Solved Google redirect every antivirus stopped in process

[gregas]

all anitivirus programs stopped in process
on restart they get disabled

i also have a weird folder structure
under C: folder there is another Computer Icon named ("32788r22fwjfw") - if i extend that i see list of all my drives

steps 1-6

Malwarebytes
-stops in process and shutdown - no logs made

GMER
-same as Malwarebytes

DDS.txt

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_16
Run by Grega at 22:53:48 on 2011-09-26
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.386.1033.18.2046.1402 [GMT 2:00]
.
AV: ESET NOD32 Antivirus 4.0 *Disabled/Outdated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Disabled/Outdated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\2682421377:2122259808.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\SMC\SMC EZ Connect N Wireless Utility\UMCCfg.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.si/
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\adobe contribute cs5\plugins\ieplugin\contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GR469A~1.DLL
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\adobe contribute cs5\plugins\ieplugin\contributeieplugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [AdobeBridge]
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\smcezc~1.lnk - c:\program files\smc\smc ez connect n wireless utility\UMCCfg.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
LSP: mswsock.dll
Trusted Zone: nlb.si\ac
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CC4271BF-1582-4FD4-81CD-9AE877B17644} - hxxps://edavki.durs.si/PersonalPortal/[89659]/Controls/ESignDocControls/hslESignDoc2.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{C7D442CD-7F57-49F3-BAD6-A8362FA16535} : DhcpNameServer = 192.168.2.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GRA32A~1.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GR469A~1.DLL
mASetup: {B8734410-B119-6850-E407-98713DD90942} - c:\program files\system32\svchost.exe s
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\grega\appdata\roaming\mozilla\firefox\profiles\rxl90lyy.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.si
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=sl&q=
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBook.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBookDB.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpNeoLogger.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSaturn.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSeymour.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartSelect.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartWebPrinting.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSWPOperation.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPLogging.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTC.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTL.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXREStub.dll
FF - component: c:\users\grega\appdata\roaming\mozilla\firefox\profiles\rxl90lyy.default\extensions\{6ac85730-7d0f-4de0-b3fa-21142dd85326}\platform\winnt\components\ColorZilla.dll
FF - component: c:\users\grega\appdata\roaming\mozilla\firefox\profiles\rxl90lyy.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}\platform\winnt_x86-msvc\components\pagespeed.dll
FF - component: c:\users\grega\appdata\roaming\mozilla\firefox\profiles\rxl90lyy.default\extensions\screencaptureelite@plugin\platform\winnt_x86-msvc\components\SCEFF3Client.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\vlc\npvlc.dll
FF - plugin: c:\users\grega\appdata\local\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\wat\npWatWeb.dll
.
============= SERVICES / DRIVERS ===============
.
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-9-26 136360]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-9-26 66616]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-5-14 2218600]
R2 PStrip;PStrip;c:\windows\system32\drivers\pstrip.sys [2007-7-15 27992]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
R4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-9-25 41272]
S2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-9-26 269480]
S2 FCI;FCI;c:\windows\system32\fci.exe.exe:ext.exe --> c:\windows\system32\fci.exe.exe:ext.exe [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\googleupdate.exe /svc --> c:\program files\google\update\GoogleUpdate.exe [?]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 gupdatem;Storitev Posodobitve za Google (gupdatem);c:\program files\google\update\googleupdate.exe /medsvc --> c:\program files\google\update\GoogleUpdate.exe [?]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2011-9-25 23624]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-24 1343400]
.
=============== Created Last 30 ================
.
2011-09-26 20:36:52 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-26 20:36:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-26 20:13:38 -------- d-----w- c:\users\grega\appdata\roaming\Avira
2011-09-26 20:10:33 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-09-26 20:10:33 -------- d-----w- c:\programdata\Avira
2011-09-26 20:10:33 -------- d-----w- c:\program files\Avira
2011-09-26 17:17:00 -------- d-----w- c:\programdata\AVAST Software
2011-09-25 19:14:39 -------- d-----w- C:\TDSSKiller_Quarantine
2011-09-25 19:12:24 48016 --sha-w- c:\windows\system32\c_91971.nl_
2011-09-25 16:44:33 -------- d-----w- c:\program files\common files\PC Tools
2011-09-25 16:43:21 -------- d-----w- c:\programdata\PC Tools
2011-09-25 16:31:19 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-09-25 16:31:10 -------- d-----w- c:\users\grega\appdata\roaming\Malwarebytes
2011-09-25 16:31:06 -------- d-----w- c:\programdata\Malwarebytes
2011-09-25 16:31:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware1
2011-09-25 15:11:50 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-09-25 15:11:18 -------- d-----w- c:\programdata\Hitman Pro
2011-09-25 14:05:56 -------- d-----w- c:\windows\system32\SPReview
2011-09-25 14:04:45 -------- d-----w- c:\windows\system32\EventProviders
2011-09-11 09:27:11 -------- d--h--w- c:\users\grega\appdata\local\GlobalSCAPE
2011-09-11 09:27:11 -------- d-----w- c:\programdata\GlobalSCAPE
2011-09-11 09:27:00 -------- d-----w- c:\program files\GlobalSCAPE
2011-09-11 09:26:43 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
2011-09-11 09:26:43 32768 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
2011-09-11 09:26:43 225280 ----a-w- c:\program files\common files\installshield\iscript\iscript.dll
2011-09-11 09:26:43 176128 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
2011-09-11 09:26:42 614532 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\IKernel.exe
2011-09-04 08:45:49 46928 ----a-r- c:\windows\system32\AdobePDF.dll
2011-09-04 08:45:49 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2011-09-03 10:43:20 -------- d--h--w- c:\users\grega\appdata\roaming\Moyea
2011-09-03 08:53:44 -------- d--h--w- c:\users\grega\appdata\roaming\GetRightToGo
.
==================== Find3M ====================
.
2011-08-04 07:20:38 103112 ------w- c:\windows\system32\drivers\epfwwfpr.sys
2011-08-04 07:20:36 118104 ------w- c:\windows\system32\drivers\ehdrv.sys
2011-07-22 04:56:17 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-16 04:37:32 169984 ----a-w- c:\windows\system32\winsrv.dll
2011-07-16 04:34:28 290816 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 04:31:12 271360 ----a-w- c:\windows\system32\conhost.exe
2011-07-16 02:21:47 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:21:47 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:21:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:21:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-09 04:30:52 2048 ----a-w- c:\windows\system32\tzres.dll
2011-07-09 02:26:10 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2006-05-03 10:06:54 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 11:47:16 31232 --sha-r- c:\windows\system32\msfDX.dll
2008-03-16 13:30:52 216064 --sha-r- c:\windows\system32\nbDX.dll
.
============= FINISH: 22:54:12,46 ===============

Attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume2
Install Date: 23.10.2009 20:02:04
System Uptime: 26.9.2011 22:35:29 (0 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | EP43-DS3L
Processor: Intel(R) Core(TM)2 Duo CPU E8500 @ 3.16GHz | Socket 775 | 3420/360mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 298 GiB total, 54,541 GiB free.
D: is FIXED (NTFS) - 149 GiB total, 119,37 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
I: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: adfs
Device ID: ROOT\LEGACY_ADFS\0000
Manufacturer:
Name: adfs
PNP Device ID: ROOT\LEGACY_ADFS\0000
Service: adfs
.
==== System Restore Points ===================
.
RP218: 25.9.2011 16:04:00 - Windows Update
RP221: 25.9.2011 19:42:25 - Removed Market Samurai
RP222: 26.9.2011 19:16:47 - avast! Free Antivirus Setup
RP223: 26.9.2011 21:08:29 - avast! Free Antivirus Setup
RP224: 26.9.2011 21:12:21 - avast! Free Antivirus Setup
RP225: 26.9.2011 21:21:02 - avast! Free Antivirus Setup
RP226: 26.9.2011 22:18:24 - avast! Free Antivirus Setup
.
==== Installed Programs ======================
.
"Nero SoundTrax Help
32 Bit HP CIO Components Installer
Acrobat.com
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe Acrobat 9.2.0 - CPSID_50026
Adobe After Effects CS4 Third Party Content
Adobe AIR
Adobe Anchor Service CS4
Adobe CMaps CS4
Adobe Community Help
Adobe Creative Suite 4 Master Collection
Adobe Creative Suite 5 Master Collection
Adobe Default Language CS4
Adobe Dynamiclink Support
Adobe Encore CS4 Codecs
Adobe ExtendScript Toolkit CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe Media Encoder CS4 Dolby
Adobe Media Encoder CS4 Exporter
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Premiere Pro CS4
Adobe Premiere Pro CS4 Functional Content
Adobe Premiere Pro CS4 Third Party Content
Adobe Reader 9.4.4
Adobe Setup
Adobe Soundbooth CS4 Codecs
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe XMP Panels CS4
Advertising Center
Aptana Studio 2.0
Aptana Studio 3
µTorrent
Avira AntiVir Personal - Free Antivirus
BS.Player FREE
BufferChm
C5300
C5300_NCL_Help
CuteFTP 8 Home
Destinations
DeviceDiscovery
DolbyFiles
GnuWin32: Wget-1.11.4-1
Google Chrome
Google Gears
Google Update Helper
GPBaseService2
GT Legends
GTR Evolution
HP Customer Participation Program 13.0
HP Imaging Device Functions 13.0
HP Photosmart C5300 All-In-One Driver Software 13.0 Rel. 4
HP Photosmart Essential 3.5
HP Smart Web Printing 4.51
HP Solution Center 13.0
HP Update
HPPhotoGadget
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotosmartEssential
HPProductAssistant
HPSSupply
IETester v0.4.4 (remove only)
ImagXpress
Infix 4.24
Java(TM) 6 Update 16
Malwarebytes' Anti-Malware version 1.51.2.1300
MarketResearch
Menu Templates - Starter Kit
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Movie Templates - Starter Kit
Mozilla Firefox 6.0.2 (x86 sl)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 9
Nero BurningROM
Nero BurnRights
Nero ControlCenter
Nero CoverDesigner
Nero CoverDesigner Help
Nero Disc Copy Gadget
Nero Disc Copy Gadget Help
Nero DiscSpeed
Nero DriveSpeed
Nero Express
Nero InfoTool
Nero Installer
Nero Recode
Nero Recode Help
Nero Rescue Agent
Nero RescueAgent Help
Nero ShowTime
Nero StartSmart
Nero StartSmart Help
Nero Vision
Nero WaveEditor
Nero WaveEditor Help
NeroBurningROM
NeroExpress
neroxml
Notepad++
NVIDIA 3D Vision Controller Driver
NVIDIA 3D Vision Controller Driver 270.61
NVIDIA 3D Vision Driver 270.61
NVIDIA Control Panel 270.61
NVIDIA Graphics Driver 270.61
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.10.0514
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.1.34
NVIDIA Update Components
OpenAL
PDF Settings CS5
Photoshop Camera Raw
PowerStrip 3 (remove only)
PS_AIO_04_C5300_Software_Min
PxMergeModule
RaceRoom The Game
Rapture3D 2.4.4 Game
Realtek High Definition Audio Driver
Scan
Shop for HP Supplies
Skype Toolbars
Skype™ 5.0
SmartWebPrinting
SMC EZ Connect N Wireless Utility
SolutionCenter
SoundTrax
Status
Suite Shared Configuration CS4
SUPER © v2011.build.48 (April 23, 2011) version v2011.build.48
System Requirements Lab
Toolbox
TrayApp
TweetDeck
Ubisoft Game Launcher
UnloadSupport
VLC media player 1.0.3
WampServer 2.0
WebReg
Windows Media Player Firefox Plugin
WinRAR
Zend Optimizer
.
==== Event Viewer Messages From Past Week ========
.
26.9.2011 22:52:41, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
26.9.2011 22:39:51, Error: Service Control Manager [7000] - The Avira AntiVir Guard service failed to start due to the following error: Access is denied.
26.9.2011 22:38:13, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The system cannot find the file specified.
26.9.2011 22:36:11, Error: Service Control Manager [7000] - The FCI service failed to start due to the following error: The system cannot find the file specified.
26.9.2011 22:36:11, Error: Service Control Manager [7000] - The adfs service failed to start due to the following error: The system cannot find the file specified.
26.9.2011 22:31:50, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
26.9.2011 22:31:50, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
26.9.2011 22:31:49, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
26.9.2011 22:31:48, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
26.9.2011 22:31:48, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
26.9.2011 22:31:47, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
26.9.2011 22:31:41, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
26.9.2011 22:31:35, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avipbb CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr sptd ssmdrv tdx Wanarpv6 WfpLwf
26.9.2011 22:31:33, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
26.9.2011 22:31:33, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
26.9.2011 22:31:33, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
26.9.2011 22:31:33, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
26.9.2011 22:31:33, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
26.9.2011 22:31:33, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
26.9.2011 22:31:33, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
26.9.2011 22:31:33, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
26.9.2011 22:31:33, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
26.9.2011 22:31:33, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
26.9.2011 22:30:49, Error: sptd [4] - Driver detected an internal error in its data structures for .
26.9.2011 22:25:04, Error: Service Control Manager [7031] - The Avira AntiVir Guard service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
26.9.2011 21:55:36, Error: Service Control Manager [7000] - The avast! Antivirus service failed to start due to the following error: Access is denied.
26.9.2011 21:55:25, Error: Service Control Manager [7031] - The avast! Antivirus service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
26.9.2011 21:53:18, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Windows Firewall Authorization Driver service which failed to start because of the following error: Cannot create a file when that file already exists.
26.9.2011 21:53:18, Error: Service Control Manager [7000] - The Windows Firewall Authorization Driver service failed to start due to the following error: Cannot create a file when that file already exists.
26.9.2011 21:29:16, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
26.9.2011 21:28:30, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr sptd tdx Wanarpv6 WfpLwf
26.9.2011 19:08:14, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the MBAMService service to connect.
26.9.2011 19:08:14, Error: Service Control Manager [7000] - The MBAMService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
25.9.2011 22:25:25, Error: Service Control Manager [7000] - The wampmysqld service failed to start due to the following error: The system cannot find the file specified.
25.9.2011 21:10:27, Error: Service Control Manager [7024] - The Hitman Pro 3.5 Crusader (Boot) service terminated with service-specific error The operation completed successfully..
25.9.2011 20:17:44, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache NetBIOS NetBT nsiproxy PCTSD Psched rdbss spldr sptd tdx Wanarpv6 WfpLwf
25.9.2011 19:12:06, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
25.9.2011 19:10:09, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache PCTSD spldr sptd Wanarpv6
25.9.2011 18:57:27, Error: Service Control Manager [7000] - The PC Tools Security Service service failed to start due to the following error: Access is denied.
25.9.2011 18:57:00, Error: Service Control Manager [7000] - The MBAMService service failed to start due to the following error: Access is denied.
25.9.2011 18:49:16, Error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).
25.9.2011 18:47:24, Error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).
25.9.2011 17:29:13, Error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
25.9.2011 17:29:13, Error: Service Control Manager [7034] - The Atheros Configuration Service service terminated unexpectedly. It has done this 1 time(s).
25.9.2011 17:29:12, Error: Service Control Manager [7034] - The memcached Server service terminated unexpectedly. It has done this 1 time(s).
25.9.2011 17:29:11, Error: Service Control Manager [7034] - The wampmysqld service terminated unexpectedly. It has done this 1 time(s).
25.9.2011 17:29:09, Error: Service Control Manager [7034] - The wampapache service terminated unexpectedly. It has done this 1 time(s).
25.9.2011 17:29:06, Error: Service Control Manager [7034] - The NVIDIA Stereoscopic 3D Driver Service service terminated unexpectedly. It has done this 1 time(s).
25.9.2011 17:29:06, Error: Service Control Manager [7031] - The Nero BackItUp Scheduler 4.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 500 milliseconds: Restart the service.
25.9.2011 16:53:48, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Windows 7 Service Pack 1 (KB976932).
25.9.2011 16:49:04, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The dependency service or group failed to start.
25.9.2011 16:02:18, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004
25.9.2011 15:24:06, Error: Service Control Manager [7000] - The ESET Service service failed to start due to the following error: Access is denied.
25.9.2011 15:24:01, Error: Service Control Manager [7000] - The eamonm service failed to start due to the following error: Cannot create a file when that file already exists.
25.9.2011 15:10:57, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache ehdrv NetBIOS NetBT nsiproxy Psched rdbss spldr sptd tdx Wanarpv6 WfpLwf
25.9.2011 14:55:46, Error: Service Control Manager [7031] - The ESET Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
25.9.2011 14:51:05, Error: Service Control Manager [7030] - The ESET Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
25.9.2011 13:59:11, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147014847
25.9.2011 13:59:09, Error: Service Control Manager [7000] - The ESET Service service failed to start due to the following error: The system cannot find the file specified.
25.9.2011 13:31:32, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for DeleteFlag with the following error: Access is denied.
25.9.2011 12:58:40, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
19.9.2011 11:34:25, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk3\DR3.
.
==== End Of File ===========================

Please Help, Thanks

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===================================================================

Please download DummyCreator.zip and unzip it.

• Run the tool.
• Copy and paste the following into the edit box:

• 
  C:\Windows\2682421377

• Press Create button and post the content of the Result.txt.

Important: Restart the computer.

Then....

Please download Rootkit Unhooker from one of the following links and save it to your desktop.

• Link 1 (.exe file)
  Link 2 (zipped file)
  Link 3 (.rar file)

In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can download, install and use the free 7-zip utility.

• Double-click on RKUnhookerLE.exe to start the program.
  Vista/Windows 7 users right-click and select Run As Administrator.
• Click the Report tab, then click Scan.
• Check Drivers, Stealth, and uncheck the rest.
• Click OK.
• Wait until it's finished and then go to File > Save Report.
• Save the report to your Desktop.
• Copy and paste the contents of the report into your next reply.

-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

 

[gregas]

DummyCreator by Farbar
Ran by Grega (administrator) on 27-09-2011 at 15:56:43
**************************************************************

C:\Windows\2682421377 [27-09-2011 15:56:43]

== End of log ==



restarting....

 

[gregas]

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows 7
Version 6.1.7600
Number of processors #2
==============================================
>Drivers
==============================================
0x8F436000 C:\Windows\system32\DRIVERS\nvlddmkm.sys 10686464 bytes (NVIDIA Corporation, NVIDIA Windows Kernel Mode Driver, Version 270.61 )
0x82E46000 C:\Windows\system32\ntkrnlpa.exe 4259840 bytes (Microsoft Corporation, NT Kernel & System)
0x82E46000 PnpManager 4259840 bytes
0x82E46000 RAW 4259840 bytes
0x82E46000 WMIxWDM 4259840 bytes
0x95E11000 C:\Windows\system32\drivers\RTKVHDA.sys 3182592 bytes (Realtek Semiconductor Corp., Realtek(r) High Definition Audio Function Driver)
0x97300000 Win32k 2408448 bytes
0x97300000 C:\Windows\System32\win32k.sys 2408448 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x89225000 C:\Windows\System32\drivers\tcpip.sys 1347584 bytes (Microsoft Corporation, TCP/IP Driver)
0x89008000 C:\Windows\System32\Drivers\Ntfs.sys 1241088 bytes (Microsoft Corporation, NT File System Driver)
0x8E88C000 C:\Windows\system32\DRIVERS\ar5416.sys 1040384 bytes (Atheros Communications, Inc., Driver for Atheros AR5008 Wireless Network Adapter)
0x88C36000 PCI_PNP0683 995328 bytes
0x88C36000 C:\Windows\System32\Drivers\spit.sys 995328 bytes
0x88C36000 sptd 995328 bytes
0x90E39000 C:\Windows\system32\DRIVERS\eamon.sys 835584 bytes (ESET, Amon monitor)
0x8FE69000 C:\Windows\System32\drivers\dxgkrnl.sys 749568 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x88F38000 C:\Windows\system32\drivers\ndis.sys 749568 bytes (Microsoft Corporation, NDIS 6.20 driver)
0x88ADC000 C:\Windows\system32\CI.dll 700416 bytes (Microsoft Corporation, Code Integrity Module)
0x9EA3E000 C:\Windows\system32\drivers\peauth.sys 618496 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x9A839000 C:\Windows\system32\drivers\HTTP.sys 544768 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x88A09000 C:\Windows\system32\mcupdate_GenuineIntel.dll 491520 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x88B87000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0x9EB00000 C:\Windows\system32\drivers\spsys.sys 434176 bytes (Microsoft Corporation, security processor)
0x8E176000 C:\Windows\system32\drivers\csc.sys 409600 bytes (Microsoft Corporation, Windows Client Side Caching Driver)
0x89175000 C:\Windows\System32\Drivers\cng.sys 380928 bytes (Microsoft Corporation, Kernel Cryptography, Next Generation)
0x8E012000 C:\Windows\system32\drivers\afd.sys 368640 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x9A96E000 C:\Windows\System32\DRIVERS\srv.sys 335872 bytes (Microsoft Corporation, Server driver)
0x9EB77000 C:\Windows\System32\DRIVERS\srv2.sys 323584 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x975B0000 C:\Windows\System32\ATMFD.DLL 315392 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x8FF64000 C:\Windows\system32\DRIVERS\USBPORT.SYS 307200 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x88E3E000 C:\Windows\System32\drivers\volmgrx.sys 307200 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x88D58000 C:\Windows\system32\DRIVERS\ACPI.sys 294912 bytes (Microsoft Corporation, ACPI Driver for NT)
0x90F2F000 C:\Windows\system32\DRIVERS\nwifi.sys 286720 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x94ECF000 C:\Windows\system32\DRIVERS\usbhub.sys 278528 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x88A9A000 C:\Windows\system32\CLFS.SYS 270336 bytes (Microsoft Corporation, Common Log File System Driver)
0x8E115000 C:\Windows\system32\DRIVERS\rdbss.sys 266240 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x893A8000 C:\Windows\system32\DRIVERS\volsnap.sys 258048 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x88E00000 C:\Windows\system32\drivers\NETIO.SYS 253952 bytes (Microsoft Corporation, Network I/O Subsystem)
0x9A90C000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 241664 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x8E9AF000 C:\Windows\System32\Drivers\a2en5vy2.SYS 233472 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x8FF20000 C:\Windows\System32\drivers\dxgmms1.sys 233472 bytes (Microsoft Corporation, DirectX Graphics MMS)
0x82E0F000 ACPI_HAL 225280 bytes
0x82E0F000 C:\Windows\system32\halmacpi.dll 225280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x88EE9000 C:\Windows\system32\drivers\fltmgr.sys 212992 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x94E7F000 C:\Windows\system32\DRIVERS\ks.sys 212992 bytes (Microsoft Corporation, Kernel CSA Library)
0x89480000 C:\Windows\System32\DRIVERS\fvevol.sys 204800 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)
0x8E06C000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8936E000 C:\Windows\System32\drivers\fwpkclnt.sys 200704 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x9611A000 C:\Windows\system32\drivers\portcls.sys 192512 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x8943B000 C:\Windows\System32\drivers\rdyboost.sys 184320 bytes (Microsoft Corporation, ReadyBoost Driver)
0x89137000 C:\Windows\System32\Drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x88DB3000 C:\Windows\system32\DRIVERS\pci.sys 172032 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x8E832000 C:\Windows\system32\DRIVERS\avipbb.sys 159744 bytes (Avira GmbH, Avira Driver for Security Enhancement)
0x88D32000 C:\Windows\System32\Drivers\SCSIPORT.SYS 155648 bytes (Microsoft Corporation, SCSI Port Driver)
0x894C3000 C:\Windows\system32\DRIVERS\CLASSPNP.SYS 151552 bytes (Microsoft Corporation, SCSI Class System Dll)
0x89200000 C:\Windows\System32\Drivers\ksecpkg.sys 151552 bytes (Microsoft Corporation, Kernel Security Support Provider Interface Packages)
0x8F400000 C:\Windows\system32\DRIVERS\Rt86win7.sys 151552 bytes (Realtek Corporation , Realtek 8101E/8168/8169 NDIS 6.20 32-bit Driver )
0x94F31000 C:\Windows\system32\DRIVERS\Dot4.sys 147456 bytes (Microsoft Corporation, IEEE-1284.4-1999 Driver)
0x88EBD000 C:\Windows\system32\DRIVERS\ataport.SYS 143360 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x9A8E9000 C:\Windows\system32\DRIVERS\mrxsmb.sys 143360 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x89418000 C:\Windows\system32\DRIVERS\ndiswan.sys 139264 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x9EADF000 C:\Windows\System32\DRIVERS\srvnet.sys 135168 bytes (Microsoft Corporation, Server Network driver)
0x8E859000 C:\Windows\system32\DRIVERS\tunnel.sys 135168 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x89553000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x9EBC6000 C:\Windows\system32\DRIVERS\WUDFRd.sys 135168 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector)
0x8951A000 C:\Windows\system32\DRIVERS\cdrom.sys 126976 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x8FFBE000 C:\Windows\system32\DRIVERS\HDAudBus.sys 126976 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x8E0A5000 C:\Windows\system32\DRIVERS\pacer.sys 126976 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x97590000 C:\Windows\System32\cdd.dll 122880 bytes (Microsoft Corporation, Canonical Display Driver)
0x94F75000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x9A947000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 110592 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x8E0D2000 C:\Windows\system32\DRIVERS\serial.sys 106496 bytes (Microsoft Corporation, Serial Device Driver)
0x90F05000 C:\Windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x9A8BE000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x96149000 C:\Windows\system32\drivers\drmk.sys 102400 bytes (Microsoft Corporation, Microsoft Trusted Audio Drivers)
0x8E1DA000 C:\Windows\System32\Drivers\dfsc.sys 98304 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x8E98A000 C:\Windows\system32\DRIVERS\i8042prt.sys 98304 bytes (Microsoft Corporation, i8042 Port Driver)
0x8FFDD000 C:\Windows\system32\DRIVERS\parport.sys 98304 bytes (Microsoft Corporation, Parallel Port Driver)
0x8E812000 C:\Windows\system32\DRIVERS\rasl2tp.sys 98304 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x94E20000 C:\Windows\system32\DRIVERS\raspppoe.sys 98304 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x94F90000 C:\Windows\system32\DRIVERS\avgntflt.sys 94208 bytes (Avira GmbH, Avira Minifilter Driver)
0x94E38000 C:\Windows\system32\DRIVERS\raspptp.sys 94208 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x94E4F000 C:\Windows\system32\DRIVERS\rassstp.sys 94208 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x895BE000 C:\Windows\system32\DRIVERS\tdx.sys 94208 bytes (Microsoft Corporation, TDI Translation Driver)
0x9619E000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0x94F55000 C:\Windows\system32\DRIVERS\USBSTOR.SYS 94208 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0x88E9E000 C:\Windows\System32\drivers\mountmgr.sys 90112 bytes (Microsoft Corporation, Mount Point Manager)
0x961C2000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 77824 bytes (Microsoft Corporation, Hid Class Library)
0x89162000 C:\Windows\System32\Drivers\ksecdd.sys 77824 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x90F85000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8E0EC000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x8E800000 C:\Windows\system32\DRIVERS\AgileVpn.sys 73728 bytes (Microsoft Corporation, RAS Agile Vpn Miniport Call Manager)
0x8E87A000 C:\Windows\system32\DRIVERS\intelppm.sys 73728 bytes (Microsoft Corporation, Processor Device Driver)
0x9A8D7000 C:\Windows\System32\drivers\mpsdrv.sys 73728 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x894B2000 C:\Windows\system32\DRIVERS\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x9618D000 C:\Windows\System32\Drivers\dump_dumpfve.sys 69632 bytes
0x88F1D000 C:\Windows\system32\drivers\fileinfo.sys 69632 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x94F13000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x88DDD000 C:\Windows\System32\drivers\partmgr.sys 69632 bytes (Microsoft Corporation, Partition Management Driver)
0x88A81000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x90F1F000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x89468000 C:\Windows\System32\Drivers\mup.sys 65536 bytes (Microsoft Corporation, Multiple UNC Provider Driver)
0x90F75000 C:\Windows\system32\DRIVERS\ndisuio.sys 65536 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x8E0FF000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Remote Desktop Server Driver)
0x88C0B000 C:\Windows\system32\DRIVERS\volmgr.sys 65536 bytes (Microsoft Corporation, Volume Manager Driver)
0x8FFAF000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x8E1F2000 C:\Windows\system32\DRIVERS\blbdrive.sys 57344 bytes (Microsoft Corporation, BLB Drive Driver)
0x8E0C4000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x895A4000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x88E90000 C:\Windows\system32\DRIVERS\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x891D2000 C:\Windows\System32\drivers\pcw.sys 57344 bytes (Microsoft Corporation, Performance Counters for Windows Driver)
0x94EB3000 C:\Windows\system32\DRIVERS\umbus.sys 57344 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x961F2000 C:\Windows\system32\DRIVERS\usbscan.sys 57344 bytes (Microsoft Corporation, USB Scanner Driver)
0x88C28000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0x94EC1000 C:\Windows\system32\DRIVERS\wsimd.sys 57344 bytes (Atheros Communications, Inc., Wireless Intermediate Miniport Driver)
0x8E9E8000 C:\Windows\system32\DRIVERS\CompositeBus.sys 53248 bytes (Microsoft Corporation, Multi-Transport Composite Bus Enumerator)
0x9616C000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x94F24000 C:\Windows\system32\DRIVERS\dot4usb.sys 53248 bytes (Microsoft Corporation, DOT4USB filter driver)
0x8E9A2000 C:\Windows\system32\DRIVERS\kbdclass.sys 53248 bytes (Microsoft Corporation, Keyboard Class Driver)
0x94E70000 C:\Windows\system32\DRIVERS\mouclass.sys 53248 bytes (Microsoft Corporation, Mouse Class Driver)
0x9EB6A000 C:\Windows\System32\drivers\tcpipreg.sys 53248 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x89574000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x8E16A000 C:\Windows\System32\drivers\discache.sys 49152 bytes (Microsoft Corporation, System Indexer/Cache Driver)
0x89547000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
!!!!!!!!!!!Hidden driver: 0x8940D000 2155373864 45056 bytes
0x88C00000 C:\Windows\system32\DRIVERS\BATTC.SYS 45056 bytes (Microsoft Corporation, Battery Class Driver)
0x96179000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x961B7000 C:\Windows\system32\DRIVERS\hidusb.sys 45056 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x961E7000 C:\Windows\system32\DRIVERS\monitor.sys 45056 bytes (Microsoft Corporation, Monitor Driver)
0x961DC000 C:\Windows\system32\DRIVERS\mouhid.sys 45056 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x89599000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8FFF5000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x895D5000 C:\Windows\system32\drivers\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x95E00000 C:\Windows\system32\DRIVERS\usbprint.sys 45056 bytes (Microsoft Corporation, USB Printer driver)
0x8FF59000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x88DA8000 C:\Windows\system32\DRIVERS\vdrvroot.sys 45056 bytes (Microsoft Corporation, Virtual Drive Root Enumerator)
0x96162000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8E160000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x8E156000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x88F2E000 C:\Windows\System32\Drivers\PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0x94E66000 C:\Windows\system32\DRIVERS\rdpbus.sys 40960 bytes (Microsoft Corporation, Microsoft RDP Bus Device driver)
0x9EAD5000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x8F425000 C:\Windows\system32\DRIVERS\serenum.sys 40960 bytes (Microsoft Corporation, Serial Port Enumerator)
0x88EE0000 C:\Windows\system32\DRIVERS\amdxata.sys 36864 bytes (Advanced Micro Devices, Storage Filter Driver)
0x88EB4000 C:\Windows\system32\DRIVERS\atapi.sys 36864 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x9EBEB000 C:\Windows\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0x94F6C000 C:\Windows\system32\DRIVERS\Dot4Prt.sys 36864 bytes (Microsoft Corporation, IEEE-1284.4 Print Class Driver)
0x96184000 C:\Windows\System32\Drivers\dump_atapi.sys 36864 bytes
0x891E0000 C:\Windows\System32\Drivers\Fs_Rec.sys 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x97560000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8939F000 C:\Windows\system32\DRIVERS\vmstorfl.sys 36864 bytes (Microsoft Corporation, Virtual Storage Filter Driver)
0x88D29000 C:\Windows\System32\Drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x88A92000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x88DEE000 C:\Windows\system32\DRIVERS\compbatt.sys 32768 bytes (Microsoft Corporation, Composite Battery Driver)
0x89478000 C:\Windows\System32\drivers\hwpolicy.sys 32768 bytes (Microsoft Corporation, Hardware Policy Driver)
0x80BB8000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Serial Kernel Debugger)
0x88DA0000 C:\Windows\system32\DRIVERS\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x89581000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x89589000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Encoder Miniport)
0x89591000 C:\Windows\system32\drivers\rdprefmp.sys 32768 bytes (Microsoft Corporation, RDP Reflector Driver Miniport)
0x893E7000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x89540000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x961D5000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x89539000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x9A962000 C:\Windows\system32\DRIVERS\parvdm.sys 28672 bytes (Microsoft Corporation, VDM Parallel Driver)
0x88E89000 C:\Windows\system32\DRIVERS\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x8E09E000 C:\Windows\system32\DRIVERS\wfplwf.sys 28672 bytes (Microsoft Corporation, WFP NDIS 6.20 Lightweight Filter Driver)
0x8E10F000 C:\Windows\system32\DRIVERS\ssmdrv.sys 24576 bytes (Avira GmbH, AVIRA SnapShot Driver)
0x9A969000 C:\Windows\system32\drivers\pstrip.sys 20480 bytes (EnTech Taiwan, PowerStrip support NT kernel-mode driver)
0x9EBE7000 C:\Windows\system32\drivers\mbam.sys 16384 bytes (Malwarebytes Corporation, Malwarebytes' Anti-Malware)
0x8FE67000 C:\Windows\System32\Drivers\nvBridge.kmd 8192 bytes (NVIDIA Corporation, NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 270.61 )
0x94E7D000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x961B5000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
!!!!!!!!!!!Hidden driver: 0x8610C140 00000569 3776 bytes
0x8610C140 unknown_irp_handler 3776 bytes
0x84E781F8 unknown_irp_handler 3592 bytes
0x84E761F8 unknown_irp_handler 3592 bytes
0x8603E1F8 unknown_irp_handler 3592 bytes
0x84E771F8 unknown_irp_handler 3592 bytes
0x860F61F8 unknown_irp_handler 3592 bytes
0x84E741F8 unknown_irp_handler 3592 bytes
0x863E41F8 unknown_irp_handler 3592 bytes
0x86183480 unknown_irp_handler 2944 bytes
0x86079500 unknown_irp_handler 2816 bytes
0x86171500 unknown_irp_handler 2816 bytes
0x8780B500 unknown_irp_handler 2816 bytes
==============================================
>Stealth
==============================================
0x8610FBC1 Unknown page with executable code, 1087 bytes
0x8610FAF0 Unknown page with executable code, 1296 bytes
0x8610B9E2 Unknown page with executable code, 1566 bytes
0x8610D65A Unknown page with executable code, 2470 bytes
0x8610BEF0 Unknown page with executable code, 272 bytes
0x8611021B Unknown page with executable code, 3557 bytes
0x8610D074 Unknown page with executable code, 3980 bytes
0x894119B5 Unknown thread object [ ETHREAD 0x85D86D48 ] TID: 260, 600 bytes
0x894119B5 Unknown thread object [ ETHREAD 0x860B6990 ] TID: 264, 600 bytes
0x86111E95 Unknown thread object [ ETHREAD 0x860DCD48 ] TID: 268, 600 bytes
0x86111E95 Unknown thread object [ ETHREAD 0x860F2020 ] TID: 272, 600 bytes
WARNING: File locked for read access [C:\Windows\system32\drivers\sptd.sys]
0x8610FC76 Unknown page with executable code, 906 bytes

 

[Broni]

Download TDSSKiller and save it to your desktop.

• Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

 

[gregas]

19:08:46.0594 3660 TDSS rootkit removing tool 2.6.2.0 Sep 26 2011 18:56:43
19:08:46.0692 3660 ============================================================
19:08:46.0692 3660 Current date / time: 2011/09/27 19:08:46.0692
19:08:46.0692 3660 SystemInfo:
19:08:46.0692 3660
19:08:46.0693 3660 OS Version: 6.1.7600 ServicePack: 0.0
19:08:46.0693 3660 Product type: Workstation
19:08:46.0693 3660 ComputerName: GREGA-PC
19:08:46.0693 3660 UserName: Grega
19:08:46.0693 3660 Windows directory: C:\Windows
19:08:46.0693 3660 System windows directory: C:\Windows
19:08:46.0693 3660 Processor architecture: Intel x86
19:08:46.0693 3660 Number of processors: 2
19:08:46.0693 3660 Page size: 0x1000
19:08:46.0693 3660 Boot type: Normal boot
19:08:46.0693 3660 ============================================================
19:08:48.0572 3660 Initialize success
19:08:59.0123 1808 ============================================================
19:08:59.0123 1808 Scan started
19:08:59.0123 1808 Mode: Manual;
19:08:59.0123 1808 ============================================================
19:09:01.0904 1808 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
19:09:01.0929 1808 1394ohci - ok
19:09:01.0996 1808 8180e29f - ok
19:09:02.0025 1808 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
19:09:02.0028 1808 ACPI - ok
19:09:02.0053 1808 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
19:09:02.0054 1808 AcpiPmi - ok
19:09:02.0073 1808 adfs - ok
19:09:02.0119 1808 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
19:09:02.0124 1808 adp94xx - ok
19:09:02.0136 1808 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
19:09:02.0139 1808 adpahci - ok
19:09:02.0166 1808 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
19:09:02.0168 1808 adpu320 - ok
19:09:02.0247 1808 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
19:09:02.0251 1808 AFD - ok
19:09:02.0276 1808 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
19:09:02.0277 1808 agp440 - ok
19:09:02.0309 1808 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
19:09:02.0311 1808 aic78xx - ok
19:09:02.0336 1808 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
19:09:02.0336 1808 aliide - ok
19:09:02.0357 1808 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
19:09:02.0358 1808 amdagp - ok
19:09:02.0376 1808 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
19:09:02.0377 1808 amdide - ok
19:09:02.0391 1808 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
19:09:02.0393 1808 AmdK8 - ok
19:09:02.0404 1808 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
19:09:02.0405 1808 AmdPPM - ok
19:09:02.0424 1808 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
19:09:02.0426 1808 amdsata - ok
19:09:02.0445 1808 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
19:09:02.0447 1808 amdsbs - ok
19:09:02.0459 1808 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
19:09:02.0459 1808 amdxata - ok
19:09:02.0521 1808 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
19:09:02.0522 1808 AppID - ok
19:09:02.0570 1808 AR5416 (e874f36246ea0b9e6ca978fd0beb1b2f) C:\Windows\system32\DRIVERS\ar5416.sys
19:09:02.0592 1808 AR5416 - ok
19:09:02.0612 1808 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
19:09:02.0613 1808 arc - ok
19:09:02.0626 1808 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
19:09:02.0627 1808 arcsas - ok
19:09:02.0660 1808 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
19:09:02.0661 1808 AsyncMac - ok
19:09:02.0682 1808 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
19:09:02.0682 1808 atapi - ok
19:09:02.0738 1808 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
19:09:02.0756 1808 avgntflt - ok
19:09:02.0787 1808 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
19:09:02.0789 1808 avipbb - ok
19:09:02.0816 1808 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
19:09:02.0821 1808 b06bdrv - ok
19:09:02.0876 1808 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
19:09:02.0879 1808 b57nd60x - ok
19:09:02.0907 1808 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
19:09:02.0907 1808 Beep - ok
19:09:02.0933 1808 BlackBox - ok
19:09:02.0956 1808 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
19:09:02.0957 1808 blbdrive - ok
19:09:03.0021 1808 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
19:09:03.0022 1808 bowser - ok
19:09:03.0036 1808 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:09:03.0037 1808 BrFiltLo - ok
19:09:03.0059 1808 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:09:03.0060 1808 BrFiltUp - ok
19:09:03.0105 1808 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
19:09:03.0109 1808 Brserid - ok
19:09:03.0138 1808 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
19:09:03.0139 1808 BrSerWdm - ok
19:09:03.0153 1808 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:09:03.0154 1808 BrUsbMdm - ok
19:09:03.0170 1808 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
19:09:03.0171 1808 BrUsbSer - ok
19:09:03.0192 1808 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
19:09:03.0194 1808 BTHMODEM - ok
19:09:03.0230 1808 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
19:09:03.0232 1808 cdfs - ok
19:09:03.0264 1808 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
19:09:03.0266 1808 cdrom - ok
19:09:03.0318 1808 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
19:09:03.0319 1808 circlass - ok
19:09:03.0347 1808 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
19:09:03.0350 1808 CLFS - ok
19:09:03.0374 1808 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
19:09:03.0375 1808 CmBatt - ok
19:09:03.0389 1808 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
19:09:03.0390 1808 cmdide - ok
19:09:03.0415 1808 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
19:09:03.0419 1808 CNG - ok
19:09:03.0464 1808 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
19:09:03.0464 1808 Compbatt - ok
19:09:03.0485 1808 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
19:09:03.0486 1808 CompositeBus - ok
19:09:03.0508 1808 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
19:09:03.0509 1808 crcdisk - ok
19:09:03.0533 1808 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
19:09:03.0538 1808 CSC - ok
19:09:03.0603 1808 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
19:09:03.0604 1808 DfsC - ok
19:09:03.0613 1808 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
19:09:03.0614 1808 discache - ok
19:09:03.0648 1808 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
19:09:03.0648 1808 Disk - ok
19:09:03.0730 1808 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
19:09:03.0732 1808 Dot4 - ok
19:09:03.0799 1808 Dot4Print (c25fea07a8e7767e8b89ab96a3b96519) C:\Windows\system32\DRIVERS\Dot4Prt.sys
19:09:03.0832 1808 Dot4Print - ok
19:09:03.0873 1808 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
19:09:03.0874 1808 dot4usb - ok
19:09:03.0911 1808 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
19:09:03.0912 1808 drmkaud - ok
19:09:03.0947 1808 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
19:09:03.0963 1808 DXGKrnl - ok
19:09:03.0982 1808 E1G60 (22ef8965101685add128f03a2b03ce16) C:\Windows\system32\DRIVERS\E1G60I32.sys
19:09:03.0984 1808 E1G60 - ok
19:09:04.0017 1808 eamon (1b5ca1caffc594bd37dcc8d7ef849e0b) C:\Windows\system32\DRIVERS\eamon.sys
19:09:04.0018 1808 eamon - ok
19:09:04.0161 1808 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
19:09:04.0245 1808 ebdrv - ok
19:09:04.0302 1808 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
19:09:04.0307 1808 elxstor - ok
19:09:04.0332 1808 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
19:09:04.0333 1808 ErrDev - ok
19:09:04.0387 1808 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
19:09:04.0389 1808 exfat - ok
19:09:04.0417 1808 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
19:09:04.0419 1808 fastfat - ok
19:09:04.0463 1808 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
19:09:04.0464 1808 fdc - ok
19:09:04.0483 1808 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
19:09:04.0484 1808 FileInfo - ok
19:09:04.0502 1808 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
19:09:04.0503 1808 Filetrace - ok
19:09:04.0520 1808 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
19:09:04.0521 1808 flpydisk - ok
19:09:04.0538 1808 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
19:09:04.0541 1808 FltMgr - ok
19:09:04.0557 1808 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
19:09:04.0558 1808 FsDepends - ok
19:09:04.0578 1808 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
19:09:04.0579 1808 Fs_Rec - ok
19:09:04.0633 1808 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
19:09:04.0636 1808 fvevol - ok
19:09:04.0669 1808 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:09:04.0671 1808 gagp30kx - ok
19:09:04.0745 1808 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
19:09:04.0747 1808 hcw85cir - ok
19:09:04.0779 1808 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
19:09:04.0783 1808 HdAudAddService - ok
19:09:04.0815 1808 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:09:04.0816 1808 HDAudBus - ok
19:09:04.0837 1808 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
19:09:04.0838 1808 HidBatt - ok
19:09:04.0859 1808 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
19:09:04.0860 1808 HidBth - ok
19:09:04.0887 1808 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
19:09:04.0888 1808 HidIr - ok
19:09:04.0921 1808 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
19:09:04.0922 1808 HidUsb - ok
19:09:04.0978 1808 hitmanpro35 (72472b9ce5d02e443cff49a40355455d) C:\Windows\system32\drivers\hitmanpro35.sys
19:09:04.0979 1808 hitmanpro35 - ok
19:09:05.0045 1808 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
19:09:05.0046 1808 HpSAMD - ok
19:09:05.0083 1808 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
19:09:05.0089 1808 HTTP - ok
19:09:05.0101 1808 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
19:09:05.0101 1808 hwpolicy - ok
19:09:05.0117 1808 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
19:09:05.0119 1808 i8042prt - ok
19:09:05.0152 1808 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
19:09:05.0156 1808 iaStorV - ok
19:09:05.0195 1808 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
19:09:05.0197 1808 iirsp - ok
19:09:05.0501 1808 IntcAzAudAddService (0c36a7de2b4e6ec301b98ae300547701) C:\Windows\system32\drivers\RTKVHDA.sys
19:09:05.0593 1808 IntcAzAudAddService - ok
19:09:05.0626 1808 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
19:09:05.0627 1808 intelide - ok
19:09:05.0662 1808 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
19:09:05.0664 1808 intelppm - ok
19:09:05.0691 1808 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:09:05.0692 1808 IpFilterDriver - ok
19:09:05.0726 1808 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
19:09:05.0728 1808 IPMIDRV - ok
19:09:05.0750 1808 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
19:09:05.0752 1808 IPNAT - ok
19:09:05.0783 1808 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
19:09:05.0784 1808 IRENUM - ok
19:09:05.0805 1808 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
19:09:05.0806 1808 isapnp - ok
19:09:05.0834 1808 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
19:09:05.0836 1808 iScsiPrt - ok
19:09:05.0854 1808 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
19:09:05.0855 1808 kbdclass - ok
19:09:05.0874 1808 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
19:09:05.0875 1808 kbdhid - ok
19:09:05.0912 1808 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
19:09:05.0913 1808 KSecDD - ok
19:09:05.0979 1808 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
19:09:05.0980 1808 KSecPkg - ok
19:09:06.0018 1808 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
19:09:06.0020 1808 lltdio - ok
19:09:06.0046 1808 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
19:09:06.0048 1808 LSI_FC - ok
19:09:06.0074 1808 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
19:09:06.0075 1808 LSI_SAS - ok
19:09:06.0091 1808 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:09:06.0092 1808 LSI_SAS2 - ok
19:09:06.0130 1808 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:09:06.0132 1808 LSI_SCSI - ok
19:09:06.0148 1808 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
19:09:06.0149 1808 luafv - ok
19:09:06.0204 1808 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys
19:09:06.0205 1808 MBAMProtector - ok
19:09:06.0229 1808 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
19:09:06.0230 1808 megasas - ok
19:09:06.0278 1808 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
19:09:06.0281 1808 MegaSR - ok
19:09:06.0324 1808 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
19:09:06.0325 1808 Modem - ok
19:09:06.0354 1808 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
19:09:06.0355 1808 monitor - ok
19:09:06.0366 1808 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
19:09:06.0368 1808 mouclass - ok
19:09:06.0391 1808 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
19:09:06.0393 1808 mouhid - ok
19:09:06.0411 1808 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
19:09:06.0412 1808 mountmgr - ok
19:09:06.0433 1808 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
19:09:06.0435 1808 mpio - ok
19:09:06.0455 1808 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
19:09:06.0456 1808 mpsdrv - ok
19:09:06.0490 1808 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
19:09:06.0492 1808 MRxDAV - ok
19:09:06.0545 1808 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:09:06.0547 1808 mrxsmb - ok
19:09:06.0613 1808 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:09:06.0616 1808 mrxsmb10 - ok
19:09:06.0635 1808 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:09:06.0637 1808 mrxsmb20 - ok
19:09:06.0664 1808 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
19:09:06.0665 1808 msahci - ok
19:09:06.0688 1808 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
19:09:06.0689 1808 msdsm - ok
19:09:06.0721 1808 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
19:09:06.0722 1808 Msfs - ok
19:09:06.0734 1808 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
19:09:06.0845 1808 mshidkmdf - ok
19:09:06.0953 1808 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
19:09:06.0954 1808 msisadrv - ok
19:09:07.0205 1808 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
19:09:07.0206 1808 MSKSSRV - ok
19:09:07.0237 1808 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
19:09:07.0238 1808 MSPCLOCK - ok
19:09:07.0258 1808 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
19:09:07.0259 1808 MSPQM - ok
19:09:07.0278 1808 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
19:09:07.0279 1808 MsRPC - ok
19:09:07.0297 1808 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
19:09:07.0298 1808 mssmbios - ok
19:09:07.0317 1808 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
19:09:07.0317 1808 MSTEE - ok
19:09:07.0335 1808 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
19:09:07.0336 1808 MTConfig - ok
19:09:07.0358 1808 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
19:09:07.0358 1808 Mup - ok
19:09:07.0394 1808 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
19:09:07.0398 1808 NativeWifiP - ok
19:09:07.0443 1808 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
19:09:07.0457 1808 NDIS - ok
19:09:07.0491 1808 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
19:09:07.0492 1808 NdisCap - ok
19:09:07.0532 1808 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
19:09:07.0533 1808 NdisTapi - ok
19:09:07.0562 1808 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
19:09:07.0563 1808 Ndisuio - ok
19:09:07.0580 1808 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
19:09:07.0582 1808 NdisWan - ok
19:09:07.0591 1808 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
19:09:07.0592 1808 NDProxy - ok
19:09:07.0651 1808 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
19:09:07.0652 1808 NetBIOS - ok
19:09:07.0670 1808 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
19:09:07.0673 1808 NetBT - ok
19:09:07.0725 1808 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
19:09:07.0726 1808 nfrd960 - ok
19:09:07.0752 1808 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
19:09:07.0753 1808 Npfs - ok
19:09:07.0764 1808 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
19:09:07.0765 1808 nsiproxy - ok
19:09:07.0829 1808 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
19:09:07.0853 1808 Ntfs - ok
19:09:07.0886 1808 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
19:09:07.0887 1808 Null - ok
19:09:08.0474 1808 nvlddmkm (1f144bd1fecb52fe4dc18fafe70ff7af) C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:09:08.0667 1808 nvlddmkm - ok
19:09:08.0787 1808 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
19:09:08.0789 1808 nvraid - ok
19:09:08.0837 1808 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
19:09:08.0839 1808 nvstor - ok
19:09:08.0881 1808 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
19:09:08.0883 1808 nv_agp - ok
19:09:08.0906 1808 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
19:09:08.0907 1808 ohci1394 - ok
19:09:08.0946 1808 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
19:09:08.0947 1808 Parport - ok
19:09:08.0963 1808 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
19:09:08.0964 1808 partmgr - ok
19:09:08.0978 1808 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
19:09:08.0979 1808 Parvdm - ok
19:09:08.0998 1808 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
19:09:09.0000 1808 pci - ok
19:09:09.0015 1808 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
19:09:09.0016 1808 pciide - ok
19:09:09.0049 1808 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
19:09:09.0052 1808 pcmcia - ok
19:09:09.0078 1808 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
19:09:09.0079 1808 pcw - ok
19:09:09.0106 1808 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
19:09:09.0120 1808 PEAUTH - ok
19:09:09.0172 1808 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
19:09:09.0173 1808 PptpMiniport - ok
19:09:09.0198 1808 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
19:09:09.0200 1808 Processor - ok
19:09:09.0224 1808 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
19:09:09.0226 1808 Psched - ok
19:09:09.0335 1808 PStrip (bcf8d075fad718fea8ef6e281331a56e) C:\Windows\system32\drivers\pstrip.sys
19:09:09.0341 1808 PStrip - ok
19:09:09.0427 1808 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\Windows\system32\Drivers\PxHelp20.sys
19:09:09.0428 1808 PxHelp20 - ok
19:09:09.0483 1808 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
19:09:09.0527 1808 ql2300 - ok
19:09:09.0574 1808 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
19:09:09.0576 1808 ql40xx - ok
19:09:09.0608 1808 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
19:09:09.0610 1808 QWAVEdrv - ok
19:09:09.0628 1808 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
19:09:09.0628 1808 RasAcd - ok
19:09:09.0667 1808 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:09:09.0677 1808 RasAgileVpn - ok
19:09:09.0749 1808 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:09:09.0751 1808 Rasl2tp - ok
19:09:09.0784 1808 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
19:09:09.0785 1808 RasPppoe - ok
19:09:09.0801 1808 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
19:09:09.0803 1808 RasSstp - ok
19:09:09.0821 1808 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
19:09:09.0824 1808 rdbss - ok
19:09:09.0843 1808 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
19:09:09.0844 1808 rdpbus - ok
19:09:09.0861 1808 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:09:09.0862 1808 RDPCDD - ok
19:09:09.0890 1808 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
19:09:09.0892 1808 RDPDR - ok
19:09:09.0929 1808 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
19:09:09.0930 1808 RDPENCDD - ok
19:09:09.0943 1808 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
19:09:09.0944 1808 RDPREFMP - ok
19:09:09.0962 1808 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
19:09:09.0964 1808 RDPWD - ok
19:09:09.0985 1808 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
19:09:09.0988 1808 rdyboost - ok
19:09:10.0011 1808 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
19:09:10.0012 1808 rspndr - ok
19:09:10.0047 1808 RTL8167 (7dfd48e24479b68b258d8770121155a0) C:\Windows\system32\DRIVERS\Rt86win7.sys
19:09:10.0049 1808 RTL8167 - ok
19:09:10.0075 1808 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
19:09:10.0076 1808 s3cap - ok
19:09:10.0100 1808 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
19:09:10.0102 1808 sbp2port - ok
19:09:10.0124 1808 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
19:09:10.0125 1808 scfilter - ok
19:09:10.0159 1808 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
19:09:10.0160 1808 secdrv - ok
19:09:10.0177 1808 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
19:09:10.0178 1808 Serenum - ok
19:09:10.0191 1808 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
19:09:10.0193 1808 Serial - ok
19:09:10.0213 1808 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
19:09:10.0215 1808 sermouse - ok
19:09:10.0243 1808 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
19:09:10.0244 1808 sffdisk - ok
19:09:10.0260 1808 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
19:09:10.0261 1808 sffp_mmc - ok
19:09:10.0288 1808 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
19:09:10.0289 1808 sffp_sd - ok
19:09:10.0303 1808 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
19:09:10.0304 1808 sfloppy - ok
19:09:10.0324 1808 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
19:09:10.0325 1808 sisagp - ok
19:09:10.0344 1808 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:09:10.0345 1808 SiSRaid2 - ok
19:09:10.0374 1808 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
19:09:10.0376 1808 SiSRaid4 - ok
19:09:10.0410 1808 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
19:09:10.0411 1808 Smb - ok
19:09:10.0422 1808 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
19:09:10.0423 1808 spldr - ok
19:09:10.0538 1808 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
19:09:10.0539 1808 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
19:09:10.0540 1808 sptd ( LockedFile.Multi.Generic ) - warning
19:09:10.0540 1808 sptd - detected LockedFile.Multi.Generic (1)
19:09:10.0605 1808 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
19:09:10.0611 1808 srv - ok
19:09:10.0626 1808 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
19:09:10.0630 1808 srv2 - ok
19:09:10.0691 1808 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
19:09:10.0693 1808 srvnet - ok
19:09:10.0738 1808 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
19:09:10.0740 1808 ssmdrv - ok
19:09:10.0782 1808 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
19:09:10.0783 1808 stexstor - ok
19:09:10.0818 1808 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
19:09:10.0819 1808 storflt - ok
19:09:10.0841 1808 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
19:09:10.0843 1808 storvsc - ok
19:09:10.0863 1808 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
19:09:10.0864 1808 swenum - ok
19:09:10.0979 1808 Tcpip (c2daaeb48f3a47c410b041a0d2382ee1) C:\Windows\system32\drivers\tcpip.sys
19:09:11.0005 1808 Tcpip - ok
19:09:11.0054 1808 TCPIP6 (c2daaeb48f3a47c410b041a0d2382ee1) C:\Windows\system32\DRIVERS\tcpip.sys
19:09:11.0059 1808 TCPIP6 - ok
19:09:11.0085 1808 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
19:09:11.0086 1808 tcpipreg - ok
19:09:11.0110 1808 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
19:09:11.0111 1808 TDPIPE - ok
19:09:11.0133 1808 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
19:09:11.0134 1808 TDTCP - ok
19:09:11.0157 1808 tdx (27f5ed7d8070693b390b5c4f60cfa99b) C:\Windows\system32\DRIVERS\tdx.sys
19:09:11.0159 1808 tdx ( Rootkit.Win32.ZAccess.e ) - infected
19:09:11.0159 1808 tdx - detected Rootkit.Win32.ZAccess.e (0)
19:09:11.0207 1808 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
19:09:11.0209 1808 TermDD - ok
19:09:11.0286 1808 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:09:11.0315 1808 tssecsrv - ok
19:09:11.0359 1808 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
19:09:11.0361 1808 tunnel - ok
19:09:11.0379 1808 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
19:09:11.0381 1808 uagp35 - ok
19:09:11.0406 1808 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
19:09:11.0409 1808 udfs - ok
19:09:11.0449 1808 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
19:09:11.0450 1808 uliagpkx - ok
19:09:11.0478 1808 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
19:09:11.0480 1808 umbus - ok
19:09:11.0499 1808 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
19:09:11.0500 1808 UmPass - ok
19:09:11.0565 1808 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
19:09:11.0631 1808 usbccgp - ok
19:09:11.0649 1808 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
19:09:11.0651 1808 usbcir - ok
19:09:11.0673 1808 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
19:09:11.0674 1808 usbehci - ok
19:09:11.0694 1808 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
19:09:11.0698 1808 usbhub - ok
19:09:11.0716 1808 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
19:09:11.0718 1808 usbohci - ok
19:09:11.0736 1808 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
19:09:11.0737 1808 usbprint - ok
19:09:11.0799 1808 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
19:09:11.0817 1808 usbscan - ok
19:09:11.0838 1808 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:09:11.0838 1808 USBSTOR - ok
19:09:11.0851 1808 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
19:09:11.0852 1808 usbuhci - ok
19:09:11.0871 1808 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
19:09:11.0872 1808 vdrvroot - ok
19:09:11.0888 1808 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
19:09:11.0890 1808 vga - ok
19:09:11.0908 1808 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
19:09:11.0909 1808 VgaSave - ok
19:09:11.0935 1808 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
19:09:11.0938 1808 vhdmp - ok
19:09:11.0969 1808 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
19:09:11.0971 1808 viaagp - ok
19:09:11.0988 1808 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
19:09:11.0989 1808 ViaC7 - ok
19:09:12.0007 1808 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
19:09:12.0009 1808 viaide - ok
19:09:12.0029 1808 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
19:09:12.0032 1808 vmbus - ok
19:09:12.0057 1808 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
19:09:12.0058 1808 VMBusHID - ok
19:09:12.0080 1808 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
19:09:12.0081 1808 volmgr - ok
19:09:12.0188 1808 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
19:09:12.0380 1808 volmgrx - ok
19:09:12.0584 1808 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
19:09:12.0587 1808 volsnap - ok
19:09:12.0622 1808 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
19:09:12.0624 1808 vsmraid - ok
19:09:12.0649 1808 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
19:09:12.0650 1808 vwifibus - ok
19:09:12.0675 1808 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
19:09:12.0676 1808 WacomPen - ok
19:09:12.0706 1808 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
19:09:12.0708 1808 WANARP - ok
19:09:12.0710 1808 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
19:09:12.0711 1808 Wanarpv6 - ok
19:09:12.0741 1808 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
19:09:12.0742 1808 Wd - ok
19:09:12.0777 1808 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
19:09:12.0782 1808 Wdf01000 - ok
19:09:12.0811 1808 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
19:09:12.0812 1808 WfpLwf - ok
19:09:12.0821 1808 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
19:09:12.0822 1808 WIMMount - ok
19:09:12.0856 1808 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
19:09:12.0857 1808 WmiAcpi - ok
19:09:12.0885 1808 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
19:09:12.0886 1808 ws2ifsl - ok
19:09:12.0924 1808 WSIMD (ebedf91c32fe60c724402e6f44ca3152) C:\Windows\system32\DRIVERS\wsimd.sys
19:09:12.0925 1808 WSIMD - ok
19:09:12.0943 1808 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
19:09:12.0945 1808 WudfPf - ok
19:09:12.0977 1808 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:09:12.0980 1808 WUDFRd - ok
19:09:12.0995 1808 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
19:09:13.0064 1808 \Device\Harddisk1\DR1 - ok
19:09:13.0080 1808 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
19:09:13.0126 1808 \Device\Harddisk0\DR0 - ok
19:09:13.0129 1808 Boot (0x1200) (4b580a8783aa04094a21b822feced6da) \Device\Harddisk1\DR1\Partition0
19:09:13.0129 1808 \Device\Harddisk1\DR1\Partition0 - ok
19:09:13.0157 1808 Boot (0x1200) (85009d2d4acff0df80eba952532da860) \Device\Harddisk0\DR0\Partition0
19:09:13.0158 1808 \Device\Harddisk0\DR0\Partition0 - ok
19:09:13.0158 1808 ============================================================
19:09:13.0158 1808 Scan finished
19:09:13.0158 1808 ============================================================
19:09:13.0163 3788 Detected object count: 2
19:09:13.0163 3788 Actual detected object count: 2
19:09:57.0523 3788 sptd ( LockedFile.Multi.Generic ) - skipped by user
19:09:57.0523 3788 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
19:09:57.0676 3788 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\Windows\system32\drivers\tdx.sys) error 1813
19:10:00.0240 3788 Backup copy found, using it..
19:10:00.0266 3788 C:\Windows\system32\DRIVERS\tdx.sys - will be cured on reboot
19:10:00.0266 3788 tdx ( Rootkit.Win32.ZAccess.e ) - User select action: Cure
19:10:06.0198 2920 Deinitialize success

 

[Broni]

Good

Post new RKUnhooker log.

 

[gregas]

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows 7
Version 6.1.7600
Number of processors #2
==============================================
>Drivers
==============================================
0x8F40A000 C:\Windows\system32\DRIVERS\nvlddmkm.sys 10686464 bytes (NVIDIA Corporation, NVIDIA Windows Kernel Mode Driver, Version 270.61 )
0x82E3A000 C:\Windows\system32\ntkrnlpa.exe 4259840 bytes (Microsoft Corporation, NT Kernel & System)
0x82E3A000 PnpManager 4259840 bytes
0x82E3A000 RAW 4259840 bytes
0x82E3A000 WMIxWDM 4259840 bytes
0x95E24000 C:\Windows\system32\drivers\RTKVHDA.sys 3182592 bytes (Realtek Semiconductor Corp., Realtek(r) High Definition Audio Function Driver)
0x82130000 Win32k 2408448 bytes
0x82130000 C:\Windows\System32\win32k.sys 2408448 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x89287000 C:\Windows\System32\drivers\tcpip.sys 1347584 bytes (Microsoft Corporation, TCP/IP Driver)
0x89003000 C:\Windows\System32\Drivers\Ntfs.sys 1241088 bytes (Microsoft Corporation, NT File System Driver)
0x90236000 C:\Windows\system32\DRIVERS\ar5416.sys 1040384 bytes (Atheros Communications, Inc., Driver for Atheros AR5008 Wireless Network Adapter)
0x88C84000 PCI_PNP9691 995328 bytes
0x88C84000 sptd 995328 bytes
0x88C84000 C:\Windows\System32\Drivers\spwp.sys 995328 bytes
0x91C1C000 C:\Windows\system32\DRIVERS\eamon.sys 835584 bytes (ESET, Amon monitor)
0x8FE3D000 C:\Windows\System32\drivers\dxgkrnl.sys 749568 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x88F44000 C:\Windows\system32\drivers\ndis.sys 749568 bytes (Microsoft Corporation, NDIS 6.20 driver)
0x88AE2000 C:\Windows\system32\CI.dll 700416 bytes (Microsoft Corporation, Code Integrity Module)
0x9CE89000 C:\Windows\system32\drivers\peauth.sys 618496 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x91D7B000 C:\Windows\system32\drivers\HTTP.sys 544768 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x88A0F000 C:\Windows\system32\mcupdate_GenuineIntel.dll 491520 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x88C05000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0x9CF4B000 C:\Windows\system32\drivers\spsys.sys 434176 bytes (Microsoft Corporation, security processor)
0x8E389000 C:\Windows\system32\drivers\csc.sys 409600 bytes (Microsoft Corporation, Windows Client Side Caching Driver)
0x89170000 C:\Windows\System32\Drivers\cng.sys 380928 bytes (Microsoft Corporation, Kernel Cryptography, Next Generation)
0x8E225000 C:\Windows\system32\drivers\afd.sys 368640 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x9D089000 C:\Windows\System32\DRIVERS\srv.sys 335872 bytes (Microsoft Corporation, Server driver)
0x9D03A000 C:\Windows\System32\DRIVERS\srv2.sys 323584 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x82000000 C:\Windows\System32\ATMFD.DLL 315392 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x8FF38000 C:\Windows\system32\DRIVERS\USBPORT.SYS 307200 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x88E4A000 C:\Windows\System32\drivers\volmgrx.sys 307200 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x88DA6000 C:\Windows\system32\DRIVERS\ACPI.sys 294912 bytes (Microsoft Corporation, ACPI Driver for NT)
0x91D12000 C:\Windows\system32\DRIVERS\nwifi.sys 286720 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x94EBA000 C:\Windows\system32\DRIVERS\usbhub.sys 278528 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x88AA0000 C:\Windows\system32\CLFS.SYS 270336 bytes (Microsoft Corporation, Common Log File System Driver)
0x8E328000 C:\Windows\system32\DRIVERS\rdbss.sys 266240 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x8941E000 C:\Windows\system32\DRIVERS\volsnap.sys 258048 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x89224000 C:\Windows\system32\drivers\NETIO.SYS 253952 bytes (Microsoft Corporation, Network I/O Subsystem)
0x9CE27000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 241664 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x9037B000 C:\Windows\System32\Drivers\a5lhdaif.SYS 233472 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x8FEF4000 C:\Windows\System32\drivers\dxgmms1.sys 233472 bytes (Microsoft Corporation, DirectX Graphics MMS)
0x82E03000 ACPI_HAL 225280 bytes
0x82E03000 C:\Windows\system32\halmacpi.dll 225280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x88EF5000 C:\Windows\system32\drivers\fltmgr.sys 212992 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x94E6A000 C:\Windows\system32\DRIVERS\ks.sys 212992 bytes (Microsoft Corporation, Kernel CSA Library)
0x894AA000 C:\Windows\System32\DRIVERS\fvevol.sys 204800 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)
0x8E27F000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x88E00000 C:\Windows\System32\drivers\fwpkclnt.sys 200704 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x9612D000 C:\Windows\system32\drivers\portcls.sys 192512 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x89465000 C:\Windows\System32\drivers\rdyboost.sys 184320 bytes (Microsoft Corporation, ReadyBoost Driver)
0x89132000 C:\Windows\System32\Drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x88BAE000 C:\Windows\system32\DRIVERS\pci.sys 172032 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x893D9000 C:\Windows\system32\DRIVERS\avipbb.sys 159744 bytes (Avira GmbH, Avira Driver for Security Enhancement)
0x88D80000 C:\Windows\System32\Drivers\SCSIPORT.SYS 155648 bytes (Microsoft Corporation, SCSI Port Driver)
0x894ED000 C:\Windows\system32\DRIVERS\CLASSPNP.SYS 151552 bytes (Microsoft Corporation, SCSI Class System Dll)
0x89262000 C:\Windows\System32\Drivers\ksecpkg.sys 151552 bytes (Microsoft Corporation, Kernel Security Support Provider Interface Packages)
0x8FFB1000 C:\Windows\system32\DRIVERS\Rt86win7.sys 151552 bytes (Realtek Corporation , Realtek 8101E/8168/8169 NDIS 6.20 32-bit Driver )
0x94F1C000 C:\Windows\system32\DRIVERS\Dot4.sys 147456 bytes (Microsoft Corporation, IEEE-1284.4-1999 Driver)
0x88EC9000 C:\Windows\system32\DRIVERS\ataport.SYS 143360 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x94FBF000 C:\Windows\system32\DRIVERS\mrxsmb.sys 143360 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x90200000 C:\Windows\system32\DRIVERS\ndiswan.sys 139264 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x9CF2A000 C:\Windows\System32\DRIVERS\srvnet.sys 135168 bytes (Microsoft Corporation, Server Network driver)
0x89200000 C:\Windows\system32\DRIVERS\tunnel.sys 135168 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8957D000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x9D0DB000 C:\Windows\system32\DRIVERS\WUDFRd.sys 135168 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector)
0x89544000 C:\Windows\system32\DRIVERS\cdrom.sys 126976 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x8FF92000 C:\Windows\system32\DRIVERS\HDAudBus.sys 126976 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x8E2B8000 C:\Windows\system32\DRIVERS\pacer.sys 126976 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x823C0000 C:\Windows\System32\cdd.dll 122880 bytes (Microsoft Corporation, Canonical Display Driver)
0x94F62000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x9CE62000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 110592 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x8E2E5000 C:\Windows\system32\DRIVERS\serial.sys 106496 bytes (Microsoft Corporation, Serial Device Driver)
0x91CE8000 C:\Windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x94F94000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x9615C000 C:\Windows\system32\drivers\drmk.sys 102400 bytes (Microsoft Corporation, Microsoft Trusted Audio Drivers)
0x8E200000 C:\Windows\System32\Drivers\dfsc.sys 98304 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x90356000 C:\Windows\system32\DRIVERS\i8042prt.sys 98304 bytes (Microsoft Corporation, i8042 Port Driver)
0x9033E000 C:\Windows\system32\DRIVERS\parport.sys 98304 bytes (Microsoft Corporation, Parallel Port Driver)
0x903D3000 C:\Windows\system32\DRIVERS\rasl2tp.sys 98304 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x8FFD6000 C:\Windows\system32\DRIVERS\raspppoe.sys 98304 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x94F7D000 C:\Windows\system32\DRIVERS\avgntflt.sys 94208 bytes (Avira GmbH, Avira Minifilter Driver)
0x891E4000 C:\Windows\system32\DRIVERS\raspptp.sys 94208 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x94E3A000 C:\Windows\system32\DRIVERS\rassstp.sys 94208 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x895DC000 C:\Windows\system32\DRIVERS\tdx.sys 94208 bytes (Microsoft Corporation, TDI Translation Driver)
0x961B1000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0x94F40000 C:\Windows\system32\DRIVERS\USBSTOR.SYS 94208 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0x88B8D000 C:\Windows\system32\drivers\19069628.sys 90112 bytes
0x88EAA000 C:\Windows\System32\drivers\mountmgr.sys 90112 bytes (Microsoft Corporation, Mount Point Manager)
0x961D5000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 77824 bytes (Microsoft Corporation, Hid Class Library)
0x8915D000 C:\Windows\System32\Drivers\ksecdd.sys 77824 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x91D68000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8E2FF000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x903C1000 C:\Windows\system32\DRIVERS\AgileVpn.sys 73728 bytes (Microsoft Corporation, RAS Agile Vpn Miniport Call Manager)
0x89400000 C:\Windows\system32\DRIVERS\intelppm.sys 73728 bytes (Microsoft Corporation, Processor Device Driver)
0x94FAD000 C:\Windows\System32\drivers\mpsdrv.sys 73728 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x894DC000 C:\Windows\system32\DRIVERS\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x96196000 C:\Windows\System32\Drivers\dump_dumpfve.sys 69632 bytes
0x88F29000 C:\Windows\system32\drivers\fileinfo.sys 69632 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x94EFE000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x88BD8000 C:\Windows\System32\drivers\partmgr.sys 69632 bytes (Microsoft Corporation, Partition Management Driver)
0x88A87000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x91D02000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x89492000 C:\Windows\System32\Drivers\mup.sys 65536 bytes (Microsoft Corporation, Multiple UNC Provider Driver)
0x91D58000 C:\Windows\system32\DRIVERS\ndisuio.sys 65536 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x8E312000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Remote Desktop Server Driver)
0x88E3A000 C:\Windows\system32\DRIVERS\volmgr.sys 65536 bytes (Microsoft Corporation, Volume Manager Driver)
0x8FF83000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x8E3ED000 C:\Windows\system32\DRIVERS\blbdrive.sys 57344 bytes (Microsoft Corporation, BLB Drive Driver)
0x8E2D7000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x895CE000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x88E9C000 C:\Windows\system32\DRIVERS\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x891CD000 C:\Windows\System32\drivers\pcw.sys 57344 bytes (Microsoft Corporation, Performance Counters for Windows Driver)
0x94E9E000 C:\Windows\system32\DRIVERS\umbus.sys 57344 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x95E00000 C:\Windows\system32\DRIVERS\usbscan.sys 57344 bytes (Microsoft Corporation, USB Scanner Driver)
0x88C76000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0x94EAC000 C:\Windows\system32\DRIVERS\wsimd.sys 57344 bytes (Atheros Communications, Inc., Wireless Intermediate Miniport Driver)
0x903B4000 C:\Windows\system32\DRIVERS\CompositeBus.sys 53248 bytes (Microsoft Corporation, Multi-Transport Composite Bus Enumerator)
0x96175000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x94F0F000 C:\Windows\system32\DRIVERS\dot4usb.sys 53248 bytes (Microsoft Corporation, DOT4USB filter driver)
0x9036E000 C:\Windows\system32\DRIVERS\kbdclass.sys 53248 bytes (Microsoft Corporation, Keyboard Class Driver)
0x94E5B000 C:\Windows\system32\DRIVERS\mouclass.sys 53248 bytes (Microsoft Corporation, Mouse Class Driver)
0x9CFB5000 C:\Windows\System32\drivers\tcpipreg.sys 53248 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x8959E000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
!!!!!!!!!!!Hidden driver: 0x91C00000 .dfsc 49152 bytes
0x8E37D000 C:\Windows\System32\drivers\discache.sys 49152 bytes (Microsoft Corporation, System Indexer/Cache Driver)
0x89571000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
!!!!!!!!!!!Hidden driver: 0x9D114000 2570484744 45056 bytes
0x88BE9000 C:\Windows\system32\DRIVERS\BATTC.SYS 45056 bytes (Microsoft Corporation, Battery Class Driver)
0x96182000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x961CA000 C:\Windows\system32\DRIVERS\hidusb.sys 45056 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x94F57000 C:\Windows\system32\DRIVERS\monitor.sys 45056 bytes (Microsoft Corporation, Monitor Driver)
0x961EF000 C:\Windows\system32\DRIVERS\mouhid.sys 45056 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x895C3000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x903EB000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x895F3000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x95E0E000 C:\Windows\system32\DRIVERS\usbprint.sys 45056 bytes (Microsoft Corporation, USB Printer driver)
0x8FF2D000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x88BA3000 C:\Windows\system32\DRIVERS\vdrvroot.sys 45056 bytes (Microsoft Corporation, Virtual Drive Root Enumerator)
0x961A7000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8E373000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x8E369000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x88F3A000 C:\Windows\System32\Drivers\PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0x94E51000 C:\Windows\system32\DRIVERS\rdpbus.sys 40960 bytes (Microsoft Corporation, Microsoft RDP Bus Device driver)
0x9CF20000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x90334000 C:\Windows\system32\DRIVERS\serenum.sys 40960 bytes (Microsoft Corporation, Serial Port Enumerator)
0x88EEC000 C:\Windows\system32\DRIVERS\amdxata.sys 36864 bytes (Advanced Micro Devices, Storage Filter Driver)
0x88EC0000 C:\Windows\system32\DRIVERS\atapi.sys 36864 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x9D12E000 C:\Windows\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0x95E19000 C:\Windows\system32\DRIVERS\Dot4Prt.sys 36864 bytes (Microsoft Corporation, IEEE-1284.4 Print Class Driver)
0x9618D000 C:\Windows\System32\Drivers\dump_atapi.sys 36864 bytes
0x891DB000 C:\Windows\System32\Drivers\Fs_Rec.sys 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x82390000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x893D0000 C:\Windows\system32\DRIVERS\vmstorfl.sys 36864 bytes (Microsoft Corporation, Virtual Storage Filter Driver)
0x88D77000 C:\Windows\System32\Drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x88A98000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x88DF6000 C:\Windows\system32\DRIVERS\compbatt.sys 32768 bytes (Microsoft Corporation, Composite Battery Driver)
0x894A2000 C:\Windows\System32\drivers\hwpolicy.sys 32768 bytes (Microsoft Corporation, Hardware Policy Driver)
0x80B9A000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Serial Kernel Debugger)
0x88DEE000 C:\Windows\system32\DRIVERS\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x895AB000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x895B3000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Encoder Miniport)
0x895BB000 C:\Windows\system32\drivers\rdprefmp.sys 32768 bytes (Microsoft Corporation, RDP Reflector Driver Miniport)
0x8945D000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x8956A000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x961E8000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x89563000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x9CE7D000 C:\Windows\system32\DRIVERS\parvdm.sys 28672 bytes (Microsoft Corporation, VDM Parallel Driver)
0x88E95000 C:\Windows\system32\DRIVERS\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x8E2B1000 C:\Windows\system32\DRIVERS\wfplwf.sys 28672 bytes (Microsoft Corporation, WFP NDIS 6.20 Lightweight Filter Driver)
0x8E322000 C:\Windows\system32\DRIVERS\ssmdrv.sys 24576 bytes (Avira GmbH, AVIRA SnapShot Driver)
0x9CE84000 C:\Windows\system32\drivers\pstrip.sys 20480 bytes (EnTech Taiwan, PowerStrip support NT kernel-mode driver)
0x9D12A000 C:\Windows\system32\drivers\mbam.sys 16384 bytes (Malwarebytes Corporation, Malwarebytes' Anti-Malware)
0x8FE3B000 C:\Windows\System32\Drivers\nvBridge.kmd 8192 bytes (NVIDIA Corporation, NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 270.61 )
0x94E68000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x961C8000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0x884CF140 unknown_irp_handler 3776 bytes
0x84E771F8 unknown_irp_handler 3592 bytes
0x863521F8 unknown_irp_handler 3592 bytes
0x8608F1F8 unknown_irp_handler 3592 bytes
0x84E751F8 unknown_irp_handler 3592 bytes
0x84E761F8 unknown_irp_handler 3592 bytes
0x861591F8 unknown_irp_handler 3592 bytes
0x84E731F8 unknown_irp_handler 3592 bytes
0x8850A1F8 unknown_irp_handler 3592 bytes
0x8704D500 unknown_irp_handler 2816 bytes
0x860ED500 unknown_irp_handler 2816 bytes
0x86128500 unknown_irp_handler 2816 bytes
==============================================
>Stealth
==============================================
WARNING: File locked for read access [C:\Windows\system32\drivers\sptd.sys]
0x884D4E95 Unknown thread object [ ETHREAD 0x8851E408 ] TID: 1836, 600 bytes
0x884D4E95 Unknown thread object [ ETHREAD 0x88514020 ] TID: 1840, 600 bytes
0x9D1189B5 Unknown thread object [ ETHREAD 0x8882A878 ] TID: 2836, 600 bytes
0x9D1189B5 Unknown thread object [ ETHREAD 0x8882AD48 ] TID: 2840, 600 bytes

 

[Broni]

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan:


On completion of the scan click "Save log", save it to your desktop and post in your next reply:


NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[gregas]

i started aswMBR scan ... it found something than aswMBR gets closed right after that
i didn't take any more steps after that

 

[Broni]

Proceed with Combofix.

 

[gregas]

i already have combofix
when i download new one it gets renamed to combofix(1)
i cant delete or rename the old combofix - i get file access denied warning - you need permission to perform this action

 

[Broni]

Run new one for now.

 

[gregas]

Combofix finished scan, restarted comp and is now pending for 10 minutes with message "please wait a few seconds for the report log to pop up..."
No file is created in C:\

 

[Broni]

Give it more time.

 

[gregas]

ComboFix 11-09-27.01 - Grega 27.09.2011 19:57:10.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.386.1033.18.2046.1383 [GMT 2:00]
Running from: c:\users\Grega\Desktop\ComboFixs.exe
AV: ESET NOD32 Antivirus 4.0 *Disabled/Outdated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Disabled/Outdated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\system32
c:\users\Grega\AppData\Roaming\addons.dat
c:\users\Grega\AppData\Roaming\chrtmp
c:\windows\$NtUninstallKB40160$
c:\windows\$NtUninstallKB40160$\2172707487\@
c:\windows\$NtUninstallKB40160$\2172707487\L\xadqgnnk
c:\windows\$NtUninstallKB40160$\2172707487\loader.tlb
c:\windows\$NtUninstallKB40160$\2172707487\U\@00000001
c:\windows\$NtUninstallKB40160$\2172707487\U\@000000c0
c:\windows\$NtUninstallKB40160$\2172707487\U\@000000cb
c:\windows\$NtUninstallKB40160$\2172707487\U\@000000cf
c:\windows\$NtUninstallKB40160$\2172707487\U\@80000000
c:\windows\$NtUninstallKB40160$\2172707487\U\@800000c0
c:\windows\$NtUninstallKB40160$\2172707487\U\@800000cb
c:\windows\$NtUninstallKB40160$\2172707487\U\@800000cf
c:\windows\$NtUninstallKB40160$\2723305629
c:\windows\{2521BB91-29B1-4d7e-9137-AC9875D77735}
c:\windows\2682421377
c:\windows\system32\
c:\windows\system32\c_91971.nls
c:\windows\system32\fci.exe.exe
C:\z.tmp
.
Infected copy of c:\windows\system32\drivers\dfsc.sys was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.1.7600.20953_none_8818997a6076855b\dfsc.sys
.
Infected copy of c:\program files\Avira\AntiVir Desktop\sched.exe was found and disinfected
Restored copy from - c:\combofixs\HarddiskVolumeShadowCopy7_!Program Files!Avira!AntiVir Desktop!sched.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_8180e29f
-------\Service_FCI
.
.
((((((((((((((((((((((((( Files Created from 2011-08-27 to 2011-09-27 )))))))))))))))))))))))))))))))
.
.
2011-09-27 18:13 . 2011-09-27 18:16 -------- d-----w- c:\users\Grega\AppData\Local\temp
2011-09-27 18:13 . 2011-09-27 18:13 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-09-27 18:13 . 2011-09-27 18:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-26 20:36 . 2011-09-26 20:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-26 20:36 . 2011-08-31 15:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-26 20:13 . 2011-09-26 20:13 -------- d-----w- c:\users\Grega\AppData\Roaming\Avira
2011-09-26 20:10 . 2011-09-26 20:10 -------- d-----w- c:\programdata\Avira
2011-09-26 20:10 . 2011-09-26 20:10 -------- d-----w- c:\program files\Avira
2011-09-26 20:10 . 2011-07-21 10:15 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-09-26 20:10 . 2011-07-21 10:15 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-09-26 17:17 . 2011-09-26 20:19 -------- d-----w- c:\programdata\AVAST Software
2011-09-25 19:12 . 2011-09-27 17:11 48016 --sha-w- c:\windows\system32\c_91971.nl_
2011-09-25 16:44 . 2011-09-26 19:10 -------- d-----w- c:\program files\Common Files\PC Tools
2011-09-25 16:43 . 2011-09-26 19:07 -------- d-----w- c:\programdata\PC Tools
2011-09-25 16:31 . 2011-09-26 20:37 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-09-25 16:31 . 2011-09-25 16:31 -------- d-----w- c:\users\Grega\AppData\Roaming\Malwarebytes
2011-09-25 16:31 . 2011-09-25 16:31 -------- d-----w- c:\programdata\Malwarebytes
2011-09-25 15:11 . 2011-09-25 19:10 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-09-25 15:11 . 2011-09-25 15:29 -------- d-----w- c:\programdata\Hitman Pro
2011-09-25 14:05 . 2011-09-25 14:05 -------- d-----w- c:\windows\system32\SPReview
2011-09-25 14:04 . 2011-09-25 14:04 -------- d-----w- c:\windows\system32\EventProviders
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-27 17:11 . 2009-07-13 23:12 74240 ----a-w- c:\windows\system32\drivers\tdx.sys
2011-08-04 07:20 . 2011-08-04 07:20 103112 ------w- c:\windows\system32\drivers\epfwwfpr.sys
2011-08-04 07:20 . 2011-08-04 07:20 118104 ------w- c:\windows\system32\drivers\ehdrv.sys
2011-07-22 04:56 . 2011-08-10 06:45 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-20 07:44 . 2011-07-30 02:47 6881616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C611B442-1F65-41B7-BEFB-11D5AD91A86A}\mpengine.dll
2011-07-16 04:37 . 2011-08-10 06:45 169984 ----a-w- c:\windows\system32\winsrv.dll
2011-07-16 04:34 . 2011-08-10 06:45 290816 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 04:31 . 2011-08-10 06:45 271360 ----a-w- c:\windows\system32\conhost.exe
2011-07-16 04:19 . 2011-08-10 06:45 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 06:45 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 06:45 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 06:45 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 06:45 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 06:45 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 06:45 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 06:45 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 06:45 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 06:45 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 06:45 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 06:45 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 06:45 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 06:45 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 06:45 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 06:45 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 06:45 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 06:45 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 06:45 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 06:45 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 06:45 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 06:45 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 06:45 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 06:45 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-16 02:21 . 2011-08-10 06:45 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:21 . 2011-08-10 06:45 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:21 . 2011-08-10 06:45 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:21 . 2011-08-10 06:45 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-09 04:30 . 2011-08-24 08:00 2048 ----a-w- c:\windows\system32\tzres.dll
2011-07-09 02:26 . 2011-08-10 06:45 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-09-07 17:35 . 2011-03-24 06:57 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 10:06 163328 --sha-r- c:\windows\System32\flvDX.dll
2007-02-21 11:47 31232 --sha-r- c:\windows\System32\msfDX.dll
2008-03-16 13:30 216064 --sha-r- c:\windows\System32\nbDX.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
[-] 2009-07-14 . 8626F0C30D4E3564FFDD25C90F4426F1 . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SMC EZ Connect N Wireless Utility.lnk - c:\program files\SMC\SMC EZ Connect N Wireless Utility\UMCCfg.exe [2009-10-23 1998848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Grega^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PowerStrip.lnk]
path=c:\users\Grega\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerStrip.lnk
backup=c:\windows\pss\PowerStrip.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2009-10-02 21:32 640376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2009-10-03 02:08 38768 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 01:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-07-22 20:10 402432 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-06-17 19:23 136176 ---hatw- c:\users\Grega\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 23:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 15:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-07-22 17:33 150528 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2010-09-03 08:15 9726568 ------w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-23 21:30 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 11:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
R3 gupdatem;Storitev Posodobitve za Google (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2011-09-25 23624]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-24 1343400]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-11-02 691696]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600]
S2 PStrip;PStrip;c:\windows\system32\drivers\pstrip.sys [2007-07-15 27992]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1877162705-2736592578-1845153819-1001Core.job
- c:\users\Grega\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-14 19:23]
.
2011-09-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1877162705-2736592578-1845153819-1001UA.job
- c:\users\Grega\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-14 19:23]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.si/
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: nlb.si\ac
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Grega\AppData\Roaming\Mozilla\Firefox\Profiles\rxl90lyy.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.si
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=sl&q=
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-AdobeBridge - (no file)
HKLM-Run-egui - c:\program files\ESET\ESET NOD32 Antivirus\egui.exe
SafeBoot-04494917.sys
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-AdobeCS4ServiceManager - c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3136)
c:\program files\Microsoft Office\Office12\1033\GrooveIntlResource.dll
c:\program files\Malwarebytes' Anti-Malware\mbamext.dll
c:\program files\WinRAR\rarext.dll
c:\program files\Avira\AntiVir Desktop\shlext.dll
c:\program files\Notepad++\NppShell_01.dll
c:\program files\Nero\Nero 9\Nero CoverDesigner\CoverEdExtension.dll
c:\windows\system32\syncui.dll
c:\windows\system32\SYNCENG.dll
c:\program files\Adobe\Acrobat 9.0\Acrobat Elements\ContextMenu.dll
c:\windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\sppsvc.exe
c:\windows\system32\conhost.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Mozilla Firefox\firefox.exe
c:\program files\Mozilla Firefox\plugin-container.exe
c:\windows\system32\AUDIODG.EXE
c:\windows\system32\DllHost.exe
.
**************************************************************************
.
Completion time: 2011-09-27 20:42:46 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-27 18:42
.
Pre-Run: 81.126.244.352 bytes free
Post-Run: 226.973.810.688 bytes free
.
- - End Of File - - 8AF47106500342B076C714BDF51462A8

 

[Broni]

1. Please open Notepad

• Click Start , then Run
• Type notepad .exe in the Run Box
• Click OK

Windows Vista/7 users: click Start, in "Start search" type notepad and press Enter.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

SecCenter::
{CB0F8167-5331-BA19-698E-64816B6801A5}
{706E6083-750B-B597-533E-5FF310EF4B18}


File::
c:\windows\system32\c_91971.nl_

FCopy::
c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll | c:\windows\System32\user32.dll

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt

 

[gregas]

ComboFix 11-09-27.01 - Grega 27.09.2011 22:11:03.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.386.1033.18.2046.1361 [GMT 2:00]
Running from: c:\users\Grega\Desktop\ComboFixs.exe
Command switches used :: c:\users\Grega\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\c_91971.nl_"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\c_91971.nl_
.
.
--------------- FCopy ---------------
.
c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll --> c:\windows\System32\user32.dll
.
((((((((((((((((((((((((( Files Created from 2011-08-27 to 2011-09-27 )))))))))))))))))))))))))))))))
.
.
2011-09-27 20:21 . 2011-09-27 20:21 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-09-27 20:21 . 2011-09-27 20:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-27 18:13 . 2011-09-27 20:21 -------- d-----w- c:\users\Grega\AppData\Local\temp
2011-09-27 17:50 . 2011-09-27 18:42 -------- d-----w- C:\ComboFixs
2011-09-26 20:36 . 2011-09-26 20:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-26 20:36 . 2011-08-31 15:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-26 20:13 . 2011-09-26 20:13 -------- d-----w- c:\users\Grega\AppData\Roaming\Avira
2011-09-26 20:10 . 2011-09-26 20:10 -------- d-----w- c:\programdata\Avira
2011-09-26 20:10 . 2011-09-26 20:10 -------- d-----w- c:\program files\Avira
2011-09-26 20:10 . 2011-07-21 10:15 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-09-26 20:10 . 2011-07-21 10:15 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-09-26 17:17 . 2011-09-26 20:19 -------- d-----w- c:\programdata\AVAST Software
2011-09-25 16:44 . 2011-09-26 19:10 -------- d-----w- c:\program files\Common Files\PC Tools
2011-09-25 16:43 . 2011-09-26 19:07 -------- d-----w- c:\programdata\PC Tools
2011-09-25 16:31 . 2011-09-26 20:37 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-09-25 16:31 . 2011-09-25 16:31 -------- d-----w- c:\users\Grega\AppData\Roaming\Malwarebytes
2011-09-25 16:31 . 2011-09-25 16:31 -------- d-----w- c:\programdata\Malwarebytes
2011-09-25 15:11 . 2011-09-25 19:10 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-09-25 15:11 . 2011-09-25 15:29 -------- d-----w- c:\programdata\Hitman Pro
2011-09-25 14:05 . 2011-09-25 14:05 -------- d-----w- c:\windows\system32\SPReview
2011-09-25 14:04 . 2011-09-25 14:04 -------- d-----w- c:\windows\system32\EventProviders
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-27 17:11 . 2009-07-13 23:12 74240 ----a-w- c:\windows\system32\drivers\tdx.sys
2011-08-04 07:20 . 2011-08-04 07:20 103112 ------w- c:\windows\system32\drivers\epfwwfpr.sys
2011-08-04 07:20 . 2011-08-04 07:20 118104 ------w- c:\windows\system32\drivers\ehdrv.sys
2011-07-22 04:56 . 2011-08-10 06:45 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-20 07:44 . 2011-07-30 02:47 6881616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C611B442-1F65-41B7-BEFB-11D5AD91A86A}\mpengine.dll
2011-07-16 04:37 . 2011-08-10 06:45 169984 ----a-w- c:\windows\system32\winsrv.dll
2011-07-16 04:34 . 2011-08-10 06:45 290816 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 04:31 . 2011-08-10 06:45 271360 ----a-w- c:\windows\system32\conhost.exe
2011-07-16 04:19 . 2011-08-10 06:45 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 06:45 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 06:45 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 06:45 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 06:45 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 06:45 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 06:45 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 06:45 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 06:45 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 06:45 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 06:45 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 06:45 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 06:45 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 06:45 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 06:45 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 06:45 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 06:45 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 06:45 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 06:45 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 06:45 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 06:45 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 06:45 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 06:45 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 06:45 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-16 02:21 . 2011-08-10 06:45 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:21 . 2011-08-10 06:45 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:21 . 2011-08-10 06:45 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:21 . 2011-08-10 06:45 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-09 04:30 . 2011-08-24 08:00 2048 ----a-w- c:\windows\system32\tzres.dll
2011-07-09 02:26 . 2011-08-10 06:45 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-09-07 17:35 . 2011-03-24 06:57 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 10:06 163328 --sha-r- c:\windows\System32\flvDX.dll
2007-02-21 11:47 31232 --sha-r- c:\windows\System32\msfDX.dll
2008-03-16 13:30 216064 --sha-r- c:\windows\System32\nbDX.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SMC EZ Connect N Wireless Utility.lnk - c:\program files\SMC\SMC EZ Connect N Wireless Utility\UMCCfg.exe [2009-10-23 1998848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Grega^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PowerStrip.lnk]
path=c:\users\Grega\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerStrip.lnk
backup=c:\windows\pss\PowerStrip.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2009-10-02 21:32 640376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2009-10-03 02:08 38768 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 01:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-07-22 20:10 402432 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-06-17 19:23 136176 ----atw- c:\users\Grega\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 23:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 15:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-07-22 17:33 150528 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2010-09-03 08:15 9726568 ------w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-23 21:30 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 11:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
R3 gupdatem;Storitev Posodobitve za Google (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2011-09-25 23624]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-24 1343400]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-11-02 691696]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600]
S2 PStrip;PStrip;c:\windows\system32\drivers\pstrip.sys [2007-07-15 27992]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1877162705-2736592578-1845153819-1001Core.job
- c:\users\Grega\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-14 19:23]
.
2011-09-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1877162705-2736592578-1845153819-1001UA.job
- c:\users\Grega\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-14 19:23]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.si/
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: nlb.si\ac
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Grega\AppData\Roaming\Mozilla\Firefox\Profiles\rxl90lyy.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.si
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=sl&q=
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-09-27 22:23:14
ComboFix-quarantined-files.txt 2011-09-27 20:23
ComboFix2.txt 2011-09-27 18:42
.
Pre-Run: 227.011.088.384 bytes free
Post-Run: 226.719.793.152 bytes free
.
- - End Of File - - 524FC4FF95532E2A3E255D19FA5AB514

 

[Broni]

Good

How is computer doing?

Download OTL to your Desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[gregas]

i still can't enable antivirus(Avira)
that strange folder structure is fixed


OTL logfile created on: 28.9.2011 6:24:47 - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Grega\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000424 | Country: Slovenija | Language: SLV | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,43 Gb Available Physical Memory | 71,33% Memory free
4,00 Gb Paging File | 3,22 Gb Available in Paging File | 80,55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298,08 Gb Total Space | 211,19 Gb Free Space | 70,85% Space Free | Partition Type: NTFS
Drive D: | 149,05 Gb Total Space | 119,37 Gb Free Space | 80,09% Space Free | Partition Type: NTFS

Computer Name: GREGA-PC | User Name: Grega | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.09.28 06:22:06 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Grega\Desktop\OTL.exe
PRC - [2011.04.21 07:53:33 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.04.08 07:14:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2006.08.03 10:59:06 | 001,998,848 | ---- | M] () -- C:\Program Files\SMC\SMC EZ Connect N Wireless Utility\UMCCfg.exe


========== Modules (No Company Name) ==========

MOD - [2006.08.03 10:59:06 | 001,998,848 | ---- | M] () -- C:\Program Files\SMC\SMC EZ Connect N Wireless Utility\UMCCfg.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (wampmysqld)
SRV - File not found [On_Demand | Stopped] -- -- (gupdatem) Storitev Posodobitve za Google (gupdatem)
SRV - File not found [Auto | Stopped] -- -- (gupdate) Google Update Service (gupdate)
SRV - File not found [Auto | Stopped] -- -- (AntiVirSchedulerService)
SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.07.21 12:12:16 | 000,269,480 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.08 07:14:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010.05.24 23:13:41 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011.09.25 21:10:13 | 000,023,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hitmanpro35.sys -- (hitmanpro35)
DRV - [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.07.21 12:15:21 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.21 12:15:19 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.04.08 07:14:00 | 010,690,024 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010.06.17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.11.02 13:02:05 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.09.29 12:56:32 | 000,116,008 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamon.sys -- (eamon)
DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2007.07.15 04:37:04 | 000,027,992 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\pstrip.sys -- (PStrip)
DRV - [2006.08.28 18:52:10 | 001,036,800 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ar5416.sys -- (AR5416)
DRV - [2006.07.20 07:00:10 | 000,054,432 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wsimd.sys -- (WSIMD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1877162705-2736592578-1845153819-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.si/
IE - HKU\S-1-5-21-1877162705-2736592578-1845153819-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sl
IE - HKU\S-1-5-21-1877162705-2736592578-1845153819-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 80 D5 1D 5B 74 C0 CA 01 [binary data]
IE - HKU\S-1-5-21-1877162705-2736592578-1845153819-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.si"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 48
FF - prefs.js..extensions.enabledItems: {563e4790-7e70-11da-a72b-0800200c9a66}:0.9c
FF - prefs.js..extensions.enabledItems: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.5.5
FF - prefs.js..extensions.enabledItems: {D9A7CBEC-DE1A-444f-A092-844461596C4D}:4.5
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2
FF - prefs.js..extensions.enabledItems: firegestures@xuldev.org:1.6.1
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.6
FF - prefs.js..extensions.enabledItems: {6dfc4f52-26f0-4e5f-89c7-31d6de480db9}:0.2.0.20080521
FF - prefs.js..extensions.enabledItems: {75CEEE46-9B64-46f8-94BF-54012DE155F0}:0.4.6
FF - prefs.js..extensions.enabledItems: {66E978CD-981F-47DF-AC42-E3CF417C1467}:0.4.3
FF - prefs.js..extensions.enabledItems: {317B5128-0B0B-49b2-B2DB-1E7560E16C74}:2.7.1
FF - prefs.js..extensions.enabledItems: {8F6A6FD9-0619-459f-B9D0-81DE065D4E21}:1.10.1
FF - prefs.js..extensions.enabledItems: yslow@yahoo-inc.com:2.1.0
FF - prefs.js..extensions.enabledItems: screencaptureelite@plugin:2.0.0.20
FF - prefs.js..extensions.enabledItems: {e3f6c2cc-d8db-498c-af6c-499fb211db97}:1.10.2
FF - prefs.js..extensions.enabledItems: {71328583-3CA7-4809-B4BA-570A85818FBB}:0.6.3
FF - prefs.js..extensions.enabledItems: {8BCA0E8A-E57B-425b-A05B-CD3868EB577E}:0.2
FF - prefs.js..extensions.enabledItems: firequery@binaryage.com:0.9
FF - prefs.js..extensions.enabledItems: {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:6.3.3.2
FF - prefs.js..keyword.URL: "http://www.google.com/search?sourceid=navclient&hl=sl&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.3: C:\Program Files\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Grega\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Grega\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009.11.30 18:15:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010.03.06 10:18:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011.04.30 12:10:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.09.07 19:35:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.06 16:03:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009.11.30 18:15:33 | 000,000,000 | ---D | M]

[2009.10.23 21:08:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Grega\AppData\Roaming\Mozilla\Extensions
[2011.09.27 19:38:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Grega\AppData\Roaming\Mozilla\Firefox\Profiles\rxl90lyy.default\extensions
[2011.09.27 19:38:55 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\Grega\AppData\Roaming\Mozilla\Firefox\Profiles\rxl90lyy.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2011.01.02 18:55:16 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Users\Grega\AppData\Roaming\Mozilla\Firefox\Profiles\rxl90lyy.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2011.01.06 22:22:49 | 000,000,000 | ---D | M] (New Tab Homepage) -- C:\Users\Grega\AppData\Roaming\Mozilla\Firefox\Profiles\rxl90lyy.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}
[2011.03.22 23:18:53 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\Grega\AppData\Roaming\Mozilla\Firefox\Profiles\rxl90lyy.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2009.10.27 13:11:36 | 000,000,000 | ---D | M] ("lori (Life-of-request info)") -- C:\Users\Grega\AppData\Roaming\Mozilla\Firefox\Profiles\rxl90lyy.default\extensions\{6dfc4f52-26f0-4e5f-89c7-31d6de480db9}
[2010.09.26 12:03:11 | 000,000,000 | ---D | M] (CacheViewer) -- C:\Users\Grega\AppData\Roaming\Mozilla\Firefox\Profiles\rxl90lyy.default\extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}
[2010.04.20 22:33:11 | 000,000,000 | ---D | M] (View Cookies) -- C:\Users\Grega\AppData\Roaming\Mozilla\Firefox\Profiles\rxl90lyy.default\extensions\{8F6A6FD9-0619-459f-B9D0-81DE065D4E21}
[2011.03.10 19:28:24 | 000,000,000 | ---D | M] ("Default Full Zoom Level") -- C:\Users\Grega\AppData\Roaming\Mozilla\Firefox\Profiles\rxl90lyy.default\extensions\{D9A7CBEC-DE1A-444f-A092-844461596C4D}
[2011.08.16 01:21:24 | 000,000,000 | ---D | M] (Page Speed) -- C:\Users\Grega\AppData\Roaming\Mozilla\Firefox\Profiles\rxl90lyy.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2011.03.20 13:30:51 | 000,000,000 | ---D | M] (Screen Capture Elite) -- C:\Users\Grega\AppData\Roaming\Mozilla\Firefox\Profiles\rxl90lyy.default\extensions\screencaptureelite@plugin
[2011.03.24 08:57:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\GREGA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RXL90LYY.DEFAULT\EXTENSIONS\{563E4790-7E70-11DA-A72B-0800200C9A66}.XPI
() (No name found) -- C:\USERS\GREGA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RXL90LYY.DEFAULT\EXTENSIONS\{75CEEE46-9B64-46F8-94BF-54012DE155F0}.XPI
() (No name found) -- C:\USERS\GREGA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RXL90LYY.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI
() (No name found) -- C:\USERS\GREGA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RXL90LYY.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
() (No name found) -- C:\USERS\GREGA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RXL90LYY.DEFAULT\EXTENSIONS\FIREGESTURES@XULDEV.ORG.XPI
() (No name found) -- C:\USERS\GREGA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RXL90LYY.DEFAULT\EXTENSIONS\FIREQUERY@BINARYAGE.COM.XPI
() (No name found) -- C:\USERS\GREGA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RXL90LYY.DEFAULT\EXTENSIONS\YSLOW@YAHOO-INC.COM.XPI
[2011.09.07 19:35:15 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.01.01 10:00:00 | 000,010,799 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\ceneji.xml
[2010.01.01 10:00:00 | 000,001,420 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\najdi-si.xml
[2010.01.01 10:00:00 | 000,003,584 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\odpiralni.xml
[2010.01.01 10:00:00 | 000,006,155 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2010.01.01 10:00:00 | 000,001,328 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-sl.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Grega\AppData\Local\Google\Chrome\Application\14.0.835.186\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\Grega\AppData\Local\Google\Chrome\Application\14.0.835.186\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Grega\AppData\Local\Google\Chrome\Application\14.0.835.186\gcswf32.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Grega\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.0.0.6778_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.160.1 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java(TM) Platform SE 6 U16 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: getPlusPlus for Adobe 16248 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VLC\npvlc.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Firebug Lite for Google Chrome\u2122 = C:\Users\Grega\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmagokdooijbeehmkpknfglimnifench\1.4.0.11337_0\
CHR - Extension: Gilt for Chrome = C:\Users\Grega\AppData\Local\Google\Chrome\User Data\Default\Extensions\iocebbchlphdehmmkhjimmhaefolfpoh\0.8.1_0\
CHR - Extension: Skype Extension = C:\Users\Grega\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.0.0.6778_0\

O1 HOSTS File: ([2011.09.27 22:21:19 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKU\S-1-5-21-1877162705-2736592578-1845153819-1001\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-21-1877162705-2736592578-1845153819-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1877162705-2736592578-1845153819-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1877162705-2736592578-1845153819-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1877162705-2736592578-1845153819-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1877162705-2736592578-1845153819-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O15 - HKU\S-1-5-21-1877162705-2736592578-1845153819-1001\..Trusted Domains: nlb.si ([ac] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CC4271BF-1582-4FD4-81CD-9AE877B17644} https://edavki.durs.si/PersonalPortal/[89659]/Controls/ESignDocControls/hslESignDoc2.cab (ESignDoc2 Object)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C7D442CD-7F57-49F3-BAD6-A8362FA16535}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.03.03 19:06:23 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.CSCD - camcodec.dll File not found
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.IPJ2 - jp2avi.dll File not found
Drivers32: vidc.LAGS - lagarith.dll File not found
Drivers32: vidc.VP40 - vp4vfw.dll File not found
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP70 - vp7vfw.dll File not found
Drivers32: vidc.yv12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011.09.28 06:22:04 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Grega\Desktop\OTL.exe
[2011.09.27 22:23:18 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011.09.27 22:23:16 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011.09.27 20:13:53 | 000,000,000 | ---D | C] -- C:\Users\Grega\AppData\Local\temp
[2011.09.27 19:50:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.09.27 19:50:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.09.27 19:50:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.09.27 19:50:53 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.09.27 19:50:53 | 000,000,000 | ---D | C] -- C:\ComboFixs
[2011.09.27 19:42:08 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.09.27 19:36:42 | 004,230,516 | R--- | C] (Swearware) -- C:\Users\Grega\Desktop\ComboFixs.exe
[2011.09.27 19:08:13 | 001,548,080 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Grega\Desktop\tdsskiller.exe
[2011.09.27 15:54:29 | 000,000,000 | ---D | C] -- C:\Users\Grega\Desktop\DummyCreator
[2011.09.26 22:53:05 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Grega\Desktop\dds.scr
[2011.09.26 22:36:52 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.09.26 22:36:52 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.09.26 22:13:38 | 000,000,000 | ---D | C] -- C:\Users\Grega\AppData\Roaming\Avira
[2011.09.26 22:11:21 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Grega\Desktop\mbam-setup-1.51.2.1300(1).exe
[2011.09.26 22:10:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.09.26 22:10:34 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011.09.26 22:10:33 | 000,138,192 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.09.26 22:10:33 | 000,066,616 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.09.26 22:10:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011.09.26 22:10:33 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011.09.26 19:17:00 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011.09.25 20:13:19 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Grega\Desktop\mbam-setup-1.51.2.1300.exe
[2011.09.25 18:44:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011.09.25 18:44:32 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011.09.25 18:43:21 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011.09.25 18:31:19 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.09.25 18:31:10 | 000,000,000 | ---D | C] -- C:\Users\Grega\AppData\Roaming\Malwarebytes
[2011.09.25 18:31:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.09.25 18:31:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware1
[2011.09.25 17:11:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011.09.25 17:11:02 | 006,394,688 | ---- | C] (SurfRight B.V.) -- C:\Users\Grega\Desktop\HitmanPro35.exe
[2011.09.25 16:05:56 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2011.09.25 16:04:45 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011.09.25 12:40:16 | 000,000,000 | ---D | C] -- C:\Users\Grega\Desktop\backup_sasopagma6663com2511_info_1109251149.xml
[2011.09.23 20:17:34 | 000,000,000 | ---D | C] -- C:\Users\Grega\Desktop\pogodba
[2011.09.19 22:42:04 | 000,000,000 | ---D | C] -- C:\Users\Grega\Desktop\jquery-mousewheel-3.0.4
[2011.09.19 22:27:47 | 000,000,000 | ---D | C] -- C:\Users\Grega\Desktop\scroll
[2011.09.17 13:06:08 | 000,000,000 | ---D | C] -- C:\Users\Grega\Desktop\phplist-2.10.16
[2011.09.14 16:12:19 | 000,000,000 | ---D | C] -- C:\Users\Grega\Desktop\SloDanes
[2011.09.11 11:27:11 | 000,000,000 | ---D | C] -- C:\Users\Grega\AppData\Roaming\GlobalSCAPE
[2011.09.11 11:27:11 | 000,000,000 | ---D | C] -- C:\Users\Grega\AppData\Local\GlobalSCAPE
[2011.09.11 11:27:11 | 000,000,000 | ---D | C] -- C:\ProgramData\GlobalSCAPE
[2011.09.11 11:27:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GlobalSCAPE
[2011.09.11 11:27:00 | 000,000,000 | ---D | C] -- C:\Program Files\GlobalSCAPE
[2011.09.11 11:26:03 | 000,000,000 | ---D | C] -- C:\Users\Grega\Documents\Downloads
[2011.09.10 15:39:09 | 000,000,000 | ---D | C] -- C:\Users\Grega\Desktop\backup-sat-sep-10-04_04_06-2011
[2011.09.03 12:43:20 | 000,000,000 | ---D | C] -- C:\Users\Grega\AppData\Roaming\Moyea
[2011.09.03 10:53:44 | 000,000,000 | ---D | C] -- C:\Users\Grega\AppData\Roaming\GetRightToGo
[2011.09.03 10:32:35 | 000,000,000 | ---D | C] -- C:\Users\Grega\Desktop\SoYouGotWasted
[2011.09.01 17:13:27 | 000,000,000 | ---D | C] -- C:\Users\Grega\Desktop\SayWhatWhenFail
[2011.08.30 18:08:21 | 000,000,000 | ---D | C] -- C:\Users\Grega\Desktop\FAIL_IMG
[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.09.28 06:22:06 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Grega\Desktop\OTL.exe
[2011.09.28 06:15:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.09.28 06:15:41 | 1609,424,896 | -HS- | M] () -- C:\hiberfil.sys
[2011.09.27 23:51:02 | 000,014,224 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.09.27 23:51:02 | 000,014,224 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.09.27 23:15:00 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1877162705-2736592578-1845153819-1001UA.job
[2011.09.27 22:21:19 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011.09.27 19:37:00 | 004,230,516 | R--- | M] (Swearware) -- C:\Users\Grega\Desktop\ComboFixs.exe
[2011.09.27 19:27:09 | 001,916,416 | ---- | M] () -- C:\Users\Grega\Desktop\aswMBR.exe
[2011.09.27 19:08:27 | 001,548,080 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Grega\Desktop\tdsskiller.exe
[2011.09.27 16:02:25 | 000,139,264 | ---- | M] () -- C:\Users\Grega\Desktop\RKUnhookerLE.EXE
[2011.09.27 15:54:08 | 000,455,503 | ---- | M] () -- C:\Users\Grega\Desktop\DummyCreator.zip
[2011.09.26 22:53:08 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Grega\Desktop\dds.scr
[2011.09.26 22:49:17 | 000,302,592 | ---- | M] () -- C:\Users\Grega\Desktop\6no6n5rd.exe
[2011.09.26 22:37:39 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.09.26 22:11:44 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Grega\Desktop\mbam-setup-1.51.2.1300(1).exe
[2011.09.26 22:10:51 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011.09.26 22:09:36 | 067,889,832 | ---- | M] () -- C:\Users\Grega\Desktop\avira_antivir_personal_en.exe
[2011.09.26 21:29:17 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011.09.26 19:16:13 | 058,948,168 | ---- | M] () -- C:\Users\Grega\Desktop\setup_av_free.exe
[2011.09.25 21:21:38 | 074,138,000 | ---- | M] () -- C:\Users\Grega\Desktop\msert.exe
[2011.09.25 21:10:13 | 000,023,624 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011.09.25 21:08:33 | 000,000,486 | ---- | M] () -- C:\Windows\System32\.crusader
[2011.09.25 20:46:05 | 016,913,411 | ---- | M] () -- C:\Users\Grega\Desktop\WampServer 2.0g.rar
[2011.09.25 20:13:52 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Grega\Desktop\mbam-setup-1.51.2.1300.exe
[2011.09.25 19:04:02 | 004,223,304 | R--- | M] () -- C:\Users\Grega\Desktop\ComboFix.exe
[2011.09.25 18:45:31 | 001,473,042 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2011.09.25 18:40:17 | 001,008,092 | ---- | M] () -- C:\Users\Grega\Desktop\rkill.com
[2011.09.25 17:11:10 | 006,394,688 | ---- | M] (SurfRight B.V.) -- C:\Users\Grega\Desktop\HitmanPro35.exe
[2011.09.25 16:12:50 | 000,609,896 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.09.25 16:12:50 | 000,104,214 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.09.25 13:09:44 | 000,001,107 | ---- | M] () -- C:\Users\Grega\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2011.09.25 09:15:00 | 000,001,014 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1877162705-2736592578-1845153819-1001Core.job
[2011.09.23 22:50:04 | 000,001,680 | ---- | M] () -- C:\Users\Grega\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011.09.23 21:23:58 | 000,000,132 | ---- | M] () -- C:\Users\Grega\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011.09.20 23:38:32 | 000,000,118 | ---- | M] () -- C:\Users\Grega\Desktop\backgroundView.png
[2011.09.20 23:38:17 | 000,000,118 | ---- | M] () -- C:\Users\Grega\Desktop\backgroundPage.png
[2011.09.19 22:27:38 | 000,001,423 | ---- | M] () -- C:\Users\Grega\Desktop\jquery.jscrollpane.css
[2011.09.19 10:41:06 | 000,015,231 | ---- | M] () -- C:\Users\Grega\Desktop\btn-buy.png
[2011.09.18 19:16:06 | 000,483,361 | ---- | M] () -- C:\Users\Grega\Desktop\whiteboard.zip
[2011.09.18 18:50:22 | 003,981,530 | ---- | M] () -- C:\Users\Grega\Desktop\wordpress-3.2.1.zip
[2011.09.17 22:45:35 | 000,696,848 | ---- | M] () -- C:\Users\Grega\Desktop\PHPlist-Platinum-Mailer-BrentwoodWebDesign.zip
[2011.09.15 08:06:54 | 003,795,880 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.09.12 17:51:21 | 000,907,931 | ---- | M] () -- C:\Users\Grega\Desktop\jquery.flippage_v0.5.zip
[2011.09.07 19:35:28 | 000,002,002 | ---- | M] () -- C:\Users\Grega\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011.09.06 13:58:26 | 046,249,416 | ---- | M] () -- C:\Windows\System32\MRT.exe
[2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

 

[gregas]

[2011.09.27 19:50:57 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011.09.27 19:50:57 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011.09.27 19:50:57 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.09.27 19:50:57 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.09.27 19:50:57 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.09.27 19:26:39 | 001,916,416 | ---- | C] () -- C:\Users\Grega\Desktop\aswMBR.exe
[2011.09.27 16:02:25 | 000,139,264 | ---- | C] () -- C:\Users\Grega\Desktop\RKUnhookerLE.EXE
[2011.09.27 15:54:02 | 000,455,503 | ---- | C] () -- C:\Users\Grega\Desktop\DummyCreator.zip
[2011.09.26 22:49:16 | 000,302,592 | ---- | C] () -- C:\Users\Grega\Desktop\6no6n5rd.exe
[2011.09.26 22:10:51 | 000,002,016 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011.09.26 22:08:35 | 067,889,832 | ---- | C] () -- C:\Users\Grega\Desktop\avira_antivir_personal_en.exe
[2011.09.26 19:15:16 | 058,948,168 | ---- | C] () -- C:\Users\Grega\Desktop\setup_av_free.exe
[2011.09.25 21:59:49 | 000,000,495 | ---- | C] () -- C:\Users\Grega\Desktop\arrows-dark.png
[2011.09.25 21:18:02 | 074,138,000 | ---- | C] () -- C:\Users\Grega\Desktop\msert.exe
[2011.09.25 20:45:21 | 016,913,411 | ---- | C] () -- C:\Users\Grega\Desktop\WampServer 2.0g.rar
[2011.09.25 19:03:54 | 004,223,304 | R--- | C] () -- C:\Users\Grega\Desktop\ComboFix.exe
[2011.09.25 18:44:47 | 001,473,042 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2011.09.25 18:40:13 | 001,008,092 | ---- | C] () -- C:\Users\Grega\Desktop\rkill.com
[2011.09.25 17:29:14 | 000,000,486 | ---- | C] () -- C:\Windows\System32\.crusader
[2011.09.25 17:11:50 | 000,023,624 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011.09.25 13:09:44 | 000,001,107 | ---- | C] () -- C:\Users\Grega\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2011.09.23 21:19:21 | 000,000,132 | ---- | C] () -- C:\Users\Grega\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011.09.20 23:38:31 | 000,000,118 | ---- | C] () -- C:\Users\Grega\Desktop\backgroundView.png
[2011.09.20 23:38:14 | 000,000,118 | ---- | C] () -- C:\Users\Grega\Desktop\backgroundPage.png
[2011.09.19 22:27:37 | 000,001,423 | ---- | C] () -- C:\Users\Grega\Desktop\jquery.jscrollpane.css
[2011.09.19 10:41:06 | 000,015,231 | ---- | C] () -- C:\Users\Grega\Desktop\btn-buy.png
[2011.09.18 19:16:01 | 000,483,361 | ---- | C] () -- C:\Users\Grega\Desktop\whiteboard.zip
[2011.09.18 18:50:04 | 003,981,530 | ---- | C] () -- C:\Users\Grega\Desktop\wordpress-3.2.1.zip
[2011.09.17 22:45:25 | 000,696,848 | ---- | C] () -- C:\Users\Grega\Desktop\PHPlist-Platinum-Mailer-BrentwoodWebDesign.zip
[2011.09.12 17:51:19 | 000,907,931 | ---- | C] () -- C:\Users\Grega\Desktop\jquery.flippage_v0.5.zip
[2011.08.31 19:02:16 | 018,957,782 | ---- | C] () -- C:\Users\Grega\Desktop\phpList 2 E-mail Campaign Manager.pdf
[2011.05.14 18:50:20 | 000,000,038 | -HS- | C] () -- C:\Windows\camcodec100.ini
[2011.05.14 18:50:20 | 000,000,028 | -HS- | C] () -- C:\Windows\lagarith.ini
[2011.05.14 18:49:32 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2011.05.01 18:44:37 | 000,001,680 | ---- | C] () -- C:\Users\Grega\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011.04.24 12:05:01 | 000,014,248 | -HS- | C] () -- C:\Users\Grega\AppData\Local\24i7851j8d6d4u43agcq3bpyk6bp4265btif5y72
[2011.04.24 12:05:01 | 000,014,248 | -HS- | C] () -- C:\ProgramData\24i7851j8d6d4u43agcq3bpyk6bp4265btif5y72
[2010.11.08 22:02:05 | 000,000,056 | ---- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010.08.23 18:25:55 | 000,150,184 | ---- | C] () -- C:\Windows\System32\mlfcache.dat
[2010.03.15 22:41:58 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2009.12.21 22:16:21 | 000,009,895 | ---- | C] () -- C:\Users\Grega\AppData\Roaming\PStrip.bko
[2009.12.12 12:32:39 | 000,007,623 | ---- | C] () -- C:\Users\Grega\AppData\Local\resmon.resmoncfg
[2009.12.12 12:29:15 | 000,009,865 | ---- | C] () -- C:\Users\Grega\AppData\Roaming\PStrip.bk!
[2009.12.12 12:29:12 | 000,009,849 | ---- | C] () -- C:\Users\Grega\AppData\Roaming\PStrip.bak
[2009.12.12 10:51:58 | 000,009,770 | ---- | C] () -- C:\Users\Grega\AppData\Roaming\PStrip.ini
[2009.12.12 10:49:16 | 000,000,062 | ---- | C] () -- C:\Windows\wininit.ini
[2009.11.30 18:11:19 | 000,164,913 | ---- | C] () -- C:\Windows\hpoins32.dat
[2009.11.30 18:11:19 | 000,000,850 | ---- | C] () -- C:\Windows\hpomdl32.dat
[2009.11.19 12:56:30 | 000,000,678 | ---- | C] () -- C:\ProgramData\nvUnsupRes.dat
[2009.11.06 10:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009.11.02 11:47:46 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.10.24 15:55:29 | 000,000,218 | ---- | C] () -- C:\Users\Grega\AppData\Roaming\default.rss
[2009.10.14 11:57:47 | 046,249,416 | ---- | C] () -- C:\Windows\System32\MRT.exe
[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 06:33:53 | 003,795,880 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 04:05:48 | 000,609,896 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 04:05:48 | 000,104,214 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 02:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.07.14 01:41:47 | 000,001,536 | ---- | C] () -- C:\Windows\System32\winver.exe
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2010.04.02 18:21:41 | 000,000,000 | ---D | M] -- C:\Users\Grega\AppData\Roaming\BSplayer
[2009.11.19 12:52:17 | 000,000,000 | ---D | M] -- C:\Users\Grega\AppData\Roaming\BSplayer Pro
[2011.08.06 21:58:12 | 000,000,000 | ---D | M] -- C:\Users\Grega\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009.11.02 13:06:00 | 000,000,000 | ---D | M] -- C:\Users\Grega\AppData\Roaming\DAEMON Tools Lite
[2011.05.15 16:47:50 | 000,000,000 | ---D | M] -- C:\Users\Grega\AppData\Roaming\Emergency Soft
[2011.08.17 23:21:55 | 000,000,000 | ---D | M] -- C:\Users\Grega\AppData\Roaming\FireShot
[2011.09.11 11:27:20 | 000,000,000 | ---D | M] -- C:\Users\Grega\AppData\Roaming\GetRightToGo
[2011.09.11 11:27:11 | 000,000,000 | ---D | M] -- C:\Users\Grega\AppData\Roaming\GlobalSCAPE
[2010.11.01 12:35:51 | 000,000,000 | ---D | M] -- C:\Users\Grega\AppData\Roaming\Iceni
[2009.10.23 20:53:55 | 000,000,000 | ---D | M] -- C:\Users\Grega\AppData\Roaming\K-Meleon
[2011.05.15 17:16:49 | 000,000,000 | ---D | M] -- C:\Users\Grega\AppData\Roaming\Microsys
[2011.09.03 13:14:09 | 000,000,000 | ---D | M] -- C:\Users\Grega\AppData\Roaming\Moyea
[2010.08.10 02:14:52 | 000,000,000 | ---D | M] -- C:\Users\Grega\AppData\Roaming\Notepad++
[2011.04.30 12:13:00 | 000,000,000 | ---D | M] -- C:\Users\Grega\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2009.10.28 21:47:09 | 000,000,000 | ---D | M] -- C:\Users\Grega\AppData\Roaming\Subversion
[2011.05.14 18:16:22 | 000,000,000 | ---D | M] -- C:\Users\Grega\AppData\Roaming\SystemRequirementsLab
[2011.03.03 20:33:40 | 000,000,000 | ---D | M] -- C:\Users\Grega\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2011.09.25 13:48:16 | 000,000,000 | ---D | M] -- C:\Users\Grega\AppData\Roaming\uTorrent
[2011.08.16 18:26:34 | 000,032,616 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009.06.10 23:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009.07.14 03:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2009.10.24 05:58:24 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2011.09.27 22:23:15 | 000,014,496 | ---- | M] () -- C:\ComboFix.txt
[2009.06.10 23:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2011.06.15 22:02:20 | 000,017,925 | ---- | M] () -- C:\gb.exe
[2011.09.28 06:15:41 | 1609,424,896 | -HS- | M] () -- C:\hiberfil.sys
[2008.11.12 21:19:26 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008.11.12 21:19:26 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011.09.28 06:15:44 | 2145,902,592 | -HS- | M] () -- C:\pagefile.sys
[2011.09.27 19:10:06 | 000,079,074 | ---- | M] () -- C:\TDSSKiller.2.6.2.0_27.09.2011_19.08.46_log.txt
[2009.10.23 20:04:51 | 000,171,136 | RHS- | M] () -- C:\w7ldr
[1 C:\*.tmp files -> C:\*.tmp -> ]

< %systemroot%\Fonts\*.com >
[2009.07.14 06:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009.07.14 06:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009.07.14 06:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009.07.14 06:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009.06.10 23:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2009.07.14 03:15:26 | 000,307,200 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\hpzppw72.dll
[2009.07.14 03:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
[2006.10.26 20:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll
[2009.07.14 03:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\winprint.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009.07.14 06:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009.10.23 20:07:17 | 000,000,221 | -HS- | M] () -- C:\Users\Grega\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011.09.26 22:49:17 | 000,302,592 | ---- | M] () -- C:\Users\Grega\Desktop\6no6n5rd.exe
[2011.09.27 19:27:09 | 001,916,416 | ---- | M] () -- C:\Users\Grega\Desktop\aswMBR.exe
[2011.09.26 22:09:36 | 067,889,832 | ---- | M] () -- C:\Users\Grega\Desktop\avira_antivir_personal_en.exe
[2011.09.25 19:04:02 | 004,223,304 | R--- | M] () -- C:\Users\Grega\Desktop\ComboFix.exe
[2011.09.27 19:37:00 | 004,230,516 | R--- | M] (Swearware) -- C:\Users\Grega\Desktop\ComboFixs.exe
[2011.09.25 17:11:10 | 006,394,688 | ---- | M] (SurfRight B.V.) -- C:\Users\Grega\Desktop\HitmanPro35.exe
[2011.09.26 22:11:44 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Grega\Desktop\mbam-setup-1.51.2.1300(1).exe
[2011.09.25 20:13:52 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Grega\Desktop\mbam-setup-1.51.2.1300.exe
[2011.09.25 21:21:38 | 074,138,000 | ---- | M] () -- C:\Users\Grega\Desktop\msert.exe
[2011.09.28 06:22:06 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Grega\Desktop\OTL.exe
[2011.09.27 16:02:25 | 000,139,264 | ---- | M] () -- C:\Users\Grega\Desktop\RKUnhookerLE.EXE
[2011.09.26 19:16:13 | 058,948,168 | ---- | M] () -- C:\Users\Grega\Desktop\setup_av_free.exe
[2011.09.27 19:08:27 | 001,548,080 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Grega\Desktop\tdsskiller.exe
[2011.09.25 17:14:55 | 014,507,464 | ---- | M] (Microsoft Corporation) -- C:\Users\Grega\Desktop\windows-kb890830-v4.0.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009.06.10 23:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2011.05.15 00:00:04 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
[2011.05.14 18:25:36 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
[2011.05.14 18:25:36 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
[2011.05.14 18:25:36 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
[2011.05.14 18:25:36 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbtmp.log
[2011.05.14 18:25:36 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010.08.10 16:02:02 | 000,000,402 | -HS- | M] () -- C:\Users\Grega\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2011.04.24 12:16:24 | 000,014,248 | -HS- | M] () -- C:\ProgramData\24i7851j8d6d4u43agcq3bpyk6bp4265btif5y72
[2009.11.30 18:16:43 | 000,001,118 | ---- | M] () -- C:\ProgramData\hpzinstall.log

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMPFC5A2B2

< End of report >

 

[gregas]

OTL Extras logfile created on: 28.9.2011 6:24:47 - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Grega\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000424 | Country: Slovenija | Language: SLV | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,43 Gb Available Physical Memory | 71,33% Memory free
4,00 Gb Paging File | 3,22 Gb Available in Paging File | 80,55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298,08 Gb Total Space | 211,19 Gb Free Space | 70,85% Space Free | Partition Type: NTFS
Drive D: | 149,05 Gb Total Space | 119,37 Gb Free Space | 80,09% Space Free | Partition Type: NTFS

Computer Name: GREGA-PC | User Name: Grega | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.js [@ = jsfile] -- Reg Error: Value error. File not found

[HKEY_USERS\S-1-5-21-1877162705-2736592578-1845153819-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\K-Meleon\K-Meleon.exe" "%1"
jsfile [open] -- Reg Error: Value error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help
"{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{095FC6D2-DF7E-40C1-B4AF-FFB3EC472BEB}" = C5300
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool
"{11466e1d-a869-4a5e-87b2-b3da58cd4c47}" = Nero 9
"{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
"{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20EFC9AA-BBC1-4DFD-81FF-99654F71CBF8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{288DB08D-0708-4A94-B055-55B99E39EB62}" = Adobe Creative Suite 5 Master Collection
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax
"{38C6E781-7B8B-4DCD-AEAD-98256F282FD8}" = SMC EZ Connect N Wireless Utility
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4C24C6EB-FF40-4855-9C1D-42F8AFC75112}" = Zend Optimizer
"{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{567C4A87-9029-4001-ACF1-CFC0717EC1A0}" = PS_AIO_04_C5300_Software_Min
"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision
"{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6E9EF98E-259E-416D-B5F8-0ABDB99942CE}" = Adobe Flash Player 10 ActiveX
"{6FA29B87-FED3-45A1-8A95-2FDEE0F6DD18}" = HP Photosmart C5300 All-In-One Driver Software 13.0 Rel. 4
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed
"{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed
"{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express
"{948FFAAE-C57F-447B-9B07-3721E950BFDC}" = Nero ShowTime
"{949DBB22-2FB7-4de1-804C-23D495A988D8}" = CuteFTP 8 Home
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA0FE8DB-61C4-4098-9553-C842D3986DD2}" = C5300_NCL_Help
"{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool
"{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_920" = Adobe Acrobat 9.2.0 - CPSID_50026
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B28635AB-1DF3-4F07-BFEA-975D911B549B}" = hpphotosmartdisclabelplugin
"{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 270.61
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 270.61
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 270.61
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 270.61
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.1.34
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.48 (April 23, 2011) version v2011.build.48
"{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE246151-F0E8-ABC8-AEB2-7F3E188EFBF5}" = TweetDeck
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.4 Game
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D9D8F2CF-FE2D-4644-9762-01F916FE90A9}" = HPPhotoSmartDiscLabel_PaperLabel
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"43442AE9-6512-4392-B5DD-9167BECD1114_is1" = Infix 4.24
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"Aptana Studio 2.0" = Aptana Studio 2.0
"Aptana Studio 3" = Aptana Studio 3
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BSPlayerf" = BS.Player FREE
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ENTERPRISE" = Microsoft Office Enterprise 2007
"GT Legends_is1" = GT Legends
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"IETester" = IETester v0.4.4 (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Mozilla Firefox 6.0.2 (x86 sl)" = Mozilla Firefox 6.0.2 (x86 sl)
"Notepad++" = Notepad++
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"PowerStrip 3 (remove only)" = PowerStrip 3 (remove only)
"RaceRoom The Game_is1" = RaceRoom The Game
"Shop for HP Supplies" = Shop for HP Supplies
"SystemRequirementsLab" = System Requirements Lab
"TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1" = TweetDeck
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.3
"WampServer 2_is1" = WampServer 2.0
"Wget-1.11.4-1_is1" = GnuWin32: Wget-1.11.4-1
"WinRAR" = WinRAR

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1877162705-2736592578-1845153819-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 27.9.2011 16:57:31 | Computer Name = Grega-PC | Source = Application Error | ID = 1000
Description = Faulting application name: AUDIODG.EXE, version: 6.1.7600.16385, time
stamp: 0x4a5bcb44 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x75ff70a9 Faulting process id: 0x8c0 Faulting application
start time: 0x01cc7d581304c58c Faulting application path: C:\Windows\system32\AUDIODG.EXE
Faulting
module path: unknown Report Id: 50b5a5e5-e94b-11e0-b611-0013f7618452

Error - 27.9.2011 16:57:31 | Computer Name = Grega-PC | Source = Application Error | ID = 1000
Description = Faulting application name: AUDIODG.EXE, version: 6.1.7600.16385, time
stamp: 0x4a5bcb44 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x75ff70a9 Faulting process id: 0xf94 Faulting application
start time: 0x01cc7d581310d3a9 Faulting application path: C:\Windows\system32\AUDIODG.EXE
Faulting
module path: unknown Report Id: 50cc1469-e94b-11e0-b611-0013f7618452

Error - 27.9.2011 16:57:31 | Computer Name = Grega-PC | Source = Application Error | ID = 1000
Description = Faulting application name: AUDIODG.EXE, version: 6.1.7600.16385, time
stamp: 0x4a5bcb44 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x75ff70a9 Faulting process id: 0x938 Faulting application
start time: 0x01cc7d5813271b1c Faulting application path: C:\Windows\system32\AUDIODG.EXE
Faulting
module path: unknown Report Id: 50d7ad54-e94b-11e0-b611-0013f7618452

Error - 27.9.2011 16:57:32 | Computer Name = Grega-PC | Source = Application Error | ID = 1000
Description = Faulting application name: AUDIODG.EXE, version: 6.1.7600.16385, time
stamp: 0x4a5bcb44 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x75ff70a9 Faulting process id: 0x70c Faulting application
start time: 0x01cc7d5813328cf7 Faulting application path: C:\Windows\system32\AUDIODG.EXE
Faulting
module path: unknown Report Id: 50e31f2f-e94b-11e0-b611-0013f7618452

Error - 27.9.2011 16:57:32 | Computer Name = Grega-PC | Source = Application Error | ID = 1000
Description = Faulting application name: AUDIODG.EXE, version: 6.1.7600.16385, time
stamp: 0x4a5bcb44 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x75ff70a9 Faulting process id: 0xdac Faulting application
start time: 0x01cc7d58133dfed2 Faulting application path: C:\Windows\system32\AUDIODG.EXE
Faulting
module path: unknown Report Id: 50ee910a-e94b-11e0-b611-0013f7618452

Error - 27.9.2011 16:57:32 | Computer Name = Grega-PC | Source = Application Error | ID = 1000
Description = Faulting application name: AUDIODG.EXE, version: 6.1.7600.16385, time
stamp: 0x4a5bcb44 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x75ff70a9 Faulting process id: 0xa24 Faulting application
start time: 0x01cc7d581349bece Faulting application path: C:\Windows\system32\AUDIODG.EXE
Faulting
module path: unknown Report Id: 50fa02e5-e94b-11e0-b611-0013f7618452

Error - 27.9.2011 16:57:32 | Computer Name = Grega-PC | Source = Application Error | ID = 1000
Description = Faulting application name: AUDIODG.EXE, version: 6.1.7600.16385, time
stamp: 0x4a5bcb44 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x75ff70a9 Faulting process id: 0x980 Faulting application
start time: 0x01cc7d581354e288 Faulting application path: C:\Windows\system32\AUDIODG.EXE
Faulting
module path: unknown Report Id: 51054daf-e94b-11e0-b611-0013f7618452

Error - 27.9.2011 16:57:32 | Computer Name = Grega-PC | Source = Application Error | ID = 1000
Description = Faulting application name: AUDIODG.EXE, version: 6.1.7600.16385, time
stamp: 0x4a5bcb44 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x75ff70a9 Faulting process id: 0x7cc Faulting application
start time: 0x01cc7d5813602d52 Faulting application path: C:\Windows\system32\AUDIODG.EXE
Faulting
module path: unknown Report Id: 5110bf8a-e94b-11e0-b611-0013f7618452

Error - 27.9.2011 16:57:32 | Computer Name = Grega-PC | Source = Application Error | ID = 1000
Description = Faulting application name: AUDIODG.EXE, version: 6.1.7600.16385, time
stamp: 0x4a5bcb44 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x75ff70a9 Faulting process id: 0x4f0 Faulting application
start time: 0x01cc7d58136cd7b2 Faulting application path: C:\Windows\system32\AUDIODG.EXE
Faulting
module path: unknown Report Id: 511d69ea-e94b-11e0-b611-0013f7618452

Error - 27.9.2011 16:57:32 | Computer Name = Grega-PC | Source = Application Error | ID = 1000
Description = Faulting application name: AUDIODG.EXE, version: 6.1.7600.16385, time
stamp: 0x4a5bcb44 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x75ff70a9 Faulting process id: 0xf48 Faulting application
start time: 0x01cc7d58137897ae Faulting application path: C:\Windows\system32\AUDIODG.EXE
Faulting
module path: unknown Report Id: 5133d86e-e94b-11e0-b611-0013f7618452

[ System Events ]
Error - 27.9.2011 14:18:04 | Computer Name = Grega-PC | Source = Service Control Manager | ID = 7000
Description = The MBAMService service failed to start due to the following error:
%%5

Error - 27.9.2011 16:10:45 | Computer Name = Grega-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 27.9.2011 16:18:26 | Computer Name = Grega-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 27.9.2011 16:21:20 | Computer Name = Grega-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 27.9.2011 17:50:20 | Computer Name = Grega-PC | Source = Service Control Manager | ID = 7000
Description = The wampmysqld service failed to start due to the following error:
%%2

Error - 28.9.2011 0:16:07 | Computer Name = Grega-PC | Source = Service Control Manager | ID = 7000
Description = The Avira AntiVir Scheduler service failed to start due to the following
error: %%2

Error - 28.9.2011 0:16:08 | Computer Name = Grega-PC | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error: %%2

Error - 28.9.2011 0:16:08 | Computer Name = Grega-PC | Source = Service Control Manager | ID = 7000
Description = The Avira AntiVir Guard service failed to start due to the following
error: %%5

Error - 28.9.2011 0:18:15 | Computer Name = Grega-PC | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
the following error: %%2

Error - 28.9.2011 0:18:15 | Computer Name = Grega-PC | Source = Service Control Manager | ID = 7000
Description = The MBAMService service failed to start due to the following error:
%%5


< End of report >

 

[Broni]

I suggest you reinstall Avira.

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

• Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.

==============================================================

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  SRV - File not found [On_Demand | Stopped] -- -- (gupdatem) Storitev Posodobitve za Google (gupdatem)
  SRV - File not found [Auto | Stopped] -- -- (gupdate) Google Update Service (gupdate)
  O15 - HKU\S-1-5-21-1877162705-2736592578-1845153819-1001\..Trusted Domains: nlb.si ([ac] https in Trusted sites)
  [4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
  [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
  [1 C:\*.tmp files -> C:\*.tmp -> ]
  [2011.04.24 12:05:01 | 000,014,248 | -HS- | C] () -- C:\Users\Grega\AppData\Local\24i7851j8d6d4u43agcq3bpyk6bp4265btif5y72
  [2011.04.24 12:05:01 | 000,014,248 | -HS- | C] () -- C:\ProgramData\24i7851j8d6d4u43agcq3bpyk6bp4265btif5y72
  @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
  @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2
  
  :Commands
  [purity]
  [emptytemp]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

====================================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  
  NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, push List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

 

[gregas]

All processes killed
========== OTL ==========
Error: No service named gupdatem) Storitev Posodobitve za Google (gupdatem was found to stop!
Service\Driver key gupdatem) Storitev Posodobitve za Google (gupdatem not found.
Error: No service named gupdate) Google Update Service (gupdate was found to stop!
Service\Driver key gupdate) Google Update Service (gupdate not found.
Registry key HKEY_USERS\S-1-5-21-1877162705-2736592578-1845153819-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\nlb.si\ac\ deleted successfully.
C:\Windows\System32\tmp43F4.tmp deleted successfully.
C:\Windows\System32\tmp4443.tmp deleted successfully.
C:\Windows\System32\tmp58CD.tmp deleted successfully.
C:\Windows\System32\tmp591C.tmp deleted successfully.
C:\Windows\msdownld.tmp folder deleted successfully.
C:\w.tmp deleted successfully.
C:\Users\Grega\AppData\Local\24i7851j8d6d4u43agcq3bpyk6bp4265btif5y72 moved successfully.
C:\ProgramData\24i7851j8d6d4u43agcq3bpyk6bp4265btif5y72 moved successfully.
ADS C:\ProgramData\TEMP:430C6D84 deleted successfully.
ADS C:\ProgramData\TEMPFC5A2B2 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56468 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Grega
->Temp folder emptied: 122198822 bytes
->Temporary Internet Files folder emptied: 1224315 bytes
->Java cache emptied: 33708302 bytes
->FireFox cache emptied: 162808709 bytes
->Google Chrome cache emptied: 7904174 bytes
->Flash cache emptied: 1996001 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6274 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 315,00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Grega
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.29.1 log created on 09282011_071324

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

 

[gregas]

Results of screen317's Security Check version 0.99.7
Windows 7 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
Avira AntiVir Personal - Free Antivirus
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 27
Out of date Java installed!
Adobe Flash Player 10.3.181.26
Adobe Reader 9.4.4
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Malwarebytes' Anti-Malware mbamgui.exe
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
``````````End of Log````````````