\default.rss
[2008/08/04 06:55:17 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Silvo\Application Data\desktop.ini
[2012/03/07 15:30:50 | 000,138,904 | ---- | M] () -- C:\Documents and Settings\Silvo\Application Data\PnkBstrK.sys
[2010/03/15 05:26:41 | 000,000,180 | ---- | M] () -- C:\Documents and Settings\Silvo\Application Data\setup.log
[2010/03/15 05:26:11 | 000,000,760 | ---- | M] () -- C:\Documents and Settings\Silvo\Application Data\setup_ldm.iss
< %USERPROFILE%\Local Settings\Application Data\*.* >
[2012/03/07 14:51:16 | 000,004,016 | ---- | M] () -- C:\Documents and Settings\Silvo\Local Settings\Application Data\6B607932-2F07-F673-54B8-E601F1D551B2.txt
[2012/06/20 13:48:58 | 000,174,592 | ---- | M] () -- C:\Documents and Settings\Silvo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/08/20 10:26:47 | 000,000,128 | ---- | M] () -- C:\Documents and Settings\Silvo\Local Settings\Application Data\fusioncache.dat
[2012/06/21 04:13:37 | 000,074,680 | ---- | M] () -- C:\Documents and Settings\Silvo\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2012/06/18 01:24:43 | 005,654,906 | -H-- | M] () -- C:\Documents and Settings\Silvo\Local Settings\Application Data\IconCache.db
[2011/12/17 12:05:02 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Silvo\Local Settings\Application Data\prvlcl.dat
< %AllUsersProfile%\*.* >
< %AllUsersProfile%\Application Data\*.* >
[2008/08/04 06:55:17 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
< %USERPROFILE%\My Documents\*.* >
[2008/09/21 12:34:51 | 000,203,344 | ---- | M] () -- C:\Documents and Settings\Silvo\My Documents\0921213451Analog TV3.jpg
[2010/05/28 10:59:48 | 000,001,219 | ---- | M] () -- C:\Documents and Settings\Silvo\My Documents\aionmemo_1d 3248d.dat
[2009/11/20 01:38:24 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\Silvo\My Documents\aionmemo_394ada30.dat
[2012/04/12 11:06:04 | 000,000,342 | ---- | M] () -- C:\Documents and Settings\Silvo\My Documents\aionmemo_c1b89fb0.dat
[2010/05/03 13:27:03 | 000,000,055 | ---- | M] () -- C:\Documents and Settings\Silvo\My Documents\aionmemo_d9d4b6e9.dat
[2009/11/08 10:42:35 | 000,000,007 | ---- | M] () -- C:\Documents and Settings\Silvo\My Documents\blabla.bat
[2011/08/22 08:16:41 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\Silvo\My Documents\Default.rdp
[2009/12/02 05:20:16 | 000,000,076 | -HS- | M] () -- C:\Documents and Settings\Silvo\My Documents\desktop.ini
[2011/10/31 15:17:33 | 000,000,066 | ---- | M] () -- C:\Documents and Settings\Silvo\My Documents\GFWLIVESetupLog.txt
[2011/10/31 15:17:32 | 000,004,586 | ---- | M] () -- C:\Documents and Settings\Silvo\My Documents\GFWLIVESetupLogVerbose.txt
[2011/01/27 12:40:56 | 000,460,506 | ---- | M] () -- C:\Documents and Settings\Silvo\My Documents\Image.jpg
[2010/11/11 14:03:05 | 000,005,887 | ---- | M] () -- C:\Documents and Settings\Silvo\My Documents\misc338.gif
[2009/01/08 06:01:25 | 000,000,899 | ---- | M] () -- C:\Documents and Settings\Silvo\My Documents\Moje mape za izmenjevanje.lnk
[2012/03/08 11:27:55 | 000,000,007 | ---- | M] () -- C:\Documents and Settings\Silvo\My Documents\mt-e_hook.txt
[2012/03/08 11:27:55 | 000,000,041 | ---- | M] () -- C:\Documents and Settings\Silvo\My Documents\mt-x_hook.txt
[2012/05/23 12:47:12 | 000,002,379 | ---- | M] () -- C:\Documents and Settings\Silvo\My Documents\MumbleAutomaticCertificateBackup.p12
[2009/07/06 14:24:45 | 000,001,175 | ---- | M] () -- C:\Documents and Settings\Silvo\My Documents\nejc_50@hotmail.com Arhiv map v skupni rabi.lnk
[2008/10/17 07:54:57 | 000,006,144 | -H-- | M] () -- C:\Documents and Settings\Silvo\My Documents\photothumb.db
[2010/04/26 09:16:19 | 842,328,696 | ---- | M] () -- C:\Documents and Settings\Silvo\My Documents\Sword_of_the_New_World_20091029.bin
[2010/04/26 09:07:57 | 018,169,360 | ---- | M] () -- C:\Documents and Settings\Silvo\My Documents\Sword_of_the_New_World_20091029.exe
[2010/04/04 11:35:32 | 1748,348,690 | ---- | M] () -- C:\Documents and Settings\Silvo\My Documents\Sword_of_the_New_World_20100331.bin
[2010/04/04 11:35:32 | 1679,764,859 | ---- | M] () -- C:\Documents and Settings\Silvo\My Documents\Sword_of_the_New_World_20100331.bin2
[2010/04/04 11:35:28 | 1674,701,606 | ---- | M] () -- C:\Documents and Settings\Silvo\My Documents\Sword_of_the_New_World_20100331.bin3
[2010/04/04 11:32:34 | 021,656,176 | ---- | M] () -- C:\Documents and Settings\Silvo\My Documents\Sword_of_the_New_World_20100331.exe
[2011/02/11 10:15:56 | 000,015,360 | -HS- | M] () -- C:\Documents and Settings\Silvo\My Documents\Thumbs.db
[2011/02/16 04:14:38 | 000,209,067 | ---- | M] () -- C:\Documents and Settings\Silvo\My Documents\ts3_clientui-win32-12815-2011-02-16 12_14_33.015625.dmp
[2011/04/23 13:33:43 | 000,218,339 | ---- | M] () -- C:\Documents and Settings\Silvo\My Documents\ts3_clientui-win32-12815-2011-04-23 22_33_41.755625.dmp
[2009/10/27 23:10:03 | 000,009,509 | ---- | M] () -- C:\Documents and Settings\Silvo\My Documents\Uninstall Mass Effect.log
[2010/01/07 08:10:38 | 000,014,825 | ---- | M] () -- C:\Documents and Settings\Silvo\My Documents\Vloga.docx
[2011/05/12 03:36:38 | 109,212,672 | ---- | M] (VMware, Inc.) -- C:\Documents and Settings\Silvo\My Documents\VMware-player-3.1.4-385536.exe
[2008/09/21 09:31:57 | 000,010,948 | ---- | M] () -- C:\Documents and Settings\Silvo\My Documents\Zapisnik razredne ure 19.9.2008.docx
[2008/08/11 05:48:53 | 000,015,803 | ---- | M] () -- C:\Documents and Settings\Silvo\My Documents\zgodla.docx
< End of report >
-
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-21 08:57:14
-----------------------------
08:57:14.875 OS Version: Windows 5.1.2600 Service Pack 3
08:57:14.875 Number of processors: 2 586 0x1706
08:57:14.875 ComputerName: SILVO1 UserName: Silvo
08:57:22.546 Initialize success
09:01:45.890 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-7
09:01:45.890 Disk 0 Vendor: SAMSUNG_HD502IJ 1AA01109 Size: 476940MB BusType: 3
09:01:45.890 Disk 0 MBR read successfully
09:01:45.890 Disk 0 MBR scan
09:01:45.890 Disk 0 Windows XP default MBR code
09:01:45.890 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476929 MB offset 63
09:01:45.890 Disk 0 scanning sectors +976752000
09:01:45.968 Disk 0 scanning C:\WINDOWS\system32\drivers
09:01:53.515 Service scanning
09:02:07.281 Modules scanning
09:02:12.078 Disk 0 trace - called modules:
09:02:12.109 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
09:02:12.109 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b03dab8]
09:02:12.109 3 CLASSPNP.SYS[f74c7fd7] -> nt!IofCallDriver -> \Device\00000092[0x8b06e258]
09:02:12.109 5 ACPI.sys[f735e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-7[0x8b045d98]
09:02:12.109 Scan finished successfully
09:03:23.250 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Silvo\Desktop\MBR.dat"
09:03:23.250 The log file has been saved successfully to "C:\Documents and Settings\Silvo\Desktop\aswMBR.txt"
-
It says It's recommended to download Avast. Should I?
-
ComboFix 12-06-21.01 - Silvo 21/06/2012 8:16.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.386.1033.18.3327.2657 [GMT -7:00]
Running from: c:\documents and settings\Silvo\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Silvo\My Documents\Downloads\CFScript.txt
AV: Bitdefender Antivirus *Disabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
.
.
((((((((((((((((((((((((( Files Created from 2012-05-21 to 2012-06-21 )))))))))))))))))))))))))))))))
.
.
2012-06-21 10:57 . 2012-06-21 10:57 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-20 21:00 . 2012-06-20 23:05 -------- d-----w- c:\documents and settings\Silvo\Application Data\vlc
2012-06-20 16:45 . 2005-05-04 01:43 69632 ----a-w- c:\windows\Alcmtr.exe
2012-06-19 08:47 . 2012-06-19 08:47 14080 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2012-06-18 16:32 . 2012-04-26 21:08 37336 ----a-w- c:\windows\system32\CleanMFT32.exe
2012-06-18 16:32 . 2008-09-18 04:17 658432 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2012-06-18 16:32 . 2008-04-02 22:54 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
2012-06-18 16:32 . 2008-04-02 22:53 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
2012-06-18 16:32 . 2008-04-02 22:53 880640 ----a-w- c:\windows\system32\UniBox10.ocx
2012-06-18 16:31 . 2012-06-18 16:33 -------- d-----w- c:\program files\PC Tools Registry Mechanic
2012-06-18 16:31 . 2012-06-18 16:32 -------- d-----w- c:\program files\Common Files\PC Tools
2012-06-18 09:16 . 2012-06-18 09:16 -------- d-----w- c:\documents and settings\Silvo\Local Settings\Application Data\Opera
2012-06-18 09:15 . 2012-06-18 09:16 -------- d-----w- c:\program files\Opera
2012-06-17 22:45 . 2012-06-17 22:45 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2012-06-17 22:45 . 2012-06-17 22:45 -------- d-----w- c:\documents and settings\Silvo\Local Settings\Application Data\eSupport.com
2012-06-17 21:44 . 2012-06-17 21:44 -------- d-----w- C:\Rbackup
2012-06-17 21:41 . 2012-06-18 09:52 -------- d-----w- c:\program files\Perfect Uninstaller
2012-06-16 22:44 . 2012-06-16 22:44 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\QuickScan
2012-06-16 21:19 . 2012-06-16 21:19 -------- d-----w- c:\documents and settings\Maja\Application Data\Bitdefender
2012-06-15 10:36 . 2012-06-15 10:36 340624 ----a-w- c:\windows\system32\drivers\trufos.sys
2012-06-15 10:36 . 2012-06-15 10:36 360976 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
2012-06-15 10:04 . 2012-06-15 10:04 -------- d-----w- c:\documents and settings\All Users\Application Data\BDLogging
2012-06-15 10:03 . 2008-11-08 01:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2012-06-15 10:03 . 2012-06-15 10:03 -------- d-----w- c:\documents and settings\Silvo\Application Data\Bitdefender
2012-06-15 10:00 . 2012-06-15 10:00 -------- d-----w- c:\documents and settings\Silvo\Application Data\QuickScan
2012-06-15 09:20 . 2012-06-15 09:19 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-06-15 09:20 . 2012-06-15 09:19 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-15 09:19 . 2012-06-15 09:19 -------- d-----w- c:\program files\Java
2012-05-23 19:45 . 2012-06-16 22:40 -------- d-----w- c:\documents and settings\Silvo\Application Data\Mumble
2012-05-23 19:33 . 2012-05-23 19:44 -------- d-----w- c:\program files\Mumble
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-21 11:02 . 2004-08-03 21:59 36352 ----a-w- c:\windows\system32\drivers\disk.sys
2012-06-15 09:19 . 2011-11-10 13:40 472840 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-14 13:55 . 2012-04-19 13:28 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-14 13:55 . 2011-05-22 20:57 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-15 10:18 . 2012-03-10 09:11 883008 ----a-w- c:\windows\system32\nvgenco32.dll
2012-05-15 10:18 . 2012-03-10 09:11 65536 ----a-w- c:\windows\system32\OpenCL.dll
2012-05-15 10:18 . 2012-03-10 09:11 1000768 ----a-w- c:\windows\system32\nvdispco32.dll
2012-05-15 10:18 . 2012-03-10 09:11 17543168 ----a-w- c:\windows\system32\nvcompiler.dll
2012-05-15 10:18 . 2009-08-11 09:20 2530624 ----a-w- c:\windows\system32\nvcuvid.dll
2012-05-15 10:18 . 2009-08-11 09:20 2445120 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-05-15 10:18 . 2008-08-04 12:27 18771968 ----a-w- c:\windows\system32\nvoglnt.dll
2012-05-15 10:18 . 2008-08-04 12:27 6012928 ----a-w- c:\windows\system32\nvcuda.dll
2012-05-15 10:18 . 2008-08-04 12:27 2359808 ----a-w- c:\windows\system32\nvapi.dll
2012-05-15 10:18 . 2008-08-04 12:27 14014656 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2012-05-15 10:18 . 2008-08-04 12:27 4373248 ----a-w- c:\windows\system32\nv4_disp.dll
2012-05-15 09:43 . 2008-08-04 12:27 229376 ----a-w- c:\windows\system32\nvrszhc.dll
2012-05-15 09:43 . 2008-08-04 12:27 282624 ----a-w- c:\windows\system32\nvrsit.dll
2012-05-15 09:43 . 2008-08-04 12:27 253952 ----a-w- c:\windows\system32\nvrsth.dll
2012-05-15 09:43 . 2008-08-04 12:27 253952 ----a-w- c:\windows\system32\nvrssv.dll
2012-05-15 09:43 . 2008-08-04 12:27 126976 ----a-w- c:\windows\system32\nvrszht.dll
2012-05-15 09:43 . 2008-08-04 12:27 274432 ----a-w- c:\windows\system32\nvrsnl.dll
2012-05-15 09:43 . 2008-08-04 12:27 266240 ----a-w- c:\windows\system32\nvrsko.dll
2012-05-15 09:43 . 2008-08-04 12:27 335872 ----a-w- c:\windows\system32\nvrsar.dll
2012-05-15 09:43 . 2008-08-04 12:27 282624 ----a-w- c:\windows\system32\nvrsel.dll
2012-05-15 09:43 . 2008-08-04 12:27 274432 ----a-w- c:\windows\system32\nvrsesm.dll
2012-05-15 09:43 . 2008-08-04 12:27 249856 ----a-w- c:\windows\system32\nvrseng.dll
2012-05-15 09:43 . 2008-08-04 12:27 335872 ----a-w- c:\windows\system32\nvrshe.dll
2012-05-15 09:43 . 2008-08-04 12:27 286720 ----a-w- c:\windows\system32\nvrsfr.dll
2012-05-15 09:43 . 2008-08-04 12:27 274432 ----a-w- c:\windows\system32\nvrspt.dll
2012-05-15 09:43 . 2008-08-04 12:27 258048 ----a-w- c:\windows\system32\nvrssl.dll
2012-05-15 09:43 . 2008-08-04 12:27 253952 ----a-w- c:\windows\system32\nvrsno.dll
2012-05-15 09:43 . 2008-08-04 12:27 249856 ----a-w- c:\windows\system32\nvrsfi.dll
2012-05-15 09:43 . 2008-08-04 12:27 282624 ----a-w- c:\windows\system32\nvrses.dll
2012-05-15 09:43 . 2008-08-04 12:27 270336 ----a-w- c:\windows\system32\nvrsru.dll
2012-05-15 09:43 . 2008-08-04 12:27 258048 ----a-w- c:\windows\system32\nvrssk.dll
2012-05-15 09:43 . 2008-08-04 12:27 262144 ----a-w- c:\windows\system32\nvrshu.dll
2012-05-15 09:43 . 2008-08-04 12:27 258048 ----a-w- c:\windows\system32\nvrstr.dll
2012-05-15 09:43 . 2008-08-04 12:27 253952 ----a-w- c:\windows\system32\nvrsda.dll
2012-05-15 09:43 . 2008-08-04 12:27 274432 ----a-w- c:\windows\system32\nvrsja.dll
2012-05-15 09:43 . 2008-08-04 12:27 258048 ----a-w- c:\windows\system32\nvrspl.dll
2012-05-15 09:43 . 2008-08-04 12:27 270336 ----a-w- c:\windows\system32\nvrsptb.dll
2012-05-15 09:43 . 2008-08-04 12:27 278528 ----a-w- c:\windows\system32\nvrsde.dll
2012-05-15 09:43 . 2008-08-04 12:27 249856 ----a-w- c:\windows\system32\nvrscs.dll
2012-05-15 09:40 . 2009-07-14 11:35 54272 ----a-w- c:\windows\system32\nvwddi.dll
2012-05-15 09:40 . 2009-07-14 11:34 15504192 ----a-w- c:\windows\system32\nvcpl.dll
2012-05-15 09:40 . 2009-07-14 11:34 143680 ----a-w- c:\windows\system32\nvcolor.exe
2012-05-15 09:40 . 2009-07-14 11:34 164160 ----a-w- c:\windows\system32\nvsvc32.exe
2012-05-15 09:40 . 2009-07-14 11:34 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-04-04 13:56 . 2011-07-08 20:25 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-29 08:53 . 2012-03-29 08:53 72136 ----a-w- C:\GEMC011.sys
2012-03-24 15:51 . 2012-03-18 21:44 72136 ----a-w- C:\GEMC009.sys
2012-03-24 15:47 . 2012-03-18 16:37 72136 ----a-w- C:\GEMC005.sys
2012-03-24 15:45 . 2012-03-18 16:32 72136 ----a-w- C:\GEMC003.sys
2012-03-24 15:45 . 2012-03-18 16:32 72136 ----a-w- C:\GEMC001.sys
2011-11-21 22:19 . 2011-11-21 21:27 86405736 ----a-w- c:\program files\APB_Reloaded_Installer.exe
2012-02-19 12:56 . 2011-05-05 22:11 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2008-08-13 17:02 . 2008-08-13 17:02 35840 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-21_13.32.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-06-21 15:22 . 2012-06-21 15:22 16384 c:\windows\Temp\Perflib_Perfdata_3d0.dat
+ 2008-08-04 12:12 . 2012-06-21 15:21 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-08-04 12:12 . 2012-06-21 13:30 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-04 12:12 . 2012-06-21 15:21 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-08-04 12:12 . 2012-06-21 13:30 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-08-04 12:12 . 2012-06-21 15:21 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-08-04 12:12 . 2012-06-21 13:30 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 528384]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"SkyTel"="SkyTel.EXE" [2006-05-17 2879488]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-04-15 296056]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-05-15 15504192]
"NvMediaCenter"="NvMCTray.dll" [2012-05-15 108352]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-05-15 1634112]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"BDAgent"="c:\program files\Bitdefender\Bitdefender 2012\bdagent.exe" [2012-03-22 1183616]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-08 16125952]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"AFEC-CEAB"="c:\documents and settings\Silvo\Application Data\Seven.exe" [bU]
.
c:\documents and settings\Maja\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\Silvo_2\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\Silvo\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
AVerQuick.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2008-8-4 618496]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-2-25 813584]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
backup=c:\windows\pss\GamersFirst LIVE!.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk
backup=c:\windows\pss\McAfee Security Scan.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Silvo^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\Silvo\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Silvo^Start Menu^Programs^Startup^Xfire.lnk]
path=c:\documents and settings\Silvo\Start Menu\Programs\Startup\Xfire.lnk
backup=c:\windows\pss\Xfire.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe]
2007-06-29 13:03 36864 ----a-w- c:\program files\GameSpy\Comrade\Comrade.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-07-24 15:02 490952 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-04-04 13:56 462408 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 21:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-01-29 13:01 23975720 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-06-14 13:42 3905920 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"scan"=3 (0x3)
"LIVESRV"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Games-Masters.com\\CABAL Online (Europe)\\launcher\\update\\ESTdnheadless.exe"=
"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Microsoft Games\\Halo 2\\halo2.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\apb reloaded\\Launcher\\APBLauncher.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\apb reloaded\\Binaries\\APB.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\apb reloaded\\Binaries\\VivoxVoiceService.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Program Files\\tera fake\\TERA-Launcher.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\Opera\\pluginwrapper\\opera_plugin_wrapper.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57769:TCP"= 57769:TCP:Pando Media Booster
"57769:UDP"= 57769:UDP:Pando Media Booster
"57495:TCP"= 57495:TCP:Pando Media Booster
"57495:UDP"= 57495:UDP:Pando Media Booster
"56799:TCP"= 56799:TCP:Pando Media Booster
"56799:UDP"= 56799:UDP:Pando Media Booster
"21688:TCP"= 21688:TCP:@xpsp2res.dll,-22009
"56191:TCP"= 56191:TCP:Pando Media Booster
"56191:UDP"= 56191:UDP:Pando Media Booster
"57819:TCP"= 57819:TCP:Pando Media Booster
"57819:UDP"= 57819:UDP:Pando Media Booster
.
R0 avc3;avc3;c:\windows\system32\drivers\avc3.sys [20/03/2012 20:22 611520]
R1 BDVEDISK;BDVEDISK;c:\windows\system32\drivers\bdvedisk.sys [19/01/2010 19:32 85128]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 09:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 14:55 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [11/08/2011 16:38 116608]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [18/03/2012 05:49 21992]
R2 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [24/11/2010 07:07 20088]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [08/07/2011 13:25 654408]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [10/03/2012 02:27 1262400]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [18/06/2012 09:32 793048]
R2 UPDATESRV;BitDefender Desktop Update Service;c:\program files\BitDefender\Bitdefender 2012\updatesrv.exe [13/03/2012 18:24 53224]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [04/08/2008 05:21 37376]
R3 avchv;avchv Function Driver;c:\windows\system32\drivers\avchv.sys [25/11/2011 14:59 240184]
R3 AVerBDA3x;AVerMedia SAA713x BDA Service;c:\windows\system32\drivers\AVerBDA3x.sys [04/08/2008 05:38 1180672]
R3 kbdcap;kbdcap;c:\windows\system32\drivers\KbdCap.sys [14/09/2010 11:21 109440]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [08/07/2011 13:25 22344]
S0 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
S2 CardBusService;CardBusService;c:\program files\Common Files\AVerMedia\Service\CardBusService.exe [04/08/2008 07:18 188416]
S2 gupdate1ca19f0d79b2096;Storitev Google Update Service (gupdate1ca19f0d79b2096);c:\program files\Google\Update\GoogleUpdate.exe [10/08/2009 12:29 133104]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [19/07/2009 09:01 247096]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [19/04/2012 06:28 257224]
S3 avckf;avckf;c:\windows\system32\drivers\avckf.sys [17/02/2012 16:45 447208]
S3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys --> c:\windows\system32\drivers\bdfm.sys [?]
S3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\bdfndisf.sys --> c:\windows\system32\DRIVERS\bdfndisf.sys [?]
S3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys [17/11/2011 17:38 63056]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18/12/2009 03:58 11336]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [17/06/2012 15:45 23456]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [02/10/2009 08:46 36608]
S3 GEMC001;GEMC001;C:\GEMC001.sys [18/03/2012 09:32 72136]
S3 GEMC002;GEMC002;C:\GEMC002.sys [19/03/2012 01:19 72136]
S3 GEMC003;GEMC003;C:\GEMC003.sys [18/03/2012 09:32 72136]
S3 GEMC004;GEMC004;C:\GEMC004.sys [19/03/2012 01:20 72136]
S3 GEMC005;GEMC005;C:\GEMC005.sys [18/03/2012 09:37 72136]
S3 GEMC007;GEMC007;C:\GEMC007.sys [18/03/2012 11:24 72136]
S3 GEMC009;GEMC009;C:\GEMC009.sys [18/03/2012 14:44 72136]
S3 GEMC011;GEMC011;C:\GEMC011.sys [29/03/2012 01:53 72136]
S3 gupdatem;Storitev Posodobitve za Google (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/08/2009 12:29 133104]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [29/07/2011 13:07 27064]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\DRIVERS\wg111v2.sys --> c:\windows\system32\DRIVERS\wg111v2.sys [?]
S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\drivers\s816bus.sys [07/08/2008 06:27 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\drivers\s816mdfl.sys [07/08/2008 06:27 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\drivers\s816mdm.sys [07/08/2008 06:27 107304]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s816mgmt.sys [07/08/2008 06:27 99112]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\drivers\s816nd5.sys [07/08/2008 06:28 21928]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\drivers\s816obex.sys [07/08/2008 06:27 97320]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\drivers\s816unic.sys [07/08/2008 06:27 97704]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 04:37 517096]
S3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\BitDefender\Bitdefender Arrakis Server\bin\arrakis3.exe [14/10/2011 23:57 307544]
S3 vtany;vtany;\??\c:\windows\vtany.sys --> c:\windows\vtany.sys [?]
S3 XDva190;XDva190;\??\c:\windows\system32\XDva190.sys --> c:\windows\system32\XDva190.sys [?]
S3 XDva275;XDva275;\??\c:\windows\system32\XDva275.sys --> c:\windows\system32\XDva275.sys [?]
S3 XDva279;XDva279;\??\c:\windows\system32\XDva279.sys --> c:\windows\system32\XDva279.sys [?]
S3 XDva288;XDva288;\??\c:\windows\system32\XDva288.sys --> c:\windows\system32\XDva288.sys [?]
S3 XDva351;XDva351;\??\c:\windows\system32\XDva351.sys --> c:\windows\system32\XDva351.sys [?]
S3 XDva380;XDva380;\??\c:\windows\system32\XDva380.sys --> c:\windows\system32\XDva380.sys [?]
S3 XDva385;XDva385;\??\c:\windows\system32\XDva385.sys --> c:\windows\system32\XDva385.sys [?]
S3 XDva387;XDva387;\??\c:\windows\system32\XDva387.sys --> c:\windows\system32\XDva387.sys [?]
S3 XDva389;XDva389;\??\c:\windows\system32\XDva389.sys --> c:\windows\system32\XDva389.sys [?]
S3 XDva391;XDva391;\??\c:\windows\system32\XDva391.sys --> c:\windows\system32\XDva391.sys [?]
S3 XDva392;XDva392;\??\c:\windows\system32\XDva392.sys --> c:\windows\system32\XDva392.sys [?]
S3 XDva393;XDva393;\??\c:\windows\system32\XDva393.sys --> c:\windows\system32\XDva393.sys [?]
S3 XDva394;XDva394;\??\c:\windows\system32\XDva394.sys --> c:\windows\system32\XDva394.sys [?]
S3 xhunter1;xhunter1;\??\c:\windows\xhunter1.sys --> c:\windows\xhunter1.sys [?]
S4 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [02/10/2009 08:46 233472]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 13:55]
.
2012-06-09 c:\windows\Tasks\AdobeAAMUpdater-1.0-SILVO1-Nadja.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-08-27 01:44]
.
2012-06-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
2012-06-14 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-22 11:56]
.
2012-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd08335e74765c.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-10 19:29]
.
2012-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-10 19:29]
.
2012-06-21 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1060284298-362288127-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 15:45]
.
2012-06-21 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1060284298-362288127-839522115-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 15:45]
.
2012-06-21 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1060284298-362288127-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 15:45]
.
2012-06-03 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1060284298-362288127-839522115-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 15:45]
.
2012-06-21 c:\windows\Tasks\RMAutoUpdate.job
- c:\program files\PC Tools Registry Mechanic\SULauncher.exe [2012-06-18 21:08]
.
2012-06-21 c:\windows\Tasks\RMSchedule.job
- c:\program files\PC Tools Registry Mechanic\RegMech.exe [2012-06-18 21:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: Interfaces\{BC30E4D0-6780-42EB-9733-F8D55434BB60}: NameServer = 193.189.160.13,193.189.160.23
DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://disteng.nefficient.com/disteng/neffy/NeffyLauncher.cab
FF - ProfilePath - c:\documents and settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-21 08:24
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1060284298-362288127-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:8c,33,68,01,b0,79,c2,6e,8d,dc,26,ec,bc,fc,38,92,35,0c,fd,60,4a,41,50,
25,12,86,a3,7a,91,f7,42,11,72,ce,ce,7f,c7,a7,c1,ed,98,dc,c7,bc,52,4b,d4,c4,\
"??"=hex:8c,2e,ba,30,30,f7,7b,cf,e6,5b,fc,8c,37,11,23,7d
.
[HKEY_USERS\S-1-5-21-1060284298-362288127-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:c4,43,8b,be,c7,fb,7c,e8,d1,c0,c4,1d,7b,4a,fb,8d,e0,b8,8f,23,f5,
34,38,31,7a,41,71,bd,57,6c,84,13,02,db,70,67,05,d1,fd,38,83,6d,9d,d4,39,4e,\
"rkeysecu"=hex:8b,72,cf,6f,94,82,52,08,a8,f0,54,62,b4,bb,5f,33
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2680)
c:\windows\system32\WININET.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Bitdefender\Bitdefender 2012\vsserv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\npkcmsvc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\RunDLL32.exe
c:\windows\RTHDCPL.EXE
c:\program files\Common Files\Teleca Shared\Generic.exe
c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
.
**************************************************************************
.
Completion time: 2012-06-21 08:31:03 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-21 15:30
ComboFix2.txt 2012-06-21 14:57
ComboFix3.txt 2012-06-21 14:40
ComboFix4.txt 2012-06-21 13:42
.
Pre-Run: 115,620,388,864 bytes free
Post-Run: 115,601,391,616 prosto bajtov
.
- - End Of File - - 685CCFC30CF4EA22AA414C870FE2CD89
-
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_33
Run by Silvo at 8:06:19 on 2012-06-21
Microsoft Windows XP Professional 5.1.2600.3.1250.386.1033.18.3327.2498 [GMT -7:00]
.
AV: Bitdefender Antivirus *Disabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
.
============== Running Processes ===============
.
C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\npkcmsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\program files\real\realplayer\update\realsched.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Bitdefender\Bitdefender 2012\downloader.exe
C:\Program Files\DAEMON Tools Pro\DTProShellHlp.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = about:blank
uURLSearchHooks: H - No File
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
mURLSearchHooks: H - No File
mURLSearchHooks: H - No File
mURLSearchHooks: H - No File
mURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live - Pomoc pri vpisu: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - No File
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\nTuneCmd.exe" clear
mRun: [sony Ericsson PC Suite] "c:\program files\sony ericsson\mobile2\application launcher\Application Launcher.exe" /startoptions
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [skyTel] SkyTel.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [bDAgent] "c:\program files\bitdefender\bitdefender 2012\bdagent.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32
dRunOnce: [RunNarrator] Narrator.exe
mExplorerRun: [AFEC-CEAB] c:\documents and settings\silvo\application data\Seven.exe
StartupFolder: c:\docume~1\silvo\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\averqu~1.lnk - c:\program files\common files\avermedia\averquick\AVerQuick.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - c:\program files\icq7.2\ICQ.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.srtest.com/srl_bin/sysreqlab3.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1217854800937
DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} - hxxp://www.acclaim.com/cabs/acclaim_v4.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1217854781968
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://disteng.nefficient.com/disteng/neffy/NeffyLauncher.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} - hxxp://update.nprotect.net/keycrypt/cabal/npkcx_inca.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
TCP: Interfaces\{BC30E4D0-6780-42EB-9733-F8D55434BB60} : NameServer = 193.189.160.13,193.189.160.23
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\silvo\application data\mozilla\firefox\profiles\keudrcdb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
============= SERVICES / DRIVERS ===============
.
R0 avc3;avc3;c:\windows\system32\drivers\avc3.sys [2012-3-20 611520]
R1 BDVEDISK;BDVEDISK;c:\windows\system32\drivers\bdvedisk.sys [2010-1-19 85128]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2012-3-18 21992]
R2 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\hwinfo32\HWiNFO32.SYS [2010-11-24 20088]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-7-8 654408]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-3-10 1262400]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2012-6-18 793048]
R2 UPDATESRV;BitDefender Desktop Update Service;c:\program files\bitdefender\bitdefender 2012\updatesrv.exe [2012-3-13 53224]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [2008-8-4 37376]
R3 avchv;avchv Function Driver;c:\windows\system32\drivers\avchv.sys [2011-11-25 240184]
R3 AVerBDA3x;AVerMedia SAA713x BDA Service;c:\windows\system32\drivers\AVerBDA3x.sys [2008-8-4 1180672]
R3 kbdcap;kbdcap;c:\windows\system32\drivers\KbdCap.sys [2010-9-14 109440]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-7-8 22344]
S2 CardBusService;CardBusService;c:\program files\common files\avermedia\service\CardBusService.exe [2008-8-4 188416]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1ca19f0d79b2096;Storitev Google Update Service (gupdate1ca19f0d79b2096);c:\program files\google\update\GoogleUpdate.exe [2009-8-10 133104]
S2 ICQ Service;ICQ Service;c:\program files\icq6toolbar\ICQ Service.exe [2009-7-19 247096]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-19 257224]
S3 avckf;avckf;c:\windows\system32\drivers\avckf.sys [2012-2-17 447208]
S3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys --> c:\windows\system32\drivers\bdfm.sys [?]
S3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys --> c:\windows\system32\drivers\bdfndisf.sys [?]
S3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys [2011-11-17 63056]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2012-6-17 23456]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2009-10-2 36608]
S3 GEMC001;GEMC001;C:\GEMC001.sys [2012-3-18 72136]
S3 GEMC002;GEMC002;C:\GEMC002.sys [2012-3-19 72136]
S3 GEMC003;GEMC003;C:\GEMC003.sys [2012-3-18 72136]
S3 GEMC004;GEMC004;C:\GEMC004.sys [2012-3-19 72136]
S3 GEMC005;GEMC005;C:\GEMC005.sys [2012-3-18 72136]
S3 GEMC007;GEMC007;C:\GEMC007.sys [2012-3-18 72136]
S3 GEMC009;GEMC009;C:\GEMC009.sys [2012-3-18 72136]
S3 GEMC011;GEMC011;C:\GEMC011.sys [2012-3-29 72136]
S3 gupdatem;Storitev Posodobitve za Google (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-8-10 133104]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-7-29 27064]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys --> c:\windows\system32\drivers\wg111v2.sys [?]
S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\drivers\s816bus.sys [2008-8-7 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\drivers\s816mdfl.sys [2008-8-7 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\drivers\s816mdm.sys [2008-8-7 107304]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s816mgmt.sys [2008-8-7 99112]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\drivers\s816nd5.sys [2008-8-7 21928]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\drivers\s816obex.sys [2008-8-7 97320]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\drivers\s816unic.sys [2008-8-7 97704]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 Update Server;BitDefender Update Server v2;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe [2011-10-14 307544]
S3 vtany;vtany;\??\c:\windows\vtany.sys --> c:\windows\vtany.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 XDva190;XDva190;\??\c:\windows\system32\xdva190.sys --> c:\windows\system32\XDva190.sys [?]
S3 XDva275;XDva275;\??\c:\windows\system32\xdva275.sys --> c:\windows\system32\XDva275.sys [?]
S3 XDva279;XDva279;\??\c:\windows\system32\xdva279.sys --> c:\windows\system32\XDva279.sys [?]
S3 XDva288;XDva288;\??\c:\windows\system32\xdva288.sys --> c:\windows\system32\XDva288.sys [?]
S3 XDva351;XDva351;\??\c:\windows\system32\xdva351.sys --> c:\windows\system32\XDva351.sys [?]
S3 XDva380;XDva380;\??\c:\windows\system32\xdva380.sys --> c:\windows\system32\XDva380.sys [?]
S3 XDva385;XDva385;\??\c:\windows\system32\xdva385.sys --> c:\windows\system32\XDva385.sys [?]
S3 XDva387;XDva387;\??\c:\windows\system32\xdva387.sys --> c:\windows\system32\XDva387.sys [?]
S3 XDva389;XDva389;\??\c:\windows\system32\xdva389.sys --> c:\windows\system32\XDva389.sys [?]
S3 XDva391;XDva391;\??\c:\windows\system32\xdva391.sys --> c:\windows\system32\XDva391.sys [?]
S3 XDva392;XDva392;\??\c:\windows\system32\xdva392.sys --> c:\windows\system32\XDva392.sys [?]
S3 XDva393;XDva393;\??\c:\windows\system32\xdva393.sys --> c:\windows\system32\XDva393.sys [?]
S3 XDva394;XDva394;\??\c:\windows\system32\xdva394.sys --> c:\windows\system32\XDva394.sys [?]
S3 xhunter1;xhunter1;\??\c:\windows\xhunter1.sys --> c:\windows\xhunter1.sys [?]
S4 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-10-2 233472]
.
=============== Created Last 30 ================
.
2012-06-21 13:16:14 98816 ----a-w- c:\windows\sed.exe
2012-06-21 13:16:14 518144 ----a-w- c:\windows\SWREG.exe
2012-06-21 13:16:14 256000 ----a-w- c:\windows\PEV.exe
2012-06-21 13:16:14 208896 ----a-w- c:\windows\MBR.exe
2012-06-21 12:52:27 -------- d-sha-r- C:\cmdcons
2012-06-21 10:57:51 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-20 16:45:33 69632 ----a-w- c:\windows\Alcmtr.exe
2012-06-19 08:47:00 14080 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2012-06-18 16:32:01 880640 ----a-w- c:\windows\system32\UniBox10.ocx
2012-06-18 16:32:01 658432 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2012-06-18 16:32:01 37336 ----a-w- c:\windows\system32\CleanMFT32.exe
2012-06-18 16:32:01 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
2012-06-18 16:32:01 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
2012-06-18 16:31:58 -------- d-----w- c:\program files\PC Tools Registry Mechanic
2012-06-18 16:31:58 -------- d-----w- c:\program files\common files\PC Tools
2012-06-18 09:16:01 -------- d-----w- c:\documents and settings\silvo\local settings\application data\Opera
2012-06-17 22:45:24 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2012-06-17 22:45:24 -------- d-----w- c:\documents and settings\silvo\local settings\application data\eSupport.com
2012-06-17 21:44:55 -------- d-----w- C:\Rbackup
2012-06-17 21:41:22 -------- d-----w- c:\program files\Perfect Uninstaller
2012-06-15 10:36:04 340624 ----a-w- c:\windows\system32\drivers\trufos.sys
2012-06-15 10:36:03 360976 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
2012-06-15 10:04:12 -------- d-----w- c:\documents and settings\all users\application data\BDLogging
2012-06-15 10:03:38 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2012-06-15 10:03:13 -------- d-----w- c:\documents and settings\silvo\application data\Bitdefender
2012-06-15 10:00:58 -------- d-----w- c:\documents and settings\silvo\application data\QuickScan
2012-06-15 09:20:02 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-06-15 09:20:02 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-05-23 19:45:13 -------- d-----w- c:\documents and settings\silvo\application data\Mumble
2012-05-23 19:33:50 -------- d-----w- c:\program files\Mumble
.
==================== Find3M ====================
.
2012-06-21 11:02:34 36352 ----a-w- c:\windows\system32\drivers\disk.sys
2012-06-15 09:19:51 472840 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-14 13:55:14 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-14 13:55:13 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-25 13:12:36 1074636 ----a-w- c:\windows\system32\nvdrsdb0.bin
2012-05-25 13:12:36 1 ----a-w- c:\windows\system32\nvdrssel.bin
2012-05-25 13:09:16 1074636 ----a-w- c:\windows\system32\nvdrsdb1.bin
2012-05-15 10:18:00 883008 ----a-w- c:\windows\system32\nvgenco32.dll
2012-05-15 10:18:00 65536 ----a-w- c:\windows\system32\OpenCL.dll
2012-05-15 10:18:00 6012928 ----a-w- c:\windows\system32\nvcuda.dll
2012-05-15 10:18:00 4373248 ----a-w- c:\windows\system32\nv4_disp.dll
2012-05-15 10:18:00 2530624 ----a-w- c:\windows\system32\nvcuvid.dll
2012-05-15 10:18:00 2445120 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-05-15 10:18:00 2359808 ----a-w- c:\windows\system32\nvapi.dll
2012-05-15 10:18:00 18771968 ----a-w- c:\windows\system32\nvoglnt.dll
2012-05-15 10:18:00 17543168 ----a-w- c:\windows\system32\nvcompiler.dll
2012-05-15 10:18:00 14014656 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2012-05-15 10:18:00 1000768 ----a-w- c:\windows\system32\nvdispco32.dll
2012-05-15 09:40:26 54272 ----a-w- c:\windows\system32\nvwddi.dll
2012-05-15 09:40:02 15504192 ----a-w- c:\windows\system32\nvcpl.dll
2012-05-15 09:40:02 143680 ----a-w- c:\windows\system32\nvcolor.exe
2012-05-15 09:40:01 164160 ----a-w- c:\windows\system32\nvsvc32.exe
2012-05-15 09:40:01 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-04-04 13:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-29 08:53:35 72136 ----a-w- C:\GEMC011.sys
2012-03-24 15:51:51 72136 ----a-w- C:\GEMC009.sys
2012-03-24 15:47:39 72136 ----a-w- C:\GEMC005.sys
2012-03-24 15:45:49 72136 ----a-w- C:\GEMC003.sys
2012-03-24 15:45:20 72136 ----a-w- C:\GEMC001.sys
2011-11-21 22:19:43 86405736 ----a-w- c:\program files\APB_Reloaded_Installer.exe
.
============= FINISH: 8:06:36.78 ===============
-
ComboFix 12-06-21.01 - Silvo 21/06/2012 7:49.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.386.1033.18.3327.2658 [GMT -7:00]
Running from: c:\documents and settings\Silvo\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Silvo\My Documents\Downloads\CFScript.txt
AV: Bitdefender Antivirus *Disabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
.
FILE ::
"c:\documents and settings\Silvo\Application Data\Seven.exe"
.
.
((((((((((((((((((((((((( Files Created from 2012-05-21 to 2012-06-21 )))))))))))))))))))))))))))))))
.
.
2012-06-21 10:57 . 2012-06-21 10:57 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-20 21:00 . 2012-06-20 23:05 -------- d-----w- c:\documents and settings\Silvo\Application Data\vlc
2012-06-20 16:45 . 2005-05-04 01:43 69632 ----a-w- c:\windows\Alcmtr.exe
2012-06-19 08:47 . 2012-06-19 08:47 14080 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2012-06-18 16:32 . 2012-04-26 21:08 37336 ----a-w- c:\windows\system32\CleanMFT32.exe
2012-06-18 16:32 . 2008-09-18 04:17 658432 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2012-06-18 16:32 . 2008-04-02 22:54 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
2012-06-18 16:32 . 2008-04-02 22:53 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
2012-06-18 16:32 . 2008-04-02 22:53 880640 ----a-w- c:\windows\system32\UniBox10.ocx
2012-06-18 16:31 . 2012-06-18 16:33 -------- d-----w- c:\program files\PC Tools Registry Mechanic
2012-06-18 16:31 . 2012-06-18 16:32 -------- d-----w- c:\program files\Common Files\PC Tools
2012-06-18 09:16 . 2012-06-18 09:16 -------- d-----w- c:\documents and settings\Silvo\Local Settings\Application Data\Opera
2012-06-18 09:15 . 2012-06-18 09:16 -------- d-----w- c:\program files\Opera
2012-06-17 22:45 . 2012-06-17 22:45 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2012-06-17 22:45 . 2012-06-17 22:45 -------- d-----w- c:\documents and settings\Silvo\Local Settings\Application Data\eSupport.com
2012-06-17 21:44 . 2012-06-17 21:44 -------- d-----w- C:\Rbackup
2012-06-17 21:41 . 2012-06-18 09:52 -------- d-----w- c:\program files\Perfect Uninstaller
2012-06-16 22:44 . 2012-06-16 22:44 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\QuickScan
2012-06-16 21:19 . 2012-06-16 21:19 -------- d-----w- c:\documents and settings\Maja\Application Data\Bitdefender
2012-06-15 10:36 . 2012-06-15 10:36 340624 ----a-w- c:\windows\system32\drivers\trufos.sys
2012-06-15 10:36 . 2012-06-15 10:36 360976 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
2012-06-15 10:04 . 2012-06-15 10:04 -------- d-----w- c:\documents and settings\All Users\Application Data\BDLogging
2012-06-15 10:03 . 2008-11-08 01:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2012-06-15 10:03 . 2012-06-15 10:03 -------- d-----w- c:\documents and settings\Silvo\Application Data\Bitdefender
2012-06-15 10:00 . 2012-06-15 10:00 -------- d-----w- c:\documents and settings\Silvo\Application Data\QuickScan
2012-06-15 09:20 . 2012-06-15 09:19 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-06-15 09:20 . 2012-06-15 09:19 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-15 09:19 . 2012-06-15 09:19 -------- d-----w- c:\program files\Java
2012-05-23 19:45 . 2012-06-16 22:40 -------- d-----w- c:\documents and settings\Silvo\Application Data\Mumble
2012-05-23 19:33 . 2012-05-23 19:44 -------- d-----w- c:\program files\Mumble
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-21 11:02 . 2004-08-03 21:59 36352 ----a-w- c:\windows\system32\drivers\disk.sys
2012-06-15 09:19 . 2011-11-10 13:40 472840 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-14 13:55 . 2012-04-19 13:28 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-14 13:55 . 2011-05-22 20:57 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-15 10:18 . 2012-03-10 09:11 883008 ----a-w- c:\windows\system32\nvgenco32.dll
2012-05-15 10:18 . 2012-03-10 09:11 65536 ----a-w- c:\windows\system32\OpenCL.dll
2012-05-15 10:18 . 2012-03-10 09:11 1000768 ----a-w- c:\windows\system32\nvdispco32.dll
2012-05-15 10:18 . 2012-03-10 09:11 17543168 ----a-w- c:\windows\system32\nvcompiler.dll
2012-05-15 10:18 . 2009-08-11 09:20 2530624 ----a-w- c:\windows\system32\nvcuvid.dll
2012-05-15 10:18 . 2009-08-11 09:20 2445120 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-05-15 10:18 . 2008-08-04 12:27 18771968 ----a-w- c:\windows\system32\nvoglnt.dll
2012-05-15 10:18 . 2008-08-04 12:27 6012928 ----a-w- c:\windows\system32\nvcuda.dll
2012-05-15 10:18 . 2008-08-04 12:27 2359808 ----a-w- c:\windows\system32\nvapi.dll
2012-05-15 10:18 . 2008-08-04 12:27 14014656 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2012-05-15 10:18 . 2008-08-04 12:27 4373248 ----a-w- c:\windows\system32\nv4_disp.dll
2012-05-15 09:43 . 2008-08-04 12:27 229376 ----a-w- c:\windows\system32\nvrszhc.dll
2012-05-15 09:43 . 2008-08-04 12:27 282624 ----a-w- c:\windows\system32\nvrsit.dll
2012-05-15 09:43 . 2008-08-04 12:27 253952 ----a-w- c:\windows\system32\nvrsth.dll
2012-05-15 09:43 . 2008-08-04 12:27 253952 ----a-w- c:\windows\system32\nvrssv.dll
2012-05-15 09:43 . 2008-08-04 12:27 126976 ----a-w- c:\windows\system32\nvrszht.dll
2012-05-15 09:43 . 2008-08-04 12:27 274432 ----a-w- c:\windows\system32\nvrsnl.dll
2012-05-15 09:43 . 2008-08-04 12:27 266240 ----a-w- c:\windows\system32\nvrsko.dll
2012-05-15 09:43 . 2008-08-04 12:27 335872 ----a-w- c:\windows\system32\nvrsar.dll
2012-05-15 09:43 . 2008-08-04 12:27 282624 ----a-w- c:\windows\system32\nvrsel.dll
2012-05-15 09:43 . 2008-08-04 12:27 274432 ----a-w- c:\windows\system32\nvrsesm.dll
2012-05-15 09:43 . 2008-08-04 12:27 249856 ----a-w- c:\windows\system32\nvrseng.dll
2012-05-15 09:43 . 2008-08-04 12:27 335872 ----a-w- c:\windows\system32\nvrshe.dll
2012-05-15 09:43 . 2008-08-04 12:27 286720 ----a-w- c:\windows\system32\nvrsfr.dll
2012-05-15 09:43 . 2008-08-04 12:27 274432 ----a-w- c:\windows\system32\nvrspt.dll
2012-05-15 09:43 . 2008-08-04 12:27 258048 ----a-w- c:\windows\system32\nvrssl.dll
2012-05-15 09:43 . 2008-08-04 12:27 253952 ----a-w- c:\windows\system32\nvrsno.dll
2012-05-15 09:43 . 2008-08-04 12:27 249856 ----a-w- c:\windows\system32\nvrsfi.dll
2012-05-15 09:43 . 2008-08-04 12:27 282624 ----a-w- c:\windows\system32\nvrses.dll
2012-05-15 09:43 . 2008-08-04 12:27 270336 ----a-w- c:\windows\system32\nvrsru.dll
2012-05-15 09:43 . 2008-08-04 12:27 258048 ----a-w- c:\windows\system32\nvrssk.dll
2012-05-15 09:43 . 2008-08-04 12:27 262144 ----a-w- c:\windows\system32\nvrshu.dll
2012-05-15 09:43 . 2008-08-04 12:27 258048 ----a-w- c:\windows\system32\nvrstr.dll
2012-05-15 09:43 . 2008-08-04 12:27 253952 ----a-w- c:\windows\system32\nvrsda.dll
2012-05-15 09:43 . 2008-08-04 12:27 274432 ----a-w- c:\windows\system32\nvrsja.dll
2012-05-15 09:43 . 2008-08-04 12:27 258048 ----a-w- c:\windows\system32\nvrspl.dll
2012-05-15 09:43 . 2008-08-04 12:27 270336 ----a-w- c:\windows\system32\nvrsptb.dll
2012-05-15 09:43 . 2008-08-04 12:27 278528 ----a-w- c:\windows\system32\nvrsde.dll
2012-05-15 09:43 . 2008-08-04 12:27 249856 ----a-w- c:\windows\system32\nvrscs.dll
2012-05-15 09:40 . 2009-07-14 11:35 54272 ----a-w- c:\windows\system32\nvwddi.dll
2012-05-15 09:40 . 2009-07-14 11:34 15504192 ----a-w- c:\windows\system32\nvcpl.dll
2012-05-15 09:40 . 2009-07-14 11:34 143680 ----a-w- c:\windows\system32\nvcolor.exe
2012-05-15 09:40 . 2009-07-14 11:34 164160 ----a-w- c:\windows\system32\nvsvc32.exe
2012-05-15 09:40 . 2009-07-14 11:34 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-04-04 13:56 . 2011-07-08 20:25 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-29 08:53 . 2012-03-29 08:53 72136 ----a-w- C:\GEMC011.sys
2012-03-24 15:51 . 2012-03-18 21:44 72136 ----a-w- C:\GEMC009.sys
2012-03-24 15:47 . 2012-03-18 16:37 72136 ----a-w- C:\GEMC005.sys
2012-03-24 15:45 . 2012-03-18 16:32 72136 ----a-w- C:\GEMC003.sys
2012-03-24 15:45 . 2012-03-18 16:32 72136 ----a-w- C:\GEMC001.sys
2011-11-21 22:19 . 2011-11-21 21:27 86405736 ----a-w- c:\program files\APB_Reloaded_Installer.exe
2012-02-19 12:56 . 2011-05-05 22:11 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2008-08-13 17:02 . 2008-08-13 17:02 35840 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-21_13.32.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-06-21 14:34 . 2012-06-21 14:34 16384 c:\windows\Temp\Perflib_Perfdata_2c8.dat
+ 2008-08-04 12:12 . 2012-06-21 14:33 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-08-04 12:12 . 2012-06-21 13:30 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-04 12:12 . 2012-06-21 14:33 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-08-04 12:12 . 2012-06-21 13:30 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-08-04 12:12 . 2012-06-21 14:33 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-08-04 12:12 . 2012-06-21 13:30 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 528384]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"SkyTel"="SkyTel.EXE" [2006-05-17 2879488]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-04-15 296056]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-05-15 15504192]
"NvMediaCenter"="NvMCTray.dll" [2012-05-15 108352]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-05-15 1634112]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"BDAgent"="c:\program files\Bitdefender\Bitdefender 2012\bdagent.exe" [2012-03-22 1183616]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-08 16125952]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"AFEC-CEAB"="c:\documents and settings\Silvo\Application Data\Seven.exe" [bU]
.
c:\documents and settings\Maja\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\Silvo_2\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\Silvo\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
AVerQuick.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2008-8-4 618496]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-2-25 813584]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
backup=c:\windows\pss\GamersFirst LIVE!.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk
backup=c:\windows\pss\McAfee Security Scan.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Silvo^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\Silvo\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Silvo^Start Menu^Programs^Startup^Xfire.lnk]
path=c:\documents and settings\Silvo\Start Menu\Programs\Startup\Xfire.lnk
backup=c:\windows\pss\Xfire.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe]
2007-06-29 13:03 36864 ----a-w- c:\program files\GameSpy\Comrade\Comrade.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-07-24 15:02 490952 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-04-04 13:56 462408 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 21:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-01-29 13:01 23975720 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-06-14 13:42 3905920 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"scan"=3 (0x3)
"LIVESRV"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Games-Masters.com\\CABAL Online (Europe)\\launcher\\update\\ESTdnheadless.exe"=
"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Microsoft Games\\Halo 2\\halo2.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\apb reloaded\\Launcher\\APBLauncher.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\apb reloaded\\Binaries\\APB.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\apb reloaded\\Binaries\\VivoxVoiceService.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Program Files\\tera fake\\TERA-Launcher.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\Opera\\pluginwrapper\\opera_plugin_wrapper.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57769:TCP"= 57769:TCP:Pando Media Booster
"57769:UDP"= 57769:UDP:Pando Media Booster
"57495:TCP"= 57495:TCP:Pando Media Booster
"57495:UDP"= 57495:UDP:Pando Media Booster
"56799:TCP"= 56799:TCP:Pando Media Booster
"56799:UDP"= 56799:UDP:Pando Media Booster
"21688:TCP"= 21688:TCP:@xpsp2res.dll,-22009
"56191:TCP"= 56191:TCP:Pando Media Booster
"56191:UDP"= 56191:UDP:Pando Media Booster
"57819:TCP"= 57819:TCP:Pando Media Booster
"57819:UDP"= 57819:UDP:Pando Media Booster
.
R0 avc3;avc3;c:\windows\system32\drivers\avc3.sys [20/03/2012 20:22 611520]
R1 BDVEDISK;BDVEDISK;c:\windows\system32\drivers\bdvedisk.sys [19/01/2010 19:32 85128]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 09:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 14:55 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [11/08/2011 16:38 116608]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [18/03/2012 05:49 21992]
R2 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [24/11/2010 07:07 20088]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [08/07/2011 13:25 654408]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [10/03/2012 02:27 1262400]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [18/06/2012 09:32 793048]
R2 UPDATESRV;BitDefender Desktop Update Service;c:\program files\BitDefender\Bitdefender 2012\updatesrv.exe [13/03/2012 18:24 53224]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [04/08/2008 05:21 37376]
R3 avchv;avchv Function Driver;c:\windows\system32\drivers\avchv.sys [25/11/2011 14:59 240184]
R3 AVerBDA3x;AVerMedia SAA713x BDA Service;c:\windows\system32\drivers\AVerBDA3x.sys [04/08/2008 05:38 1180672]
R3 kbdcap;kbdcap;c:\windows\system32\drivers\KbdCap.sys [14/09/2010 11:21 109440]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [08/07/2011 13:25 22344]
S0 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
S2 CardBusService;CardBusService;c:\program files\Common Files\AVerMedia\Service\CardBusService.exe [04/08/2008 07:18 188416]
S2 gupdate1ca19f0d79b2096;Storitev Google Update Service (gupdate1ca19f0d79b2096);c:\program files\Google\Update\GoogleUpdate.exe [10/08/2009 12:29 133104]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [19/07/2009 09:01 247096]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [19/04/2012 06:28 257224]
S3 avckf;avckf;c:\windows\system32\drivers\avckf.sys [17/02/2012 16:45 447208]
S3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys --> c:\windows\system32\drivers\bdfm.sys [?]
S3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\bdfndisf.sys --> c:\windows\system32\DRIVERS\bdfndisf.sys [?]
S3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys [17/11/2011 17:38 63056]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18/12/2009 03:58 11336]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [17/06/2012 15:45 23456]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [02/10/2009 08:46 36608]
S3 GEMC001;GEMC001;C:\GEMC001.sys [18/03/2012 09:32 72136]
S3 GEMC002;GEMC002;C:\GEMC002.sys [19/03/2012 01:19 72136]
S3 GEMC003;GEMC003;C:\GEMC003.sys [18/03/2012 09:32 72136]
S3 GEMC004;GEMC004;C:\GEMC004.sys [19/03/2012 01:20 72136]
S3 GEMC005;GEMC005;C:\GEMC005.sys [18/03/2012 09:37 72136]
S3 GEMC007;GEMC007;C:\GEMC007.sys [18/03/2012 11:24 72136]
S3 GEMC009;GEMC009;C:\GEMC009.sys [18/03/2012 14:44 72136]
S3 GEMC011;GEMC011;C:\GEMC011.sys [29/03/2012 01:53 72136]
S3 gupdatem;Storitev Posodobitve za Google (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/08/2009 12:29 133104]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [29/07/2011 13:07 27064]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\DRIVERS\wg111v2.sys --> c:\windows\system32\DRIVERS\wg111v2.sys [?]
S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\drivers\s816bus.sys [07/08/2008 06:27 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\drivers\s816mdfl.sys [07/08/2008 06:27 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\drivers\s816mdm.sys [07/08/2008 06:27 107304]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s816mgmt.sys [07/08/2008 06:27 99112]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\drivers\s816nd5.sys [07/08/2008 06:28 21928]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\drivers\s816obex.sys [07/08/2008 06:27 97320]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\drivers\s816unic.sys [07/08/2008 06:27 97704]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 04:37 517096]
S3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\BitDefender\Bitdefender Arrakis Server\bin\arrakis3.exe [14/10/2011 23:57 307544]
S3 vtany;vtany;\??\c:\windows\vtany.sys --> c:\windows\vtany.sys [?]
S3 XDva190;XDva190;\??\c:\windows\system32\XDva190.sys --> c:\windows\system32\XDva190.sys [?]
S3 XDva275;XDva275;\??\c:\windows\system32\XDva275.sys --> c:\windows\system32\XDva275.sys [?]
S3 XDva279;XDva279;\??\c:\windows\system32\XDva279.sys --> c:\windows\system32\XDva279.sys [?]
S3 XDva288;XDva288;\??\c:\windows\system32\XDva288.sys --> c:\windows\system32\XDva288.sys [?]
S3 XDva351;XDva351;\??\c:\windows\system32\XDva351.sys --> c:\windows\system32\XDva351.sys [?]
S3 XDva380;XDva380;\??\c:\windows\system32\XDva380.sys --> c:\windows\system32\XDva380.sys [?]
S3 XDva385;XDva385;\??\c:\windows\system32\XDva385.sys --> c:\windows\system32\XDva385.sys [?]
S3 XDva387;XDva387;\??\c:\windows\system32\XDva387.sys --> c:\windows\system32\XDva387.sys [?]
S3 XDva389;XDva389;\??\c:\windows\system32\XDva389.sys --> c:\windows\system32\XDva389.sys [?]
S3 XDva391;XDva391;\??\c:\windows\system32\XDva391.sys --> c:\windows\system32\XDva391.sys [?]
S3 XDva392;XDva392;\??\c:\windows\system32\XDva392.sys --> c:\windows\system32\XDva392.sys [?]
S3 XDva393;XDva393;\??\c:\windows\system32\XDva393.sys --> c:\windows\system32\XDva393.sys [?]
S3 XDva394;XDva394;\??\c:\windows\system32\XDva394.sys --> c:\windows\system32\XDva394.sys [?]
S3 xhunter1;xhunter1;\??\c:\windows\xhunter1.sys --> c:\windows\xhunter1.sys [?]
S4 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [02/10/2009 08:46 233472]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 13:55]
.
2012-06-09 c:\windows\Tasks\AdobeAAMUpdater-1.0-SILVO1-Nadja.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-08-27 01:44]
.
2012-06-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
2012-06-14 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-22 11:56]
.
2012-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd08335e74765c.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-10 19:29]
.
2012-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-10 19:29]
.
2012-06-21 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1060284298-362288127-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 15:45]
.
2012-06-21 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1060284298-362288127-839522115-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 15:45]
.
2012-06-21 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1060284298-362288127-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 15:45]
.
2012-06-03 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1060284298-362288127-839522115-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 15:45]
.
2012-06-21 c:\windows\Tasks\RMAutoUpdate.job
- c:\program files\PC Tools Registry Mechanic\SULauncher.exe [2012-06-18 21:08]
.
2012-06-21 c:\windows\Tasks\RMSchedule.job
- c:\program files\PC Tools Registry Mechanic\RegMech.exe [2012-06-18 21:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: Interfaces\{BC30E4D0-6780-42EB-9733-F8D55434BB60}: NameServer = 193.189.160.13,193.189.160.23
DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://disteng.nefficient.com/disteng/neffy/NeffyLauncher.cab
FF - ProfilePath - c:\documents and settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-21 07:55
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1060284298-362288127-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:8c,33,68,01,b0,79,c2,6e,8d,dc,26,ec,bc,fc,38,92,35,0c,fd,60,4a,41,50,
25,12,86,a3,7a,91,f7,42,11,72,ce,ce,7f,c7,a7,c1,ed,98,dc,c7,bc,52,4b,d4,c4,\
"??"=hex:8c,2e,ba,30,30,f7,7b,cf,e6,5b,fc,8c,37,11,23,7d
.
[HKEY_USERS\S-1-5-21-1060284298-362288127-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:c4,43,8b,be,c7,fb,7c,e8,d1,c0,c4,1d,7b,4a,fb,8d,e0,b8,8f,23,f5,
34,38,31,7a,41,71,bd,57,6c,84,13,02,db,70,67,05,d1,fd,38,83,6d,9d,d4,39,4e,\
"rkeysecu"=hex:8b,72,cf,6f,94,82,52,08,a8,f0,54,62,b4,bb,5f,33
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2268)
c:\windows\system32\WININET.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-06-21 07:57:19
ComboFix-quarantined-files.txt 2012-06-21 14:57
ComboFix2.txt 2012-06-21 14:40
ComboFix3.txt 2012-06-21 13:42
.
Pre-Run: 115,633,319,936 bytes free
Post-Run: 115,609,436,160 prosto bajtov
.
- - End Of File - - BE4CFDBCBCAFB3296E9CE3054A09A88B
-
ComboFix 12-06-21.01 - Silvo 21/06/2012 7:24.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.386.1033.18.3327.2653 [GMT -7:00]
Running from: c:\documents and settings\Silvo\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Silvo\My Documents\Downloads\CFScript.txt
AV: Bitdefender Antivirus *Disabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
.
FILE ::
"c:\documents and settings\silvo\local settings\Temp\DAT9A2.tmp.exe"
"c:\windows\system\178918.exe"
"c:\windows\system32\drivers\pavproc.sys"
"c:\windows\system32\DRIVERS\ShlDrv51.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Maja\Local Settings\Application Data\AskToolbar
c:\documents and settings\Maja\Local Settings\Application Data\AskToolbar\cache.dat
c:\documents and settings\Maja\Local Settings\Application Data\AskToolbar\config.xml
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_17891
-------\Legacy_AVG_SECURITY_TOOLBAR_SERVICE
-------\Legacy_JAKFCSWX
-------\Legacy_PAVPROC
-------\Legacy_PAVPRSRV
-------\Legacy_SHLDDRV
-------\Service_17891
-------\Service_AVG Security Toolbar Service
-------\Service_jakfcswx
-------\Service_PavProc
-------\Service_PavPrSrv
-------\Service_ShldDrv
.
.
((((((((((((((((((((((((( Files Created from 2012-05-21 to 2012-06-21 )))))))))))))))))))))))))))))))
.
.
2012-06-21 10:57 . 2012-06-21 10:57 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-20 21:00 . 2012-06-20 23:05 -------- d-----w- c:\documents and settings\Silvo\Application Data\vlc
2012-06-20 16:45 . 2005-05-04 01:43 69632 ----a-w- c:\windows\Alcmtr.exe
2012-06-19 08:47 . 2012-06-19 08:47 14080 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2012-06-18 16:32 . 2012-04-26 21:08 37336 ----a-w- c:\windows\system32\CleanMFT32.exe
2012-06-18 16:32 . 2008-09-18 04:17 658432 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2012-06-18 16:32 . 2008-04-02 22:54 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
2012-06-18 16:32 . 2008-04-02 22:53 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
2012-06-18 16:32 . 2008-04-02 22:53 880640 ----a-w- c:\windows\system32\UniBox10.ocx
2012-06-18 16:31 . 2012-06-18 16:33 -------- d-----w- c:\program files\PC Tools Registry Mechanic
2012-06-18 16:31 . 2012-06-18 16:32 -------- d-----w- c:\program files\Common Files\PC Tools
2012-06-18 09:16 . 2012-06-18 09:16 -------- d-----w- c:\documents and settings\Silvo\Local Settings\Application Data\Opera
2012-06-18 09:15 . 2012-06-18 09:16 -------- d-----w- c:\program files\Opera
2012-06-17 22:45 . 2012-06-17 22:45 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2012-06-17 22:45 . 2012-06-17 22:45 -------- d-----w- c:\documents and settings\Silvo\Local Settings\Application Data\eSupport.com
2012-06-17 21:44 . 2012-06-17 21:44 -------- d-----w- C:\Rbackup
2012-06-17 21:41 . 2012-06-18 09:52 -------- d-----w- c:\program files\Perfect Uninstaller
2012-06-16 22:44 . 2012-06-16 22:44 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\QuickScan
2012-06-16 21:19 . 2012-06-16 21:19 -------- d-----w- c:\documents and settings\Maja\Application Data\Bitdefender
2012-06-15 10:36 . 2012-06-15 10:36 340624 ----a-w- c:\windows\system32\drivers\trufos.sys
2012-06-15 10:36 . 2012-06-15 10:36 360976 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
2012-06-15 10:04 . 2012-06-15 10:04 -------- d-----w- c:\documents and settings\All Users\Application Data\BDLogging
2012-06-15 10:03 . 2008-11-08 01:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2012-06-15 10:03 . 2012-06-15 10:03 -------- d-----w- c:\documents and settings\Silvo\Application Data\Bitdefender
2012-06-15 10:00 . 2012-06-15 10:00 -------- d-----w- c:\documents and settings\Silvo\Application Data\QuickScan
2012-06-15 09:20 . 2012-06-15 09:19 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-06-15 09:20 . 2012-06-15 09:19 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-15 09:19 . 2012-06-15 09:19 -------- d-----w- c:\program files\Java
2012-05-23 19:45 . 2012-06-16 22:40 -------- d-----w- c:\documents and settings\Silvo\Application Data\Mumble
2012-05-23 19:33 . 2012-05-23 19:44 -------- d-----w- c:\program files\Mumble
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-21 11:02 . 2004-08-03 21:59 36352 ----a-w- c:\windows\system32\drivers\disk.sys
2012-06-15 09:19 . 2011-11-10 13:40 472840 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-14 13:55 . 2012-04-19 13:28 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-14 13:55 . 2011-05-22 20:57 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-15 10:18 . 2012-03-10 09:11 883008 ----a-w- c:\windows\system32\nvgenco32.dll
2012-05-15 10:18 . 2012-03-10 09:11 65536 ----a-w- c:\windows\system32\OpenCL.dll
2012-05-15 10:18 . 2012-03-10 09:11 1000768 ----a-w- c:\windows\system32\nvdispco32.dll
2012-05-15 10:18 . 2012-03-10 09:11 17543168 ----a-w- c:\windows\system32\nvcompiler.dll
2012-05-15 10:18 . 2009-08-11 09:20 2530624 ----a-w- c:\windows\system32\nvcuvid.dll
2012-05-15 10:18 . 2009-08-11 09:20 2445120 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-05-15 10:18 . 2008-08-04 12:27 18771968 ----a-w- c:\windows\system32\nvoglnt.dll
2012-05-15 10:18 . 2008-08-04 12:27 6012928 ----a-w- c:\windows\system32\nvcuda.dll
2012-05-15 10:18 . 2008-08-04 12:27 2359808 ----a-w- c:\windows\system32\nvapi.dll
2012-05-15 10:18 . 2008-08-04 12:27 14014656 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2012-05-15 10:18 . 2008-08-04 12:27 4373248 ----a-w- c:\windows\system32\nv4_disp.dll
2012-05-15 09:43 . 2008-08-04 12:27 229376 ----a-w- c:\windows\system32\nvrszhc.dll
2012-05-15 09:43 . 2008-08-04 12:27 282624 ----a-w- c:\windows\system32\nvrsit.dll
2012-05-15 09:43 . 2008-08-04 12:27 253952 ----a-w- c:\windows\system32\nvrsth.dll
2012-05-15 09:43 . 2008-08-04 12:27 253952 ----a-w- c:\windows\system32\nvrssv.dll
2012-05-15 09:43 . 2008-08-04 12:27 126976 ----a-w- c:\windows\system32\nvrszht.dll
2012-05-15 09:43 . 2008-08-04 12:27 274432 ----a-w- c:\windows\system32\nvrsnl.dll
2012-05-15 09:43 . 2008-08-04 12:27 266240 ----a-w- c:\windows\system32\nvrsko.dll
2012-05-15 09:43 . 2008-08-04 12:27 335872 ----a-w- c:\windows\system32\nvrsar.dll
2012-05-15 09:43 . 2008-08-04 12:27 282624 ----a-w- c:\windows\system32\nvrsel.dll
2012-05-15 09:43 . 2008-08-04 12:27 274432 ----a-w- c:\windows\system32\nvrsesm.dll
2012-05-15 09:43 . 2008-08-04 12:27 249856 ----a-w- c:\windows\system32\nvrseng.dll
2012-05-15 09:43 . 2008-08-04 12:27 335872 ----a-w- c:\windows\system32\nvrshe.dll
2012-05-15 09:43 . 2008-08-04 12:27 286720 ----a-w- c:\windows\system32\nvrsfr.dll
2012-05-15 09:43 . 2008-08-04 12:27 274432 ----a-w- c:\windows\system32\nvrspt.dll
2012-05-15 09:43 . 2008-08-04 12:27 258048 ----a-w- c:\windows\system32\nvrssl.dll
2012-05-15 09:43 . 2008-08-04 12:27 253952 ----a-w- c:\windows\system32\nvrsno.dll
2012-05-15 09:43 . 2008-08-04 12:27 249856 ----a-w- c:\windows\system32\nvrsfi.dll
2012-05-15 09:43 . 2008-08-04 12:27 282624 ----a-w- c:\windows\system32\nvrses.dll
2012-05-15 09:43 . 2008-08-04 12:27 270336 ----a-w- c:\windows\system32\nvrsru.dll
2012-05-15 09:43 . 2008-08-04 12:27 258048 ----a-w- c:\windows\system32\nvrssk.dll
2012-05-15 09:43 . 2008-08-04 12:27 262144 ----a-w- c:\windows\system32\nvrshu.dll
2012-05-15 09:43 . 2008-08-04 12:27 258048 ----a-w- c:\windows\system32\nvrstr.dll
2012-05-15 09:43 . 2008-08-04 12:27 253952 ----a-w- c:\windows\system32\nvrsda.dll
2012-05-15 09:43 . 2008-08-04 12:27 274432 ----a-w- c:\windows\system32\nvrsja.dll
2012-05-15 09:43 . 2008-08-04 12:27 258048 ----a-w- c:\windows\system32\nvrspl.dll
2012-05-15 09:43 . 2008-08-04 12:27 270336 ----a-w- c:\windows\system32\nvrsptb.dll
2012-05-15 09:43 . 2008-08-04 12:27 278528 ----a-w- c:\windows\system32\nvrsde.dll
2012-05-15 09:43 . 2008-08-04 12:27 249856 ----a-w- c:\windows\system32\nvrscs.dll
2012-05-15 09:40 . 2009-07-14 11:35 54272 ----a-w- c:\windows\system32\nvwddi.dll
2012-05-15 09:40 . 2009-07-14 11:34 15504192 ----a-w- c:\windows\system32\nvcpl.dll
2012-05-15 09:40 . 2009-07-14 11:34 143680 ----a-w- c:\windows\system32\nvcolor.exe
2012-05-15 09:40 . 2009-07-14 11:34 164160 ----a-w- c:\windows\system32\nvsvc32.exe
2012-05-15 09:40 . 2009-07-14 11:34 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-04-04 13:56 . 2011-07-08 20:25 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-29 08:53 . 2012-03-29 08:53 72136 ----a-w- C:\GEMC011.sys
2012-03-24 15:51 . 2012-03-18 21:44 72136 ----a-w- C:\GEMC009.sys
2012-03-24 15:47 . 2012-03-18 16:37 72136 ----a-w- C:\GEMC005.sys
2012-03-24 15:45 . 2012-03-18 16:32 72136 ----a-w- C:\GEMC003.sys
2012-03-24 15:45 . 2012-03-18 16:32 72136 ----a-w- C:\GEMC001.sys
2011-11-21 22:19 . 2011-11-21 21:27 86405736 ----a-w- c:\program files\APB_Reloaded_Installer.exe
2012-02-19 12:56 . 2011-05-05 22:11 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2008-08-13 17:02 . 2008-08-13 17:02 35840 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-21_13.32.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-06-21 14:34 . 2012-06-21 14:34 16384 c:\windows\Temp\Perflib_Perfdata_2c8.dat
+ 2008-08-04 12:12 . 2012-06-21 14:33 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-08-04 12:12 . 2012-06-21 13:30 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-04 12:12 . 2012-06-21 14:33 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-08-04 12:12 . 2012-06-21 13:30 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-08-04 12:12 . 2012-06-21 14:33 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-08-04 12:12 . 2012-06-21 13:30 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 528384]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"SkyTel"="SkyTel.EXE" [2006-05-17 2879488]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-04-15 296056]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-05-15 15504192]
"NvMediaCenter"="NvMCTray.dll" [2012-05-15 108352]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-05-15 1634112]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"BDAgent"="c:\program files\Bitdefender\Bitdefender 2012\bdagent.exe" [2012-03-22 1183616]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-08 16125952]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"AFEC-CEAB"="c:\documents and settings\Silvo\Application Data\Seven.exe" [bU]
.
c:\documents and settings\Maja\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\Silvo_2\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\Silvo\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
AVerQuick.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2008-8-4 618496]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-2-25 813584]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
backup=c:\windows\pss\GamersFirst LIVE!.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk
backup=c:\windows\pss\McAfee Security Scan.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Silvo^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\Silvo\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Silvo^Start Menu^Programs^Startup^Xfire.lnk]
path=c:\documents and settings\Silvo\Start Menu\Programs\Startup\Xfire.lnk
backup=c:\windows\pss\Xfire.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe]
2007-06-29 13:03 36864 ----a-w- c:\program files\GameSpy\Comrade\Comrade.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-07-24 15:02 490952 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-04-04 13:56 462408 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 21:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-01-29 13:01 23975720 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-06-14 13:42 3905920 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"scan"=3 (0x3)
"LIVESRV"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Games-Masters.com\\CABAL Online (Europe)\\launcher\\update\\ESTdnheadless.exe"=
"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Microsoft Games\\Halo 2\\halo2.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\apb reloaded\\Launcher\\APBLauncher.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\apb reloaded\\Binaries\\APB.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\apb reloaded\\Binaries\\VivoxVoiceService.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Program Files\\tera fake\\TERA-Launcher.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\Opera\\pluginwrapper\\opera_plugin_wrapper.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57769:TCP"= 57769:TCP:Pando Media Booster
"57769:UDP"= 57769:UDP:Pando Media Booster
"57495:TCP"= 57495:TCP:Pando Media Booster
"57495:UDP"= 57495:UDP:Pando Media Booster
"56799:TCP"= 56799:TCP:Pando Media Booster
"56799:UDP"= 56799:UDP:Pando Media Booster
"21688:TCP"= 21688:TCP:@xpsp2res.dll,-22009
"56191:TCP"= 56191:TCP:Pando Media Booster
"56191:UDP"= 56191:UDP:Pando Media Booster
"57819:TCP"= 57819:TCP:Pando Media Booster
"57819:UDP"= 57819:UDP:Pando Media Booster
.
R0 avc3;avc3;c:\windows\system32\drivers\avc3.sys [20/03/2012 20:22 611520]
R1 BDVEDISK;BDVEDISK;c:\windows\system32\drivers\bdvedisk.sys [19/01/2010 19:32 85128]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 09:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 14:55 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [11/08/2011 16:38 116608]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [18/03/2012 05:49 21992]
R2 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [24/11/2010 07:07 20088]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [08/07/2011 13:25 654408]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [10/03/2012 02:27 1262400]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [18/06/2012 09:32 793048]
R2 UPDATESRV;BitDefender Desktop Update Service;c:\program files\BitDefender\Bitdefender 2012\updatesrv.exe [13/03/2012 18:24 53224]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [04/08/2008 05:21 37376]
R3 avchv;avchv Function Driver;c:\windows\system32\drivers\avchv.sys [25/11/2011 14:59 240184]
R3 AVerBDA3x;AVerMedia SAA713x BDA Service;c:\windows\system32\drivers\AVerBDA3x.sys [04/08/2008 05:38 1180672]
R3 kbdcap;kbdcap;c:\windows\system32\drivers\KbdCap.sys [14/09/2010 11:21 109440]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [08/07/2011 13:25 22344]
S0 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
S2 CardBusService;CardBusService;c:\program files\Common Files\AVerMedia\Service\CardBusService.exe [04/08/2008 07:18 188416]
S2 gupdate1ca19f0d79b2096;Storitev Google Update Service (gupdate1ca19f0d79b2096);c:\program files\Google\Update\GoogleUpdate.exe [10/08/2009 12:29 133104]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [19/07/2009 09:01 247096]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [19/04/2012 06:28 257224]
S3 avckf;avckf;c:\windows\system32\drivers\avckf.sys [17/02/2012 16:45 447208]
S3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys --> c:\windows\system32\drivers\bdfm.sys [?]
S3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\bdfndisf.sys --> c:\windows\system32\DRIVERS\bdfndisf.sys [?]
S3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys [17/11/2011 17:38 63056]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18/12/2009 03:58 11336]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [17/06/2012 15:45 23456]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [02/10/2009 08:46 36608]
S3 GEMC001;GEMC001;C:\GEMC001.sys [18/03/2012 09:32 72136]
S3 GEMC002;GEMC002;C:\GEMC002.sys [19/03/2012 01:19 72136]
S3 GEMC003;GEMC003;C:\GEMC003.sys [18/03/2012 09:32 72136]
S3 GEMC004;GEMC004;C:\GEMC004.sys [19/03/2012 01:20 72136]
S3 GEMC005;GEMC005;C:\GEMC005.sys [18/03/2012 09:37 72136]
S3 GEMC007;GEMC007;C:\GEMC007.sys [18/03/2012 11:24 72136]
S3 GEMC009;GEMC009;C:\GEMC009.sys [18/03/2012 14:44 72136]
S3 GEMC011;GEMC011;C:\GEMC011.sys [29/03/2012 01:53 72136]
S3 gupdatem;Storitev Posodobitve za Google (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/08/2009 12:29 133104]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [29/07/2011 13:07 27064]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\DRIVERS\wg111v2.sys --> c:\windows\system32\DRIVERS\wg111v2.sys [?]
S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\drivers\s816bus.sys [07/08/2008 06:27 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\drivers\s816mdfl.sys [07/08/2008 06:27 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\drivers\s816mdm.sys [07/08/2008 06:27 107304]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s816mgmt.sys [07/08/2008 06:27 99112]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\drivers\s816nd5.sys [07/08/2008 06:28 21928]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\drivers\s816obex.sys [07/08/2008 06:27 97320]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\drivers\s816unic.sys [07/08/2008 06:27 97704]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 04:37 517096]
S3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\BitDefender\Bitdefender Arrakis Server\bin\arrakis3.exe [14/10/2011 23:57 307544]
S3 vtany;vtany;\??\c:\windows\vtany.sys --> c:\windows\vtany.sys [?]
S3 XDva190;XDva190;\??\c:\windows\system32\XDva190.sys --> c:\windows\system32\XDva190.sys [?]
S3 XDva275;XDva275;\??\c:\windows\system32\XDva275.sys --> c:\windows\system32\XDva275.sys [?]
S3 XDva279;XDva279;\??\c:\windows\system32\XDva279.sys --> c:\windows\system32\XDva279.sys [?]
S3 XDva288;XDva288;\??\c:\windows\system32\XDva288.sys --> c:\windows\system32\XDva288.sys [?]
S3 XDva351;XDva351;\??\c:\windows\system32\XDva351.sys --> c:\windows\system32\XDva351.sys [?]
S3 XDva380;XDva380;\??\c:\windows\system32\XDva380.sys --> c:\windows\system32\XDva380.sys [?]
S3 XDva385;XDva385;\??\c:\windows\system32\XDva385.sys --> c:\windows\system32\XDva385.sys [?]
S3 XDva387;XDva387;\??\c:\windows\system32\XDva387.sys --> c:\windows\system32\XDva387.sys [?]
S3 XDva389;XDva389;\??\c:\windows\system32\XDva389.sys --> c:\windows\system32\XDva389.sys [?]
S3 XDva391;XDva391;\??\c:\windows\system32\XDva391.sys --> c:\windows\system32\XDva391.sys [?]
S3 XDva392;XDva392;\??\c:\windows\system32\XDva392.sys --> c:\windows\system32\XDva392.sys [?]
S3 XDva393;XDva393;\??\c:\windows\system32\XDva393.sys --> c:\windows\system32\XDva393.sys [?]
S3 XDva394;XDva394;\??\c:\windows\system32\XDva394.sys --> c:\windows\system32\XDva394.sys [?]
S3 xhunter1;xhunter1;\??\c:\windows\xhunter1.sys --> c:\windows\xhunter1.sys [?]
S4 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [02/10/2009 08:46 233472]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 13:55]
.
2012-06-09 c:\windows\Tasks\AdobeAAMUpdater-1.0-SILVO1-Nadja.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-08-27 01:44]
.
2012-06-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
2012-06-14 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-22 11:56]
.
2012-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd08335e74765c.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-10 19:29]
.
2012-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-10 19:29]
.
2012-06-21 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1060284298-362288127-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 15:45]
.
2012-06-21 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1060284298-362288127-839522115-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 15:45]
.
2012-06-21 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1060284298-362288127-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 15:45]
.
2012-06-03 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1060284298-362288127-839522115-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 15:45]
.
2012-06-21 c:\windows\Tasks\RMAutoUpdate.job
- c:\program files\PC Tools Registry Mechanic\SULauncher.exe [2012-06-18 21:08]
.
2012-06-21 c:\windows\Tasks\RMSchedule.job
- c:\program files\PC Tools Registry Mechanic\RegMech.exe [2012-06-18 21:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: Interfaces\{BC30E4D0-6780-42EB-9733-F8D55434BB60}: NameServer = 193.189.160.13,193.189.160.23
DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://disteng.nefficient.com/disteng/neffy/NeffyLauncher.cab
FF - ProfilePath - c:\documents and settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-21 07:35
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1060284298-362288127-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:8c,33,68,01,b0,79,c2,6e,8d,dc,26,ec,bc,fc,38,92,35,0c,fd,60,4a,41,50,
25,12,86,a3,7a,91,f7,42,11,72,ce,ce,7f,c7,a7,c1,ed,98,dc,c7,bc,52,4b,d4,c4,\
"??"=hex:8c,2e,ba,30,30,f7,7b,cf,e6,5b,fc,8c,37,11,23,7d
.
[HKEY_USERS\S-1-5-21-1060284298-362288127-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:c4,43,8b,be,c7,fb,7c,e8,d1,c0,c4,1d,7b,4a,fb,8d,e0,b8,8f,23,f5,
34,38,31,7a,41,71,bd,57,6c,84,13,02,db,70,67,05,d1,fd,38,83,6d,9d,d4,39,4e,\
"rkeysecu"=hex:8b,72,cf,6f,94,82,52,08,a8,f0,54,62,b4,bb,5f,33
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2588)
c:\windows\system32\WININET.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\SUPERAntiSpyware\SASSEH.DLL
c:\program files\Microsoft Office\Office12\1033\GrooveIntlResource.dll
c:\program files\Common Files\Nero\SMC\NeroDigitalExt.dll
c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\MFC80.DLL
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\system32\nvcpl.dll
c:\windows\system32\NVRSENG.DLL
c:\windows\system32\nvapi.dll
c:\windows\system32\nvshell.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
c:\program files\Epson Software\Easy Photo Print\EPTBL.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Bitdefender\Bitdefender 2012\vsserv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\npkcmsvc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\RunDLL32.exe
c:\windows\RTHDCPL.EXE
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\program files\Common Files\Teleca Shared\Generic.exe
c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
.
**************************************************************************
.
Completion time: 2012-06-21 07:40:37 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-21 14:40
ComboFix2.txt 2012-06-21 13:42
.
Pre-Run: 115,635,351,552 bytes free
Post-Run: 115,616,382,976 prosto bajtov
.
- - End Of File - - 8ED716934614853E067210330D70CAF3
-
ComboFix 12-06-21.01 - Silvo 21/06/2012 6:18.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.386.1033.18.3327.2529 [GMT -7:00]
Running from: c:\documents and settings\Silvo\My Documents\Downloads\ComboFix.exe
AV: Bitdefender Antivirus *Disabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\1339754446.bdinstall.bin
c:\documents and settings\All Users\Application Data\FindXplorer
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TorrentEasy\fdmbtsupp.dll
c:\documents and settings\LocalService\Local Settings\Application Data\$GPATH
c:\documents and settings\LocalService\Local Settings\Application Data\sLT.exf
c:\documents and settings\Silvo\Application Data\chrtmp
c:\documents and settings\Silvo\Application Data\DROA45.tmp
c:\documents and settings\Silvo\Application Data\PriceGong
c:\documents and settings\Silvo\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Silvo\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Silvo\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Silvo\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Silvo\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Silvo\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Silvo\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Silvo\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Silvo\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Silvo\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Silvo\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Silvo\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Silvo\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Silvo\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Silvo\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Silvo\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Silvo\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Silvo\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Silvo\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Silvo\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Silvo\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Silvo\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Silvo\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Silvo\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Silvo\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Silvo\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Silvo\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Silvo\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Silvo\Application Data\SQLite3.dll
c:\documents and settings\Silvo\Local Settings\Application Data\assembly\tmp
c:\documents and settings\Silvo\WINDOWS
C:\install.exe
c:\program files\FindXplorer
c:\program files\FindXplorer\uninstall.exe
c:\program files\Internet Explorer\SET1E9.tmp
C:\Thumbs.db
c:\windows\keys.ini
c:\windows\system32\html
c:\windows\system32\html\calendar.html
c:\windows\system32\html\calendarbottom.html
c:\windows\system32\html\calendartop.html
c:\windows\system32\html\crystalexportdialog.htm
c:\windows\system32\html\crystalprinthost.html
c:\windows\system32\images
c:\windows\system32\images\toolbar\calendar.gif
c:\windows\system32\images\toolbar\crlogo.gif
c:\windows\system32\images\toolbar\export.gif
c:\windows\system32\images\toolbar\export_over.gif
c:\windows\system32\images\toolbar\exportd.gif
c:\windows\system32\images\toolbar\First.gif
c:\windows\system32\images\toolbar\first_over.gif
c:\windows\system32\images\toolbar\Firstd.gif
c:\windows\system32\images\toolbar\gotopage.gif
c:\windows\system32\images\toolbar\gotopage_over.gif
c:\windows\system32\images\toolbar\gotopaged.gif
c:\windows\system32\images\toolbar\grouptree.gif
c:\windows\system32\images\toolbar\grouptree_over.gif
c:\windows\system32\images\toolbar\grouptreed.gif
c:\windows\system32\images\toolbar\grouptreepressed.gif
c:\windows\system32\images\toolbar\Last.gif
c:\windows\system32\images\toolbar\last_over.gif
c:\windows\system32\images\toolbar\Lastd.gif
c:\windows\system32\images\toolbar\Next.gif
c:\windows\system32\images\toolbar\next_over.gif
c:\windows\system32\images\toolbar\Nextd.gif
c:\windows\system32\images\toolbar\Prev.gif
c:\windows\system32\images\toolbar\prev_over.gif
c:\windows\system32\images\toolbar\Prevd.gif
c:\windows\system32\images\toolbar\print.gif
c:\windows\system32\images\toolbar\print_over.gif
c:\windows\system32\images\toolbar\printd.gif
c:\windows\system32\images\toolbar\Refresh.gif
c:\windows\system32\images\toolbar\refresh_over.gif
c:\windows\system32\images\toolbar\refreshd.gif
c:\windows\system32\images\toolbar\Search.gif
c:\windows\system32\images\toolbar\search_over.gif
c:\windows\system32\images\toolbar\searchd.gif
c:\windows\system32\images\toolbar\up.gif
c:\windows\system32\images\toolbar\up_over.gif
c:\windows\system32\images\toolbar\upd.gif
c:\windows\system32\images\tree\begindots.gif
c:\windows\system32\images\tree\beginminus.gif
c:\windows\system32\images\tree\beginplus.gif
c:\windows\system32\images\tree\blank.gif
c:\windows\system32\images\tree\blankdots.gif
c:\windows\system32\images\tree\dots.gif
c:\windows\system32\images\tree\lastdots.gif
c:\windows\system32\images\tree\lastminus.gif
c:\windows\system32\images\tree\lastplus.gif
c:\windows\system32\images\tree\Magnify.gif
c:\windows\system32\images\tree\minus.gif
c:\windows\system32\images\tree\minusbox.gif
c:\windows\system32\images\tree\plus.gif
c:\windows\system32\images\tree\plusbox.gif
c:\windows\system32\images\tree\singleminus.gif
c:\windows\system32\images\tree\singleplus.gif
c:\windows\system32\logs
c:\windows\system32\MSOffice
c:\windows\system32\MUI\0424\tourstart.exe
c:\windows\system32\npkpdb.dll
c:\windows\system32\SET1CA.tmp
c:\windows\system32\SET1CB.tmp
c:\windows\system32\SET1CC.tmp
c:\windows\system32\SET1CD.tmp
c:\windows\system32\SET1CE.tmp
c:\windows\system32\SET1D1.tmp
c:\windows\system32\SET1D3.tmp
c:\windows\system32\SET1D4.tmp
c:\windows\system32\SET1D5.tmp
c:\windows\system32\SET1D9.tmp
c:\windows\system32\SET1DB.tmp
c:\windows\system32\SET1DC.tmp
c:\windows\system32\SET1DE.tmp
c:\windows\system32\SET1DF.tmp
c:\windows\system32\SET1E4.tmp
c:\windows\system32\SET1E5.tmp
c:\windows\system32\SET1E6.tmp
c:\windows\system32\SET1E8.tmp
c:\windows\system32\shimg.dll
c:\windows\system32\system
c:\windows\usgwmt
c:\windows\usgwmt\BReWErS.dll
c:\windows\Web\ddid
c:\windows\Web\ddnm
c:\windows\Web\ddsn
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AMSERVICE
-------\Legacy_HOST_GENERIC_PROCESS
-------\Legacy_NVUPDSERVICE
-------\Service_AMService
.
.
((((((((((((((((((((((((( Files Created from 2012-05-21 to 2012-06-21 )))))))))))))))))))))))))))))))
.
.
2012-06-21 10:57 . 2012-06-21 10:57 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-20 21:00 . 2012-06-20 23:05 -------- d-----w- c:\documents and settings\Silvo\Application Data\vlc
2012-06-20 16:45 . 2005-05-04 01:43 69632 ----a-w- c:\windows\Alcmtr.exe
2012-06-19 08:47 . 2012-06-19 08:47 14080 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2012-06-18 16:32 . 2012-04-26 21:08 37336 ----a-w- c:\windows\system32\CleanMFT32.exe
2012-06-18 16:32 . 2008-09-18 04:17 658432 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2012-06-18 16:32 . 2008-04-02 22:54 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
2012-06-18 16:32 . 2008-04-02 22:53 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
2012-06-18 16:32 . 2008-04-02 22:53 880640 ----a-w- c:\windows\system32\UniBox10.ocx
2012-06-18 16:31 . 2012-06-18 16:33 -------- d-----w- c:\program files\PC Tools Registry Mechanic
2012-06-18 16:31 . 2012-06-18 16:32 -------- d-----w- c:\program files\Common Files\PC Tools
2012-06-18 09:16 . 2012-06-18 09:16 -------- d-----w- c:\documents and settings\Silvo\Local Settings\Application Data\Opera
2012-06-18 09:15 . 2012-06-18 09:16 -------- d-----w- c:\program files\Opera
2012-06-17 22:45 . 2012-06-17 22:45 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2012-06-17 22:45 . 2012-06-17 22:45 -------- d-----w- c:\documents and settings\Silvo\Local Settings\Application Data\eSupport.com
2012-06-17 21:44 . 2012-06-17 21:44 -------- d-----w- C:\Rbackup
2012-06-17 21:41 . 2012-06-18 09:52 -------- d-----w- c:\program files\Perfect Uninstaller
2012-06-16 22:44 . 2012-06-16 22:44 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\QuickScan
2012-06-16 21:19 . 2012-06-16 21:19 -------- d-----w- c:\documents and settings\Maja\Application Data\Bitdefender
2012-06-15 10:36 . 2012-06-15 10:36 340624 ----a-w- c:\windows\system32\drivers\trufos.sys
2012-06-15 10:36 . 2012-06-15 10:36 360976 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
2012-06-15 10:04 . 2012-06-15 10:04 -------- d-----w- c:\documents and settings\All Users\Application Data\BDLogging
2012-06-15 10:03 . 2008-11-08 01:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2012-06-15 10:03 . 2012-06-15 10:03 -------- d-----w- c:\documents and settings\Silvo\Application Data\Bitdefender
2012-06-15 10:00 . 2012-06-15 10:00 -------- d-----w- c:\documents and settings\Silvo\Application Data\QuickScan
2012-06-15 09:21 . 2012-06-15 09:22 -------- d-----w- c:\documents and settings\Maja\Local Settings\Application Data\AskToolbar
2012-06-15 09:20 . 2012-06-15 09:19 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-06-15 09:20 . 2012-06-15 09:19 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-15 09:19 . 2012-06-15 09:19 -------- d-----w- c:\program files\Java
2012-05-23 19:45 . 2012-06-16 22:40 -------- d-----w- c:\documents and settings\Silvo\Application Data\Mumble
2012-05-23 19:33 . 2012-05-23 19:44 -------- d-----w- c:\program files\Mumble
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-21 11:02 . 2004-08-03 21:59 36352 ----a-w- c:\windows\system32\drivers\disk.sys
2012-06-15 09:19 . 2011-11-10 13:40 472840 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-14 13:55 . 2012-04-19 13:28 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-14 13:55 . 2011-05-22 20:57 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-15 10:18 . 2012-03-10 09:11 883008 ----a-w- c:\windows\system32\nvgenco32.dll
2012-05-15 10:18 . 2012-03-10 09:11 65536 ----a-w- c:\windows\system32\OpenCL.dll
2012-05-15 10:18 . 2012-03-10 09:11 1000768 ----a-w- c:\windows\system32\nvdispco32.dll
2012-05-15 10:18 . 2012-03-10 09:11 17543168 ----a-w- c:\windows\system32\nvcompiler.dll
2012-05-15 10:18 . 2009-08-11 09:20 2530624 ----a-w- c:\windows\system32\nvcuvid.dll
2012-05-15 10:18 . 2009-08-11 09:20 2445120 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-05-15 10:18 . 2008-08-04 12:27 18771968 ----a-w- c:\windows\system32\nvoglnt.dll
2012-05-15 10:18 . 2008-08-04 12:27 6012928 ----a-w- c:\windows\system32\nvcuda.dll
2012-05-15 10:18 . 2008-08-04 12:27 2359808 ----a-w- c:\windows\system32\nvapi.dll
2012-05-15 10:18 . 2008-08-04 12:27 14014656 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2012-05-15 10:18 . 2008-08-04 12:27 4373248 ----a-w- c:\windows\system32\nv4_disp.dll
2012-05-15 09:43 . 2008-08-04 12:27 229376 ----a-w- c:\windows\system32\nvrszhc.dll
2012-05-15 09:43 . 2008-08-04 12:27 282624 ----a-w- c:\windows\system32\nvrsit.dll
2012-05-15 09:43 . 2008-08-04 12:27 253952 ----a-w- c:\windows\system32\nvrsth.dll
2012-05-15 09:43 . 2008-08-04 12:27 253952 ----a-w- c:\windows\system32\nvrssv.dll
2012-05-15 09:43 . 2008-08-04 12:27 126976 ----a-w- c:\windows\system32\nvrszht.dll
2012-05-15 09:43 . 2008-08-04 12:27 274432 ----a-w- c:\windows\system32\nvrsnl.dll
2012-05-15 09:43 . 2008-08-04 12:27 266240 ----a-w- c:\windows\system32\nvrsko.dll
2012-05-15 09:43 . 2008-08-04 12:27 335872 ----a-w- c:\windows\system32\nvrsar.dll
2012-05-15 09:43 . 2008-08-04 12:27 282624 ----a-w- c:\windows\system32\nvrsel.dll
2012-05-15 09:43 . 2008-08-04 12:27 274432 ----a-w- c:\windows\system32\nvrsesm.dll
2012-05-15 09:43 . 2008-08-04 12:27 249856 ----a-w- c:\windows\system32\nvrseng.dll
2012-05-15 09:43 . 2008-08-04 12:27 335872 ----a-w- c:\windows\system32\nvrshe.dll
2012-05-15 09:43 . 2008-08-04 12:27 286720 ----a-w- c:\windows\system32\nvrsfr.dll
2012-05-15 09:43 . 2008-08-04 12:27 274432 ----a-w- c:\windows\system32\nvrspt.dll
2012-05-15 09:43 . 2008-08-04 12:27 258048 ----a-w- c:\windows\system32\nvrssl.dll
2012-05-15 09:43 . 2008-08-04 12:27 253952 ----a-w- c:\windows\system32\nvrsno.dll
2012-05-15 09:43 . 2008-08-04 12:27 249856 ----a-w- c:\windows\system32\nvrsfi.dll
2012-05-15 09:43 . 2008-08-04 12:27 282624 ----a-w- c:\windows\system32\nvrses.dll
2012-05-15 09:43 . 2008-08-04 12:27 270336 ----a-w- c:\windows\system32\nvrsru.dll
2012-05-15 09:43 . 2008-08-04 12:27 258048 ----a-w- c:\windows\system32\nvrssk.dll
2012-05-15 09:43 . 2008-08-04 12:27 262144 ----a-w- c:\windows\system32\nvrshu.dll
2012-05-15 09:43 . 2008-08-04 12:27 258048 ----a-w- c:\windows\system32\nvrstr.dll
2012-05-15 09:43 . 2008-08-04 12:27 253952 ----a-w- c:\windows\system32\nvrsda.dll
2012-05-15 09:43 . 2008-08-04 12:27 274432 ----a-w- c:\windows\system32\nvrsja.dll
2012-05-15 09:43 . 2008-08-04 12:27 258048 ----a-w- c:\windows\system32\nvrspl.dll
2012-05-15 09:43 . 2008-08-04 12:27 270336 ----a-w- c:\windows\system32\nvrsptb.dll
2012-05-15 09:43 . 2008-08-04 12:27 278528 ----a-w- c:\windows\system32\nvrsde.dll
2012-05-15 09:43 . 2008-08-04 12:27 249856 ----a-w- c:\windows\system32\nvrscs.dll
2012-05-15 09:40 . 2009-07-14 11:35 54272 ----a-w- c:\windows\system32\nvwddi.dll
2012-05-15 09:40 . 2009-07-14 11:34 15504192 ----a-w- c:\windows\system32\nvcpl.dll
2012-05-15 09:40 . 2009-07-14 11:34 143680 ----a-w- c:\windows\system32\nvcolor.exe
2012-05-15 09:40 . 2009-07-14 11:34 164160 ----a-w- c:\windows\system32\nvsvc32.exe
2012-05-15 09:40 . 2009-07-14 11:34 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-04-04 13:56 . 2011-07-08 20:25 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-29 08:53 . 2012-03-29 08:53 72136 ----a-w- C:\GEMC011.sys
2012-03-24 15:51 . 2012-03-18 21:44 72136 ----a-w- C:\GEMC009.sys
2012-03-24 15:47 . 2012-03-18 16:37 72136 ----a-w- C:\GEMC005.sys
2012-03-24 15:45 . 2012-03-18 16:32 72136 ----a-w- C:\GEMC003.sys
2012-03-24 15:45 . 2012-03-18 16:32 72136 ----a-w- C:\GEMC001.sys
2011-11-21 22:19 . 2011-11-21 21:27 86405736 ----a-w- c:\program files\APB_Reloaded_Installer.exe
2012-02-19 12:56 . 2011-05-05 22:11 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2008-08-13 17:02 . 2008-08-13 17:02 35840 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 528384]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"SkyTel"="SkyTel.EXE" [2006-05-17 2879488]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-04-15 296056]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-05-15 15504192]
"NvMediaCenter"="NvMCTray.dll" [2012-05-15 108352]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-05-15 1634112]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"BDAgent"="c:\program files\Bitdefender\Bitdefender 2012\bdagent.exe" [2012-03-22 1183616]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-08 16125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\Maja\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\Silvo_2\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\Silvo\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
AVerQuick.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2008-8-4 618496]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-2-25 813584]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
backup=c:\windows\pss\GamersFirst LIVE!.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk
backup=c:\windows\pss\McAfee Security Scan.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Silvo^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\Silvo\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Silvo^Start Menu^Programs^Startup^Xfire.lnk]
path=c:\documents and settings\Silvo\Start Menu\Programs\Startup\Xfire.lnk
backup=c:\windows\pss\Xfire.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe]
2007-06-29 13:03 36864 ----a-w- c:\program files\GameSpy\Comrade\Comrade.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-07-24 15:02 490952 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-04-04 13:56 462408 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 21:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-01-29 13:01 23975720 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-06-14 13:42 3905920 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"scan"=3 (0x3)
"LIVESRV"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Games-Masters.com\\CABAL Online (Europe)\\launcher\\update\\ESTdnheadless.exe"=
"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Microsoft Games\\Halo 2\\halo2.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\apb reloaded\\Launcher\\APBLauncher.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\apb reloaded\\Binaries\\APB.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\apb reloaded\\Binaries\\VivoxVoiceService.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Program Files\\tera fake\\TERA-Launcher.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\Opera\\pluginwrapper\\opera_plugin_wrapper.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13677:TCP"= 13677:TCP:BitComet 13677 TCP
"13677:UDP"= 13677:UDP:BitComet 13677 UDP
"57769:TCP"= 57769:TCP:Pando Media Booster
"57769:UDP"= 57769:UDP:Pando Media Booster
"57495:TCP"= 57495:TCP:Pando Media Booster
"57495:UDP"= 57495:UDP:Pando Media Booster
"56799:TCP"= 56799:TCP:Pando Media Booster
"56799:UDP"= 56799:UDP:Pando Media Booster
"21688:TCP"= 21688:TCP:@xpsp2res.dll,-22009
"56191:TCP"= 56191:TCP:Pando Media Booster
"56191:UDP"= 56191:UDP:Pando Media Booster
"57819:TCP"= 57819:TCP:Pando Media Booster
"57819:UDP"= 57819:UDP:Pando Media Booster
.
R0 avc3;avc3;c:\windows\system32\drivers\avc3.sys [20/03/2012 20:22 611520]
R1 BDVEDISK;BDVEDISK;c:\windows\system32\drivers\bdvedisk.sys [19/01/2010 19:32 85128]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 09:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 14:55 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [11/08/2011 16:38 116608]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [18/03/2012 05:49 21992]
R2 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [24/11/2010 07:07 20088]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [08/07/2011 13:25 654408]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [10/03/2012 02:27 1262400]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [18/06/2012 09:32 793048]
R2 UPDATESRV;BitDefender Desktop Update Service;c:\program files\BitDefender\Bitdefender 2012\updatesrv.exe [13/03/2012 18:24 53224]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [04/08/2008 05:21 37376]
R3 avchv;avchv Function Driver;c:\windows\system32\drivers\avchv.sys [25/11/2011 14:59 240184]
R3 AVerBDA3x;AVerMedia SAA713x BDA Service;c:\windows\system32\drivers\AVerBDA3x.sys [04/08/2008 05:38 1180672]
R3 kbdcap;kbdcap;c:\windows\system32\drivers\KbdCap.sys [14/09/2010 11:21 109440]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [08/07/2011 13:25 22344]
S0 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
S1 ShldDrv;Panda File Shield Driver;c:\windows\system32\DRIVERS\ShlDrv51.sys --> c:\windows\system32\DRIVERS\ShlDrv51.sys [?]
S2 17891;IpSectPro service new;c:\windows\system\178918.exe --> c:\windows\system\178918.exe [?]
S2 CardBusService;CardBusService;c:\program files\Common Files\AVerMedia\Service\CardBusService.exe [04/08/2008 07:18 188416]
S2 gupdate1ca19f0d79b2096;Storitev Google Update Service (gupdate1ca19f0d79b2096);c:\program files\Google\Update\GoogleUpdate.exe [10/08/2009 12:29 133104]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [19/07/2009 09:01 247096]
S2 jakfcswx;jakfcswx;"c:\docume~1\Silvo\LOCALS~1\Temp\DAT9A2.tmp.exe" --SERVICE --> c:\docume~1\Silvo\LOCALS~1\Temp\DAT9A2.tmp.exe [?]
S2 PavProc;Panda Process Protection Driver;\??\c:\windows\system32\DRIVERS\PavProc.sys --> c:\windows\system32\DRIVERS\PavProc.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [19/04/2012 06:28 257224]
S3 avckf;avckf;c:\windows\system32\drivers\avckf.sys [17/02/2012 16:45 447208]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe --> c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [?]
S3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys --> c:\windows\system32\drivers\bdfm.sys [?]
S3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\bdfndisf.sys --> c:\windows\system32\DRIVERS\bdfndisf.sys [?]
S3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys [17/11/2011 17:38 63056]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18/12/2009 03:58 11336]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [17/06/2012 15:45 23456]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [02/10/2009 08:46 36608]
S3 GEMC001;GEMC001;C:\GEMC001.sys [18/03/2012 09:32 72136]
S3 GEMC002;GEMC002;C:\GEMC002.sys [19/03/2012 01:19 72136]
S3 GEMC003;GEMC003;C:\GEMC003.sys [18/03/2012 09:32 72136]
S3 GEMC004;GEMC004;C:\GEMC004.sys [19/03/2012 01:20 72136]
S3 GEMC005;GEMC005;C:\GEMC005.sys [18/03/2012 09:37 72136]
S3 GEMC007;GEMC007;C:\GEMC007.sys [18/03/2012 11:24 72136]
S3 GEMC009;GEMC009;C:\GEMC009.sys [18/03/2012 14:44 72136]
S3 GEMC011;GEMC011;C:\GEMC011.sys [29/03/2012 01:53 72136]
S3 gupdatem;Storitev Posodobitve za Google (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/08/2009 12:29 133104]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [29/07/2011 13:07 27064]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\DRIVERS\wg111v2.sys --> c:\windows\system32\DRIVERS\wg111v2.sys [?]
S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\drivers\s816bus.sys [07/08/2008 06:27 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\drivers\s816mdfl.sys [07/08/2008 06:27 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\drivers\s816mdm.sys [07/08/2008 06:27 107304]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s816mgmt.sys [07/08/2008 06:27 99112]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\drivers\s816nd5.sys [07/08/2008 06:28 21928]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\drivers\s816obex.sys [07/08/2008 06:27 97320]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\drivers\s816unic.sys [07/08/2008 06:27 97704]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 04:37 517096]
S3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\BitDefender\Bitdefender Arrakis Server\bin\arrakis3.exe [14/10/2011 23:57 307544]
S3 vtany;vtany;\??\c:\windows\vtany.sys --> c:\windows\vtany.sys [?]
S3 XDva190;XDva190;\??\c:\windows\system32\XDva190.sys --> c:\windows\system32\XDva190.sys [?]
S3 XDva275;XDva275;\??\c:\windows\system32\XDva275.sys --> c:\windows\system32\XDva275.sys [?]
S3 XDva279;XDva279;\??\c:\windows\system32\XDva279.sys --> c:\windows\system32\XDva279.sys [?]
S3 XDva288;XDva288;\??\c:\windows\system32\XDva288.sys --> c:\windows\system32\XDva288.sys [?]
S3 XDva351;XDva351;\??\c:\windows\system32\XDva351.sys --> c:\windows\system32\XDva351.sys [?]
S3 XDva380;XDva380;\??\c:\windows\system32\XDva380.sys --> c:\windows\system32\XDva380.sys [?]
S3 XDva385;XDva385;\??\c:\windows\system32\XDva385.sys --> c:\windows\system32\XDva385.sys [?]
S3 XDva387;XDva387;\??\c:\windows\system32\XDva387.sys --> c:\windows\system32\XDva387.sys [?]
S3 XDva389;XDva389;\??\c:\windows\system32\XDva389.sys --> c:\windows\system32\XDva389.sys [?]
S3 XDva391;XDva391;\??\c:\windows\system32\XDva391.sys --> c:\windows\system32\XDva391.sys [?]
S3 XDva392;XDva392;\??\c:\windows\system32\XDva392.sys --> c:\windows\system32\XDva392.sys [?]
S3 XDva393;XDva393;\??\c:\windows\system32\XDva393.sys --> c:\windows\system32\XDva393.sys [?]
S3 XDva394;XDva394;\??\c:\windows\system32\XDva394.sys --> c:\windows\system32\XDva394.sys [?]
S3 xhunter1;xhunter1;\??\c:\windows\xhunter1.sys --> c:\windows\xhunter1.sys [?]
S4 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [02/10/2009 08:46 233472]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
modyurvh
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 13:55]
.
2012-06-09 c:\windows\Tasks\AdobeAAMUpdater-1.0-SILVO1-Nadja.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-08-27 01:44]
.
2012-06-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
2012-06-14 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-22 11:56]
.
2012-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd08335e74765c.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-10 19:29]
.
2012-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-10 19:29]
.
2012-06-21 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1060284298-362288127-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 15:45]
.
2012-06-21 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1060284298-362288127-839522115-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 15:45]
.
2012-06-21 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1060284298-362288127-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 15:45]
.
2012-06-03 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1060284298-362288127-839522115-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 15:45]
.
2012-06-21 c:\windows\Tasks\RMAutoUpdate.job
- c:\program files\PC Tools Registry Mechanic\SULauncher.exe [2012-06-18 21:08]
.
2012-06-21 c:\windows\Tasks\RMSchedule.job
- c:\program files\PC Tools Registry Mechanic\RegMech.exe [2012-06-18 21:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: Interfaces\{BC30E4D0-6780-42EB-9733-F8D55434BB60}: NameServer = 193.189.160.13,193.189.160.23
DPF: {7A0D1738-10EA-47FF-92BE-4E137B5BE1A4} - hxxps://mpsnare.iesnare.com/StmOCX.cab
DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://disteng.nefficient.com/disteng/neffy/NeffyLauncher.cab
FF - ProfilePath - c:\documents and settings\Silvo\Application Data\Mozilla\Firefox\Profiles\keudrcdb.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.3&q=
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-AdobeBridge - (no file)
HKLM-Run-AFEC-CEAB - c:\documents and settings\Silvo\Application Data\Seven.exe
HKLM-Run-ApnUpdater - c:\program files\Ask.com\Updater\Updater.exe
HKLM-Explorer_Run-AFEC-CEAB - c:\documents and settings\Silvo\Application Data\Seven.exe
AddRemove-FindXplorer - c:\program files\FindXplorer\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-21 06:32
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1060284298-362288127-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:8c,33,68,01,b0,79,c2,6e,8d,dc,26,ec,bc,fc,38,92,35,0c,fd,60,4a,41,50,
25,12,86,a3,7a,91,f7,42,11,72,ce,ce,7f,c7,a7,c1,ed,98,dc,c7,bc,52,4b,d4,c4,\
"??"=hex:8c,2e,ba,30,30,f7,7b,cf,e6,5b,fc,8c,37,11,23,7d
.
[HKEY_USERS\S-1-5-21-1060284298-362288127-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:c4,43,8b,be,c7,fb,7c,e8,d1,c0,c4,1d,7b,4a,fb,8d,e0,b8,8f,23,f5,
34,38,31,7a,41,71,bd,57,6c,84,13,02,db,70,67,05,d1,fd,38,83,6d,9d,d4,39,4e,\
"rkeysecu"=hex:8b,72,cf,6f,94,82,52,08,a8,f0,54,62,b4,bb,5f,33
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2252)
c:\windows\system32\WININET.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Bitdefender\Bitdefender 2012\vsserv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\npkcmsvc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\RunDLL32.exe
c:\windows\RTHDCPL.EXE
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\program files\Common Files\Teleca Shared\Generic.exe
c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
.
**************************************************************************
.
Completion time: 2012-06-21 06:42:43 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-21 13:42
.
Pre-Run: 115,469,697,024 bytes free
Post-Run: 115,648,008,192 bytes free
.
- - End Of File - - C8E17B9B5DF63E1778E338AB6374398B
-
My computer crashed at stage 6 or 7. Should I try to run it again?
-
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Različica baze: v2012.06.21.03
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Silvo :: SILVO1 [skrbnik]
21/06/2012 04:18:44
mbam-log-2012-06-21 (04-18-44).txt
Tip pregleda: Hitri pregled
Možnosti pregleda omogočene: Spomin | Zagon | Register | Datotečni sistem | Hevristika/Dodatno | Hevristika/Shuriken | PUP | PUM
Možnosti pregleda onemogočene: P2P
Preverjenih objektov: 306867
Pretečen čas: 11 minut, 55 sekund
Odkritih spominskih procesov: 0
(Ni bilo najdenih zlonamernih objektov)
Odkritih spominskih modulov: 0
(Ni bilo najdenih zlonamernih objektov)
Odkritih ključev registra: 0
(Ni bilo najdenih zlonamernih objektov)
Odkritih vrednosti registra: 0
(Ni bilo najdenih zlonamernih objektov)
Odkritih vnosov v register: 0
(Ni bilo najdenih zlonamernih objektov)
Odkritih map: 0
(Ni bilo najdenih zlonamernih objektov)
Odkritih datotek: 1
C:\Documents and Settings\Silvo\My Documents\Downloads\SoftonicDownloader_for_vlc-media-player.exe (PUP.ToolbarDownloader) -> Poslano v karanteno in uspešno izbrisano.
(konec)
-
Oh and thank you so much for fast response. I can already see the difference.
-
03:55:37.0062 5440 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
03:55:37.0140 5440 ============================================================
03:55:37.0140 5440 Current date / time: 2012/06/21 03:55:37.0140
03:55:37.0140 5440 SystemInfo:
03:55:37.0140 5440
03:55:37.0140 5440 OS Version: 5.1.2600 ServicePack: 3.0
03:55:37.0140 5440 Product type: Workstation
03:55:37.0140 5440 ComputerName: SILVO1
03:55:37.0140 5440 UserName: Silvo
03:55:37.0140 5440 Windows directory: C:\WINDOWS
03:55:37.0140 5440 System windows directory: C:\WINDOWS
03:55:37.0140 5440 Processor architecture: Intel x86
03:55:37.0140 5440 Number of processors: 2
03:55:37.0140 5440 Page size: 0x1000
03:55:37.0140 5440 Boot type: Normal boot
03:55:37.0140 5440 ============================================================
03:55:39.0984 5440 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
03:55:40.0000 5440 ============================================================
03:55:40.0000 5440 \Device\Harddisk0\DR0:
03:55:40.0000 5440 MBR partitions:
03:55:40.0000 5440 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
03:55:40.0000 5440 ============================================================
03:55:40.0015 5440 C: <-> \Device\Harddisk0\DR0\Partition0
03:55:40.0015 5440 ============================================================
03:55:40.0015 5440 Initialize success
03:55:40.0015 5440 ============================================================
03:56:15.0906 7628 ============================================================
03:56:15.0906 7628 Scan started
03:56:15.0906 7628 Mode: Manual; SigCheck; TDLFS;
03:56:15.0906 7628 ============================================================
03:56:16.0281 7628 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
03:56:16.0390 7628 !SASCORE - ok
03:56:16.0437 7628 17891 - ok
03:56:16.0500 7628 Abiosdsk - ok
03:56:16.0500 7628 abp480n5 - ok
03:56:16.0546 7628 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
03:56:23.0187 7628 ACPI - ok
03:56:23.0218 7628 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
03:56:23.0328 7628 ACPIEC - ok
03:56:23.0406 7628 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
03:56:23.0437 7628 AdobeFlashPlayerUpdateSvc - ok
03:56:23.0453 7628 adpu160m - ok
03:56:23.0484 7628 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
03:56:23.0609 7628 aec - ok
03:56:23.0640 7628 AegisP (30bb1bde595ca65fd5549462080d94e5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
03:56:23.0671 7628 AegisP ( UnsignedFile.Multi.Generic ) - warning
03:56:23.0671 7628 AegisP - detected UnsignedFile.Multi.Generic (1)
03:56:23.0703 7628 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
03:56:23.0781 7628 AFD - ok
03:56:23.0781 7628 Aha154x - ok
03:56:23.0781 7628 aic78u2 - ok
03:56:23.0781 7628 aic78xx - ok
03:56:23.0828 7628 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
03:56:23.0921 7628 Alerter - ok
03:56:23.0937 7628 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
03:56:23.0984 7628 ALG - ok
03:56:23.0984 7628 AliIde - ok
03:56:24.0000 7628 AMService - ok
03:56:24.0000 7628 amsint - ok
03:56:24.0031 7628 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
03:56:24.0093 7628 AppMgmt - ok
03:56:24.0093 7628 asc - ok
03:56:24.0093 7628 asc3350p - ok
03:56:24.0093 7628 asc3550 - ok
03:56:24.0234 7628 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
03:56:24.0250 7628 aspnet_state - ok
03:56:24.0265 7628 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
03:56:24.0375 7628 AsyncMac - ok
03:56:24.0406 7628 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
03:56:24.0500 7628 atapi - ok
03:56:24.0531 7628 AtcL001 (f732284e3ca19b38239853e2711041d4) C:\WINDOWS\system32\DRIVERS\l151x86.sys
03:56:24.0578 7628 AtcL001 - ok
03:56:24.0578 7628 Atdisk - ok
03:56:24.0593 7628 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
03:56:24.0671 7628 Atmarpc - ok
03:56:24.0718 7628 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
03:56:24.0812 7628 AudioSrv - ok
03:56:24.0843 7628 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
03:56:24.0921 7628 audstub - ok
03:56:24.0968 7628 avc3 (f0c0e213d6d811384a49981adff0b6c0) C:\WINDOWS\system32\DRIVERS\avc3.sys
03:56:25.0046 7628 avc3 - ok
03:56:25.0062 7628 avchv (a64529781e5b9cc454666a33a24e3e1d) C:\WINDOWS\system32\DRIVERS\avchv.sys
03:56:25.0078 7628 avchv - ok
03:56:25.0109 7628 avckf (2bce314a25e71298add6794bfbd66266) C:\WINDOWS\system32\DRIVERS\avckf.sys
03:56:25.0109 7628 avckf - ok
03:56:25.0187 7628 AVerBDA3x (87a76ec8bf8ed0f67e548c4a8e1efb90) C:\WINDOWS\system32\DRIVERS\AVerBDA3x.sys
03:56:25.0343 7628 AVerBDA3x - ok
03:56:25.0375 7628 AVG Security Toolbar Service - ok
03:56:25.0375 7628 bdfm - ok
03:56:25.0375 7628 Bdfndisf - ok
03:56:25.0421 7628 bdfsfltr (5ef7ac38b4a7dc80860d7ffafac78c36) C:\WINDOWS\system32\drivers\bdfsfltr.sys
03:56:25.0421 7628 bdfsfltr - ok
03:56:25.0484 7628 bdftdif (f7d825f7e47d8a7865f5d2156b1b7a24) C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys
03:56:25.0500 7628 bdftdif - ok
03:56:25.0546 7628 bdsandbox (e260c0079b5c1107b87e98f356292004) C:\WINDOWS\system32\drivers\bdsandbox.sys
03:56:25.0562 7628 bdsandbox - ok
03:56:25.0640 7628 bdselfpr (042941c8e50f38e34c3c345f45e16cf3) C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys
03:56:25.0656 7628 bdselfpr - ok
03:56:25.0671 7628 BDVEDISK (375cd0b9f433465ec6f50d4df44e9448) C:\WINDOWS\system32\DRIVERS\bdvedisk.sys
03:56:25.0687 7628 BDVEDISK - ok
03:56:25.0718 7628 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
03:56:25.0812 7628 Beep - ok
03:56:25.0859 7628 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
03:56:25.0968 7628 BITS - ok
03:56:26.0000 7628 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
03:56:26.0078 7628 Browser - ok
03:56:26.0156 7628 CardBusService (c0acddc7e54cdd9c580e069bd1ea0056) C:\Program Files\Common Files\AVerMedia\Service\CardBusService.exe
03:56:26.0171 7628 CardBusService ( UnsignedFile.Multi.Generic ) - warning
03:56:26.0171 7628 CardBusService - detected UnsignedFile.Multi.Generic (1)
03:56:26.0187 7628 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
03:56:26.0281 7628 cbidf2k - ok
03:56:26.0328 7628 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
03:56:26.0437 7628 CCDECODE - ok
03:56:26.0437 7628 cd20xrnt - ok
03:56:26.0453 7628 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
03:56:26.0546 7628 Cdaudio - ok
03:56:26.0546 7628 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
03:56:26.0984 7628 Cdfs - ok
03:56:27.0000 7628 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
03:56:27.0109 7628 Cdrom - ok
03:56:27.0109 7628 Changer - ok
03:56:27.0125 7628 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
03:56:27.0218 7628 CiSvc - ok
03:56:27.0234 7628 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
03:56:27.0328 7628 ClipSrv - ok
03:56:27.0453 7628 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
03:56:27.0468 7628 clr_optimization_v2.0.50727_32 - ok
03:56:27.0500 7628 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
03:56:27.0531 7628 clr_optimization_v4.0.30319_32 - ok
03:56:27.0531 7628 CmdIde - ok
03:56:27.0531 7628 COMSysApp - ok
03:56:27.0531 7628 Cpqarray - ok
03:56:27.0593 7628 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys
03:56:27.0609 7628 cpudrv - ok
03:56:27.0625 7628 cpuz135 (3411fdf098aa20193eee5ffa36ba43b2) C:\WINDOWS\system32\drivers\cpuz135_x32.sys
03:56:27.0640 7628 cpuz135 - ok
03:56:27.0656 7628 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
03:56:27.0734 7628 CryptSvc - ok
03:56:27.0734 7628 dac2w2k - ok
03:56:27.0734 7628 dac960nt - ok
03:56:27.0781 7628 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
03:56:27.0843 7628 DcomLaunch - ok
03:56:27.0890 7628 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
03:56:27.0984 7628 Dhcp - ok
03:56:28.0000 7628 Disk (b0f0f54f12e1ffe1ec5c214e3abd56b5) C:\WINDOWS\system32\DRIVERS\disk.sys
03:56:28.0000 7628 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\disk.sys. Real md5: b0f0f54f12e1ffe1ec5c214e3abd56b5, Fake md5: 044452051f3e02e7963599fc8f4f3e25
03:56:28.0000 7628 Disk ( Rootkit.Win32.TDSS.tdl3 ) - infected
03:56:28.0000 7628 Disk - detected Rootkit.Win32.TDSS.tdl3 (0)
03:56:28.0015 7628 dmadmin - ok
03:56:28.0062 7628 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
03:56:28.0156 7628 dmboot - ok
03:56:28.0187 7628 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
03:56:28.0296 7628 dmio - ok
03:56:28.0312 7628 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
03:56:28.0406 7628 dmload - ok
03:56:28.0437 7628 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
03:56:28.0515 7628 dmserver - ok
03:56:28.0546 7628 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
03:56:28.0640 7628 DMusic - ok
03:56:28.0671 7628 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
03:56:28.0703 7628 Dnscache - ok
03:56:28.0734 7628 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
03:56:28.0828 7628 Dot3svc - ok
03:56:28.0828 7628 dpti2o - ok
03:56:28.0828 7628 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
03:56:28.0906 7628 drmkaud - ok
03:56:28.0921 7628 DrvAgent32 (651554e483712b708ede864d0ca1aa73) C:\WINDOWS\system32\Drivers\DrvAgent32.sys
03:56:28.0953 7628 DrvAgent32 ( UnsignedFile.Multi.Generic ) - warning
03:56:28.0953 7628 DrvAgent32 - detected UnsignedFile.Multi.Generic (1)
03:56:28.0953 7628 EagleNT - ok
03:56:28.0984 7628 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
03:56:29.0078 7628 EapHost - ok
03:56:29.0093 7628 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
03:56:29.0187 7628 ERSvc - ok
03:56:29.0218 7628 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
03:56:29.0234 7628 Eventlog - ok
03:56:29.0281 7628 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
03:56:29.0328 7628 EventSystem - ok
03:56:29.0359 7628 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
03:56:29.0453 7628 Fastfat - ok
03:56:29.0484 7628 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
03:56:29.0531 7628 FastUserSwitchingCompatibility - ok
03:56:29.0562 7628 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
03:56:29.0640 7628 Fdc - ok
03:56:29.0656 7628 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
03:56:29.0734 7628 Fips - ok
03:56:29.0734 7628 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
03:56:29.0828 7628 Flpydisk - ok
03:56:29.0875 7628 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
03:56:29.0953 7628 FltMgr - ok
03:56:30.0078 7628 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
03:56:30.0093 7628 FontCache3.0.0.0 - ok
03:56:30.0125 7628 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\WINDOWS\system32\FsUsbExDisk.SYS
03:56:30.0140 7628 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning
03:56:30.0140 7628 FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)
03:56:30.0171 7628 FsUsbExService (d3f9205cc4cb07553f2f9472c767ea87) C:\WINDOWS\system32\FsUsbExService.Exe
03:56:30.0218 7628 FsUsbExService ( UnsignedFile.Multi.Generic ) - warning
03:56:30.0218 7628 FsUsbExService - detected UnsignedFile.Multi.Generic (1)
03:56:30.0250 7628 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
03:56:30.0343 7628 Fs_Rec - ok
03:56:30.0359 7628 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
03:56:30.0484 7628 Ftdisk - ok
03:56:30.0500 7628 GEMC001 (e13d7a6ce0fa36326c56532595a2ca73) C:\GEMC001.sys
03:56:30.0531 7628 GEMC001 ( UnsignedFile.Multi.Generic ) - warning
03:56:30.0531 7628 GEMC001 - detected UnsignedFile.Multi.Generic (1)
03:56:30.0578 7628 GEMC002 (b937bdd541da5a423ba8c887df59f1e0) C:\GEMC002.sys
03:56:30.0609 7628 GEMC002 ( UnsignedFile.Multi.Generic ) - warning
03:56:30.0609 7628 GEMC002 - detected UnsignedFile.Multi.Generic (1)
03:56:30.0625 7628 GEMC003 (de204595d48ae1714e21da4bd7bf1a7b) C:\GEMC003.sys
03:56:30.0656 7628 GEMC003 ( UnsignedFile.Multi.Generic ) - warning
03:56:30.0656 7628 GEMC003 - detected UnsignedFile.Multi.Generic (1)
03:56:30.0671 7628 GEMC004 (e91d4b3d552fb303d203fd69c744201f) C:\GEMC004.sys
03:56:30.0703 7628 GEMC004 ( UnsignedFile.Multi.Generic ) - warning
03:56:30.0703 7628 GEMC004 - detected UnsignedFile.Multi.Generic (1)
03:56:30.0718 7628 GEMC005 (f7e62c64b36fe6e3e28bbf695e845561) C:\GEMC005.sys
03:56:30.0750 7628 GEMC005 ( UnsignedFile.Multi.Generic ) - warning
03:56:30.0750 7628 GEMC005 - detected UnsignedFile.Multi.Generic (1)
03:56:30.0796 7628 GEMC007 (f57292cab90e63a28fd9af9f30bc1ac8) C:\GEMC007.sys
03:56:30.0843 7628 GEMC007 ( UnsignedFile.Multi.Generic ) - warning
03:56:30.0843 7628 GEMC007 - detected UnsignedFile.Multi.Generic (1)
03:56:30.0890 7628 GEMC009 (d555d20a58b376064cc5650c476ca95f) C:\GEMC009.sys
03:56:30.0921 7628 GEMC009 ( UnsignedFile.Multi.Generic ) - warning
03:56:30.0921 7628 GEMC009 - detected UnsignedFile.Multi.Generic (1)
03:56:30.0953 7628 GEMC011 (083bd2ddf3ed2fe5f9a93d5e2cd63517) C:\GEMC011.sys
03:56:30.0968 7628 GEMC011 ( UnsignedFile.Multi.Generic ) - warning
03:56:30.0968 7628 GEMC011 - detected UnsignedFile.Multi.Generic (1)
03:56:31.0000 7628 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
03:56:31.0093 7628 Gpc - ok
03:56:31.0296 7628 gupdate1ca19f0d79b2096 (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
03:56:31.0296 7628 gupdate1ca19f0d79b2096 - ok
03:56:31.0312 7628 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
03:56:31.0312 7628 gupdatem - ok
03:56:31.0375 7628 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
03:56:31.0390 7628 gusvc - ok
03:56:31.0437 7628 hamachi (d30b31375c40309425c21efe75db90bb) C:\WINDOWS\system32\DRIVERS\hamachi.sys
03:56:31.0453 7628 hamachi - ok
03:56:31.0484 7628 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
03:56:31.0515 7628 HDAudBus ( UnsignedFile.Multi.Generic ) - warning
03:56:31.0515 7628 HDAudBus - detected UnsignedFile.Multi.Generic (1)
03:56:31.0562 7628 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
03:56:31.0656 7628 helpsvc - ok
03:56:31.0687 7628 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
03:56:31.0796 7628 HidServ - ok
03:56:31.0828 7628 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
03:56:31.0921 7628 HidUsb - ok
03:56:31.0937 7628 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
03:56:32.0031 7628 hkmsvc - ok
03:56:32.0156 7628 hpdj - ok
03:56:32.0156 7628 hpn - ok
03:56:32.0203 7628 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
03:56:32.0250 7628 HTTP - ok
03:56:32.0312 7628 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
03:56:32.0406 7628 HTTPFilter - ok
03:56:32.0484 7628 HWiNFO32 (ac1e9496ba0ac3b27b45f2228ed51b2c) C:\Program Files\HWiNFO32\HWiNFO32.SYS
03:56:32.0484 7628 HWiNFO32 - ok
03:56:32.0484 7628 i2omgmt - ok
03:56:32.0484 7628 i2omp - ok
03:56:32.0500 7628 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
03:56:32.0593 7628 i8042prt - ok
03:56:32.0671 7628 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
03:56:32.0703 7628 IDriverT ( UnsignedFile.Multi.Generic ) - warning
03:56:32.0703 7628 IDriverT - detected UnsignedFile.Multi.Generic (1)
03:56:32.0828 7628 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
03:56:32.0875 7628 idsvc - ok
03:56:32.0890 7628 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
03:56:32.0984 7628 Imapi - ok
03:56:33.0015 7628 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
03:56:33.0093 7628 ImapiService - ok
03:56:33.0093 7628 ini910u - ok
03:56:33.0453 7628 IntcAzAudAddService (6ed742d93bcf9af7718bbbe8f080dbbd) C:\WINDOWS\system32\drivers\RtkHDAud.sys
03:56:33.0718 7628 IntcAzAudAddService ( UnsignedFile.Multi.Generic ) - warning
03:56:33.0718 7628 IntcAzAudAddService - detected UnsignedFile.Multi.Generic (1)
03:56:33.0796 7628 IntelIde - ok
03:56:33.0843 7628 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
03:56:33.0921 7628 intelppm - ok
03:56:33.0953 7628 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
03:56:34.0046 7628 Ip6Fw - ok
03:56:34.0078 7628 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
03:56:34.0171 7628 IpFilterDriver - ok
03:56:34.0187 7628 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
03:56:34.0265 7628 IpInIp - ok
03:56:34.0296 7628 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
03:56:34.0390 7628 IpNat - ok
03:56:34.0406 7628 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
03:56:34.0500 7628 IPSec - ok
03:56:34.0500 7628 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
03:56:34.0562 7628 IRENUM - ok
03:56:34.0578 7628 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
03:56:34.0656 7628 isapnp - ok
03:56:34.0796 7628 jakfcswx - ok
03:56:34.0906 7628 JavaQuickStarterService (de5d05fd449798ef88cc34ad4b1e7f85) C:\Program Files\Java\jre6\bin\jqs.exe
03:56:34.0921 7628 JavaQuickStarterService - ok
03:56:34.0968 7628 kbdcap (d96ad2e7e91b994f81779144f56bed73) C:\WINDOWS\system32\drivers\kbdcap.sys
03:56:35.0000 7628 kbdcap ( UnsignedFile.Multi.Generic ) - warning
03:56:35.0000 7628 kbdcap - detected UnsignedFile.Multi.Generic (1)
03:56:35.0031 7628 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
03:56:35.0109 7628 Kbdclass - ok
03:56:35.0125 7628 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
03:56:35.0218 7628 kbdhid - ok
03:56:35.0250 7628 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
03:56:35.0343 7628 kmixer - ok
03:56:35.0375 7628 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
03:56:35.0437 7628 KSecDD - ok
03:56:35.0437 7628 L8042Kbd (0c6e346cde730cf1356dd69ad6e9bc42) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
03:56:35.0453 7628 L8042Kbd - ok
03:56:35.0484 7628 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
03:56:35.0515 7628 lanmanserver - ok
03:56:35.0546 7628 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
03:56:35.0578 7628 lanmanworkstation - ok
03:56:35.0593 7628 lbrtfdc - ok
03:56:35.0687 7628 LBTServ (3af6b73a3ad1fc37c5933441f66ceb91) C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
03:56:35.0718 7628 LBTServ - ok
03:56:35.0750 7628 LHidFilt (7f9c7b28cf1c859e1c42619eea946dc8) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
03:56:35.0765 7628 LHidFilt - ok
03:56:35.0812 7628 LIVESRV - ok
03:56:35.0859 7628 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
03:56:35.0937 7628 LmHosts - ok
03:56:35.0937 7628 lmimirr - ok
03:56:35.0937 7628 LMouFilt (ab33792a87285344f43b5ce23421bab0) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
03:56:35.0953 7628 LMouFilt - ok
03:56:35.0953 7628 LUsbFilt (77030525cd86a93f1af34fa9b96d33ce) C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
03:56:35.0968 7628 LUsbFilt - ok
03:56:36.0000 7628 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys
03:56:36.0000 7628 MBAMProtector - ok
03:56:36.0078 7628 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
03:56:36.0093 7628 MBAMService - ok
03:56:36.0140 7628 mcdbus (af61a1c34e2d3f7543f9ccfc323170b8) C:\WINDOWS\system32\DRIVERS\mcdbus.sys
03:56:36.0187 7628 mcdbus ( UnsignedFile.Multi.Generic ) - warning
03:56:36.0187 7628 mcdbus - detected UnsignedFile.Multi.Generic (1)
03:56:36.0203 7628 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
03:56:36.0281 7628 Messenger - ok
03:56:36.0390 7628 Microsoft Office Groove Audit Service (7c4c76b39d5525c4a465e0be32528e19) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
03:56:36.0406 7628 Microsoft Office Groove Audit Service - ok
03:56:36.0437 7628 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
03:56:36.0531 7628 mnmdd - ok
03:56:36.0593 7628 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
03:56:36.0687 7628 mnmsrvc - ok
03:56:36.0718 7628 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
03:56:36.0796 7628 Modem - ok
03:56:36.0812 7628 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
03:56:36.0906 7628 Mouclass - ok
03:56:36.0937 7628 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
03:56:37.0000 7628 mouhid - ok
03:56:37.0015 7628 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
03:56:37.0109 7628 MountMgr - ok
03:56:37.0125 7628 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
03:56:37.0218 7628 MPE - ok
03:56:37.0218 7628 mraid35x - ok
03:56:37.0234 7628 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
03:56:37.0343 7628 MRxDAV - ok
03:56:37.0375 7628 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
03:56:37.0421 7628 MRxSmb - ok
03:56:37.0437 7628 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
03:56:37.0531 7628 MSDTC - ok
03:56:37.0531 7628 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
03:56:37.0609 7628 Msfs - ok
03:56:37.0609 7628 MSIServer - ok
03:56:37.0625 7628 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
03:56:37.0703 7628 MSKSSRV - ok
03:56:37.0718 7628 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
03:56:37.0812 7628 MSPCLOCK - ok
03:56:37.0812 7628 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
03:56:37.0890 7628 MSPQM - ok
03:56:37.0937 7628 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
03:56:38.0000 7628 mssmbios - ok
03:56:38.0093 7628 MSSQL$SQLEXPRESS - ok
03:56:38.0109 7628 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
03:56:38.0140 7628 MSSQLServerADHelper - ok
03:56:38.0156 7628 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
03:56:38.0234 7628 MSTEE - ok
03:56:38.0437 7628 msvsmon90 (e514d0493c272aecbac7c6c1dac635d1) C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe
03:56:38.0562 7628 msvsmon90 - ok
03:56:38.0671 7628 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
03:56:38.0703 7628 MTsensor - ok
03:56:38.0750 7628 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
03:56:38.0828 7628 Mup - ok
03:56:38.0843 7628 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
03:56:38.0953 7628 NABTSFEC - ok
03:56:38.0984 7628 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
03:56:39.0078 7628 napagent - ok
03:56:39.0125 7628 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
03:56:39.0218 7628 NDIS - ok
03:56:39.0234 7628 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
03:56:39.0328 7628 NdisIP - ok
03:56:39.0375 7628 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
03:56:39.0453 7628 NdisTapi - ok
03:56:39.0453 7628 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
03:56:39.0531 7628 Ndisuio - ok
03:56:39.0531 7628 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
03:56:39.0609 7628 NdisWan - ok
03:56:39.0656 7628 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
03:56:39.0687 7628 NDProxy - ok
03:56:39.0875 7628 Nero BackItUp Scheduler 4.0 (c7f5c284b6f46fcaf6910ea4e644700b) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
03:56:39.0937 7628 Nero BackItUp Scheduler 4.0 - ok
03:56:39.0953 7628 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
03:56:40.0046 7628 NetBIOS - ok
03:56:40.0078 7628 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
03:56:40.0171 7628 NetBT - ok
03:56:40.0203 7628 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
03:56:40.0281 7628 NetDDE - ok
03:56:40.0281 7628 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
03:56:40.0359 7628 NetDDEdsdm - ok
03:56:40.0390 7628 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
03:56:40.0484 7628 Netlogon - ok
03:56:40.0500 7628 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
03:56:40.0593 7628 Netman - ok
03:56:40.0718 7628 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
03:56:40.0718 7628 NetTcpPortSharing - ok
03:56:40.0765 7628 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
03:56:40.0781 7628 Nla - ok
03:56:40.0796 7628 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
03:56:40.0875 7628 Npfs - ok
03:56:40.0875 7628 npggsvc - ok
03:56:40.0906 7628 npkcmsvc (93b9a6b06c873a425ab18a834cd381d0) C:\WINDOWS\system32\npkcmsvc.exe
03:56:40.0921 7628 npkcmsvc - ok
03:56:40.0968 7628 npkcrypt (08cb29081d252a1f672eed9e18446f99) C:\WINDOWS\system32\npkcrypt.sys
03:56:40.0984 7628 npkcrypt - ok
03:56:41.0000 7628 npkcusb (c0d56b1f64c986ab7ca169a5e7a8ebd8) C:\WINDOWS\system32\npkcusb.sys
03:56:41.0015 7628 npkcusb - ok
03:56:41.0046 7628 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
03:56:41.0156 7628 Ntfs - ok
03:56:41.0187 7628 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
03:56:41.0265 7628 NtLmSsp - ok
03:56:41.0328 7628 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
03:56:41.0468 7628 NtmsSvc - ok
03:56:41.0578 7628 nTuneService - ok
03:56:41.0625 7628 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
03:56:41.0718 7628 Null - ok
03:56:42.0406 7628 nv (7b5a17bd54bb9142843dbe99a1caaed8) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
03:56:43.0062 7628 nv - ok
03:56:43.0140 7628 NVR0Dev (61d6b1c71ad94f8485e966bebc36d092) C:\WINDOWS\nvoclock.sys
03:56:43.0156 7628 NVR0Dev ( UnsignedFile.Multi.Generic ) - warning
03:56:43.0156 7628 NVR0Dev - detected UnsignedFile.Multi.Generic (1)
03:56:43.0250 7628 NVSvc (5150b108ea88831e1c599603d8b89621) C:\WINDOWS\system32\nvsvc32.exe
03:56:43.0265 7628 NVSvc - ok
03:56:43.0468 7628 nvUpdatusService (83e8ab7bb3c8956c53fec071c94f0bbb) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
03:56:43.0531 7628 nvUpdatusService - ok
03:56:43.0609 7628 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
03:56:43.0703 7628 NwlnkFlt - ok
03:56:43.0718 7628 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
03:56:43.0812 7628 NwlnkFwd - ok
03:56:43.0906 7628 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
03:56:43.0968 7628 odserv - ok
03:56:44.0000 7628 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
03:56:44.0031 7628 ose - ok
03:56:44.0078 7628 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
03:56:44.0171 7628 Parport - ok
03:56:44.0187 7628 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
03:56:44.0265 7628 PartMgr - ok
03:56:44.0296 7628 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
03:56:44.0390 7628 ParVdm - ok
03:56:44.0390 7628 PavProc - ok
03:56:44.0390 7628 PavPrSrv - ok
03:56:44.0421 7628 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
03:56:44.0515 7628 PCI - ok
03:56:44.0515 7628 PCIDump - ok
03:56:44.0531 7628 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
03:56:44.0640 7628 PCIIde - ok
03:56:44.0656 7628 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
03:56:44.0734 7628 Pcmcia - ok
03:56:44.0828 7628 PCToolsSSDMonitorSvc (953615a27d3e873e71320e2fe464049c) C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
03:56:44.0875 7628 PCToolsSSDMonitorSvc - ok
03:56:44.0875 7628 PDCOMP - ok
03:56:44.0875 7628 PDFRAME - ok
03:56:44.0875 7628 PDRELI - ok
03:56:44.0875 7628 PDRFRAME - ok
03:56:44.0875 7628 perc2 - ok
03:56:44.0875 7628 perc2hib - ok
03:56:44.0921 7628 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
03:56:44.0937 7628 PlugPlay - ok
03:56:44.0968 7628 PnkBstrA (3a2e85f7d90d15460c337ce80c2e3b29) C:\WINDOWS\system32\PnkBstrA.exe
03:56:44.0984 7628 PnkBstrA - ok
03:56:45.0015 7628 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
03:56:45.0093 7628 PolicyAgent - ok
03:56:45.0093 7628 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
03:56:45.0171 7628 PptpMiniport - ok
03:56:45.0234 7628 Profos - ok
03:56:45.0250 7628 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
03:56:45.0312 7628 ProtectedStorage - ok
03:56:45.0343 7628 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
03:56:45.0437 7628 PSched - ok
03:56:45.0453 7628 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
03:56:45.0546 7628 Ptilink - ok
03:56:45.0578 7628 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
03:56:45.0593 7628 PxHelp20 - ok
03:56:45.0609 7628 ql1080 - ok
03:56:45.0609 7628 Ql10wnt - ok
03:56:45.0609 7628 ql12160 - ok
03:56:45.0609 7628 ql1240 - ok
03:56:45.0609 7628 ql1280 - ok
03:56:45.0625 7628 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
03:56:45.0703 7628 RasAcd - ok
03:56:45.0734 7628 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
03:56:45.0828 7628 RasAuto - ok
03:56:45.0843 7628 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
03:56:45.0921 7628 Rasl2tp - ok
03:56:45.0953 7628 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
03:56:46.0046 7628 RasMan - ok
03:56:46.0046 7628 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
03:56:46.0125 7628 RasPppoe - ok
03:56:46.0125 7628 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
03:56:46.0203 7628 Raspti - ok
03:56:46.0218 7628 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
03:56:46.0312 7628 Rdbss - ok
03:56:46.0312 7628 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
03:56:46.0390 7628 RDPCDD - ok
03:56:46.0421 7628 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
03:56:46.0500 7628 rdpdr - ok
03:56:46.0515 7628 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
03:56:46.0609 7628 RDPWD - ok
03:56:46.0625 7628 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
03:56:46.0703 7628 RDSessMgr - ok
03:56:46.0718 7628 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
03:56:46.0796 7628 redbook - ok
03:56:46.0812 7628 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
03:56:46.0890 7628 RemoteAccess - ok
03:56:46.0921 7628 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
03:56:47.0000 7628 RemoteRegistry - ok
03:56:47.0031 7628 Revoflt (8b5b8a11306190c6963d3473f052d3c8) C:\WINDOWS\system32\DRIVERS\revoflt.sys
03:56:47.0046 7628 Revoflt - ok
03:56:47.0046 7628 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
03:56:47.0125 7628 RpcLocator - ok
03:56:47.0187 7628 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
03:56:47.0203 7628 RpcSs - ok
03:56:47.0234 7628 rspndr (0e11b35e972796042044bc27ce13b065) C:\WINDOWS\system32\DRIVERS\rspndr.sys
03:56:47.0265 7628 rspndr ( UnsignedFile.Multi.Generic ) - warning
03:56:47.0265 7628 rspndr - detected UnsignedFile.Multi.Generic (1)
03:56:47.0312 7628 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
03:56:47.0375 7628 RSVP - ok
03:56:47.0390 7628 RTLWUSB - ok
03:56:47.0437 7628 s116bus (815445f4676cc96bc9aeec303c727e19) C:\WINDOWS\system32\DRIVERS\s116bus.sys
03:56:47.0453 7628 s116bus - ok
03:56:47.0484 7628 s116mdfl (333d1e0743e6de1779c3c418ac601c3a) C:\WINDOWS\system32\DRIVERS\s116mdfl.sys
03:56:47.0500 7628 s116mdfl - ok
03:56:47.0531 7628 s116mdm (50d6e5b021e9ec7553ab8a3553cc1b6b) C:\WINDOWS\system32\DRIVERS\s116mdm.sys
03:56:47.0546 7628 s116mdm - ok
03:56:47.0593 7628 s816bus (8c156e6b568aa927eb5deadeb870bdd2) C:\WINDOWS\system32\DRIVERS\s816bus.sys
03:56:47.0609 7628 s816bus - ok
03:56:47.0640 7628 s816mdfl (d4ed429953a2b8b09c702805813a26c8) C:\WINDOWS\system32\DRIVERS\s816mdfl.sys
03:56:47.0656 7628 s816mdfl - ok
03:56:47.0671 7628 s816mdm (94306f371a6ff8b690bea81157111b3b) C:\WINDOWS\system32\DRIVERS\s816mdm.sys
03:56:47.0687 7628 s816mdm - ok
03:56:47.0703 7628 s816mgmt (fafdd00abad1b6029bf7f4067764ab41) C:\WINDOWS\system32\DRIVERS\s816mgmt.sys
03:56:47.0718 7628 s816mgmt - ok
03:56:47.0750 7628 s816nd5 (fd0d1e39cb22558d79bff59b66a5874a) C:\WINDOWS\system32\DRIVERS\s816nd5.sys
03:56:47.0765 7628 s816nd5 - ok
03:56:47.0781 7628 s816obex (8eacd5e46764463e75f171d9bf305348) C:\WINDOWS\system32\DRIVERS\s816obex.sys
03:56:47.0796 7628 s816obex - ok
03:56:47.0812 7628 s816unic (e2090b041b935430abc8e184b7d6cd75) C:\WINDOWS\system32\DRIVERS\s816unic.sys
03:56:47.0828 7628 s816unic - ok
03:56:47.0875 7628 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
03:56:47.0937 7628 SamSs - ok
03:56:48.0031 7628 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
03:56:48.0046 7628 SASDIFSV - ok
03:56:48.0062 7628 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
03:56:48.0078 7628 SASKUTIL - ok
03:56:48.0203 7628 scan (33695c0f02be88a07a75bc793d616ed0) C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll
03:56:48.0234 7628 scan - ok
03:56:48.0296 7628 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
03:56:48.0375 7628 SCardSvr - ok
03:56:48.0406 7628 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
03:56:48.0500 7628 Schedule - ok
03:56:48.0546 7628 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
03:56:48.0609 7628 Secdrv - ok
03:56:48.0625 7628 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
03:56:48.0703 7628 seclogon - ok
03:56:48.0734 7628 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
03:56:48.0812 7628 SENS - ok
03:56:48.0828 7628 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
03:56:48.0906 7628 serenum - ok
03:56:48.0921 7628 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
03:56:49.0000 7628 Serial - ok
03:56:49.0015 7628 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
03:56:49.0109 7628 Sfloppy - ok
03:56:49.0156 7628 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
03:56:49.0265 7628 SharedAccess - ok
03:56:49.0312 7628 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
03:56:49.0312 7628 ShellHWDetection - ok
03:56:49.0312 7628 ShldDrv - ok
03:56:49.0328 7628 Simbad - ok
03:56:49.0359 7628 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
03:56:49.0437 7628 SLIP - ok
03:56:49.0437 7628 Sparrow - ok
03:56:49.0468 7628 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
03:56:49.0531 7628 splitter - ok
03:56:49.0578 7628 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
03:56:49.0593 7628 Spooler - ok
03:56:49.0593 7628 sptd - ok
03:56:49.0781 7628 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
03:56:49.0796 7628 SQLBrowser - ok
03:56:49.0812 7628 SQLWriter (d89083c4eb02daca8f944b0e05e57f9d) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
03:56:49.0828 7628 SQLWriter - ok
03:56:49.0843 7628 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
03:56:49.0921 7628 sr - ok
03:56:49.0937 7628 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
03:56:49.0984 7628 srservice - ok
03:56:50.0015 7628 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
03:56:50.0062 7628 Srv - ok
03:56:50.0093 7628 sscdbus (92b69020fc480219683d429dca068d71) C:\WINDOWS\system32\DRIVERS\sscdbus.sys
03:56:50.0109 7628 sscdbus - ok
03:56:50.0140 7628 sscdmdfl (77a2869d40cc84af711c321f9b0c7a78) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
03:56:50.0140 7628 sscdmdfl - ok
03:56:50.0171 7628 sscdmdm (b4255635195a8413fcde7af5b7c4e382) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
03:56:50.0203 7628 sscdmdm - ok
03:56:50.0218 7628 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
03:56:50.0265 7628 SSDPSRV - ok
03:56:50.0296 7628 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
03:56:50.0390 7628 stisvc - ok
03:56:50.0468 7628 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
03:56:50.0562 7628 streamip - ok
03:56:50.0578 7628 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
03:56:50.0671 7628 swenum - ok
03:56:50.0812 7628 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
03:56:50.0843 7628 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
03:56:50.0843 7628 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
03:56:50.0890 7628 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
03:56:50.0968 7628 swmidi - ok
03:56:50.0968 7628 SwPrv - ok
03:56:50.0968 7628 symc810 - ok
03:56:50.0968 7628 symc8xx - ok
03:56:50.0968 7628 sym_hi - ok
03:56:50.0968 7628 sym_u3 - ok
03:56:50.0984 7628 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
03:56:51.0078 7628 sysaudio - ok
03:56:51.0078 7628 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
03:56:51.0156 7628 SysmonLog - ok
03:56:51.0187 7628 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
03:56:51.0265 7628 TapiSrv - ok
03:56:51.0312 7628 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
03:56:51.0328 7628 Tcpip - ok
03:56:51.0343 7628 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
03:56:51.0453 7628 TDPIPE - ok
03:56:51.0468 7628 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
03:56:51.0562 7628 TDTCP - ok
03:56:51.0578 7628 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
03:56:51.0656 7628 TermDD - ok
03:56:51.0687 7628 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
03:56:51.0765 7628 TermService - ok
03:56:51.0796 7628 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
03:56:51.0812 7628 Themes - ok
03:56:51.0859 7628 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
03:56:51.0921 7628 TlntSvr - ok
03:56:51.0921 7628 TosIde - ok
03:56:51.0937 7628 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
03:56:52.0031 7628 TrkWks - ok
03:56:52.0062 7628 TrueSight (b3c9c35dc93563b8d19ad414edf2fc82) c:\windows\system32\drivers\TrueSight.sys
03:56:52.0062 7628 TrueSight ( UnsignedFile.Multi.Generic ) - warning
03:56:52.0062 7628 TrueSight - detected UnsignedFile.Multi.Generic (1)
03:56:52.0187 7628 Trufos - ok
03:56:52.0203 7628 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
03:56:52.0281 7628 Udfs - ok
03:56:52.0281 7628 ultra - ok
03:56:52.0328 7628 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
03:56:52.0406 7628 Update - ok
03:56:52.0453 7628 Update Server (3cc00597a30b23757aa23cb677918bef) C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe
03:56:52.0484 7628 Update Server - ok
03:56:52.0546 7628 UPDATESRV (6a4b184261a29968b288a93d648dc5a1) C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
03:56:52.0546 7628 UPDATESRV - ok
03:56:52.0609 7628 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
03:56:52.0671 7628 upnphost - ok
03:56:52.0687 7628 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
03:56:52.0765 7628 UPS - ok
03:56:52.0796 7628 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
03:56:52.0890 7628 usbccgp - ok
03:56:52.0921 7628 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
03:56:53.0000 7628 usbehci - ok
03:56:53.0031 7628 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
03:56:53.0125 7628 usbhub - ok
03:56:53.0156 7628 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
03:56:53.0250 7628 usbprint - ok
03:56:53.0281 7628 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
03:56:53.0390 7628 usbscan - ok
03:56:53.0390 7628 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
03:56:53.0484 7628 USBSTOR - ok
03:56:53.0500 7628 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
03:56:53.0578 7628 usbuhci - ok
03:56:53.0593 7628 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
03:56:53.0671 7628 VgaSave - ok
03:56:53.0671 7628 ViaIde - ok
03:56:53.0671 7628 VMnetAdapter - ok
03:56:53.0687 7628 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
03:56:53.0781 7628 VolSnap - ok
03:56:53.0796 7628 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
03:56:53.0843 7628 VSS - ok
03:56:53.0859 7628 VSSERV - ok
03:56:53.0859 7628 vtany - ok
03:56:53.0875 7628 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
03:56:53.0953 7628 W32Time - ok
03:56:53.0968 7628 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
03:56:54.0046 7628 Wanarp - ok
03:56:54.0093 7628 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
03:56:54.0125 7628 Wdf01000 - ok
03:56:54.0125 7628 WDICA - ok
03:56:54.0140 7628 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
03:56:54.0421 7628 wdmaud - ok
03:56:54.0437 7628 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
03:56:54.0531 7628 WebClient - ok
03:56:54.0609 7628 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
03:56:54.0703 7628 winmgmt - ok
03:56:54.0734 7628 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
03:56:54.0765 7628 WmdmPmSN - ok
03:56:54.0812 7628 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
03:56:54.0828 7628 Wmi - ok
03:56:54.0859 7628 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
03:56:54.0953 7628 WmiApSrv - ok
03:56:55.0078 7628 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
03:56:55.0125 7628 WMPNetworkSvc - ok
03:56:55.0312 7628 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
03:56:55.0359 7628 WPFFontCache_v0400 - ok
03:56:55.0453 7628 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
03:56:55.0546 7628 WS2IFSL - ok
03:56:55.0593 7628 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
03:56:55.0671 7628 wscsvc - ok
03:56:55.0718 7628 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
03:56:55.0812 7628 WSTCODEC - ok
03:56:55.0843 7628 wuauserv (b72508649dad03bcb5d708edb1e3e57e) C:\WINDOWS\system32\wuauserv.dll
03:56:55.0843 7628 wuauserv - ok
03:56:55.0890 7628 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
03:56:55.0937 7628 WudfPf - ok
03:56:55.0953 7628 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
03:56:55.0968 7628 WudfRd - ok
03:56:56.0000 7628 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
03:56:56.0015 7628 WudfSvc - ok
03:56:56.0078 7628 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
03:56:56.0156 7628 WZCSVC - ok
03:56:56.0171 7628 XDva190 - ok
03:56:56.0171 7628 XDva275 - ok
03:56:56.0171 7628 XDva279 - ok
03:56:56.0171 7628 XDva288 - ok
03:56:56.0171 7628 XDva351 - ok
03:56:56.0171 7628 XDva380 - ok
03:56:56.0187 7628 XDva385 - ok
03:56:56.0187 7628 XDva387 - ok
03:56:56.0187 7628 XDva389 - ok
03:56:56.0187 7628 XDva391 - ok
03:56:56.0187 7628 XDva392 - ok
03:56:56.0187 7628 XDva393 - ok
03:56:56.0203 7628 XDva394 - ok
03:56:56.0203 7628 xhunter1 - ok
03:56:56.0234 7628 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
03:56:56.0328 7628 xmlprov - ok
03:56:56.0359 7628 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
03:56:56.0687 7628 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
03:56:56.0687 7628 \Device\Harddisk0\DR0 - detected TDSS File System (1)
03:56:56.0687 7628 Boot (0x1200) (fda853b3cbc4c69a37ac98933a59178c) \Device\Harddisk0\DR0\Partition0
03:56:56.0718 7628 \Device\Harddisk0\DR0\Partition0 - ok
03:56:56.0718 7628 ============================================================
03:56:56.0718 7628 Scan finished
03:56:56.0718 7628 ============================================================
03:56:56.0828 5596 Detected object count: 24
03:56:56.0828 5596 Actual detected object count: 24
03:57:51.0812 5596 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
03:57:51.0812 5596 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
03:57:51.0812 5596 CardBusService ( UnsignedFile.Multi.Generic ) - skipped by user
03:57:51.0812 5596 CardBusService ( UnsignedFile.Multi.Generic ) - User select action: Skip
03:57:51.0859 5596 C:\WINDOWS\system32\DRIVERS\disk.sys - copied to quarantine
03:57:51.0906 5596 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
03:57:51.0906 5596 \Device\Harddisk0\DR0\TDLFS\tdl - copied to quarantine
03:57:51.0906 5596 \Device\Harddisk0\DR0\TDLFS\rsrc.dat - copied to quarantine
03:57:51.0906 5596 \Device\Harddisk0\DR0\TDLFS\bckfg.tmp - copied to quarantine
03:57:51.0906 5596 \Device\Harddisk0\DR0\TDLFS\tdlcmd.dll - copied to quarantine
03:57:51.0921 5596 \Device\Harddisk0\DR0\TDLFS\keywords - copied to quarantine
03:57:53.0015 5596 Backup copy not found, trying to cure infected file..
03:57:53.0015 5596 Cure success, using it..
03:57:53.0046 5596 C:\WINDOWS\system32\DRIVERS\disk.sys - will be cured on reboot
03:57:53.0046 5596 Disk ( Rootkit.Win32.TDSS.tdl3 ) - User select action: Cure
03:57:53.0046 5596 DrvAgent32 ( UnsignedFile.Multi.Generic ) - skipped by user
03:57:53.0046 5596 DrvAgent32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
03:57:53.0046 5596 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user
03:57:53.0046 5596 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
03:57:53.0046 5596 FsUsbExService ( UnsignedFile.Multi.Generic ) - skipped by user
03:57:53.0046 5596 FsUsbExService ( UnsignedFile.Multi.Generic ) - User select action: Skip
03:57:53.0046 5596 GEMC001 ( UnsignedFile.Multi.Generic ) - skipped by user
03:57:53.0046 5596 GEMC001 ( UnsignedFile.Multi.Generic ) - User select action: Skip
03:57:53.0046 5596 GEMC002 ( UnsignedFile.Multi.Generic ) - skipped by user
03:57:53.0046 5596 GEMC002 ( UnsignedFile.Multi.Generic ) - User select action: Skip
03:57:53.0046 5596 GEMC003 ( UnsignedFile.Multi.Generic ) - skipped by user
03:57:53.0046 5596 GEMC003 ( UnsignedFile.Multi.Generic ) - User select action: Skip
03:57:53.0046 5596 GEMC004 ( UnsignedFile.Multi.Generic ) - skipped by user
03:57:53.0046 5596 GEMC004 ( UnsignedFile.Multi.Generic ) - User select action: Skip
03:57:53.0046 5596 GEMC005 ( UnsignedFile.Multi.Generic ) - skipped by user
03:57:53.0046 5596 GEMC005 ( UnsignedFile.Multi.Generic ) - User select action: Skip
03:57:53.0046 5596 GEMC007 ( UnsignedFile.Multi.Generic ) - skipped by user
03:57:53.0046 5596 GEMC007 ( UnsignedFile.Multi.Generic ) - User select action: Skip
03:57:53.0046 5596 GEMC009 ( UnsignedFile.Multi.Generic ) - skipped by user
03:57:53.0046 5596 GEMC009 ( UnsignedFile.Multi.Generic ) - User select action: Skip
03:57:53.0046 5596 GEMC011 ( UnsignedFile.Multi.Generic ) - skipped by user
03:57:53.0046 5596 GEMC011 ( UnsignedFile.Multi.Generic ) - User select action: Skip
03:57:53.0062 5596 HDAudBus ( UnsignedFile.Multi.Generic ) - skipped by user
03:57:53.0062 5596 HDAudBus ( UnsignedFile.Multi.Generic ) - User select action: Skip
03:57:53.0062 5596 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
03:57:53.0062 5596 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
03:57:53.0062 5596 IntcAzAudAddService ( UnsignedFile.Multi.Generic ) - skipped by user
03:57:53.0062 5596 IntcAzAudAddService ( UnsignedFile.Multi.Generic ) - User select action: Skip
03:57:53.0062 5596 kbdcap ( UnsignedFile.Multi.Generic ) - skipped by user
03:57:53.0062 5596 kbdcap ( UnsignedFile.Multi.Generic ) - User select action: Skip
03:57:53.0062 5596 mcdbus ( UnsignedFile.Multi.Generic ) - skipped by user
03:57:53.0062 5596 mcdbus ( UnsignedFile.Multi.Generic ) - User select action: Skip
03:57:53.0062 5596 NVR0Dev ( UnsignedFile.Multi.Generic ) - skipped by user
03:57:53.0062 5596 NVR0Dev ( UnsignedFile.Multi.Generic ) - User select action: Skip
03:57:53.0062 5596 rspndr ( UnsignedFile.Multi.Generic ) - skipped by user
03:57:53.0062 5596 rspndr ( UnsignedFile.Multi.Generic ) - User select action: Skip
03:57:53.0062 5596 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
03:57:53.0062 5596 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
03:57:53.0062 5596 TrueSight ( UnsignedFile.Multi.Generic ) - skipped by user
03:57:53.0062 5596 TrueSight ( UnsignedFile.Multi.Generic ) - User select action: Skip
03:57:53.0062 5596 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
03:57:53.0062 5596 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
03:58:50.0125 5728 Deinitialize success
-----------------------------------------------------------------------
Malwarebytes:
Možnosti pregleda omogočene: Spomin | Zagon | Register | Datotečni sistem | Hevristika/Dodatno | Hevristika/Shuriken | PUP | PUM
Možnosti pregleda onemogočene: P2P
Scanned files: 306867
Pretečen čas: 11 minut, 55 sekund
Odkritih spominskih procesov: 0
(Ni bilo najdenih zlonamernih objektov)
Odkritih spominskih modulov: 0
(Ni bilo najdenih zlonamernih objektov)
Odkritih ključev registra: 0
(Ni bilo najdenih zlonamernih objektov)
Odkritih vrednosti registra: 0
(Ni bilo najdenih zlonamernih objektov)
Odkritih vnosov v register: 0
(Ni bilo najdenih zlonamernih objektov)
Odkritih map: 0
(Ni bilo najdenih zlonamernih objektov)
Detected files: 1
C:\Documents and Settings\Silvo\My Documents\Downloads\SoftonicDownloader_for_vlc-media-player.exe (PUP.ToolbarDownloader) -> sent to karantene and successfully deleted,
(The end)
I translated the important parts to english.
------------------------------------------------------------
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_33
Run by Silvo at 4:48:49 on 2012-06-21
Microsoft Windows XP Professional 5.1.2600.3.1250.386.1033.18.3327.2363 [GMT -7:00]
.
AV: Bitdefender Antivirus *Enabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: AVG Firewall *Disabled*
.
============== Running Processes ===============
.
C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\npkcmsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\program files\real\realplayer\update\realsched.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = about:blank
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
mURLSearchHooks: H - No File
mURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live - Pomoc pri vpisu: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - No File
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\nTuneCmd.exe" clear
uRun: [AdobeBridge]
mRun: [sony Ericsson PC Suite] "c:\program files\sony ericsson\mobile2\application launcher\Application Launcher.exe" /startoptions
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [MSOffice] c:\windows\system32\msoffice\update.exe
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [skyTel] SkyTel.EXE
mRun: [AFEC-CEAB] c:\documents and settings\silvo\application data\Seven.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [<NO NAME>]
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [bDAgent] "c:\program files\bitdefender\bitdefender 2012\bdagent.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OE1FSC1SNkJGRS1IV1VIRi1EUE5EQS1WRlVXWC0yRU1CUg"&"inst=NzYtODg4NDYwOTgwLVhPMzYrMS1OMUQrMS1QTCs5LUNJUCsyLUREVCsyMzM1OS1UVUcrMy1MU0QrMi1EMzgxTCs2LUkxMCsxLUREMTArMS1TVDEwQVBQKzEtRlVJKzItUDEwVEIrMg"&"prod=94"&"ver=10.0.1415
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRun: [bDFFBC5DC7] c:\documents and settings\localservice\application data\Windows.exe
dRun: [Google Update] c:\documents and settings\localservice\local settings\application data\google\update\gupdate.exe /app 16DA36A7C6637CD4F26B9C1699938645
dRun: [Java] c:\documents and settings\networkservice\application data\Java.exe
dRunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32
dRunOnce: [RunNarrator] Narrator.exe
mExplorerRun: [AFEC-CEAB] c:\documents and settings\silvo\application data\Seven.exe
StartupFolder: c:\docume~1\silvo\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\averqu~1.lnk - c:\program files\common files\avermedia\averquick\AVerQuick.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - c:\program files\icq7.2\ICQ.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.srtest.com/srl_bin/sysreqlab3.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1217854800937
DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} - hxxp://www.acclaim.com/cabs/acclaim_v4.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1217854781968
DPF: {7A0D1738-10EA-47FF-92BE-4E137B5BE1A4} - hxxps://mpsnare.iesnare.com/StmOCX.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://disteng.nefficient.com/disteng/neffy/NeffyLauncher.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} - hxxp://update.nprotect.net/keycrypt/cabal/npkcx_inca.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
TCP: Interfaces\{BC30E4D0-6780-42EB-9733-F8D55434BB60} : NameServer = 193.189.160.13,193.189.160.23
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\silvo\application data\mozilla\firefox\profiles\keudrcdb.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.3&q=
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: c:\documents and settings\silvo\application data\mozilla\firefox\profiles\keudrcdb.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\silvo\application data\mozilla\firefox\profiles\keudrcdb.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\silvo\application data\mozilla\firefox\profiles\keudrcdb.default\extensions\ffxtlbr@facemoods.com\components\FFHst.dll
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
.
============= SERVICES / DRIVERS ===============
.
R0 avc3;avc3;c:\windows\system32\drivers\avc3.sys [2012-3-20 611520]
R1 BDVEDISK;BDVEDISK;c:\windows\system32\drivers\bdvedisk.sys [2010-1-19 85128]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2012-3-18 21992]
R2 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\hwinfo32\HWiNFO32.SYS [2010-11-24 20088]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-7-8 654408]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-3-10 1262400]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2012-6-18 793048]
R2 UPDATESRV;BitDefender Desktop Update Service;c:\program files\bitdefender\bitdefender 2012\updatesrv.exe [2012-3-13 53224]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [2008-8-4 37376]
R3 avchv;avchv Function Driver;c:\windows\system32\drivers\avchv.sys [2011-11-25 240184]
R3 avckf;avckf;c:\windows\system32\drivers\avckf.sys [2012-2-17 447208]
R3 AVerBDA3x;AVerMedia SAA713x BDA Service;c:\windows\system32\drivers\AVerBDA3x.sys [2008-8-4 1180672]
R3 kbdcap;kbdcap;c:\windows\system32\drivers\KbdCap.sys [2010-9-14 109440]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-7-8 22344]
S1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\shldrv51.sys --> c:\windows\system32\drivers\ShlDrv51.sys [?]
S2 17891;IpSectPro service new;c:\windows\system\178918.exe --> c:\windows\system\178918.exe [?]
S2 AMService;AMService;c:\windows\temp\poky\setup.exe run --> c:\windows\temp\poky\setup.exe run [?]
S2 CardBusService;CardBusService;c:\program files\common files\avermedia\service\CardBusService.exe [2008-8-4 188416]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1ca19f0d79b2096;Storitev Google Update Service (gupdate1ca19f0d79b2096);c:\program files\google\update\GoogleUpdate.exe [2009-8-10 133104]
S2 ICQ Service;ICQ Service;c:\program files\icq6toolbar\ICQ Service.exe [2009-7-19 247096]
S2 jakfcswx;jakfcswx;"c:\docume~1\silvo\locals~1\temp\dat9a2.tmp.exe" --service --> c:\docume~1\silvo\locals~1\temp\DAT9A2.tmp.exe [?]
S2 PavProc;Panda Process Protection Driver;\??\c:\windows\system32\drivers\pavproc.sys --> c:\windows\system32\drivers\PavProc.sys [?]
S2 PavPrSrv;Panda Process Protection Service;"c:\program files\common files\panda software\pavshld\pavprsrv.exe" --> c:\program files\common files\panda software\pavshld\pavprsrv.exe [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-19 257224]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\toolbarbroker.exe --> c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [?]
S3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys --> c:\windows\system32\drivers\bdfm.sys [?]
S3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys --> c:\windows\system32\drivers\bdfndisf.sys [?]
S3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys [2011-11-17 63056]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2012-6-17 23456]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2009-10-2 36608]
S3 GEMC001;GEMC001;C:\GEMC001.sys [2012-3-18 72136]
S3 GEMC002;GEMC002;C:\GEMC002.sys [2012-3-19 72136]
S3 GEMC003;GEMC003;C:\GEMC003.sys [2012-3-18 72136]
S3 GEMC004;GEMC004;C:\GEMC004.sys [2012-3-19 72136]
S3 GEMC005;GEMC005;C:\GEMC005.sys [2012-3-18 72136]
S3 GEMC007;GEMC007;C:\GEMC007.sys [2012-3-18 72136]
S3 GEMC009;GEMC009;C:\GEMC009.sys [2012-3-18 72136]
S3 GEMC011;GEMC011;C:\GEMC011.sys [2012-3-29 72136]
S3 gupdatem;Storitev Posodobitve za Google (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-8-10 133104]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-7-29 27064]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys --> c:\windows\system32\drivers\wg111v2.sys [?]
S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\drivers\s816bus.sys [2008-8-7 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\drivers\s816mdfl.sys [2008-8-7 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\drivers\s816mdm.sys [2008-8-7 107304]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s816mgmt.sys [2008-8-7 99112]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\drivers\s816nd5.sys [2008-8-7 21928]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\drivers\s816obex.sys [2008-8-7 97320]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\drivers\s816unic.sys [2008-8-7 97704]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 Update Server;BitDefender Update Server v2;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe [2011-10-14 307544]
S3 vtany;vtany;\??\c:\windows\vtany.sys --> c:\windows\vtany.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 XDva190;XDva190;\??\c:\windows\system32\xdva190.sys --> c:\windows\system32\XDva190.sys [?]
S3 XDva275;XDva275;\??\c:\windows\system32\xdva275.sys --> c:\windows\system32\XDva275.sys [?]
S3 XDva279;XDva279;\??\c:\windows\system32\xdva279.sys --> c:\windows\system32\XDva279.sys [?]
S3 XDva288;XDva288;\??\c:\windows\system32\xdva288.sys --> c:\windows\system32\XDva288.sys [?]
S3 XDva351;XDva351;\??\c:\windows\system32\xdva351.sys --> c:\windows\system32\XDva351.sys [?]
S3 XDva380;XDva380;\??\c:\windows\system32\xdva380.sys --> c:\windows\system32\XDva380.sys [?]
S3 XDva385;XDva385;\??\c:\windows\system32\xdva385.sys --> c:\windows\system32\XDva385.sys [?]
S3 XDva387;XDva387;\??\c:\windows\system32\xdva387.sys --> c:\windows\system32\XDva387.sys [?]
S3 XDva389;XDva389;\??\c:\windows\system32\xdva389.sys --> c:\windows\system32\XDva389.sys [?]
S3 XDva391;XDva391;\??\c:\windows\system32\xdva391.sys --> c:\windows\system32\XDva391.sys [?]
S3 XDva392;XDva392;\??\c:\windows\system32\xdva392.sys --> c:\windows\system32\XDva392.sys [?]
S3 XDva393;XDva393;\??\c:\windows\system32\xdva393.sys --> c:\windows\system32\XDva393.sys [?]
S3 XDva394;XDva394;\??\c:\windows\system32\xdva394.sys --> c:\windows\system32\XDva394.sys [?]
S3 xhunter1;xhunter1;\??\c:\windows\xhunter1.sys --> c:\windows\xhunter1.sys [?]
S4 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-10-2 233472]
.
=============== Created Last 30 ================
.
2012-06-21 10:57:51 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-20 16:45:33 69632 ----a-w- c:\windows\Alcmtr.exe
2012-06-19 08:47:00 14080 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2012-06-18 16:32:01 880640 ----a-w- c:\windows\system32\UniBox10.ocx
2012-06-18 16:32:01 658432 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2012-06-18 16:32:01 37336 ----a-w- c:\windows\system32\CleanMFT32.exe
2012-06-18 16:32:01 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
2012-06-18 16:32:01 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
2012-06-18 16:31:58 -------- d-----w- c:\program files\PC Tools Registry Mechanic
2012-06-18 16:31:58 -------- d-----w- c:\program files\common files\PC Tools
2012-06-18 09:16:01 -------- d-----w- c:\documents and settings\silvo\local settings\application data\Opera
2012-06-17 22:45:24 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2012-06-17 22:45:24 -------- d-----w- c:\documents and settings\silvo\local settings\application data\eSupport.com
2012-06-17 21:44:55 -------- d-----w- C:\Rbackup
2012-06-17 21:41:22 -------- d-----w- c:\program files\Perfect Uninstaller
2012-06-15 10:36:04 340624 ----a-w- c:\windows\system32\drivers\trufos.sys
2012-06-15 10:36:03 360976 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
2012-06-15 10:04:47 200593 ----a-w- c:\documents and settings\all users\application data\1339754446.bdinstall.bin
2012-06-15 10:04:12 -------- d-----w- c:\documents and settings\all users\application data\BDLogging
2012-06-15 10:03:38 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2012-06-15 10:03:13 -------- d-----w- c:\documents and settings\silvo\application data\Bitdefender
2012-06-15 10:00:58 -------- d-----w- c:\documents and settings\silvo\application data\QuickScan
2012-06-15 09:20:02 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-06-15 09:20:02 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-05-23 19:45:13 -------- d-----w- c:\documents and settings\silvo\application data\Mumble
2012-05-23 19:33:50 -------- d-----w- c:\program files\Mumble
.
==================== Find3M ====================
.
2012-06-21 11:02:34 36352 ----a-w- c:\windows\system32\drivers\disk.sys
2012-06-15 09:19:51 472840 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-14 13:55:14 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-14 13:55:13 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-25 13:12:36 1074636 ----a-w- c:\windows\system32\nvdrsdb0.bin
2012-05-25 13:12:36 1 ----a-w- c:\windows\system32\nvdrssel.bin
2012-05-25 13:09:16 1074636 ----a-w- c:\windows\system32\nvdrsdb1.bin
2012-05-15 10:18:00 883008 ----a-w- c:\windows\system32\nvgenco32.dll
2012-05-15 10:18:00 65536 ----a-w- c:\windows\system32\OpenCL.dll
2012-05-15 10:18:00 6012928 ----a-w- c:\windows\system32\nvcuda.dll
2012-05-15 10:18:00 4373248 ----a-w- c:\windows\system32\nv4_disp.dll
2012-05-15 10:18:00 2530624 ----a-w- c:\windows\system32\nvcuvid.dll
2012-05-15 10:18:00 2445120 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-05-15 10:18:00 2359808 ----a-w- c:\windows\system32\nvapi.dll
2012-05-15 10:18:00 18771968 ----a-w- c:\windows\system32\nvoglnt.dll
2012-05-15 10:18:00 17543168 ----a-w- c:\windows\system32\nvcompiler.dll
2012-05-15 10:18:00 14014656 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2012-05-15 10:18:00 1000768 ----a-w- c:\windows\system32\nvdispco32.dll
2012-05-15 09:40:26 54272 ----a-w- c:\windows\system32\nvwddi.dll
2012-05-15 09:40:02 15504192 ----a-w- c:\windows\system32\nvcpl.dll
2012-05-15 09:40:02 143680 ----a-w- c:\windows\system32\nvcolor.exe
2012-05-15 09:40:01 164160 ----a-w- c:\windows\system32\nvsvc32.exe
2012-05-15 09:40:01 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-04-04 13:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-29 08:53:35 72136 ----a-w- C:\GEMC011.sys
2012-03-24 15:51:51 72136 ----a-w- C:\GEMC009.sys
2012-03-24 15:47:39 72136 ----a-w- C:\GEMC005.sys
2012-03-24 15:45:49 72136 ----a-w- C:\GEMC003.sys
2012-03-24 15:45:20 72136 ----a-w- C:\GEMC001.sys
2011-11-21 22:19:43 86405736 ----a-w- c:\program files\APB_Reloaded_Installer.exe
.
============= FINISH: 4:52:33.78 ===============
-
Hello.
I have alot of problems with my computer wich I believe are caused by malwares. Any help would be appreciated.
- I hear audio in the background that randomly turns on and off
- I keep on getting svchost.exe errors and chrome.exe errors when I use google Chrome.
- Audio often doesn't work at all and in order to fix it i need to reinstall my sound drivers (updating does not help)
- Whenever I turn my computer on I have to wait approximately 10mins for winows bar and desktop icons to show
(I can only see my desktop background and nothing but task manager works)
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_33
Run by Silvo at 2:24:59 on 2012-06-21
Microsoft Windows XP Professional 5.1.2600.3.1250.386.1033.18.3327.2160 [GMT -7:00]
.
AV: Bitdefender Antivirus *Enabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: AVG Firewall *Disabled*
.
============== Running Processes ===============
.
C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\npkcmsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\program files\real\realplayer\update\realsched.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\tera fake\TERA-Launcher.exe
C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\DAEMON Tools Pro\DTProShellHlp.exe
C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Bitdefender\Bitdefender 2012\seccenter.exe
c:\program files\real\realplayer\RealPlay.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uURLSearchHooks: Softonic English Toolbar: {930f1200-f5f1-4870-bac6-e233ec8e7023} - c:\program files\softonic_english\prxtbSof1.dll
uURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
uURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\prxtbBit2.dll
mURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
mURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {2bbf0fe2-09c9-4467-843a-992bb82b44cc} - c:\windows\system32\nvwrsard.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\prxtbBit2.dll
BHO: Windows Live - Pomoc pri vpisu: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Softonic English Toolbar: {930f1200-f5f1-4870-bac6-e233ec8e7023} - c:\program files\softonic_english\prxtbSof1.dll
BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: MyPlayCity Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Softonic English Toolbar: {930f1200-f5f1-4870-bac6-e233ec8e7023} - c:\program files\softonic_english\prxtbSof1.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - No File
TB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\prxtbBit2.dll
TB: MyPlayCity Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
EB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\nTuneCmd.exe" clear
uRun: [AdobeBridge]
mRun: [sony Ericsson PC Suite] "c:\program files\sony ericsson\mobile2\application launcher\Application Launcher.exe" /startoptions
mRun: [iso data fast cast] c:\documents and settings\all users\application data\save time iso data\trans save.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [MSOffice] c:\windows\system32\msoffice\update.exe
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [skyTel] SkyTel.EXE
mRun: [AFEC-CEAB] c:\documents and settings\silvo\application data\Seven.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [<NO NAME>]
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [bDAgent] "c:\program files\bitdefender\bitdefender 2012\bdagent.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [soundMan] SOUNDMAN.EXE
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OE1FSC1SNkJGRS1IV1VIRi1EUE5EQS1WRlVXWC0yRU1CUg"&"inst=NzYtODg4NDYwOTgwLVhPMzYrMS1OMUQrMS1QTCs5LUNJUCsyLUREVCsyMzM1OS1UVUcrMy1MU0QrMi1EMzgxTCs2LUkxMCsxLUREMTArMS1TVDEwQVBQKzEtRlVJKzItUDEwVEIrMg"&"prod=94"&"ver=10.0.1415
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRun: [bDFFBC5DC7] c:\documents and settings\localservice\application data\Windows.exe
dRun: [Google Update] c:\documents and settings\localservice\local settings\application data\google\update\gupdate.exe /app 16DA36A7C6637CD4F26B9C1699938645
dRun: [Java] c:\documents and settings\networkservice\application data\Java.exe
dRunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32
dRunOnce: [RunNarrator] Narrator.exe
mExplorerRun: [AFEC-CEAB] c:\documents and settings\silvo\application data\Seven.exe
StartupFolder: c:\docume~1\silvo\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\averqu~1.lnk - c:\program files\common files\avermedia\averquick\AVerQuick.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - c:\program files\icq7.2\ICQ.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.srtest.com/srl_bin/sysreqlab3.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1217854800937
DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} - hxxp://www.acclaim.com/cabs/acclaim_v4.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1217854781968
DPF: {7A0D1738-10EA-47FF-92BE-4E137B5BE1A4} - hxxps://mpsnare.iesnare.com/StmOCX.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://disteng.nefficient.com/disteng/neffy/NeffyLauncher.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} - hxxp://update.nprotect.net/keycrypt/cabal/npkcx_inca.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
TCP: Interfaces\{BC30E4D0-6780-42EB-9733-F8D55434BB60} : NameServer = 193.189.160.13,193.189.160.23
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: cryptnet32 - cryptnet32.dll
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {4J2W12JN-24YC-1KEY-3W83-4A0007DEHM43} - c:\windows\system32\msoffice\update.exe Restart
mASetup: {8BD6E6C0-F9FC-AFEC-CEAB-D5AFF0CDDEBD} - c:\documents and settings\silvo\application data\Seven.exe
mASetup: {B4F75571-4C73-7783-DA52-40731B332416} - c:\windows\system32\martin.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\silvo\application data\mozilla\firefox\profiles\keudrcdb.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.3&q=
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: c:\documents and settings\silvo\application data\mozilla\firefox\profiles\keudrcdb.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\silvo\application data\mozilla\firefox\profiles\keudrcdb.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\silvo\application data\mozilla\firefox\profiles\keudrcdb.default\extensions\ffxtlbr@facemoods.com\components\FFHst.dll
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
.
============= SERVICES / DRIVERS ===============
.
R0 avc3;avc3;c:\windows\system32\drivers\avc3.sys [2012-3-20 611520]
R1 BDVEDISK;BDVEDISK;c:\windows\system32\drivers\bdvedisk.sys [2010-1-19 85128]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2012-3-18 21992]
R2 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\hwinfo32\HWiNFO32.SYS [2010-11-24 20088]
R2 ICQ Service;ICQ Service;c:\program files\icq6toolbar\ICQ Service.exe [2009-7-19 247096]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-7-8 654408]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-3-10 1262400]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2012-6-18 793048]
R2 UPDATESRV;BitDefender Desktop Update Service;c:\program files\bitdefender\bitdefender 2012\updatesrv.exe [2012-3-13 53224]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [2008-8-4 37376]
R3 avchv;avchv Function Driver;c:\windows\system32\drivers\avchv.sys [2011-11-25 240184]
R3 avckf;avckf;c:\windows\system32\drivers\avckf.sys [2012-2-17 447208]
R3 AVerBDA3x;AVerMedia SAA713x BDA Service;c:\windows\system32\drivers\AVerBDA3x.sys [2008-8-4 1180672]
R3 kbdcap;kbdcap;c:\windows\system32\drivers\KbdCap.sys [2010-9-14 109440]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-7-8 22344]
S1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\shldrv51.sys --> c:\windows\system32\drivers\ShlDrv51.sys [?]
S2 17891;IpSectPro service new;c:\windows\system\178918.exe --> c:\windows\system\178918.exe [?]
S2 AMService;AMService;c:\windows\temp\poky\setup.exe run --> c:\windows\temp\poky\setup.exe run [?]
S2 CardBusService;CardBusService;c:\program files\common files\avermedia\service\CardBusService.exe [2008-8-4 188416]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1ca19f0d79b2096;Storitev Google Update Service (gupdate1ca19f0d79b2096);c:\program files\google\update\GoogleUpdate.exe [2009-8-10 133104]
S2 jakfcswx;jakfcswx;"c:\docume~1\silvo\locals~1\temp\dat9a2.tmp.exe" --service --> c:\docume~1\silvo\locals~1\temp\DAT9A2.tmp.exe [?]
S2 PavProc;Panda Process Protection Driver;\??\c:\windows\system32\drivers\pavproc.sys --> c:\windows\system32\drivers\PavProc.sys [?]
S2 PavPrSrv;Panda Process Protection Service;"c:\program files\common files\panda software\pavshld\pavprsrv.exe" --> c:\program files\common files\panda software\pavshld\pavprsrv.exe [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-19 257224]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\toolbarbroker.exe --> c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [?]
S3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys --> c:\windows\system32\drivers\bdfm.sys [?]
S3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys --> c:\windows\system32\drivers\bdfndisf.sys [?]
S3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys [2011-11-17 63056]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2012-6-17 23456]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2009-10-2 36608]
S3 GEMC001;GEMC001;C:\GEMC001.sys [2012-3-18 72136]
S3 GEMC002;GEMC002;C:\GEMC002.sys [2012-3-19 72136]
S3 GEMC003;GEMC003;C:\GEMC003.sys [2012-3-18 72136]
S3 GEMC004;GEMC004;C:\GEMC004.sys [2012-3-19 72136]
S3 GEMC005;GEMC005;C:\GEMC005.sys [2012-3-18 72136]
S3 GEMC007;GEMC007;C:\GEMC007.sys [2012-3-18 72136]
S3 GEMC009;GEMC009;C:\GEMC009.sys [2012-3-18 72136]
S3 GEMC011;GEMC011;C:\GEMC011.sys [2012-3-29 72136]
S3 gupdatem;Storitev Posodobitve za Google (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-8-10 133104]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-7-29 27064]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys --> c:\windows\system32\drivers\wg111v2.sys [?]
S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\drivers\s816bus.sys [2008-8-7 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\drivers\s816mdfl.sys [2008-8-7 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\drivers\s816mdm.sys [2008-8-7 107304]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s816mgmt.sys [2008-8-7 99112]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\drivers\s816nd5.sys [2008-8-7 21928]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\drivers\s816obex.sys [2008-8-7 97320]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\drivers\s816unic.sys [2008-8-7 97704]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 Update Server;BitDefender Update Server v2;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe [2011-10-14 307544]
S3 vtany;vtany;\??\c:\windows\vtany.sys --> c:\windows\vtany.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 XDva190;XDva190;\??\c:\windows\system32\xdva190.sys --> c:\windows\system32\XDva190.sys [?]
S3 XDva275;XDva275;\??\c:\windows\system32\xdva275.sys --> c:\windows\system32\XDva275.sys [?]
S3 XDva279;XDva279;\??\c:\windows\system32\xdva279.sys --> c:\windows\system32\XDva279.sys [?]
S3 XDva288;XDva288;\??\c:\windows\system32\xdva288.sys --> c:\windows\system32\XDva288.sys [?]
S3 XDva351;XDva351;\??\c:\windows\system32\xdva351.sys --> c:\windows\system32\XDva351.sys [?]
S3 XDva380;XDva380;\??\c:\windows\system32\xdva380.sys --> c:\windows\system32\XDva380.sys [?]
S3 XDva385;XDva385;\??\c:\windows\system32\xdva385.sys --> c:\windows\system32\XDva385.sys [?]
S3 XDva387;XDva387;\??\c:\windows\system32\xdva387.sys --> c:\windows\system32\XDva387.sys [?]
S3 XDva389;XDva389;\??\c:\windows\system32\xdva389.sys --> c:\windows\system32\XDva389.sys [?]
S3 XDva391;XDva391;\??\c:\windows\system32\xdva391.sys --> c:\windows\system32\XDva391.sys [?]
S3 XDva392;XDva392;\??\c:\windows\system32\xdva392.sys --> c:\windows\system32\XDva392.sys [?]
S3 XDva393;XDva393;\??\c:\windows\system32\xdva393.sys --> c:\windows\system32\XDva393.sys [?]
S3 XDva394;XDva394;\??\c:\windows\system32\xdva394.sys --> c:\windows\system32\XDva394.sys [?]
S3 xhunter1;xhunter1;\??\c:\windows\xhunter1.sys --> c:\windows\xhunter1.sys [?]
S4 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-10-2 233472]
.
=============== Created Last 30 ================
.
2012-06-20 16:45:33 69632 ----a-w- c:\windows\Alcmtr.exe
2012-06-19 08:47:00 14080 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2012-06-18 16:32:01 880640 ----a-w- c:\windows\system32\UniBox10.ocx
2012-06-18 16:32:01 658432 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2012-06-18 16:32:01 37336 ----a-w- c:\windows\system32\CleanMFT32.exe
2012-06-18 16:32:01 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
2012-06-18 16:32:01 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
2012-06-18 16:31:58 -------- d-----w- c:\program files\PC Tools Registry Mechanic
2012-06-18 16:31:58 -------- d-----w- c:\program files\common files\PC Tools
2012-06-18 09:16:01 -------- d-----w- c:\documents and settings\silvo\local settings\application data\Opera
2012-06-17 22:45:24 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2012-06-17 22:45:24 -------- d-----w- c:\documents and settings\silvo\local settings\application data\eSupport.com
2012-06-17 21:44:55 -------- d-----w- C:\Rbackup
2012-06-17 21:41:22 -------- d-----w- c:\program files\Perfect Uninstaller
2012-06-15 10:36:04 340624 ----a-w- c:\windows\system32\drivers\trufos.sys
2012-06-15 10:36:03 360976 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
2012-06-15 10:04:47 200593 ----a-w- c:\documents and settings\all users\application data\1339754446.bdinstall.bin
2012-06-15 10:04:12 -------- d-----w- c:\documents and settings\all users\application data\BDLogging
2012-06-15 10:03:38 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2012-06-15 10:03:13 -------- d-----w- c:\documents and settings\silvo\application data\Bitdefender
2012-06-15 10:00:58 -------- d-----w- c:\documents and settings\silvo\application data\QuickScan
2012-06-15 09:20:02 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-06-15 09:20:02 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-05-23 19:45:13 -------- d-----w- c:\documents and settings\silvo\application data\Mumble
2012-05-23 19:33:50 -------- d-----w- c:\program files\Mumble
.
==================== Find3M ====================
.
2012-06-15 09:19:51 472840 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-14 13:55:14 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-14 13:55:13 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-25 13:12:36 1074636 ----a-w- c:\windows\system32\nvdrsdb0.bin
2012-05-25 13:12:36 1 ----a-w- c:\windows\system32\nvdrssel.bin
2012-05-25 13:09:16 1074636 ----a-w- c:\windows\system32\nvdrsdb1.bin
2012-05-15 10:18:00 883008 ----a-w- c:\windows\system32\nvgenco32.dll
2012-05-15 10:18:00 65536 ----a-w- c:\windows\system32\OpenCL.dll
2012-05-15 10:18:00 6012928 ----a-w- c:\windows\system32\nvcuda.dll
2012-05-15 10:18:00 4373248 ----a-w- c:\windows\system32\nv4_disp.dll
2012-05-15 10:18:00 2530624 ----a-w- c:\windows\system32\nvcuvid.dll
2012-05-15 10:18:00 2445120 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-05-15 10:18:00 2359808 ----a-w- c:\windows\system32\nvapi.dll
2012-05-15 10:18:00 18771968 ----a-w- c:\windows\system32\nvoglnt.dll
2012-05-15 10:18:00 17543168 ----a-w- c:\windows\system32\nvcompiler.dll
2012-05-15 10:18:00 14014656 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2012-05-15 10:18:00 1000768 ----a-w- c:\windows\system32\nvdispco32.dll
2012-05-15 09:40:26 54272 ----a-w- c:\windows\system32\nvwddi.dll
2012-05-15 09:40:02 15504192 ----a-w- c:\windows\system32\nvcpl.dll
2012-05-15 09:40:02 143680 ----a-w- c:\windows\system32\nvcolor.exe
2012-05-15 09:40:01 164160 ----a-w- c:\windows\system32\nvsvc32.exe
2012-05-15 09:40:01 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-04-04 13:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-29 08:53:35 72136 ----a-w- C:\GEMC011.sys
2012-03-24 15:51:51 72136 ----a-w- C:\GEMC009.sys
2012-03-24 15:47:39 72136 ----a-w- C:\GEMC005.sys
2012-03-24 15:45:49 72136 ----a-w- C:\GEMC003.sys
2012-03-24 15:45:20 72136 ----a-w- C:\GEMC001.sys
2011-11-21 22:19:43 86405736 ----a-w- c:\program files\APB_Reloaded_Installer.exe
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: SAMSUNG_HD502IJ rev.1AA01109 -> Harddisk0\DR0 -> \Device\Ide\IdePort2 P2T0L0-7
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8AE9AEE4]<<
_asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x50; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x89b83820; SUB DWORD [EBP-0x4], 0x89b8312e; PUSH EDI; CALL 0xffffffffffffe10c; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8AF02AB8]
3 CLASSPNP[0xF74C7FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000093[0x8AF37560]
5 ACPI[0xF735E620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8AF4E030]
[0x8AF04CE0] -> IRP_MJ_CREATE -> 0x8AE9AEE4
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP2T0L0-7 -> \??\IDE#DiskSAMSUNG_HD502IJ_________________________1AA01109#31535433444a5157313331353237202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x8AE9ACE2
user & kernel MBR OK
sectors 976773166 (+255): user != kernel
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 2:26:32.35 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 04/08/2008 05:08:59
System Uptime: 20/06/2012 03:07:58 (23 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P5K SE/EPU
Processor: Procesor Intel Pentium III Xeon | LGA775 | 2666/333mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 466 GiB total, 99.067 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
L: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: PS/2 Keyboard
Device ID: ACPI\PNP0303\4&1400782C&0
Manufacturer: Logitech
Name: PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&1400782C&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP9: 15/03/2012 15:27:01 - Installed Realtek High Definition Audio Driver
RP10: 18/03/2012 15:32:00 - Installed Realtek High Definition Audio Driver
RP18: 06/04/2012 10:48:06 - Installed TuneUp Utilities 2012
RP19: 06/04/2012 10:59:30 - Removed TuneUp Utilities 2012
RP20: 06/04/2012 10:59:58 - Removed TuneUp Utilities Language Pack (en-US)
RP21: 07/04/2012 17:39:03 - System Checkpoint
RP22: 08/04/2012 18:22:54 - System Checkpoint
RP23: 09/04/2012 18:33:12 - System Checkpoint
RP24: 10/04/2012 19:33:11 - System Checkpoint
RP25: 12/04/2012 01:53:54 - System Checkpoint
RP26: 13/04/2012 02:35:48 - System Checkpoint
RP27: 14/04/2012 03:17:56 - System Checkpoint
RP28: 15/04/2012 01:02:13 - Removed Java 6 Update 29
RP29: 16/04/2012 01:53:53 - System Checkpoint
RP30: 17/04/2012 02:58:38 - System Checkpoint
RP31: 18/04/2012 05:15:07 - System Checkpoint
RP32: 19/04/2012 06:35:20 - Installed Realtek High Definition Audio Driver
RP33: 20/04/2012 17:54:25 - System Checkpoint
RP34: 21/04/2012 18:45:01 - System Checkpoint
RP35: 22/04/2012 19:44:59 - System Checkpoint
RP36: 23/04/2012 20:45:01 - System Checkpoint
RP37: 24/04/2012 21:43:56 - System Checkpoint
RP38: 25/04/2012 22:41:46 - System Checkpoint
RP39: 26/04/2012 23:41:49 - System Checkpoint
RP40: 27/04/2012 23:42:01 - System Checkpoint
RP41: 28/04/2012 09:54:21 - Installed Realtek High Definition Audio Driver
RP42: 02/05/2012 05:23:13 - Installed Realtek High Definition Audio Driver
RP43: 02/05/2012 05:26:04 - Installed Realtek High Definition Audio Driver
RP44: 03/05/2012 04:04:05 - Installed Realtek High Definition Audio Driver
RP45: 03/05/2012 07:49:49 - Installed Realtek High Definition Audio Driver
RP46: 03/05/2012 12:34:30 - Installed Realtek High Definition Audio Driver
RP47: 03/05/2012 13:19:06 - Installed Realtek High Definition Audio Driver
RP48: 10/05/2012 02:24:12 - Installed Realtek High Definition Audio Driver
RP49: 10/05/2012 02:33:49 - Installed Realtek High Definition Audio Driver
RP50: 18/05/2012 18:25:03 - System Checkpoint
RP51: 19/05/2012 18:47:14 - System Checkpoint
RP52: 20/05/2012 18:50:59 - System Checkpoint
RP53: 21/05/2012 19:05:29 - System Checkpoint
RP54: 22/05/2012 19:09:24 - System Checkpoint
RP55: 23/05/2012 12:33:43 - Installed Mumble 1.2.3
RP56: 24/05/2012 19:35:01 - System Checkpoint
RP57: 25/05/2012 06:06:40 - Installed Realtek High Definition Audio Driver
RP58: 25/05/2012 07:21:33 - Installed Realtek High Definition Audio Driver
RP59: 29/05/2012 16:54:50 - System Checkpoint
RP60: 30/05/2012 18:35:02 - System Checkpoint
RP61: 31/05/2012 18:46:34 - System Checkpoint
RP62: 01/06/2012 19:47:59 - System Checkpoint
RP63: 02/06/2012 20:47:56 - System Checkpoint
RP64: 03/06/2012 21:47:56 - System Checkpoint
RP65: 04/06/2012 22:47:58 - System Checkpoint
RP66: 05/06/2012 23:47:55 - System Checkpoint
RP67: 07/06/2012 00:48:07 - System Checkpoint
RP68: 08/06/2012 01:52:48 - System Checkpoint
RP69: 09/06/2012 02:48:12 - System Checkpoint
RP70: 09/06/2012 09:54:54 - Installed Realtek High Definition Audio Driver
RP71: 14/06/2012 10:11:27 - Installed Realtek High Definition Audio Driver
RP72: 15/06/2012 02:19:17 - Removed Java 6 Update 31
RP73: 17/06/2012 00:21:33 - Installed Realtek High Definition Audio Driver
RP74: 20/06/2012 03:14:42 - Installed Realtek High Definition Audio Driver
.
==== Installed Programs ======================
.
"Nero SoundTrax Help
AAC Decoder
ABBYY FineReader 6.0 Sprint
AC3Filter (remove only)
Adobe AIR
Adobe Community Help
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Media Player
Adobe Photoshop CS5
Adobe Reader 8.3.1
Adobe Shockwave Player 11.6
Advertising Center
Aion
Aion (Europe)
Aion (North America)
APB Reloaded
Apple Software Update
Ask Toolbar
Atheros Communications Inc.® L1 Gigabit Ethernet Driver
AVerMedia M135-Series PCI TV Tuner 3.5.0.65
AVerMedia MCE Encoder 3.2.1.62
AVerTV
Bitdefender Antivirus Plus 2012
BitTorrent
BitTorrentBar Toolbar
Born To Be Big
BS.Player FREE powered by AdVantage
CCleaner
CDDRV_Installer
Cheat Engine 5.6
CPUID CPU-Z 1.60
Critical Update for Windows Media Player 11 (KB959772)
Crystal Reports Basic for Visual Studio 2008
DAEMON Tools Toolbar
DirectVobSub 2.40.4209
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Setup
DivX Version Checker
DolbyFiles
DriverAgent by eSupport.com
EA Download Manager
Epson Easy Photo Print 2
EPSON Scan
Epson Stylus SX210_SX410_TX210_TX410 Priročnik
EPSON SX410 Series Printer Uninstall
EPSON Web-To-Page
FindXplorer 1.0 build 111
GamersFirst LIVE!
GameSpy Arcade
GameSpy Comrade
globaldk
Google Chrome
Google Update Helper
Google Updater
Google Zemlja
Granado Espada
H.264 Decoder
Halo 2 for Windows Vista
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB971091)
Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB973674)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
hp print screen utility
HWiNFO32 Version 3.62
ICQ Toolbar
ICQ7.2
ImagXpress
Java Auto Updater
Java 6 Update 33
Junk Mail filter update
KhalInstallWrapper
LiveSearch Notification Tool
Logitech Registration
Logitech SetPoint
Macro Wizard 4.1
Magic ISO Maker v5.5 (build 0272)
Magic ISO Maker v5.5 (build 0281)
MagicDisc 2.7.105
MegaTrainer eXperience V1.0.9.0
Menu Templates - Starter Kit
Messenger Plus! Live
Microsoft .NET Compact Framework 2.0 SP2
Microsoft .NET Compact Framework 3.5
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Device Emulator version 3.0 - ENU
Microsoft Document Explorer 2008
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
Microsoft Office Visual Web Developer 2007
Microsoft Office Visual Web Developer MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Compact 3.5 Design Tools ENU
Microsoft SQL Server Compact 3.5 ENU
Microsoft SQL Server Compact 3.5 for Devices ENU
Microsoft SQL Server Database Publishing Wizard 1.2
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio 2008 Professional Edition - ENU
Microsoft Visual Studio Web Authoring Component
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
Microsoft Windows SDK for Visual Studio 2008 Tools
Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
Microsoft WSE 3.0 Runtime
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Minecraft Beta Cracked
MKV Splitter
Movie Templates - Starter Kit
Mozilla Firefox 10.0.2 (x86 sl)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser
Mumble 1.2.3
NCsoft Launcher
Neffy 1,2,0,22
Nero - Burning Rom
Nero 9
Nero BurningROM
Nero BurnRights
Nero ControlCenter
Nero CoverDesigner
Nero CoverDesigner Help
Nero Disc Copy Gadget
Nero Disc Copy Gadget Help
Nero DiscSpeed
Nero DriveSpeed
Nero Express
Nero InfoTool
Nero Installer
Nero Live
Nero Live Help
Nero PhotoSnap
Nero PhotoSnap Help
Nero Recode
Nero Recode Help
Nero Rescue Agent
Nero RescueAgent Help
Nero ShowTime
Nero StartSmart
Nero StartSmart Help
Nero Vision
Nero WaveEditor
Nero WaveEditor Help
NeroBurningROM
NeroExpress
neroxml
Nexus Mod Manager
nProtect KeyCrypt
NVIDIA Graphic driver 301.42
NVIDIA Install Application
NVIDIA control panel 301.42
NVIDIA nTune
NVIDIA nView Desktop Manager
NVIDIA PhysX
NVIDIA update 1.8.15
NVIDIA Programa nView 136.27
NVIDIA System software PhysX 9.12.0213
NVIDIA Update Components
Opera 12.00
Transfer service for Windows Live
Paint.NET v3.5.1
Pando Media Booster
PC Tools Registry Mechanic 11.0
PDF Settings CS5
PhotoScape
Pocket Theme Organizer
Pošta Windows Live
PunkBuster Services
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Revo Uninstaller Pro 2.5.3
Rockstar Games Social Club
SAMSUNG Mobile Composite Device Software
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung New PC Studio
Samsung New PC Studio USB Driver Installer
Sanctum © Coffee Stain Studios version 1
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2466156)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office Groove 2007 (KB2494047)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2464594)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Segoe UI
Ski Challenge 2009 (zurnal24.si)
Skype™ 4.0
Softonic_English Toolbar
Software Update for Web Folders
Sony Ericsson Device Data
Sony Ericsson Drivers
Sony Ericsson PC Suite
SoundTrax
Steam
SUPERAntiSpyware
swMSM
Sword 2
System Requirements Lab
System Requirements Lab CYRI
System Requirements Lab for Intel
TeamSpeak 2 RC2
TeamSpeak 3 Client
TeamViewer 6
TeamViewer 7
TERA
Tweak UI
Ubisoft Game Launcher
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Outlook 2007 (KB2412171)
Update for Microsoft Visual Studio 2008 Professional Edition - ENU (KB972221)
Update for Outlook 2007 Junk Email Filter (KB2522999)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2345886)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
USB Mass Storage Toolbox
VC80CRTRedist - 8.0.50727.6195
Visual Studio Tools for the Office system 3.0 Runtime
VLC media player 2.0.1
VMware Player
Wallery
WebFldrs XP
Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live - Pomocnik za vpis
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Mobile 5.0 SDK R2 for Pocket PC
Windows Mobile 5.0 SDK R2 for Smartphone
Windows Presentation Foundation
Windows XP Service Pack 3
WinFast® Display Driver
WinFox Setup
WinRAR archiver
Xfire (remove only)
XML Paper Specification Shared Components Pack 1.0
.
==== Event Viewer Messages From Past Week ========
.
18/06/2012 10:43:46, informacija: Windows File Protection [64018] - Windows File Protection file scan was cancelled by user interaction, user name is Silvo.
18/06/2012 10:43:45, informacija: Windows File Protection [64021] - The System file c:\windows\system32\inetsrv\certmap.ocx could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
18/06/2012 10:43:41, informacija: Windows File Protection [64016] - Windows File Protection file scan was started.
18/06/2012 10:43:22, informacija: Windows File Protection [64018] - Windows File Protection file scan was cancelled by user interaction, user name is Silvo.
18/06/2012 10:43:21, informacija: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\certmap.ocx could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user.]. This file is necessary to maintain system stability.
.
==== End Of File ===========================
-
Hello.
I have alot of problems with my computer wich I believe are caused by malwares. Any help would be appreciated.
- I hear audio in the background that randomly turns on and off
- I keep on getting svchost.exe errors and chrome.exe errors when I use google Chrome.
- Audio often doesn't work at all and in order to fix it i need to reinstall my sound drivers (updating does not help)
- Whenever I turn my computer on I have to wait approximately 10mins for winows bar and desktop icons to show
(I can only see my desktop background and nothing but task manager works)
I have Windows XP 32bit. Computer is around 4 years old. I regulary use Malwarebytes, SuperAntiSpyware and Bitdefender Antivirus Plus 2012.
Malware problems.
in Resolved Malware Removal Logs
Posted
Ok. I just want to thank you again. You are freaking amazing!