TechSpot

Google redirect every antivirus stopped in process

By gregas
Sep 26, 2011
  1. all anitivirus programs stopped in process
    on restart they get disabled

    i also have a weird folder structure
    under C: folder there is another Computer Icon named ("32788r22fwjfw") - if i extend that i see list of all my drives

    steps 1-6

    Malwarebytes
    -stops in process and shutdown - no logs made

    GMER
    -same as Malwarebytes

    DDS.txt

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_16
    Run by Grega at 22:53:48 on 2011-09-26
    Microsoft Windows 7 Ultimate 6.1.7600.0.1250.386.1033.18.2046.1402 [GMT 2:00]
    .
    AV: ESET NOD32 Antivirus 4.0 *Disabled/Outdated* {CB0F8167-5331-BA19-698E-64816B6801A5}
    SP: ESET NOD32 Antivirus 4.0 *Disabled/Outdated* {706E6083-750B-B597-533E-5FF310EF4B18}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\2682421377:2122259808.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k hpdevmgmt
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\sppsvc.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\Explorer.EXE
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\SMC\SMC EZ Connect N Wireless Utility\UMCCfg.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.si/
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
    BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\adobe contribute cs5\plugins\ieplugin\contributeieplugin.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GR469A~1.DLL
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
    BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\adobe contribute cs5\plugins\ieplugin\contributeieplugin.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
    uRun: [AdobeBridge]
    mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\smcezc~1.lnk - c:\program files\smc\smc ez connect n wireless utility\UMCCfg.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    LSP: mswsock.dll
    Trusted Zone: nlb.si\ac
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
    DPF: {CC4271BF-1582-4FD4-81CD-9AE877B17644} - hxxps://edavki.durs.si/PersonalPortal/[89659]/Controls/ESignDocControls/hslESignDoc2.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{C7D442CD-7F57-49F3-BAD6-A8362FA16535} : DhcpNameServer = 192.168.2.1
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GRA32A~1.DLL
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GR469A~1.DLL
    mASetup: {B8734410-B119-6850-E407-98713DD90942} - c:\program files\system32\svchost.exe s
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\grega\appdata\roaming\mozilla\firefox\profiles\rxl90lyy.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.si
    FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=sl&q=
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBook.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBookDB.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpNeoLogger.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSaturn.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSeymour.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartSelect.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartWebPrinting.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSWPOperation.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPLogging.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTC.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTL.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXREStub.dll
    FF - component: c:\users\grega\appdata\roaming\mozilla\firefox\profiles\rxl90lyy.default\extensions\{6ac85730-7d0f-4de0-b3fa-21142dd85326}\platform\winnt\components\ColorZilla.dll
    FF - component: c:\users\grega\appdata\roaming\mozilla\firefox\profiles\rxl90lyy.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}\platform\winnt_x86-msvc\components\pagespeed.dll
    FF - component: c:\users\grega\appdata\roaming\mozilla\firefox\profiles\rxl90lyy.default\extensions\screencaptureelite@plugin\platform\winnt_x86-msvc\components\SCEFF3Client.dll
    FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
    FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
    FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
    FF - plugin: c:\program files\vlc\npvlc.dll
    FF - plugin: c:\users\grega\appdata\local\google\update\1.3.21.69\npGoogleUpdate3.dll
    FF - plugin: c:\windows\system32\wat\npWatWeb.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-9-26 136360]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-9-26 66616]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-5-14 2218600]
    R2 PStrip;PStrip;c:\windows\system32\drivers\pstrip.sys [2007-7-15 27992]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
    R4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-9-25 41272]
    S2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-9-26 269480]
    S2 FCI;FCI;c:\windows\system32\fci.exe.exe:ext.exe --> c:\windows\system32\fci.exe.exe:ext.exe [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\googleupdate.exe /svc --> c:\program files\google\update\GoogleUpdate.exe [?]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
    S3 gupdatem;Storitev Posodobitve za Google (gupdatem);c:\program files\google\update\googleupdate.exe /medsvc --> c:\program files\google\update\GoogleUpdate.exe [?]
    S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2011-9-25 23624]
    S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-24 1343400]
    .
    =============== Created Last 30 ================
    .
    2011-09-26 20:36:52 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-09-26 20:36:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-09-26 20:13:38 -------- d-----w- c:\users\grega\appdata\roaming\Avira
    2011-09-26 20:10:33 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-09-26 20:10:33 -------- d-----w- c:\programdata\Avira
    2011-09-26 20:10:33 -------- d-----w- c:\program files\Avira
    2011-09-26 17:17:00 -------- d-----w- c:\programdata\AVAST Software
    2011-09-25 19:14:39 -------- d-----w- C:\TDSSKiller_Quarantine
    2011-09-25 19:12:24 48016 --sha-w- c:\windows\system32\c_91971.nl_
    2011-09-25 16:44:33 -------- d-----w- c:\program files\common files\PC Tools
    2011-09-25 16:43:21 -------- d-----w- c:\programdata\PC Tools
    2011-09-25 16:31:19 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-09-25 16:31:10 -------- d-----w- c:\users\grega\appdata\roaming\Malwarebytes
    2011-09-25 16:31:06 -------- d-----w- c:\programdata\Malwarebytes
    2011-09-25 16:31:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware1
    2011-09-25 15:11:50 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
    2011-09-25 15:11:18 -------- d-----w- c:\programdata\Hitman Pro
    2011-09-25 14:05:56 -------- d-----w- c:\windows\system32\SPReview
    2011-09-25 14:04:45 -------- d-----w- c:\windows\system32\EventProviders
    2011-09-11 09:27:11 -------- d--h--w- c:\users\grega\appdata\local\GlobalSCAPE
    2011-09-11 09:27:11 -------- d-----w- c:\programdata\GlobalSCAPE
    2011-09-11 09:27:00 -------- d-----w- c:\program files\GlobalSCAPE
    2011-09-11 09:26:43 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
    2011-09-11 09:26:43 32768 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
    2011-09-11 09:26:43 225280 ----a-w- c:\program files\common files\installshield\iscript\iscript.dll
    2011-09-11 09:26:43 176128 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
    2011-09-11 09:26:42 614532 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\IKernel.exe
    2011-09-04 08:45:49 46928 ----a-r- c:\windows\system32\AdobePDF.dll
    2011-09-04 08:45:49 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
    2011-09-03 10:43:20 -------- d--h--w- c:\users\grega\appdata\roaming\Moyea
    2011-09-03 08:53:44 -------- d--h--w- c:\users\grega\appdata\roaming\GetRightToGo
    .
    ==================== Find3M ====================
    .
    2011-08-04 07:20:38 103112 ------w- c:\windows\system32\drivers\epfwwfpr.sys
    2011-08-04 07:20:36 118104 ------w- c:\windows\system32\drivers\ehdrv.sys
    2011-07-22 04:56:17 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2011-07-16 04:37:32 169984 ----a-w- c:\windows\system32\winsrv.dll
    2011-07-16 04:34:28 290816 ----a-w- c:\windows\system32\KernelBase.dll
    2011-07-16 04:31:12 271360 ----a-w- c:\windows\system32\conhost.exe
    2011-07-16 02:21:47 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
    2011-07-16 02:21:47 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2011-07-16 02:21:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2011-07-16 02:21:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
    2011-07-09 04:30:52 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-07-09 02:26:10 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2006-05-03 10:06:54 163328 --sha-r- c:\windows\system32\flvDX.dll
    2007-02-21 11:47:16 31232 --sha-r- c:\windows\system32\msfDX.dll
    2008-03-16 13:30:52 216064 --sha-r- c:\windows\system32\nbDX.dll
    .
    ============= FINISH: 22:54:12,46 ===============

    Attach.txt

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume2
    Install Date: 23.10.2009 20:02:04
    System Uptime: 26.9.2011 22:35:29 (0 hours ago)
    .
    Motherboard: Gigabyte Technology Co., Ltd. | | EP43-DS3L
    Processor: Intel(R) Core(TM)2 Duo CPU E8500 @ 3.16GHz | Socket 775 | 3420/360mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 298 GiB total, 54,541 GiB free.
    D: is FIXED (NTFS) - 149 GiB total, 119,37 GiB free.
    E: is CDROM ()
    F: is CDROM ()
    G: is Removable
    I: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: adfs
    Device ID: ROOT\LEGACY_ADFS\0000
    Manufacturer:
    Name: adfs
    PNP Device ID: ROOT\LEGACY_ADFS\0000
    Service: adfs
    .
    ==== System Restore Points ===================
    .
    RP218: 25.9.2011 16:04:00 - Windows Update
    RP221: 25.9.2011 19:42:25 - Removed Market Samurai
    RP222: 26.9.2011 19:16:47 - avast! Free Antivirus Setup
    RP223: 26.9.2011 21:08:29 - avast! Free Antivirus Setup
    RP224: 26.9.2011 21:12:21 - avast! Free Antivirus Setup
    RP225: 26.9.2011 21:21:02 - avast! Free Antivirus Setup
    RP226: 26.9.2011 22:18:24 - avast! Free Antivirus Setup
    .
    ==== Installed Programs ======================
    .
    "Nero SoundTrax Help
    32 Bit HP CIO Components Installer
    Acrobat.com
    Adobe Acrobat 9 Pro - English, Français, Deutsch
    Adobe Acrobat 9.2.0 - CPSID_50026
    Adobe After Effects CS4 Third Party Content
    Adobe AIR
    Adobe Anchor Service CS4
    Adobe CMaps CS4
    Adobe Community Help
    Adobe Creative Suite 4 Master Collection
    Adobe Creative Suite 5 Master Collection
    Adobe Default Language CS4
    Adobe Dynamiclink Support
    Adobe Encore CS4 Codecs
    Adobe ExtendScript Toolkit CS4
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Fonts All
    Adobe Media Encoder CS4
    Adobe Media Encoder CS4 Additional Exporter
    Adobe Media Encoder CS4 Dolby
    Adobe Media Encoder CS4 Exporter
    Adobe Media Encoder CS4 Importer
    Adobe Media Player
    Adobe Output Module
    Adobe PDF Library Files CS4
    Adobe Premiere Pro CS4
    Adobe Premiere Pro CS4 Functional Content
    Adobe Premiere Pro CS4 Third Party Content
    Adobe Reader 9.4.4
    Adobe Setup
    Adobe Soundbooth CS4 Codecs
    Adobe Type Support CS4
    Adobe Update Manager CS4
    Adobe XMP Panels CS4
    Advertising Center
    Aptana Studio 2.0
    Aptana Studio 3
    µTorrent
    Avira AntiVir Personal - Free Antivirus
    BS.Player FREE
    BufferChm
    C5300
    C5300_NCL_Help
    CuteFTP 8 Home
    Destinations
    DeviceDiscovery
    DolbyFiles
    GnuWin32: Wget-1.11.4-1
    Google Chrome
    Google Gears
    Google Update Helper
    GPBaseService2
    GT Legends
    GTR Evolution
    HP Customer Participation Program 13.0
    HP Imaging Device Functions 13.0
    HP Photosmart C5300 All-In-One Driver Software 13.0 Rel. 4
    HP Photosmart Essential 3.5
    HP Smart Web Printing 4.51
    HP Solution Center 13.0
    HP Update
    HPPhotoGadget
    HPPhotoSmartDiscLabel_PaperLabel
    HPPhotoSmartDiscLabel_PrintOnDisc
    HPPhotoSmartDiscLabelContent1
    hpphotosmartdisclabelplugin
    HPPhotosmartEssential
    HPProductAssistant
    HPSSupply
    IETester v0.4.4 (remove only)
    ImagXpress
    Infix 4.24
    Java(TM) 6 Update 16
    Malwarebytes' Anti-Malware version 1.51.2.1300
    MarketResearch
    Menu Templates - Starter Kit
    Microsoft Games for Windows - LIVE
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    Movie Templates - Starter Kit
    Mozilla Firefox 6.0.2 (x86 sl)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Nero 9
    Nero BurningROM
    Nero BurnRights
    Nero ControlCenter
    Nero CoverDesigner
    Nero CoverDesigner Help
    Nero Disc Copy Gadget
    Nero Disc Copy Gadget Help
    Nero DiscSpeed
    Nero DriveSpeed
    Nero Express
    Nero InfoTool
    Nero Installer
    Nero Recode
    Nero Recode Help
    Nero Rescue Agent
    Nero RescueAgent Help
    Nero ShowTime
    Nero StartSmart
    Nero StartSmart Help
    Nero Vision
    Nero WaveEditor
    Nero WaveEditor Help
    NeroBurningROM
    NeroExpress
    neroxml
    Notepad++
    NVIDIA 3D Vision Controller Driver
    NVIDIA 3D Vision Controller Driver 270.61
    NVIDIA 3D Vision Driver 270.61
    NVIDIA Control Panel 270.61
    NVIDIA Graphics Driver 270.61
    NVIDIA Install Application
    NVIDIA PhysX
    NVIDIA PhysX System Software 9.10.0514
    NVIDIA Stereoscopic 3D Driver
    NVIDIA Update 1.1.34
    NVIDIA Update Components
    OpenAL
    PDF Settings CS5
    Photoshop Camera Raw
    PowerStrip 3 (remove only)
    PS_AIO_04_C5300_Software_Min
    PxMergeModule
    RaceRoom The Game
    Rapture3D 2.4.4 Game
    Realtek High Definition Audio Driver
    Scan
    Shop for HP Supplies
    Skype Toolbars
    Skype™ 5.0
    SmartWebPrinting
    SMC EZ Connect N Wireless Utility
    SolutionCenter
    SoundTrax
    Status
    Suite Shared Configuration CS4
    SUPER © v2011.build.48 (April 23, 2011) version v2011.build.48
    System Requirements Lab
    Toolbox
    TrayApp
    TweetDeck
    Ubisoft Game Launcher
    UnloadSupport
    VLC media player 1.0.3
    WampServer 2.0
    WebReg
    Windows Media Player Firefox Plugin
    WinRAR
    Zend Optimizer
    .
    ==== Event Viewer Messages From Past Week ========
    .
    26.9.2011 22:52:41, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
    26.9.2011 22:39:51, Error: Service Control Manager [7000] - The Avira AntiVir Guard service failed to start due to the following error: Access is denied.
    26.9.2011 22:38:13, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The system cannot find the file specified.
    26.9.2011 22:36:11, Error: Service Control Manager [7000] - The FCI service failed to start due to the following error: The system cannot find the file specified.
    26.9.2011 22:36:11, Error: Service Control Manager [7000] - The adfs service failed to start due to the following error: The system cannot find the file specified.
    26.9.2011 22:31:50, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    26.9.2011 22:31:50, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    26.9.2011 22:31:49, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    26.9.2011 22:31:48, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    26.9.2011 22:31:48, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    26.9.2011 22:31:47, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    26.9.2011 22:31:41, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    26.9.2011 22:31:35, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avipbb CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr sptd ssmdrv tdx Wanarpv6 WfpLwf
    26.9.2011 22:31:33, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    26.9.2011 22:31:33, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    26.9.2011 22:31:33, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    26.9.2011 22:31:33, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    26.9.2011 22:31:33, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    26.9.2011 22:31:33, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    26.9.2011 22:31:33, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    26.9.2011 22:31:33, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    26.9.2011 22:31:33, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    26.9.2011 22:31:33, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    26.9.2011 22:30:49, Error: sptd [4] - Driver detected an internal error in its data structures for .
    26.9.2011 22:25:04, Error: Service Control Manager [7031] - The Avira AntiVir Guard service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    26.9.2011 21:55:36, Error: Service Control Manager [7000] - The avast! Antivirus service failed to start due to the following error: Access is denied.
    26.9.2011 21:55:25, Error: Service Control Manager [7031] - The avast! Antivirus service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
    26.9.2011 21:53:18, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Windows Firewall Authorization Driver service which failed to start because of the following error: Cannot create a file when that file already exists.
    26.9.2011 21:53:18, Error: Service Control Manager [7000] - The Windows Firewall Authorization Driver service failed to start due to the following error: Cannot create a file when that file already exists.
    26.9.2011 21:29:16, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
    26.9.2011 21:28:30, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr sptd tdx Wanarpv6 WfpLwf
    26.9.2011 19:08:14, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the MBAMService service to connect.
    26.9.2011 19:08:14, Error: Service Control Manager [7000] - The MBAMService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    25.9.2011 22:25:25, Error: Service Control Manager [7000] - The wampmysqld service failed to start due to the following error: The system cannot find the file specified.
    25.9.2011 21:10:27, Error: Service Control Manager [7024] - The Hitman Pro 3.5 Crusader (Boot) service terminated with service-specific error The operation completed successfully..
    25.9.2011 20:17:44, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache NetBIOS NetBT nsiproxy PCTSD Psched rdbss spldr sptd tdx Wanarpv6 WfpLwf
    25.9.2011 19:12:06, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    25.9.2011 19:10:09, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache PCTSD spldr sptd Wanarpv6
    25.9.2011 18:57:27, Error: Service Control Manager [7000] - The PC Tools Security Service service failed to start due to the following error: Access is denied.
    25.9.2011 18:57:00, Error: Service Control Manager [7000] - The MBAMService service failed to start due to the following error: Access is denied.
    25.9.2011 18:49:16, Error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).
    25.9.2011 18:47:24, Error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).
    25.9.2011 17:29:13, Error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
    25.9.2011 17:29:13, Error: Service Control Manager [7034] - The Atheros Configuration Service service terminated unexpectedly. It has done this 1 time(s).
    25.9.2011 17:29:12, Error: Service Control Manager [7034] - The memcached Server service terminated unexpectedly. It has done this 1 time(s).
    25.9.2011 17:29:11, Error: Service Control Manager [7034] - The wampmysqld service terminated unexpectedly. It has done this 1 time(s).
    25.9.2011 17:29:09, Error: Service Control Manager [7034] - The wampapache service terminated unexpectedly. It has done this 1 time(s).
    25.9.2011 17:29:06, Error: Service Control Manager [7034] - The NVIDIA Stereoscopic 3D Driver Service service terminated unexpectedly. It has done this 1 time(s).
    25.9.2011 17:29:06, Error: Service Control Manager [7031] - The Nero BackItUp Scheduler 4.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 500 milliseconds: Restart the service.
    25.9.2011 16:53:48, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Windows 7 Service Pack 1 (KB976932).
    25.9.2011 16:49:04, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The dependency service or group failed to start.
    25.9.2011 16:02:18, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004
    25.9.2011 15:24:06, Error: Service Control Manager [7000] - The ESET Service service failed to start due to the following error: Access is denied.
    25.9.2011 15:24:01, Error: Service Control Manager [7000] - The eamonm service failed to start due to the following error: Cannot create a file when that file already exists.
    25.9.2011 15:10:57, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache ehdrv NetBIOS NetBT nsiproxy Psched rdbss spldr sptd tdx Wanarpv6 WfpLwf
    25.9.2011 14:55:46, Error: Service Control Manager [7031] - The ESET Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    25.9.2011 14:51:05, Error: Service Control Manager [7030] - The ESET Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    25.9.2011 13:59:11, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147014847
    25.9.2011 13:59:09, Error: Service Control Manager [7000] - The ESET Service service failed to start due to the following error: The system cannot find the file specified.
    25.9.2011 13:31:32, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for DeleteFlag with the following error: Access is denied.
    25.9.2011 12:58:40, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
    19.9.2011 11:34:25, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk3\DR3.
    .
    ==== End Of File ===========================

    Please Help, Thanks
     
  2. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===================================================================

    Please download DummyCreator.zip and unzip it.

    • Run the tool.
    • Copy and paste the following into the edit box:

    • C:\Windows\2682421377
    • Press Create button and post the content of the Result.txt.
    Important: Restart the computer.

    Then....

    Please download Rootkit Unhooker from one of the following links and save it to your desktop.
    In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can download, install and use the free 7-zip utility.

    • Double-click on RKUnhookerLE.exe to start the program.
      Vista/Windows 7 users right-click and select Run As Administrator.
    • Click the Report tab, then click Scan.
    • Check Drivers, Stealth, and uncheck the rest.
    • Click OK.
    • Wait until it's finished and then go to File > Save Report.
    • Save the report to your Desktop.
    • Copy and paste the contents of the report into your next reply.
    -- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".
     
  3. gregas

    gregas TS Rookie Topic Starter Posts: 26

    DummyCreator by Farbar
    Ran by Grega (administrator) on 27-09-2011 at 15:56:43
    **************************************************************

    C:\Windows\2682421377 [27-09-2011 15:56:43]

    == End of log ==



    restarting....
     
  4. gregas

    gregas TS Rookie Topic Starter Posts: 26

    RkU Version: 3.8.389.593, Type LE (SR2)
    ==============================================
    OS Name: Windows 7
    Version 6.1.7600
    Number of processors #2
    ==============================================
    >Drivers
    ==============================================
    0x8F436000 C:\Windows\system32\DRIVERS\nvlddmkm.sys 10686464 bytes (NVIDIA Corporation, NVIDIA Windows Kernel Mode Driver, Version 270.61 )
    0x82E46000 C:\Windows\system32\ntkrnlpa.exe 4259840 bytes (Microsoft Corporation, NT Kernel & System)
    0x82E46000 PnpManager 4259840 bytes
    0x82E46000 RAW 4259840 bytes
    0x82E46000 WMIxWDM 4259840 bytes
    0x95E11000 C:\Windows\system32\drivers\RTKVHDA.sys 3182592 bytes (Realtek Semiconductor Corp., Realtek(r) High Definition Audio Function Driver)
    0x97300000 Win32k 2408448 bytes
    0x97300000 C:\Windows\System32\win32k.sys 2408448 bytes (Microsoft Corporation, Multi-User Win32 Driver)
    0x89225000 C:\Windows\System32\drivers\tcpip.sys 1347584 bytes (Microsoft Corporation, TCP/IP Driver)
    0x89008000 C:\Windows\System32\Drivers\Ntfs.sys 1241088 bytes (Microsoft Corporation, NT File System Driver)
    0x8E88C000 C:\Windows\system32\DRIVERS\ar5416.sys 1040384 bytes (Atheros Communications, Inc., Driver for Atheros AR5008 Wireless Network Adapter)
    0x88C36000 PCI_PNP0683 995328 bytes
    0x88C36000 C:\Windows\System32\Drivers\spit.sys 995328 bytes
    0x88C36000 sptd 995328 bytes
    0x90E39000 C:\Windows\system32\DRIVERS\eamon.sys 835584 bytes (ESET, Amon monitor)
    0x8FE69000 C:\Windows\System32\drivers\dxgkrnl.sys 749568 bytes (Microsoft Corporation, DirectX Graphics Kernel)
    0x88F38000 C:\Windows\system32\drivers\ndis.sys 749568 bytes (Microsoft Corporation, NDIS 6.20 driver)
    0x88ADC000 C:\Windows\system32\CI.dll 700416 bytes (Microsoft Corporation, Code Integrity Module)
    0x9EA3E000 C:\Windows\system32\drivers\peauth.sys 618496 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
    0x9A839000 C:\Windows\system32\drivers\HTTP.sys 544768 bytes (Microsoft Corporation, HTTP Protocol Stack)
    0x88A09000 C:\Windows\system32\mcupdate_GenuineIntel.dll 491520 bytes (Microsoft Corporation, Intel Microcode Update Library)
    0x88B87000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
    0x9EB00000 C:\Windows\system32\drivers\spsys.sys 434176 bytes (Microsoft Corporation, security processor)
    0x8E176000 C:\Windows\system32\drivers\csc.sys 409600 bytes (Microsoft Corporation, Windows Client Side Caching Driver)
    0x89175000 C:\Windows\System32\Drivers\cng.sys 380928 bytes (Microsoft Corporation, Kernel Cryptography, Next Generation)
    0x8E012000 C:\Windows\system32\drivers\afd.sys 368640 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
    0x9A96E000 C:\Windows\System32\DRIVERS\srv.sys 335872 bytes (Microsoft Corporation, Server driver)
    0x9EB77000 C:\Windows\System32\DRIVERS\srv2.sys 323584 bytes (Microsoft Corporation, Smb 2.0 Server driver)
    0x975B0000 C:\Windows\System32\ATMFD.DLL 315392 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
    0x8FF64000 C:\Windows\system32\DRIVERS\USBPORT.SYS 307200 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
    0x88E3E000 C:\Windows\System32\drivers\volmgrx.sys 307200 bytes (Microsoft Corporation, Volume Manager Extension Driver)
    0x88D58000 C:\Windows\system32\DRIVERS\ACPI.sys 294912 bytes (Microsoft Corporation, ACPI Driver for NT)
    0x90F2F000 C:\Windows\system32\DRIVERS\nwifi.sys 286720 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
    0x94ECF000 C:\Windows\system32\DRIVERS\usbhub.sys 278528 bytes (Microsoft Corporation, Default Hub Driver for USB)
    0x88A9A000 C:\Windows\system32\CLFS.SYS 270336 bytes (Microsoft Corporation, Common Log File System Driver)
    0x8E115000 C:\Windows\system32\DRIVERS\rdbss.sys 266240 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
    0x893A8000 C:\Windows\system32\DRIVERS\volsnap.sys 258048 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
    0x88E00000 C:\Windows\system32\drivers\NETIO.SYS 253952 bytes (Microsoft Corporation, Network I/O Subsystem)
    0x9A90C000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 241664 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
    0x8E9AF000 C:\Windows\System32\Drivers\a2en5vy2.SYS 233472 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
    0x8FF20000 C:\Windows\System32\drivers\dxgmms1.sys 233472 bytes (Microsoft Corporation, DirectX Graphics MMS)
    0x82E0F000 ACPI_HAL 225280 bytes
    0x82E0F000 C:\Windows\system32\halmacpi.dll 225280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
    0x88EE9000 C:\Windows\system32\drivers\fltmgr.sys 212992 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
    0x94E7F000 C:\Windows\system32\DRIVERS\ks.sys 212992 bytes (Microsoft Corporation, Kernel CSA Library)
    0x89480000 C:\Windows\System32\DRIVERS\fvevol.sys 204800 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)
    0x8E06C000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
    0x8936E000 C:\Windows\System32\drivers\fwpkclnt.sys 200704 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
    0x9611A000 C:\Windows\system32\drivers\portcls.sys 192512 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
    0x8943B000 C:\Windows\System32\drivers\rdyboost.sys 184320 bytes (Microsoft Corporation, ReadyBoost Driver)
    0x89137000 C:\Windows\System32\Drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
    0x88DB3000 C:\Windows\system32\DRIVERS\pci.sys 172032 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
    0x8E832000 C:\Windows\system32\DRIVERS\avipbb.sys 159744 bytes (Avira GmbH, Avira Driver for Security Enhancement)
    0x88D32000 C:\Windows\System32\Drivers\SCSIPORT.SYS 155648 bytes (Microsoft Corporation, SCSI Port Driver)
    0x894C3000 C:\Windows\system32\DRIVERS\CLASSPNP.SYS 151552 bytes (Microsoft Corporation, SCSI Class System Dll)
    0x89200000 C:\Windows\System32\Drivers\ksecpkg.sys 151552 bytes (Microsoft Corporation, Kernel Security Support Provider Interface Packages)
    0x8F400000 C:\Windows\system32\DRIVERS\Rt86win7.sys 151552 bytes (Realtek Corporation , Realtek 8101E/8168/8169 NDIS 6.20 32-bit Driver )
    0x94F31000 C:\Windows\system32\DRIVERS\Dot4.sys 147456 bytes (Microsoft Corporation, IEEE-1284.4-1999 Driver)
    0x88EBD000 C:\Windows\system32\DRIVERS\ataport.SYS 143360 bytes (Microsoft Corporation, ATAPI Driver Extension)
    0x9A8E9000 C:\Windows\system32\DRIVERS\mrxsmb.sys 143360 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
    0x89418000 C:\Windows\system32\DRIVERS\ndiswan.sys 139264 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
    0x9EADF000 C:\Windows\System32\DRIVERS\srvnet.sys 135168 bytes (Microsoft Corporation, Server Network driver)
    0x8E859000 C:\Windows\system32\DRIVERS\tunnel.sys 135168 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
    0x89553000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
    0x9EBC6000 C:\Windows\system32\DRIVERS\WUDFRd.sys 135168 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector)
    0x8951A000 C:\Windows\system32\DRIVERS\cdrom.sys 126976 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
    0x8FFBE000 C:\Windows\system32\DRIVERS\HDAudBus.sys 126976 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
    0x8E0A5000 C:\Windows\system32\DRIVERS\pacer.sys 126976 bytes (Microsoft Corporation, QoS Packet Scheduler)
    0x97590000 C:\Windows\System32\cdd.dll 122880 bytes (Microsoft Corporation, Canonical Display Driver)
    0x94F75000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
    0x9A947000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 110592 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
    0x8E0D2000 C:\Windows\system32\DRIVERS\serial.sys 106496 bytes (Microsoft Corporation, Serial Device Driver)
    0x90F05000 C:\Windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
    0x9A8BE000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
    0x96149000 C:\Windows\system32\drivers\drmk.sys 102400 bytes (Microsoft Corporation, Microsoft Trusted Audio Drivers)
    0x8E1DA000 C:\Windows\System32\Drivers\dfsc.sys 98304 bytes (Microsoft Corporation, DFS Namespace Client Driver)
    0x8E98A000 C:\Windows\system32\DRIVERS\i8042prt.sys 98304 bytes (Microsoft Corporation, i8042 Port Driver)
    0x8FFDD000 C:\Windows\system32\DRIVERS\parport.sys 98304 bytes (Microsoft Corporation, Parallel Port Driver)
    0x8E812000 C:\Windows\system32\DRIVERS\rasl2tp.sys 98304 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
    0x94E20000 C:\Windows\system32\DRIVERS\raspppoe.sys 98304 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
    0x94F90000 C:\Windows\system32\DRIVERS\avgntflt.sys 94208 bytes (Avira GmbH, Avira Minifilter Driver)
    0x94E38000 C:\Windows\system32\DRIVERS\raspptp.sys 94208 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
    0x94E4F000 C:\Windows\system32\DRIVERS\rassstp.sys 94208 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
    0x895BE000 C:\Windows\system32\DRIVERS\tdx.sys 94208 bytes (Microsoft Corporation, TDI Translation Driver)
    0x9619E000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
    0x94F55000 C:\Windows\system32\DRIVERS\USBSTOR.SYS 94208 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
    0x88E9E000 C:\Windows\System32\drivers\mountmgr.sys 90112 bytes (Microsoft Corporation, Mount Point Manager)
    0x961C2000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 77824 bytes (Microsoft Corporation, Hid Class Library)
    0x89162000 C:\Windows\System32\Drivers\ksecdd.sys 77824 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
    0x90F85000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
    0x8E0EC000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
    0x8E800000 C:\Windows\system32\DRIVERS\AgileVpn.sys 73728 bytes (Microsoft Corporation, RAS Agile Vpn Miniport Call Manager)
    0x8E87A000 C:\Windows\system32\DRIVERS\intelppm.sys 73728 bytes (Microsoft Corporation, Processor Device Driver)
    0x9A8D7000 C:\Windows\System32\drivers\mpsdrv.sys 73728 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
    0x894B2000 C:\Windows\system32\DRIVERS\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
    0x9618D000 C:\Windows\System32\Drivers\dump_dumpfve.sys 69632 bytes
    0x88F1D000 C:\Windows\system32\drivers\fileinfo.sys 69632 bytes (Microsoft Corporation, FileInfo Filter Driver)
    0x94F13000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
    0x88DDD000 C:\Windows\System32\drivers\partmgr.sys 69632 bytes (Microsoft Corporation, Partition Management Driver)
    0x88A81000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
    0x90F1F000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
    0x89468000 C:\Windows\System32\Drivers\mup.sys 65536 bytes (Microsoft Corporation, Multiple UNC Provider Driver)
    0x90F75000 C:\Windows\system32\DRIVERS\ndisuio.sys 65536 bytes (Microsoft Corporation, NDIS User mode I/O driver)
    0x8E0FF000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Remote Desktop Server Driver)
    0x88C0B000 C:\Windows\system32\DRIVERS\volmgr.sys 65536 bytes (Microsoft Corporation, Volume Manager Driver)
    0x8FFAF000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
    0x8E1F2000 C:\Windows\system32\DRIVERS\blbdrive.sys 57344 bytes (Microsoft Corporation, BLB Drive Driver)
    0x8E0C4000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
    0x895A4000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
    0x88E90000 C:\Windows\system32\DRIVERS\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
    0x891D2000 C:\Windows\System32\drivers\pcw.sys 57344 bytes (Microsoft Corporation, Performance Counters for Windows Driver)
    0x94EB3000 C:\Windows\system32\DRIVERS\umbus.sys 57344 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
    0x961F2000 C:\Windows\system32\DRIVERS\usbscan.sys 57344 bytes (Microsoft Corporation, USB Scanner Driver)
    0x88C28000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
    0x94EC1000 C:\Windows\system32\DRIVERS\wsimd.sys 57344 bytes (Atheros Communications, Inc., Wireless Intermediate Miniport Driver)
    0x8E9E8000 C:\Windows\system32\DRIVERS\CompositeBus.sys 53248 bytes (Microsoft Corporation, Multi-Transport Composite Bus Enumerator)
    0x9616C000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
    0x94F24000 C:\Windows\system32\DRIVERS\dot4usb.sys 53248 bytes (Microsoft Corporation, DOT4USB filter driver)
    0x8E9A2000 C:\Windows\system32\DRIVERS\kbdclass.sys 53248 bytes (Microsoft Corporation, Keyboard Class Driver)
    0x94E70000 C:\Windows\system32\DRIVERS\mouclass.sys 53248 bytes (Microsoft Corporation, Mouse Class Driver)
    0x9EB6A000 C:\Windows\System32\drivers\tcpipreg.sys 53248 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
    0x89574000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
    0x8E16A000 C:\Windows\System32\drivers\discache.sys 49152 bytes (Microsoft Corporation, System Indexer/Cache Driver)
    0x89547000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
    !!!!!!!!!!!Hidden driver: 0x8940D000 2155373864 45056 bytes
    0x88C00000 C:\Windows\system32\DRIVERS\BATTC.SYS 45056 bytes (Microsoft Corporation, Battery Class Driver)
    0x96179000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
    0x961B7000 C:\Windows\system32\DRIVERS\hidusb.sys 45056 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
    0x961E7000 C:\Windows\system32\DRIVERS\monitor.sys 45056 bytes (Microsoft Corporation, Monitor Driver)
    0x961DC000 C:\Windows\system32\DRIVERS\mouhid.sys 45056 bytes (Microsoft Corporation, HID Mouse Filter Driver)
    0x89599000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
    0x8FFF5000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
    0x895D5000 C:\Windows\system32\drivers\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
    0x95E00000 C:\Windows\system32\DRIVERS\usbprint.sys 45056 bytes (Microsoft Corporation, USB Printer driver)
    0x8FF59000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
    0x88DA8000 C:\Windows\system32\DRIVERS\vdrvroot.sys 45056 bytes (Microsoft Corporation, Virtual Drive Root Enumerator)
    0x96162000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
    0x8E160000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
    0x8E156000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
    0x88F2E000 C:\Windows\System32\Drivers\PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
    0x94E66000 C:\Windows\system32\DRIVERS\rdpbus.sys 40960 bytes (Microsoft Corporation, Microsoft RDP Bus Device driver)
    0x9EAD5000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
    0x8F425000 C:\Windows\system32\DRIVERS\serenum.sys 40960 bytes (Microsoft Corporation, Serial Port Enumerator)
    0x88EE0000 C:\Windows\system32\DRIVERS\amdxata.sys 36864 bytes (Advanced Micro Devices, Storage Filter Driver)
    0x88EB4000 C:\Windows\system32\DRIVERS\atapi.sys 36864 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
    0x9EBEB000 C:\Windows\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
    0x94F6C000 C:\Windows\system32\DRIVERS\Dot4Prt.sys 36864 bytes (Microsoft Corporation, IEEE-1284.4 Print Class Driver)
    0x96184000 C:\Windows\System32\Drivers\dump_atapi.sys 36864 bytes
    0x891E0000 C:\Windows\System32\Drivers\Fs_Rec.sys 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
    0x97560000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
    0x8939F000 C:\Windows\system32\DRIVERS\vmstorfl.sys 36864 bytes (Microsoft Corporation, Virtual Storage Filter Driver)
    0x88D29000 C:\Windows\System32\Drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
    0x88A92000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
    0x88DEE000 C:\Windows\system32\DRIVERS\compbatt.sys 32768 bytes (Microsoft Corporation, Composite Battery Driver)
    0x89478000 C:\Windows\System32\drivers\hwpolicy.sys 32768 bytes (Microsoft Corporation, Hardware Policy Driver)
    0x80BB8000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Serial Kernel Debugger)
    0x88DA0000 C:\Windows\system32\DRIVERS\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
    0x89581000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
    0x89589000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Encoder Miniport)
    0x89591000 C:\Windows\system32\drivers\rdprefmp.sys 32768 bytes (Microsoft Corporation, RDP Reflector Driver Miniport)
    0x893E7000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
    0x89540000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
    0x961D5000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
    0x89539000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
    0x9A962000 C:\Windows\system32\DRIVERS\parvdm.sys 28672 bytes (Microsoft Corporation, VDM Parallel Driver)
    0x88E89000 C:\Windows\system32\DRIVERS\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
    0x8E09E000 C:\Windows\system32\DRIVERS\wfplwf.sys 28672 bytes (Microsoft Corporation, WFP NDIS 6.20 Lightweight Filter Driver)
    0x8E10F000 C:\Windows\system32\DRIVERS\ssmdrv.sys 24576 bytes (Avira GmbH, AVIRA SnapShot Driver)
    0x9A969000 C:\Windows\system32\drivers\pstrip.sys 20480 bytes (EnTech Taiwan, PowerStrip support NT kernel-mode driver)
    0x9EBE7000 C:\Windows\system32\drivers\mbam.sys 16384 bytes (Malwarebytes Corporation, Malwarebytes' Anti-Malware)
    0x8FE67000 C:\Windows\System32\Drivers\nvBridge.kmd 8192 bytes (NVIDIA Corporation, NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 270.61 )
    0x94E7D000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
    0x961B5000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
    !!!!!!!!!!!Hidden driver: 0x8610C140 00000569 3776 bytes
    0x8610C140 unknown_irp_handler 3776 bytes
    0x84E781F8 unknown_irp_handler 3592 bytes
    0x84E761F8 unknown_irp_handler 3592 bytes
    0x8603E1F8 unknown_irp_handler 3592 bytes
    0x84E771F8 unknown_irp_handler 3592 bytes
    0x860F61F8 unknown_irp_handler 3592 bytes
    0x84E741F8 unknown_irp_handler 3592 bytes
    0x863E41F8 unknown_irp_handler 3592 bytes
    0x86183480 unknown_irp_handler 2944 bytes
    0x86079500 unknown_irp_handler 2816 bytes
    0x86171500 unknown_irp_handler 2816 bytes
    0x8780B500 unknown_irp_handler 2816 bytes
    ==============================================
    >Stealth
    ==============================================
    0x8610FBC1 Unknown page with executable code, 1087 bytes
    0x8610FAF0 Unknown page with executable code, 1296 bytes
    0x8610B9E2 Unknown page with executable code, 1566 bytes
    0x8610D65A Unknown page with executable code, 2470 bytes
    0x8610BEF0 Unknown page with executable code, 272 bytes
    0x8611021B Unknown page with executable code, 3557 bytes
    0x8610D074 Unknown page with executable code, 3980 bytes
    0x894119B5 Unknown thread object [ ETHREAD 0x85D86D48 ] TID: 260, 600 bytes
    0x894119B5 Unknown thread object [ ETHREAD 0x860B6990 ] TID: 264, 600 bytes
    0x86111E95 Unknown thread object [ ETHREAD 0x860DCD48 ] TID: 268, 600 bytes
    0x86111E95 Unknown thread object [ ETHREAD 0x860F2020 ] TID: 272, 600 bytes
    WARNING: File locked for read access [C:\Windows\system32\drivers\sptd.sys]
    0x8610FC76 Unknown page with executable code, 906 bytes
     
  5. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Download TDSSKiller and save it to your desktop.
    • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  6. gregas

    gregas TS Rookie Topic Starter Posts: 26

    19:08:46.0594 3660 TDSS rootkit removing tool 2.6.2.0 Sep 26 2011 18:56:43
    19:08:46.0692 3660 ============================================================
    19:08:46.0692 3660 Current date / time: 2011/09/27 19:08:46.0692
    19:08:46.0692 3660 SystemInfo:
    19:08:46.0692 3660
    19:08:46.0693 3660 OS Version: 6.1.7600 ServicePack: 0.0
    19:08:46.0693 3660 Product type: Workstation
    19:08:46.0693 3660 ComputerName: GREGA-PC
    19:08:46.0693 3660 UserName: Grega
    19:08:46.0693 3660 Windows directory: C:\Windows
    19:08:46.0693 3660 System windows directory: C:\Windows
    19:08:46.0693 3660 Processor architecture: Intel x86
    19:08:46.0693 3660 Number of processors: 2
    19:08:46.0693 3660 Page size: 0x1000
    19:08:46.0693 3660 Boot type: Normal boot
    19:08:46.0693 3660 ============================================================
    19:08:48.0572 3660 Initialize success
    19:08:59.0123 1808 ============================================================
    19:08:59.0123 1808 Scan started
    19:08:59.0123 1808 Mode: Manual;
    19:08:59.0123 1808 ============================================================
    19:09:01.0904 1808 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
    19:09:01.0929 1808 1394ohci - ok
    19:09:01.0996 1808 8180e29f - ok
    19:09:02.0025 1808 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
    19:09:02.0028 1808 ACPI - ok
    19:09:02.0053 1808 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
    19:09:02.0054 1808 AcpiPmi - ok
    19:09:02.0073 1808 adfs - ok
    19:09:02.0119 1808 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
    19:09:02.0124 1808 adp94xx - ok
    19:09:02.0136 1808 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
    19:09:02.0139 1808 adpahci - ok
    19:09:02.0166 1808 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
    19:09:02.0168 1808 adpu320 - ok
    19:09:02.0247 1808 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
    19:09:02.0251 1808 AFD - ok
    19:09:02.0276 1808 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
    19:09:02.0277 1808 agp440 - ok
    19:09:02.0309 1808 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
    19:09:02.0311 1808 aic78xx - ok
    19:09:02.0336 1808 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
    19:09:02.0336 1808 aliide - ok
    19:09:02.0357 1808 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
    19:09:02.0358 1808 amdagp - ok
    19:09:02.0376 1808 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
    19:09:02.0377 1808 amdide - ok
    19:09:02.0391 1808 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
    19:09:02.0393 1808 AmdK8 - ok
    19:09:02.0404 1808 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
    19:09:02.0405 1808 AmdPPM - ok
    19:09:02.0424 1808 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
    19:09:02.0426 1808 amdsata - ok
    19:09:02.0445 1808 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
    19:09:02.0447 1808 amdsbs - ok
    19:09:02.0459 1808 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
    19:09:02.0459 1808 amdxata - ok
    19:09:02.0521 1808 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
    19:09:02.0522 1808 AppID - ok
    19:09:02.0570 1808 AR5416 (e874f36246ea0b9e6ca978fd0beb1b2f) C:\Windows\system32\DRIVERS\ar5416.sys
    19:09:02.0592 1808 AR5416 - ok
    19:09:02.0612 1808 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
    19:09:02.0613 1808 arc - ok
    19:09:02.0626 1808 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
    19:09:02.0627 1808 arcsas - ok
    19:09:02.0660 1808 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
    19:09:02.0661 1808 AsyncMac - ok
    19:09:02.0682 1808 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
    19:09:02.0682 1808 atapi - ok
    19:09:02.0738 1808 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
    19:09:02.0756 1808 avgntflt - ok
    19:09:02.0787 1808 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
    19:09:02.0789 1808 avipbb - ok
    19:09:02.0816 1808 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
    19:09:02.0821 1808 b06bdrv - ok
    19:09:02.0876 1808 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
    19:09:02.0879 1808 b57nd60x - ok
    19:09:02.0907 1808 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
    19:09:02.0907 1808 Beep - ok
    19:09:02.0933 1808 BlackBox - ok
    19:09:02.0956 1808 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
    19:09:02.0957 1808 blbdrive - ok
    19:09:03.0021 1808 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
    19:09:03.0022 1808 bowser - ok
    19:09:03.0036 1808 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    19:09:03.0037 1808 BrFiltLo - ok
    19:09:03.0059 1808 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    19:09:03.0060 1808 BrFiltUp - ok
    19:09:03.0105 1808 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
    19:09:03.0109 1808 Brserid - ok
    19:09:03.0138 1808 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
    19:09:03.0139 1808 BrSerWdm - ok
    19:09:03.0153 1808 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
    19:09:03.0154 1808 BrUsbMdm - ok
    19:09:03.0170 1808 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
    19:09:03.0171 1808 BrUsbSer - ok
    19:09:03.0192 1808 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
    19:09:03.0194 1808 BTHMODEM - ok
    19:09:03.0230 1808 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
    19:09:03.0232 1808 cdfs - ok
    19:09:03.0264 1808 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
    19:09:03.0266 1808 cdrom - ok
    19:09:03.0318 1808 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
    19:09:03.0319 1808 circlass - ok
    19:09:03.0347 1808 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
    19:09:03.0350 1808 CLFS - ok
    19:09:03.0374 1808 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
    19:09:03.0375 1808 CmBatt - ok
    19:09:03.0389 1808 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
    19:09:03.0390 1808 cmdide - ok
    19:09:03.0415 1808 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
    19:09:03.0419 1808 CNG - ok
    19:09:03.0464 1808 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
    19:09:03.0464 1808 Compbatt - ok
    19:09:03.0485 1808 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
    19:09:03.0486 1808 CompositeBus - ok
    19:09:03.0508 1808 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
    19:09:03.0509 1808 crcdisk - ok
    19:09:03.0533 1808 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
    19:09:03.0538 1808 CSC - ok
    19:09:03.0603 1808 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
    19:09:03.0604 1808 DfsC - ok
    19:09:03.0613 1808 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
    19:09:03.0614 1808 discache - ok
    19:09:03.0648 1808 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
    19:09:03.0648 1808 Disk - ok
    19:09:03.0730 1808 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
    19:09:03.0732 1808 Dot4 - ok
    19:09:03.0799 1808 Dot4Print (c25fea07a8e7767e8b89ab96a3b96519) C:\Windows\system32\DRIVERS\Dot4Prt.sys
    19:09:03.0832 1808 Dot4Print - ok
    19:09:03.0873 1808 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
    19:09:03.0874 1808 dot4usb - ok
    19:09:03.0911 1808 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
    19:09:03.0912 1808 drmkaud - ok
    19:09:03.0947 1808 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
    19:09:03.0963 1808 DXGKrnl - ok
    19:09:03.0982 1808 E1G60 (22ef8965101685add128f03a2b03ce16) C:\Windows\system32\DRIVERS\E1G60I32.sys
    19:09:03.0984 1808 E1G60 - ok
    19:09:04.0017 1808 eamon (1b5ca1caffc594bd37dcc8d7ef849e0b) C:\Windows\system32\DRIVERS\eamon.sys
    19:09:04.0018 1808 eamon - ok
    19:09:04.0161 1808 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
    19:09:04.0245 1808 ebdrv - ok
    19:09:04.0302 1808 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
    19:09:04.0307 1808 elxstor - ok
    19:09:04.0332 1808 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
    19:09:04.0333 1808 ErrDev - ok
    19:09:04.0387 1808 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
    19:09:04.0389 1808 exfat - ok
    19:09:04.0417 1808 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
    19:09:04.0419 1808 fastfat - ok
    19:09:04.0463 1808 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
    19:09:04.0464 1808 fdc - ok
    19:09:04.0483 1808 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
    19:09:04.0484 1808 FileInfo - ok
    19:09:04.0502 1808 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
    19:09:04.0503 1808 Filetrace - ok
    19:09:04.0520 1808 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
    19:09:04.0521 1808 flpydisk - ok
    19:09:04.0538 1808 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
    19:09:04.0541 1808 FltMgr - ok
    19:09:04.0557 1808 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
    19:09:04.0558 1808 FsDepends - ok
    19:09:04.0578 1808 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
    19:09:04.0579 1808 Fs_Rec - ok
    19:09:04.0633 1808 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
    19:09:04.0636 1808 fvevol - ok
    19:09:04.0669 1808 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
    19:09:04.0671 1808 gagp30kx - ok
    19:09:04.0745 1808 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
    19:09:04.0747 1808 hcw85cir - ok
    19:09:04.0779 1808 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
    19:09:04.0783 1808 HdAudAddService - ok
    19:09:04.0815 1808 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
    19:09:04.0816 1808 HDAudBus - ok
    19:09:04.0837 1808 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
    19:09:04.0838 1808 HidBatt - ok
    19:09:04.0859 1808 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
    19:09:04.0860 1808 HidBth - ok
    19:09:04.0887 1808 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
    19:09:04.0888 1808 HidIr - ok
    19:09:04.0921 1808 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
    19:09:04.0922 1808 HidUsb - ok
    19:09:04.0978 1808 hitmanpro35 (72472b9ce5d02e443cff49a40355455d) C:\Windows\system32\drivers\hitmanpro35.sys
    19:09:04.0979 1808 hitmanpro35 - ok
    19:09:05.0045 1808 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
    19:09:05.0046 1808 HpSAMD - ok
    19:09:05.0083 1808 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
    19:09:05.0089 1808 HTTP - ok
    19:09:05.0101 1808 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
    19:09:05.0101 1808 hwpolicy - ok
    19:09:05.0117 1808 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
    19:09:05.0119 1808 i8042prt - ok
    19:09:05.0152 1808 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
    19:09:05.0156 1808 iaStorV - ok
    19:09:05.0195 1808 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
    19:09:05.0197 1808 iirsp - ok
    19:09:05.0501 1808 IntcAzAudAddService (0c36a7de2b4e6ec301b98ae300547701) C:\Windows\system32\drivers\RTKVHDA.sys
    19:09:05.0593 1808 IntcAzAudAddService - ok
    19:09:05.0626 1808 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
    19:09:05.0627 1808 intelide - ok
    19:09:05.0662 1808 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
    19:09:05.0664 1808 intelppm - ok
    19:09:05.0691 1808 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    19:09:05.0692 1808 IpFilterDriver - ok
    19:09:05.0726 1808 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
    19:09:05.0728 1808 IPMIDRV - ok
    19:09:05.0750 1808 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
    19:09:05.0752 1808 IPNAT - ok
    19:09:05.0783 1808 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
    19:09:05.0784 1808 IRENUM - ok
    19:09:05.0805 1808 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
    19:09:05.0806 1808 isapnp - ok
    19:09:05.0834 1808 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
    19:09:05.0836 1808 iScsiPrt - ok
    19:09:05.0854 1808 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
    19:09:05.0855 1808 kbdclass - ok
    19:09:05.0874 1808 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
    19:09:05.0875 1808 kbdhid - ok
    19:09:05.0912 1808 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
    19:09:05.0913 1808 KSecDD - ok
    19:09:05.0979 1808 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
    19:09:05.0980 1808 KSecPkg - ok
    19:09:06.0018 1808 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
    19:09:06.0020 1808 lltdio - ok
    19:09:06.0046 1808 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
    19:09:06.0048 1808 LSI_FC - ok
    19:09:06.0074 1808 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
    19:09:06.0075 1808 LSI_SAS - ok
    19:09:06.0091 1808 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    19:09:06.0092 1808 LSI_SAS2 - ok
    19:09:06.0130 1808 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    19:09:06.0132 1808 LSI_SCSI - ok
    19:09:06.0148 1808 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
    19:09:06.0149 1808 luafv - ok
    19:09:06.0204 1808 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys
    19:09:06.0205 1808 MBAMProtector - ok
    19:09:06.0229 1808 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
    19:09:06.0230 1808 megasas - ok
    19:09:06.0278 1808 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
    19:09:06.0281 1808 MegaSR - ok
    19:09:06.0324 1808 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
    19:09:06.0325 1808 Modem - ok
    19:09:06.0354 1808 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
    19:09:06.0355 1808 monitor - ok
    19:09:06.0366 1808 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
    19:09:06.0368 1808 mouclass - ok
    19:09:06.0391 1808 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
    19:09:06.0393 1808 mouhid - ok
    19:09:06.0411 1808 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
    19:09:06.0412 1808 mountmgr - ok
    19:09:06.0433 1808 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
    19:09:06.0435 1808 mpio - ok
    19:09:06.0455 1808 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
    19:09:06.0456 1808 mpsdrv - ok
    19:09:06.0490 1808 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
    19:09:06.0492 1808 MRxDAV - ok
    19:09:06.0545 1808 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
    19:09:06.0547 1808 mrxsmb - ok
    19:09:06.0613 1808 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    19:09:06.0616 1808 mrxsmb10 - ok
    19:09:06.0635 1808 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    19:09:06.0637 1808 mrxsmb20 - ok
    19:09:06.0664 1808 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
    19:09:06.0665 1808 msahci - ok
    19:09:06.0688 1808 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
    19:09:06.0689 1808 msdsm - ok
    19:09:06.0721 1808 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
    19:09:06.0722 1808 Msfs - ok
    19:09:06.0734 1808 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
    19:09:06.0845 1808 mshidkmdf - ok
    19:09:06.0953 1808 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
    19:09:06.0954 1808 msisadrv - ok
    19:09:07.0205 1808 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
    19:09:07.0206 1808 MSKSSRV - ok
    19:09:07.0237 1808 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
    19:09:07.0238 1808 MSPCLOCK - ok
    19:09:07.0258 1808 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
    19:09:07.0259 1808 MSPQM - ok
    19:09:07.0278 1808 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
    19:09:07.0279 1808 MsRPC - ok
    19:09:07.0297 1808 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
    19:09:07.0298 1808 mssmbios - ok
    19:09:07.0317 1808 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
    19:09:07.0317 1808 MSTEE - ok
    19:09:07.0335 1808 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
    19:09:07.0336 1808 MTConfig - ok
    19:09:07.0358 1808 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
    19:09:07.0358 1808 Mup - ok
    19:09:07.0394 1808 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
    19:09:07.0398 1808 NativeWifiP - ok
    19:09:07.0443 1808 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
    19:09:07.0457 1808 NDIS - ok
    19:09:07.0491 1808 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
    19:09:07.0492 1808 NdisCap - ok
    19:09:07.0532 1808 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
    19:09:07.0533 1808 NdisTapi - ok
    19:09:07.0562 1808 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
    19:09:07.0563 1808 Ndisuio - ok
    19:09:07.0580 1808 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
    19:09:07.0582 1808 NdisWan - ok
    19:09:07.0591 1808 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
    19:09:07.0592 1808 NDProxy - ok
    19:09:07.0651 1808 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
    19:09:07.0652 1808 NetBIOS - ok
    19:09:07.0670 1808 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
    19:09:07.0673 1808 NetBT - ok
    19:09:07.0725 1808 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
    19:09:07.0726 1808 nfrd960 - ok
    19:09:07.0752 1808 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
    19:09:07.0753 1808 Npfs - ok
    19:09:07.0764 1808 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
    19:09:07.0765 1808 nsiproxy - ok
    19:09:07.0829 1808 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
    19:09:07.0853 1808 Ntfs - ok
    19:09:07.0886 1808 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
    19:09:07.0887 1808 Null - ok
    19:09:08.0474 1808 nvlddmkm (1f144bd1fecb52fe4dc18fafe70ff7af) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    19:09:08.0667 1808 nvlddmkm - ok
    19:09:08.0787 1808 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
    19:09:08.0789 1808 nvraid - ok
    19:09:08.0837 1808 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
    19:09:08.0839 1808 nvstor - ok
    19:09:08.0881 1808 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
    19:09:08.0883 1808 nv_agp - ok
    19:09:08.0906 1808 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
    19:09:08.0907 1808 ohci1394 - ok
    19:09:08.0946 1808 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
    19:09:08.0947 1808 Parport - ok
    19:09:08.0963 1808 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
    19:09:08.0964 1808 partmgr - ok
    19:09:08.0978 1808 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
    19:09:08.0979 1808 Parvdm - ok
    19:09:08.0998 1808 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
    19:09:09.0000 1808 pci - ok
    19:09:09.0015 1808 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
    19:09:09.0016 1808 pciide - ok
    19:09:09.0049 1808 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
    19:09:09.0052 1808 pcmcia - ok
    19:09:09.0078 1808 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
    19:09:09.0079 1808 pcw - ok
    19:09:09.0106 1808 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
    19:09:09.0120 1808 PEAUTH - ok
    19:09:09.0172 1808 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
    19:09:09.0173 1808 PptpMiniport - ok
    19:09:09.0198 1808 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
    19:09:09.0200 1808 Processor - ok
    19:09:09.0224 1808 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
    19:09:09.0226 1808 Psched - ok
    19:09:09.0335 1808 PStrip (bcf8d075fad718fea8ef6e281331a56e) C:\Windows\system32\drivers\pstrip.sys
    19:09:09.0341 1808 PStrip - ok
    19:09:09.0427 1808 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\Windows\system32\Drivers\PxHelp20.sys
    19:09:09.0428 1808 PxHelp20 - ok
    19:09:09.0483 1808 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
    19:09:09.0527 1808 ql2300 - ok
    19:09:09.0574 1808 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
    19:09:09.0576 1808 ql40xx - ok
    19:09:09.0608 1808 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
    19:09:09.0610 1808 QWAVEdrv - ok
    19:09:09.0628 1808 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
    19:09:09.0628 1808 RasAcd - ok
    19:09:09.0667 1808 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
    19:09:09.0677 1808 RasAgileVpn - ok
    19:09:09.0749 1808 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
    19:09:09.0751 1808 Rasl2tp - ok
    19:09:09.0784 1808 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
    19:09:09.0785 1808 RasPppoe - ok
    19:09:09.0801 1808 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
    19:09:09.0803 1808 RasSstp - ok
    19:09:09.0821 1808 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
    19:09:09.0824 1808 rdbss - ok
    19:09:09.0843 1808 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
    19:09:09.0844 1808 rdpbus - ok
    19:09:09.0861 1808 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
    19:09:09.0862 1808 RDPCDD - ok
    19:09:09.0890 1808 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
    19:09:09.0892 1808 RDPDR - ok
    19:09:09.0929 1808 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
    19:09:09.0930 1808 RDPENCDD - ok
    19:09:09.0943 1808 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
    19:09:09.0944 1808 RDPREFMP - ok
    19:09:09.0962 1808 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
    19:09:09.0964 1808 RDPWD - ok
    19:09:09.0985 1808 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
    19:09:09.0988 1808 rdyboost - ok
    19:09:10.0011 1808 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
    19:09:10.0012 1808 rspndr - ok
    19:09:10.0047 1808 RTL8167 (7dfd48e24479b68b258d8770121155a0) C:\Windows\system32\DRIVERS\Rt86win7.sys
    19:09:10.0049 1808 RTL8167 - ok
    19:09:10.0075 1808 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
    19:09:10.0076 1808 s3cap - ok
    19:09:10.0100 1808 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
    19:09:10.0102 1808 sbp2port - ok
    19:09:10.0124 1808 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
    19:09:10.0125 1808 scfilter - ok
    19:09:10.0159 1808 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    19:09:10.0160 1808 secdrv - ok
    19:09:10.0177 1808 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
    19:09:10.0178 1808 Serenum - ok
    19:09:10.0191 1808 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
    19:09:10.0193 1808 Serial - ok
    19:09:10.0213 1808 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
    19:09:10.0215 1808 sermouse - ok
    19:09:10.0243 1808 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
    19:09:10.0244 1808 sffdisk - ok
    19:09:10.0260 1808 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
    19:09:10.0261 1808 sffp_mmc - ok
    19:09:10.0288 1808 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
    19:09:10.0289 1808 sffp_sd - ok
    19:09:10.0303 1808 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
    19:09:10.0304 1808 sfloppy - ok
    19:09:10.0324 1808 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
    19:09:10.0325 1808 sisagp - ok
    19:09:10.0344 1808 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    19:09:10.0345 1808 SiSRaid2 - ok
    19:09:10.0374 1808 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
    19:09:10.0376 1808 SiSRaid4 - ok
    19:09:10.0410 1808 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
    19:09:10.0411 1808 Smb - ok
    19:09:10.0422 1808 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
    19:09:10.0423 1808 spldr - ok
    19:09:10.0538 1808 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
    19:09:10.0539 1808 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
    19:09:10.0540 1808 sptd ( LockedFile.Multi.Generic ) - warning
    19:09:10.0540 1808 sptd - detected LockedFile.Multi.Generic (1)
    19:09:10.0605 1808 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
    19:09:10.0611 1808 srv - ok
    19:09:10.0626 1808 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
    19:09:10.0630 1808 srv2 - ok
    19:09:10.0691 1808 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
    19:09:10.0693 1808 srvnet - ok
    19:09:10.0738 1808 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
    19:09:10.0740 1808 ssmdrv - ok
    19:09:10.0782 1808 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
    19:09:10.0783 1808 stexstor - ok
    19:09:10.0818 1808 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
    19:09:10.0819 1808 storflt - ok
    19:09:10.0841 1808 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
    19:09:10.0843 1808 storvsc - ok
    19:09:10.0863 1808 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
    19:09:10.0864 1808 swenum - ok
    19:09:10.0979 1808 Tcpip (c2daaeb48f3a47c410b041a0d2382ee1) C:\Windows\system32\drivers\tcpip.sys
    19:09:11.0005 1808 Tcpip - ok
    19:09:11.0054 1808 TCPIP6 (c2daaeb48f3a47c410b041a0d2382ee1) C:\Windows\system32\DRIVERS\tcpip.sys
    19:09:11.0059 1808 TCPIP6 - ok
    19:09:11.0085 1808 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
    19:09:11.0086 1808 tcpipreg - ok
    19:09:11.0110 1808 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
    19:09:11.0111 1808 TDPIPE - ok
    19:09:11.0133 1808 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
    19:09:11.0134 1808 TDTCP - ok
    19:09:11.0157 1808 tdx (27f5ed7d8070693b390b5c4f60cfa99b) C:\Windows\system32\DRIVERS\tdx.sys
    19:09:11.0159 1808 tdx ( Rootkit.Win32.ZAccess.e ) - infected
    19:09:11.0159 1808 tdx - detected Rootkit.Win32.ZAccess.e (0)
    19:09:11.0207 1808 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
    19:09:11.0209 1808 TermDD - ok
    19:09:11.0286 1808 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
    19:09:11.0315 1808 tssecsrv - ok
    19:09:11.0359 1808 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
    19:09:11.0361 1808 tunnel - ok
    19:09:11.0379 1808 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
    19:09:11.0381 1808 uagp35 - ok
    19:09:11.0406 1808 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
    19:09:11.0409 1808 udfs - ok
    19:09:11.0449 1808 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
    19:09:11.0450 1808 uliagpkx - ok
    19:09:11.0478 1808 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
    19:09:11.0480 1808 umbus - ok
    19:09:11.0499 1808 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
    19:09:11.0500 1808 UmPass - ok
    19:09:11.0565 1808 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
    19:09:11.0631 1808 usbccgp - ok
    19:09:11.0649 1808 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
    19:09:11.0651 1808 usbcir - ok
    19:09:11.0673 1808 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
    19:09:11.0674 1808 usbehci - ok
    19:09:11.0694 1808 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
    19:09:11.0698 1808 usbhub - ok
    19:09:11.0716 1808 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
    19:09:11.0718 1808 usbohci - ok
    19:09:11.0736 1808 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
    19:09:11.0737 1808 usbprint - ok
    19:09:11.0799 1808 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
    19:09:11.0817 1808 usbscan - ok
    19:09:11.0838 1808 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    19:09:11.0838 1808 USBSTOR - ok
    19:09:11.0851 1808 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
    19:09:11.0852 1808 usbuhci - ok
    19:09:11.0871 1808 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
    19:09:11.0872 1808 vdrvroot - ok
    19:09:11.0888 1808 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
    19:09:11.0890 1808 vga - ok
    19:09:11.0908 1808 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
    19:09:11.0909 1808 VgaSave - ok
    19:09:11.0935 1808 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
    19:09:11.0938 1808 vhdmp - ok
    19:09:11.0969 1808 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
    19:09:11.0971 1808 viaagp - ok
    19:09:11.0988 1808 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
    19:09:11.0989 1808 ViaC7 - ok
    19:09:12.0007 1808 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
    19:09:12.0009 1808 viaide - ok
    19:09:12.0029 1808 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
    19:09:12.0032 1808 vmbus - ok
    19:09:12.0057 1808 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
    19:09:12.0058 1808 VMBusHID - ok
    19:09:12.0080 1808 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
    19:09:12.0081 1808 volmgr - ok
    19:09:12.0188 1808 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
    19:09:12.0380 1808 volmgrx - ok
    19:09:12.0584 1808 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
    19:09:12.0587 1808 volsnap - ok
    19:09:12.0622 1808 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
    19:09:12.0624 1808 vsmraid - ok
    19:09:12.0649 1808 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
    19:09:12.0650 1808 vwifibus - ok
    19:09:12.0675 1808 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
    19:09:12.0676 1808 WacomPen - ok
    19:09:12.0706 1808 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
    19:09:12.0708 1808 WANARP - ok
    19:09:12.0710 1808 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
    19:09:12.0711 1808 Wanarpv6 - ok
    19:09:12.0741 1808 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
    19:09:12.0742 1808 Wd - ok
    19:09:12.0777 1808 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
    19:09:12.0782 1808 Wdf01000 - ok
    19:09:12.0811 1808 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
    19:09:12.0812 1808 WfpLwf - ok
    19:09:12.0821 1808 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
    19:09:12.0822 1808 WIMMount - ok
    19:09:12.0856 1808 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
    19:09:12.0857 1808 WmiAcpi - ok
    19:09:12.0885 1808 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
    19:09:12.0886 1808 ws2ifsl - ok
    19:09:12.0924 1808 WSIMD (ebedf91c32fe60c724402e6f44ca3152) C:\Windows\system32\DRIVERS\wsimd.sys
    19:09:12.0925 1808 WSIMD - ok
    19:09:12.0943 1808 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
    19:09:12.0945 1808 WudfPf - ok
    19:09:12.0977 1808 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
    19:09:12.0980 1808 WUDFRd - ok
    19:09:12.0995 1808 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
    19:09:13.0064 1808 \Device\Harddisk1\DR1 - ok
    19:09:13.0080 1808 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    19:09:13.0126 1808 \Device\Harddisk0\DR0 - ok
    19:09:13.0129 1808 Boot (0x1200) (4b580a8783aa04094a21b822feced6da) \Device\Harddisk1\DR1\Partition0
    19:09:13.0129 1808 \Device\Harddisk1\DR1\Partition0 - ok
    19:09:13.0157 1808 Boot (0x1200) (85009d2d4acff0df80eba952532da860) \Device\Harddisk0\DR0\Partition0
    19:09:13.0158 1808 \Device\Harddisk0\DR0\Partition0 - ok
    19:09:13.0158 1808 ============================================================
    19:09:13.0158 1808 Scan finished
    19:09:13.0158 1808 ============================================================
    19:09:13.0163 3788 Detected object count: 2
    19:09:13.0163 3788 Actual detected object count: 2
    19:09:57.0523 3788 sptd ( LockedFile.Multi.Generic ) - skipped by user
    19:09:57.0523 3788 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
    19:09:57.0676 3788 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\Windows\system32\drivers\tdx.sys) error 1813
    19:10:00.0240 3788 Backup copy found, using it..
    19:10:00.0266 3788 C:\Windows\system32\DRIVERS\tdx.sys - will be cured on reboot
    19:10:00.0266 3788 tdx ( Rootkit.Win32.ZAccess.e ) - User select action: Cure
    19:10:06.0198 2920 Deinitialize success
     
  7. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Good :)

    Post new RKUnhooker log.
     
  8. gregas

    gregas TS Rookie Topic Starter Posts: 26

    RkU Version: 3.8.389.593, Type LE (SR2)
    ==============================================
    OS Name: Windows 7
    Version 6.1.7600
    Number of processors #2
    ==============================================
    >Drivers
    ==============================================
    0x8F40A000 C:\Windows\system32\DRIVERS\nvlddmkm.sys 10686464 bytes (NVIDIA Corporation, NVIDIA Windows Kernel Mode Driver, Version 270.61 )
    0x82E3A000 C:\Windows\system32\ntkrnlpa.exe 4259840 bytes (Microsoft Corporation, NT Kernel & System)
    0x82E3A000 PnpManager 4259840 bytes
    0x82E3A000 RAW 4259840 bytes
    0x82E3A000 WMIxWDM 4259840 bytes
    0x95E24000 C:\Windows\system32\drivers\RTKVHDA.sys 3182592 bytes (Realtek Semiconductor Corp., Realtek(r) High Definition Audio Function Driver)
    0x82130000 Win32k 2408448 bytes
    0x82130000 C:\Windows\System32\win32k.sys 2408448 bytes (Microsoft Corporation, Multi-User Win32 Driver)
    0x89287000 C:\Windows\System32\drivers\tcpip.sys 1347584 bytes (Microsoft Corporation, TCP/IP Driver)
    0x89003000 C:\Windows\System32\Drivers\Ntfs.sys 1241088 bytes (Microsoft Corporation, NT File System Driver)
    0x90236000 C:\Windows\system32\DRIVERS\ar5416.sys 1040384 bytes (Atheros Communications, Inc., Driver for Atheros AR5008 Wireless Network Adapter)
    0x88C84000 PCI_PNP9691 995328 bytes
    0x88C84000 sptd 995328 bytes
    0x88C84000 C:\Windows\System32\Drivers\spwp.sys 995328 bytes
    0x91C1C000 C:\Windows\system32\DRIVERS\eamon.sys 835584 bytes (ESET, Amon monitor)
    0x8FE3D000 C:\Windows\System32\drivers\dxgkrnl.sys 749568 bytes (Microsoft Corporation, DirectX Graphics Kernel)
    0x88F44000 C:\Windows\system32\drivers\ndis.sys 749568 bytes (Microsoft Corporation, NDIS 6.20 driver)
    0x88AE2000 C:\Windows\system32\CI.dll 700416 bytes (Microsoft Corporation, Code Integrity Module)
    0x9CE89000 C:\Windows\system32\drivers\peauth.sys 618496 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
    0x91D7B000 C:\Windows\system32\drivers\HTTP.sys 544768 bytes (Microsoft Corporation, HTTP Protocol Stack)
    0x88A0F000 C:\Windows\system32\mcupdate_GenuineIntel.dll 491520 bytes (Microsoft Corporation, Intel Microcode Update Library)
    0x88C05000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
    0x9CF4B000 C:\Windows\system32\drivers\spsys.sys 434176 bytes (Microsoft Corporation, security processor)
    0x8E389000 C:\Windows\system32\drivers\csc.sys 409600 bytes (Microsoft Corporation, Windows Client Side Caching Driver)
    0x89170000 C:\Windows\System32\Drivers\cng.sys 380928 bytes (Microsoft Corporation, Kernel Cryptography, Next Generation)
    0x8E225000 C:\Windows\system32\drivers\afd.sys 368640 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
    0x9D089000 C:\Windows\System32\DRIVERS\srv.sys 335872 bytes (Microsoft Corporation, Server driver)
    0x9D03A000 C:\Windows\System32\DRIVERS\srv2.sys 323584 bytes (Microsoft Corporation, Smb 2.0 Server driver)
    0x82000000 C:\Windows\System32\ATMFD.DLL 315392 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
    0x8FF38000 C:\Windows\system32\DRIVERS\USBPORT.SYS 307200 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
    0x88E4A000 C:\Windows\System32\drivers\volmgrx.sys 307200 bytes (Microsoft Corporation, Volume Manager Extension Driver)
    0x88DA6000 C:\Windows\system32\DRIVERS\ACPI.sys 294912 bytes (Microsoft Corporation, ACPI Driver for NT)
    0x91D12000 C:\Windows\system32\DRIVERS\nwifi.sys 286720 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
    0x94EBA000 C:\Windows\system32\DRIVERS\usbhub.sys 278528 bytes (Microsoft Corporation, Default Hub Driver for USB)
    0x88AA0000 C:\Windows\system32\CLFS.SYS 270336 bytes (Microsoft Corporation, Common Log File System Driver)
    0x8E328000 C:\Windows\system32\DRIVERS\rdbss.sys 266240 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
    0x8941E000 C:\Windows\system32\DRIVERS\volsnap.sys 258048 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
    0x89224000 C:\Windows\system32\drivers\NETIO.SYS 253952 bytes (Microsoft Corporation, Network I/O Subsystem)
    0x9CE27000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 241664 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
    0x9037B000 C:\Windows\System32\Drivers\a5lhdaif.SYS 233472 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
    0x8FEF4000 C:\Windows\System32\drivers\dxgmms1.sys 233472 bytes (Microsoft Corporation, DirectX Graphics MMS)
    0x82E03000 ACPI_HAL 225280 bytes
    0x82E03000 C:\Windows\system32\halmacpi.dll 225280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
    0x88EF5000 C:\Windows\system32\drivers\fltmgr.sys 212992 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
    0x94E6A000 C:\Windows\system32\DRIVERS\ks.sys 212992 bytes (Microsoft Corporation, Kernel CSA Library)
    0x894AA000 C:\Windows\System32\DRIVERS\fvevol.sys 204800 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)
    0x8E27F000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
    0x88E00000 C:\Windows\System32\drivers\fwpkclnt.sys 200704 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
    0x9612D000 C:\Windows\system32\drivers\portcls.sys 192512 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
    0x89465000 C:\Windows\System32\drivers\rdyboost.sys 184320 bytes (Microsoft Corporation, ReadyBoost Driver)
    0x89132000 C:\Windows\System32\Drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
    0x88BAE000 C:\Windows\system32\DRIVERS\pci.sys 172032 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
    0x893D9000 C:\Windows\system32\DRIVERS\avipbb.sys 159744 bytes (Avira GmbH, Avira Driver for Security Enhancement)
    0x88D80000 C:\Windows\System32\Drivers\SCSIPORT.SYS 155648 bytes (Microsoft Corporation, SCSI Port Driver)
    0x894ED000 C:\Windows\system32\DRIVERS\CLASSPNP.SYS 151552 bytes (Microsoft Corporation, SCSI Class System Dll)
    0x89262000 C:\Windows\System32\Drivers\ksecpkg.sys 151552 bytes (Microsoft Corporation, Kernel Security Support Provider Interface Packages)
    0x8FFB1000 C:\Windows\system32\DRIVERS\Rt86win7.sys 151552 bytes (Realtek Corporation , Realtek 8101E/8168/8169 NDIS 6.20 32-bit Driver )
    0x94F1C000 C:\Windows\system32\DRIVERS\Dot4.sys 147456 bytes (Microsoft Corporation, IEEE-1284.4-1999 Driver)
    0x88EC9000 C:\Windows\system32\DRIVERS\ataport.SYS 143360 bytes (Microsoft Corporation, ATAPI Driver Extension)
    0x94FBF000 C:\Windows\system32\DRIVERS\mrxsmb.sys 143360 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
    0x90200000 C:\Windows\system32\DRIVERS\ndiswan.sys 139264 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
    0x9CF2A000 C:\Windows\System32\DRIVERS\srvnet.sys 135168 bytes (Microsoft Corporation, Server Network driver)
    0x89200000 C:\Windows\system32\DRIVERS\tunnel.sys 135168 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
    0x8957D000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
    0x9D0DB000 C:\Windows\system32\DRIVERS\WUDFRd.sys 135168 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector)
    0x89544000 C:\Windows\system32\DRIVERS\cdrom.sys 126976 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
    0x8FF92000 C:\Windows\system32\DRIVERS\HDAudBus.sys 126976 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
    0x8E2B8000 C:\Windows\system32\DRIVERS\pacer.sys 126976 bytes (Microsoft Corporation, QoS Packet Scheduler)
    0x823C0000 C:\Windows\System32\cdd.dll 122880 bytes (Microsoft Corporation, Canonical Display Driver)
    0x94F62000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
    0x9CE62000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 110592 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
    0x8E2E5000 C:\Windows\system32\DRIVERS\serial.sys 106496 bytes (Microsoft Corporation, Serial Device Driver)
    0x91CE8000 C:\Windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
    0x94F94000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
    0x9615C000 C:\Windows\system32\drivers\drmk.sys 102400 bytes (Microsoft Corporation, Microsoft Trusted Audio Drivers)
    0x8E200000 C:\Windows\System32\Drivers\dfsc.sys 98304 bytes (Microsoft Corporation, DFS Namespace Client Driver)
    0x90356000 C:\Windows\system32\DRIVERS\i8042prt.sys 98304 bytes (Microsoft Corporation, i8042 Port Driver)
    0x9033E000 C:\Windows\system32\DRIVERS\parport.sys 98304 bytes (Microsoft Corporation, Parallel Port Driver)
    0x903D3000 C:\Windows\system32\DRIVERS\rasl2tp.sys 98304 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
    0x8FFD6000 C:\Windows\system32\DRIVERS\raspppoe.sys 98304 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
    0x94F7D000 C:\Windows\system32\DRIVERS\avgntflt.sys 94208 bytes (Avira GmbH, Avira Minifilter Driver)
    0x891E4000 C:\Windows\system32\DRIVERS\raspptp.sys 94208 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
    0x94E3A000 C:\Windows\system32\DRIVERS\rassstp.sys 94208 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
    0x895DC000 C:\Windows\system32\DRIVERS\tdx.sys 94208 bytes (Microsoft Corporation, TDI Translation Driver)
    0x961B1000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
    0x94F40000 C:\Windows\system32\DRIVERS\USBSTOR.SYS 94208 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
    0x88B8D000 C:\Windows\system32\drivers\19069628.sys 90112 bytes
    0x88EAA000 C:\Windows\System32\drivers\mountmgr.sys 90112 bytes (Microsoft Corporation, Mount Point Manager)
    0x961D5000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 77824 bytes (Microsoft Corporation, Hid Class Library)
    0x8915D000 C:\Windows\System32\Drivers\ksecdd.sys 77824 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
    0x91D68000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
    0x8E2FF000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
    0x903C1000 C:\Windows\system32\DRIVERS\AgileVpn.sys 73728 bytes (Microsoft Corporation, RAS Agile Vpn Miniport Call Manager)
    0x89400000 C:\Windows\system32\DRIVERS\intelppm.sys 73728 bytes (Microsoft Corporation, Processor Device Driver)
    0x94FAD000 C:\Windows\System32\drivers\mpsdrv.sys 73728 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
    0x894DC000 C:\Windows\system32\DRIVERS\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
    0x96196000 C:\Windows\System32\Drivers\dump_dumpfve.sys 69632 bytes
    0x88F29000 C:\Windows\system32\drivers\fileinfo.sys 69632 bytes (Microsoft Corporation, FileInfo Filter Driver)
    0x94EFE000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
    0x88BD8000 C:\Windows\System32\drivers\partmgr.sys 69632 bytes (Microsoft Corporation, Partition Management Driver)
    0x88A87000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
    0x91D02000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
    0x89492000 C:\Windows\System32\Drivers\mup.sys 65536 bytes (Microsoft Corporation, Multiple UNC Provider Driver)
    0x91D58000 C:\Windows\system32\DRIVERS\ndisuio.sys 65536 bytes (Microsoft Corporation, NDIS User mode I/O driver)
    0x8E312000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Remote Desktop Server Driver)
    0x88E3A000 C:\Windows\system32\DRIVERS\volmgr.sys 65536 bytes (Microsoft Corporation, Volume Manager Driver)
    0x8FF83000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
    0x8E3ED000 C:\Windows\system32\DRIVERS\blbdrive.sys 57344 bytes (Microsoft Corporation, BLB Drive Driver)
    0x8E2D7000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
    0x895CE000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
    0x88E9C000 C:\Windows\system32\DRIVERS\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
    0x891CD000 C:\Windows\System32\drivers\pcw.sys 57344 bytes (Microsoft Corporation, Performance Counters for Windows Driver)
    0x94E9E000 C:\Windows\system32\DRIVERS\umbus.sys 57344 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
    0x95E00000 C:\Windows\system32\DRIVERS\usbscan.sys 57344 bytes (Microsoft Corporation, USB Scanner Driver)
    0x88C76000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
    0x94EAC000 C:\Windows\system32\DRIVERS\wsimd.sys 57344 bytes (Atheros Communications, Inc., Wireless Intermediate Miniport Driver)
    0x903B4000 C:\Windows\system32\DRIVERS\CompositeBus.sys 53248 bytes (Microsoft Corporation, Multi-Transport Composite Bus Enumerator)
    0x96175000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
    0x94F0F000 C:\Windows\system32\DRIVERS\dot4usb.sys 53248 bytes (Microsoft Corporation, DOT4USB filter driver)
    0x9036E000 C:\Windows\system32\DRIVERS\kbdclass.sys 53248 bytes (Microsoft Corporation, Keyboard Class Driver)
    0x94E5B000 C:\Windows\system32\DRIVERS\mouclass.sys 53248 bytes (Microsoft Corporation, Mouse Class Driver)
    0x9CFB5000 C:\Windows\System32\drivers\tcpipreg.sys 53248 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
    0x8959E000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
    !!!!!!!!!!!Hidden driver: 0x91C00000 .dfsc 49152 bytes
    0x8E37D000 C:\Windows\System32\drivers\discache.sys 49152 bytes (Microsoft Corporation, System Indexer/Cache Driver)
    0x89571000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
    !!!!!!!!!!!Hidden driver: 0x9D114000 2570484744 45056 bytes
    0x88BE9000 C:\Windows\system32\DRIVERS\BATTC.SYS 45056 bytes (Microsoft Corporation, Battery Class Driver)
    0x96182000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
    0x961CA000 C:\Windows\system32\DRIVERS\hidusb.sys 45056 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
    0x94F57000 C:\Windows\system32\DRIVERS\monitor.sys 45056 bytes (Microsoft Corporation, Monitor Driver)
    0x961EF000 C:\Windows\system32\DRIVERS\mouhid.sys 45056 bytes (Microsoft Corporation, HID Mouse Filter Driver)
    0x895C3000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
    0x903EB000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
    0x895F3000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
    0x95E0E000 C:\Windows\system32\DRIVERS\usbprint.sys 45056 bytes (Microsoft Corporation, USB Printer driver)
    0x8FF2D000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
    0x88BA3000 C:\Windows\system32\DRIVERS\vdrvroot.sys 45056 bytes (Microsoft Corporation, Virtual Drive Root Enumerator)
    0x961A7000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
    0x8E373000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
    0x8E369000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
    0x88F3A000 C:\Windows\System32\Drivers\PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
    0x94E51000 C:\Windows\system32\DRIVERS\rdpbus.sys 40960 bytes (Microsoft Corporation, Microsoft RDP Bus Device driver)
    0x9CF20000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
    0x90334000 C:\Windows\system32\DRIVERS\serenum.sys 40960 bytes (Microsoft Corporation, Serial Port Enumerator)
    0x88EEC000 C:\Windows\system32\DRIVERS\amdxata.sys 36864 bytes (Advanced Micro Devices, Storage Filter Driver)
    0x88EC0000 C:\Windows\system32\DRIVERS\atapi.sys 36864 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
    0x9D12E000 C:\Windows\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
    0x95E19000 C:\Windows\system32\DRIVERS\Dot4Prt.sys 36864 bytes (Microsoft Corporation, IEEE-1284.4 Print Class Driver)
    0x9618D000 C:\Windows\System32\Drivers\dump_atapi.sys 36864 bytes
    0x891DB000 C:\Windows\System32\Drivers\Fs_Rec.sys 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
    0x82390000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
    0x893D0000 C:\Windows\system32\DRIVERS\vmstorfl.sys 36864 bytes (Microsoft Corporation, Virtual Storage Filter Driver)
    0x88D77000 C:\Windows\System32\Drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
    0x88A98000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
    0x88DF6000 C:\Windows\system32\DRIVERS\compbatt.sys 32768 bytes (Microsoft Corporation, Composite Battery Driver)
    0x894A2000 C:\Windows\System32\drivers\hwpolicy.sys 32768 bytes (Microsoft Corporation, Hardware Policy Driver)
    0x80B9A000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Serial Kernel Debugger)
    0x88DEE000 C:\Windows\system32\DRIVERS\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
    0x895AB000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
    0x895B3000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Encoder Miniport)
    0x895BB000 C:\Windows\system32\drivers\rdprefmp.sys 32768 bytes (Microsoft Corporation, RDP Reflector Driver Miniport)
    0x8945D000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
    0x8956A000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
    0x961E8000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
    0x89563000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
    0x9CE7D000 C:\Windows\system32\DRIVERS\parvdm.sys 28672 bytes (Microsoft Corporation, VDM Parallel Driver)
    0x88E95000 C:\Windows\system32\DRIVERS\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
    0x8E2B1000 C:\Windows\system32\DRIVERS\wfplwf.sys 28672 bytes (Microsoft Corporation, WFP NDIS 6.20 Lightweight Filter Driver)
    0x8E322000 C:\Windows\system32\DRIVERS\ssmdrv.sys 24576 bytes (Avira GmbH, AVIRA SnapShot Driver)
    0x9CE84000 C:\Windows\system32\drivers\pstrip.sys 20480 bytes (EnTech Taiwan, PowerStrip support NT kernel-mode driver)
    0x9D12A000 C:\Windows\system32\drivers\mbam.sys 16384 bytes (Malwarebytes Corporation, Malwarebytes' Anti-Malware)
    0x8FE3B000 C:\Windows\System32\Drivers\nvBridge.kmd 8192 bytes (NVIDIA Corporation, NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 270.61 )
    0x94E68000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
    0x961C8000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
    0x884CF140 unknown_irp_handler 3776 bytes
    0x84E771F8 unknown_irp_handler 3592 bytes
    0x863521F8 unknown_irp_handler 3592 bytes
    0x8608F1F8 unknown_irp_handler 3592 bytes
    0x84E751F8 unknown_irp_handler 3592 bytes
    0x84E761F8 unknown_irp_handler 3592 bytes
    0x861591F8 unknown_irp_handler 3592 bytes
    0x84E731F8 unknown_irp_handler 3592 bytes
    0x8850A1F8 unknown_irp_handler 3592 bytes
    0x8704D500 unknown_irp_handler 2816 bytes
    0x860ED500 unknown_irp_handler 2816 bytes
    0x86128500 unknown_irp_handler 2816 bytes
    ==============================================
    >Stealth
    ==============================================
    WARNING: File locked for read access [C:\Windows\system32\drivers\sptd.sys]
    0x884D4E95 Unknown thread object [ ETHREAD 0x8851E408 ] TID: 1836, 600 bytes
    0x884D4E95 Unknown thread object [ ETHREAD 0x88514020 ] TID: 1840, 600 bytes
    0x9D1189B5 Unknown thread object [ ETHREAD 0x8882A878 ] TID: 2836, 600 bytes
    0x9D1189B5 Unknown thread object [ ETHREAD 0x8882AD48 ] TID: 2840, 600 bytes
     
  9. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan:
    [​IMG]

    On completion of the scan click "Save log", save it to your desktop and post in your next reply:
    [​IMG]

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  10. gregas

    gregas TS Rookie Topic Starter Posts: 26

    i started aswMBR scan ... it found something than aswMBR gets closed right after that
    i didn't take any more steps after that
     
  11. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Proceed with Combofix.
     
  12. gregas

    gregas TS Rookie Topic Starter Posts: 26

    i already have combofix
    when i download new one it gets renamed to combofix(1)
    i cant delete or rename the old combofix - i get file access denied warning - you need permission to perform this action
     
  13. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Run new one for now.
     
  14. gregas

    gregas TS Rookie Topic Starter Posts: 26

    Combofix finished scan, restarted comp and is now pending for 10 minutes with message "please wait a few seconds for the report log to pop up..."
    No file is created in C:\
     
  15. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Give it more time.
     
  16. gregas

    gregas TS Rookie Topic Starter Posts: 26

    ComboFix 11-09-27.01 - Grega 27.09.2011 19:57:10.1.2 - x86
    Microsoft Windows 7 Ultimate 6.1.7600.0.1250.386.1033.18.2046.1383 [GMT 2:00]
    Running from: c:\users\Grega\Desktop\ComboFixs.exe
    AV: ESET NOD32 Antivirus 4.0 *Disabled/Outdated* {CB0F8167-5331-BA19-698E-64816B6801A5}
    SP: ESET NOD32 Antivirus 4.0 *Disabled/Outdated* {706E6083-750B-B597-533E-5FF310EF4B18}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files\system32
    c:\users\Grega\AppData\Roaming\addons.dat
    c:\users\Grega\AppData\Roaming\chrtmp
    c:\windows\$NtUninstallKB40160$
    c:\windows\$NtUninstallKB40160$\2172707487\@
    c:\windows\$NtUninstallKB40160$\2172707487\L\xadqgnnk
    c:\windows\$NtUninstallKB40160$\2172707487\loader.tlb
    c:\windows\$NtUninstallKB40160$\2172707487\U\@00000001
    c:\windows\$NtUninstallKB40160$\2172707487\U\@000000c0
    c:\windows\$NtUninstallKB40160$\2172707487\U\@000000cb
    c:\windows\$NtUninstallKB40160$\2172707487\U\@000000cf
    c:\windows\$NtUninstallKB40160$\2172707487\U\@80000000
    c:\windows\$NtUninstallKB40160$\2172707487\U\@800000c0
    c:\windows\$NtUninstallKB40160$\2172707487\U\@800000cb
    c:\windows\$NtUninstallKB40160$\2172707487\U\@800000cf
    c:\windows\$NtUninstallKB40160$\2723305629
    c:\windows\{2521BB91-29B1-4d7e-9137-AC9875D77735}
    c:\windows\2682421377
    c:\windows\system32\
    c:\windows\system32\c_91971.nls
    c:\windows\system32\fci.exe.exe
    C:\z.tmp
    .
    Infected copy of c:\windows\system32\drivers\dfsc.sys was found and disinfected
    Restored copy from - c:\windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.1.7600.20953_none_8818997a6076855b\dfsc.sys
    .
    Infected copy of c:\program files\Avira\AntiVir Desktop\sched.exe was found and disinfected
    Restored copy from - c:\combofixs\HarddiskVolumeShadowCopy7_!Program Files!Avira!AntiVir Desktop!sched.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_8180e29f
    -------\Service_FCI
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-08-27 to 2011-09-27 )))))))))))))))))))))))))))))))
    .
    .
    2011-09-27 18:13 . 2011-09-27 18:16 -------- d-----w- c:\users\Grega\AppData\Local\temp
    2011-09-27 18:13 . 2011-09-27 18:13 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2011-09-27 18:13 . 2011-09-27 18:13 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-09-26 20:36 . 2011-09-26 20:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-09-26 20:36 . 2011-08-31 15:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-09-26 20:13 . 2011-09-26 20:13 -------- d-----w- c:\users\Grega\AppData\Roaming\Avira
    2011-09-26 20:10 . 2011-09-26 20:10 -------- d-----w- c:\programdata\Avira
    2011-09-26 20:10 . 2011-09-26 20:10 -------- d-----w- c:\program files\Avira
    2011-09-26 20:10 . 2011-07-21 10:15 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2011-09-26 20:10 . 2011-07-21 10:15 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-09-26 17:17 . 2011-09-26 20:19 -------- d-----w- c:\programdata\AVAST Software
    2011-09-25 19:12 . 2011-09-27 17:11 48016 --sha-w- c:\windows\system32\c_91971.nl_
    2011-09-25 16:44 . 2011-09-26 19:10 -------- d-----w- c:\program files\Common Files\PC Tools
    2011-09-25 16:43 . 2011-09-26 19:07 -------- d-----w- c:\programdata\PC Tools
    2011-09-25 16:31 . 2011-09-26 20:37 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-09-25 16:31 . 2011-09-25 16:31 -------- d-----w- c:\users\Grega\AppData\Roaming\Malwarebytes
    2011-09-25 16:31 . 2011-09-25 16:31 -------- d-----w- c:\programdata\Malwarebytes
    2011-09-25 15:11 . 2011-09-25 19:10 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
    2011-09-25 15:11 . 2011-09-25 15:29 -------- d-----w- c:\programdata\Hitman Pro
    2011-09-25 14:05 . 2011-09-25 14:05 -------- d-----w- c:\windows\system32\SPReview
    2011-09-25 14:04 . 2011-09-25 14:04 -------- d-----w- c:\windows\system32\EventProviders
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-09-27 17:11 . 2009-07-13 23:12 74240 ----a-w- c:\windows\system32\drivers\tdx.sys
    2011-08-04 07:20 . 2011-08-04 07:20 103112 ------w- c:\windows\system32\drivers\epfwwfpr.sys
    2011-08-04 07:20 . 2011-08-04 07:20 118104 ------w- c:\windows\system32\drivers\ehdrv.sys
    2011-07-22 04:56 . 2011-08-10 06:45 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2011-07-20 07:44 . 2011-07-30 02:47 6881616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C611B442-1F65-41B7-BEFB-11D5AD91A86A}\mpengine.dll
    2011-07-16 04:37 . 2011-08-10 06:45 169984 ----a-w- c:\windows\system32\winsrv.dll
    2011-07-16 04:34 . 2011-08-10 06:45 290816 ----a-w- c:\windows\system32\KernelBase.dll
    2011-07-16 04:31 . 2011-08-10 06:45 271360 ----a-w- c:\windows\system32\conhost.exe
    2011-07-16 04:19 . 2011-08-10 06:45 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2011-07-16 04:19 . 2011-08-10 06:45 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
    2011-07-16 04:19 . 2011-08-10 06:45 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2011-07-16 04:19 . 2011-08-10 06:45 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2011-07-16 04:19 . 2011-08-10 06:45 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2011-07-16 04:19 . 2011-08-10 06:45 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2011-07-16 04:19 . 2011-08-10 06:45 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2011-07-16 04:19 . 2011-08-10 06:45 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2011-07-16 04:19 . 2011-08-10 06:45 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2011-07-16 04:19 . 2011-08-10 06:45 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2011-07-16 04:19 . 2011-08-10 06:45 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2011-07-16 04:19 . 2011-08-10 06:45 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2011-07-16 04:19 . 2011-08-10 06:45 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2011-07-16 04:19 . 2011-08-10 06:45 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
    2011-07-16 04:19 . 2011-08-10 06:45 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2011-07-16 04:19 . 2011-08-10 06:45 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2011-07-16 04:19 . 2011-08-10 06:45 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
    2011-07-16 04:19 . 2011-08-10 06:45 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2011-07-16 04:19 . 2011-08-10 06:45 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2011-07-16 04:19 . 2011-08-10 06:45 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2011-07-16 04:19 . 2011-08-10 06:45 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2011-07-16 04:19 . 2011-08-10 06:45 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2011-07-16 04:19 . 2011-08-10 06:45 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2011-07-16 04:19 . 2011-08-10 06:45 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
    2011-07-16 02:21 . 2011-08-10 06:45 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
    2011-07-16 02:21 . 2011-08-10 06:45 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2011-07-16 02:21 . 2011-08-10 06:45 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2011-07-16 02:21 . 2011-08-10 06:45 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
    2011-07-09 04:30 . 2011-08-24 08:00 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-07-09 02:26 . 2011-08-10 06:45 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-09-07 17:35 . 2011-03-24 06:57 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    2006-05-03 10:06 163328 --sha-r- c:\windows\System32\flvDX.dll
    2007-02-21 11:47 31232 --sha-r- c:\windows\System32\msfDX.dll
    2008-03-16 13:30 216064 --sha-r- c:\windows\System32\nbDX.dll
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
    [-] 2009-07-14 . 8626F0C30D4E3564FFDD25C90F4426F1 . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
    [7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    SMC EZ Connect N Wireless Utility.lnk - c:\program files\SMC\SMC EZ Connect N Wireless Utility\UMCCfg.exe [2009-10-23 1998848]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^Users^Grega^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PowerStrip.lnk]
    path=c:\users\Grega\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerStrip.lnk
    backup=c:\windows\pss\PowerStrip.lnk.Startup
    backupExtension=.Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
    2009-10-02 21:32 640376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
    2009-10-03 02:08 38768 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-09-20 21:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
    2010-03-06 01:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
    2010-07-22 20:10 402432 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
    2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2010-06-17 19:23 136176 ---hatw- c:\users\Grega\AppData\Local\Google\Update\GoogleUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    2006-10-26 23:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2007-05-08 15:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
    2008-07-22 17:33 150528 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
    2010-09-03 08:15 9726568 ------w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2009-10-23 21:30 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
    2010-02-19 11:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    .
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
    R3 gupdatem;Storitev Posodobitve za Google (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
    R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2011-09-25 23624]
    R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-24 1343400]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-11-02 691696]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600]
    S2 PStrip;PStrip;c:\windows\system32\drivers\pstrip.sys [2007-07-15 27992]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-09-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1877162705-2736592578-1845153819-1001Core.job
    - c:\users\Grega\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-14 19:23]
    .
    2011-09-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1877162705-2736592578-1845153819-1001UA.job
    - c:\users\Grega\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-14 19:23]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.si/
    IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    Trusted Zone: nlb.si\ac
    TCP: DhcpNameServer = 192.168.2.1
    FF - ProfilePath - c:\users\Grega\AppData\Roaming\Mozilla\Firefox\Profiles\rxl90lyy.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.si
    FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=sl&q=
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKCU-Run-AdobeBridge - (no file)
    HKLM-Run-egui - c:\program files\ESET\ESET NOD32 Antivirus\egui.exe
    SafeBoot-04494917.sys
    MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
    MSConfigStartUp-AdobeCS4ServiceManager - c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(3136)
    c:\program files\Microsoft Office\Office12\1033\GrooveIntlResource.dll
    c:\program files\Malwarebytes' Anti-Malware\mbamext.dll
    c:\program files\WinRAR\rarext.dll
    c:\program files\Avira\AntiVir Desktop\shlext.dll
    c:\program files\Notepad++\NppShell_01.dll
    c:\program files\Nero\Nero 9\Nero CoverDesigner\CoverEdExtension.dll
    c:\windows\system32\syncui.dll
    c:\windows\system32\SYNCENG.dll
    c:\program files\Adobe\Acrobat 9.0\Acrobat Elements\ContextMenu.dll
    c:\windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\sppsvc.exe
    c:\windows\system32\conhost.exe
    c:\windows\system32\taskhost.exe
    c:\windows\system32\WUDFHost.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\program files\Mozilla Firefox\firefox.exe
    c:\program files\Mozilla Firefox\plugin-container.exe
    c:\windows\system32\AUDIODG.EXE
    c:\windows\system32\DllHost.exe
    .
    **************************************************************************
    .
    Completion time: 2011-09-27 20:42:46 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-09-27 18:42
    .
    Pre-Run: 81.126.244.352 bytes free
    Post-Run: 226.973.810.688 bytes free
    .
    - - End Of File - - 8AF47106500342B076C714BDF51462A8
     
  17. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box
    • Click OK
    Windows Vista/7 users: click Start, in "Start search" type notepad and press Enter.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    SecCenter::
    {CB0F8167-5331-BA19-698E-64816B6801A5}
    {706E6083-750B-B597-533E-5FF310EF4B18}
    
    
    File::
    c:\windows\system32\c_91971.nl_
    
    FCopy::
    c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll | c:\windows\System32\user32.dll
    
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
  18. gregas

    gregas TS Rookie Topic Starter Posts: 26

    ComboFix 11-09-27.01 - Grega 27.09.2011 22:11:03.2.2 - x86
    Microsoft Windows 7 Ultimate 6.1.7600.0.1250.386.1033.18.2046.1361 [GMT 2:00]
    Running from: c:\users\Grega\Desktop\ComboFixs.exe
    Command switches used :: c:\users\Grega\Desktop\CFScript.txt
    AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    FILE ::
    "c:\windows\system32\c_91971.nl_"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\system32\c_91971.nl_
    .
    .
    --------------- FCopy ---------------
    .
    c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll --> c:\windows\System32\user32.dll
    .
    ((((((((((((((((((((((((( Files Created from 2011-08-27 to 2011-09-27 )))))))))))))))))))))))))))))))
    .
    .
    2011-09-27 20:21 . 2011-09-27 20:21 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2011-09-27 20:21 . 2011-09-27 20:21 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-09-27 18:13 . 2011-09-27 20:21 -------- d-----w- c:\users\Grega\AppData\Local\temp
    2011-09-27 17:50 . 2011-09-27 18:42 -------- d-----w- C:\ComboFixs
    2011-09-26 20:36 . 2011-09-26 20:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-09-26 20:36 . 2011-08-31 15:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-09-26 20:13 . 2011-09-26 20:13 -------- d-----w- c:\users\Grega\AppData\Roaming\Avira
    2011-09-26 20:10 . 2011-09-26 20:10 -------- d-----w- c:\programdata\Avira
    2011-09-26 20:10 . 2011-09-26 20:10 -------- d-----w- c:\program files\Avira
    2011-09-26 20:10 . 2011-07-21 10:15 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2011-09-26 20:10 . 2011-07-21 10:15 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-09-26 17:17 . 2011-09-26 20:19 -------- d-----w- c:\programdata\AVAST Software
    2011-09-25 16:44 . 2011-09-26 19:10 -------- d-----w- c:\program files\Common Files\PC Tools
    2011-09-25 16:43 . 2011-09-26 19:07 -------- d-----w- c:\programdata\PC Tools
    2011-09-25 16:31 . 2011-09-26 20:37 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-09-25 16:31 . 2011-09-25 16:31 -------- d-----w- c:\users\Grega\AppData\Roaming\Malwarebytes
    2011-09-25 16:31 . 2011-09-25 16:31 -------- d-----w- c:\programdata\Malwarebytes
    2011-09-25 15:11 . 2011-09-25 19:10 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
    2011-09-25 15:11 . 2011-09-25 15:29 -------- d-----w- c:\programdata\Hitman Pro
    2011-09-25 14:05 . 2011-09-25 14:05 -------- d-----w- c:\windows\system32\SPReview
    2011-09-25 14:04 . 2011-09-25 14:04 -------- d-----w- c:\windows\system32\EventProviders
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-09-27 17:11 . 2009-07-13 23:12 74240 ----a-w- c:\windows\system32\drivers\tdx.sys
    2011-08-04 07:20 . 2011-08-04 07:20 103112 ------w- c:\windows\system32\drivers\epfwwfpr.sys
    2011-08-04 07:20 . 2011-08-04 07:20 118104 ------w- c:\windows\system32\drivers\ehdrv.sys
    2011-07-22 04:56 . 2011-08-10 06:45 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2011-07-20 07:44 . 2011-07-30 02:47 6881616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C611B442-1F65-41B7-BEFB-11D5AD91A86A}\mpengine.dll
    2011-07-16 04:37 . 2011-08-10 06:45 169984 ----a-w- c:\windows\system32\winsrv.dll
    2011-07-16 04:34 . 2011-08-10 06:45 290816 ----a-w- c:\windows\system32\KernelBase.dll
    2011-07-16 04:31 . 2011-08-10 06:45 271360 ----a-w- c:\windows\system32\conhost.exe
    2011-07-16 04:19 . 2011-08-10 06:45 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2011-07-16 04:19 . 2011-08-10 06:45 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
    2011-07-16 04:19 . 2011-08-10 06:45 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2011-07-16 04:19 . 2011-08-10 06:45 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2011-07-16 04:19 . 2011-08-10 06:45 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2011-07-16 04:19 . 2011-08-10 06:45 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2011-07-16 04:19 . 2011-08-10 06:45 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2011-07-16 04:19 . 2011-08-10 06:45 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2011-07-16 04:19 . 2011-08-10 06:45 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2011-07-16 04:19 . 2011-08-10 06:45 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2011-07-16 04:19 . 2011-08-10 06:45 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2011-07-16 04:19 . 2011-08-10 06:45 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2011-07-16 04:19 . 2011-08-10 06:45 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2011-07-16 04:19 . 2011-08-10 06:45 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
    2011-07-16 04:19 . 2011-08-10 06:45 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2011-07-16 04:19 . 2011-08-10 06:45 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2011-07-16 04:19 . 2011-08-10 06:45 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
    2011-07-16 04:19 . 2011-08-10 06:45 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2011-07-16 04:19 . 2011-08-10 06:45 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2011-07-16 04:19 . 2011-08-10 06:45 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2011-07-16 04:19 . 2011-08-10 06:45 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2011-07-16 04:19 . 2011-08-10 06:45 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2011-07-16 04:19 . 2011-08-10 06:45 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2011-07-16 04:19 . 2011-08-10 06:45 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
    2011-07-16 02:21 . 2011-08-10 06:45 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
    2011-07-16 02:21 . 2011-08-10 06:45 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2011-07-16 02:21 . 2011-08-10 06:45 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2011-07-16 02:21 . 2011-08-10 06:45 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
    2011-07-09 04:30 . 2011-08-24 08:00 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-07-09 02:26 . 2011-08-10 06:45 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-09-07 17:35 . 2011-03-24 06:57 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    2006-05-03 10:06 163328 --sha-r- c:\windows\System32\flvDX.dll
    2007-02-21 11:47 31232 --sha-r- c:\windows\System32\msfDX.dll
    2008-03-16 13:30 216064 --sha-r- c:\windows\System32\nbDX.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    SMC EZ Connect N Wireless Utility.lnk - c:\program files\SMC\SMC EZ Connect N Wireless Utility\UMCCfg.exe [2009-10-23 1998848]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^Users^Grega^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PowerStrip.lnk]
    path=c:\users\Grega\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerStrip.lnk
    backup=c:\windows\pss\PowerStrip.lnk.Startup
    backupExtension=.Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
    2009-10-02 21:32 640376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
    2009-10-03 02:08 38768 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-09-20 21:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
    2010-03-06 01:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
    2010-07-22 20:10 402432 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
    2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2010-06-17 19:23 136176 ----atw- c:\users\Grega\AppData\Local\Google\Update\GoogleUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    2006-10-26 23:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2007-05-08 15:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
    2008-07-22 17:33 150528 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
    2010-09-03 08:15 9726568 ------w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2009-10-23 21:30 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
    2010-02-19 11:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    .
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
    R3 gupdatem;Storitev Posodobitve za Google (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
    R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2011-09-25 23624]
    R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-24 1343400]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-11-02 691696]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600]
    S2 PStrip;PStrip;c:\windows\system32\drivers\pstrip.sys [2007-07-15 27992]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-09-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1877162705-2736592578-1845153819-1001Core.job
    - c:\users\Grega\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-14 19:23]
    .
    2011-09-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1877162705-2736592578-1845153819-1001UA.job
    - c:\users\Grega\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-14 19:23]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.si/
    IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    Trusted Zone: nlb.si\ac
    TCP: DhcpNameServer = 192.168.2.1
    FF - ProfilePath - c:\users\Grega\AppData\Roaming\Mozilla\Firefox\Profiles\rxl90lyy.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.si
    FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=sl&q=
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2011-09-27 22:23:14
    ComboFix-quarantined-files.txt 2011-09-27 20:23
    ComboFix2.txt 2011-09-27 18:42
    .
    Pre-Run: 227.011.088.384 bytes free
    Post-Run: 226.719.793.152 bytes free
    .
    - - End Of File - - 524FC4FF95532E2A3E255D19FA5AB514
     
  19. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Good :)

    How is computer doing?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  20. gregas

    gregas TS Rookie Topic Starter Posts: 26

    i still can't enable antivirus(Avira)
    that strange folder structure is fixed


    OTL logfile created on: 28.9.2011 6:24:47 - Run 1
    OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Grega\Desktop
    Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000424 | Country: Slovenija | Language: SLV | Date Format: d.M.yyyy

    2,00 Gb Total Physical Memory | 1,43 Gb Available Physical Memory | 71,33% Memory free
    4,00 Gb Paging File | 3,22 Gb Available in Paging File | 80,55% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 298,08 Gb Total Space | 211,19 Gb Free Space | 70,85% Space Free | Partition Type: NTFS
    Drive D: | 149,05 Gb Total Space | 119,37 Gb Free Space | 80,09% Space Free | Partition Type: NTFS

    Computer Name: GREGA-PC | User Name: Grega | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011.09.28 06:22:06 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Grega\Desktop\OTL.exe
    PRC - [2011.04.21 07:53:33 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    PRC - [2011.04.08 07:14:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    PRC - [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2006.08.03 10:59:06 | 001,998,848 | ---- | M] () -- C:\Program Files\SMC\SMC EZ Connect N Wireless Utility\UMCCfg.exe


    ========== Modules (No Company Name) ==========

    MOD - [2006.08.03 10:59:06 | 001,998,848 | ---- | M] () -- C:\Program Files\SMC\SMC EZ Connect N Wireless Utility\UMCCfg.exe


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- -- (wampmysqld)
    SRV - File not found [On_Demand | Stopped] -- -- (gupdatem) Storitev Posodobitve za Google (gupdatem)
    SRV - File not found [Auto | Stopped] -- -- (gupdate) Google Update Service (gupdate)
    SRV - File not found [Auto | Stopped] -- -- (AntiVirSchedulerService)
    SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2011.07.21 12:12:16 | 000,269,480 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2011.04.08 07:14:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
    SRV - [2010.05.24 23:13:41 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
    SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
    SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
    SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


    ========== Driver Services (SafeList) ==========

    DRV - [2011.09.25 21:10:13 | 000,023,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hitmanpro35.sys -- (hitmanpro35)
    DRV - [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2011.07.21 12:15:21 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
    DRV - [2011.07.21 12:15:19 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
    DRV - [2011.04.08 07:14:00 | 010,690,024 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2010.06.17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
    DRV - [2009.11.02 13:02:05 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
    DRV - [2009.09.29 12:56:32 | 000,116,008 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamon.sys -- (eamon)
    DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
    DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
    DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
    DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
    DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
    DRV - [2007.07.15 04:37:04 | 000,027,992 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\pstrip.sys -- (PStrip)
    DRV - [2006.08.28 18:52:10 | 001,036,800 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ar5416.sys -- (AR5416)
    DRV - [2006.07.20 07:00:10 | 000,054,432 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wsimd.sys -- (WSIMD)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========



    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-1877162705-2736592578-1845153819-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.si/
    IE - HKU\S-1-5-21-1877162705-2736592578-1845153819-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sl
    IE - HKU\S-1-5-21-1877162705-2736592578-1845153819-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 80 D5 1D 5B 74 C0 CA 01 [binary data]
    IE - HKU\S-1-5-21-1877162705-2736592578-1845153819-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Google"
    FF - prefs.js..browser.startup.homepage: "http://www.google.si"
    FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
    FF - prefs.js..extensions.enabledItems: 6
    FF - prefs.js..extensions.enabledItems: 2
    FF - prefs.js..extensions.enabledItems: 48
    FF - prefs.js..extensions.enabledItems: {563e4790-7e70-11da-a72b-0800200c9a66}:0.9c
    FF - prefs.js..extensions.enabledItems: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.5.5
    FF - prefs.js..extensions.enabledItems: {D9A7CBEC-DE1A-444f-A092-844461596C4D}:4.5
    FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2
    FF - prefs.js..extensions.enabledItems: firegestures@xuldev.org:1.6.1
    FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51
    FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.6
    FF - prefs.js..extensions.enabledItems: {6dfc4f52-26f0-4e5f-89c7-31d6de480db9}:0.2.0.20080521
    FF - prefs.js..extensions.enabledItems: {75CEEE46-9B64-46f8-94BF-54012DE155F0}:0.4.6
    FF - prefs.js..extensions.enabledItems: {66E978CD-981F-47DF-AC42-E3CF417C1467}:0.4.3
    FF - prefs.js..extensions.enabledItems: {317B5128-0B0B-49b2-B2DB-1E7560E16C74}:2.7.1
    FF - prefs.js..extensions.enabledItems: {8F6A6FD9-0619-459f-B9D0-81DE065D4E21}:1.10.1
    FF - prefs.js..extensions.enabledItems: yslow@yahoo-inc.com:2.1.0
    FF - prefs.js..extensions.enabledItems: screencaptureelite@plugin:2.0.0.20
    FF - prefs.js..extensions.enabledItems: {e3f6c2cc-d8db-498c-af6c-499fb211db97}:1.10.2
    FF - prefs.js..extensions.enabledItems: {71328583-3CA7-4809-B4BA-570A85818FBB}:0.6.3
    FF - prefs.js..extensions.enabledItems: {8BCA0E8A-E57B-425b-A05B-CD3868EB577E}:0.2
    FF - prefs.js..extensions.enabledItems: firequery@binaryage.com:0.9
    FF - prefs.js..extensions.enabledItems: {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:6.3.3.2
    FF - prefs.js..keyword.URL: "http://www.google.com/search?sourceid=navclient&hl=sl&q="

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.3: C:\Program Files\VLC\npvlc.dll (the VideoLAN Team)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Grega\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Grega\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009.11.30 18:15:33 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010.03.06 10:18:46 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011.04.30 12:10:26 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.09.07 19:35:15 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.06 16:03:01 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009.11.30 18:15:33 | 000,000,000 | ---D | M]

    [2009.10.23 21:08:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Grega\AppData\Roaming\Mozilla\Extensions
    [2011.09.27 19:38:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Grega\AppData\Roaming\Mozilla\Firefox\Profiles\rxl90lyy.default\extensions
    [2011.09.27 19:38:55 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\Grega\AppData\Roaming\Mozilla\Firefox\Profiles\rxl90lyy.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
    [2011.01.02 18:55:16 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Users\Grega\AppData\Roaming\Mozilla\Firefox\Profiles\rxl90lyy.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
    [2011.01.06 22:22:49 | 000,000,000 | ---D | M] (New Tab Homepage) -- C:\Users\Grega\AppData\Roaming\Mozilla\Firefox\Profiles\rxl90lyy.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}
    [2011.03.22 23:18:53 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\Grega\AppData\Roaming\Mozilla\Firefox\Profiles\rxl90lyy.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
    [2009.10.27 13:11:36 | 000,000,000 | ---D | M] ("lori (Life-of-request info)") -- C:\Users\Grega\AppData\Roaming\Mozilla\Firefox\Profiles\rxl90lyy.default\extensions\{6dfc4f52-26f0-4e5f-89c7-31d6de480db9}
    [2010.09.26 12:03:11 | 000,000,000 | ---D | M] (CacheViewer) -- C:\Users\Grega\AppData\Roaming\Mozilla\Firefox\Profiles\rxl90lyy.default\extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}
    [2010.04.20 22:33:11 | 000,000,000 | ---D | M] (View Cookies) -- C:\Users\Grega\AppData\Roaming\Mozilla\Firefox\Profiles\rxl90lyy.default\extensions\{8F6A6FD9-0619-459f-B9D0-81DE065D4E21}
    [2011.03.10 19:28:24 | 000,000,000 | ---D | M] ("Default Full Zoom Level") -- C:\Users\Grega\AppData\Roaming\Mozilla\Firefox\Profiles\rxl90lyy.default\extensions\{D9A7CBEC-DE1A-444f-A092-844461596C4D}
    [2011.08.16 01:21:24 | 000,000,000 | ---D | M] (Page Speed) -- C:\Users\Grega\AppData\Roaming\Mozilla\Firefox\Profiles\rxl90lyy.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
    [2011.03.20 13:30:51 | 000,000,000 | ---D | M] (Screen Capture Elite) -- C:\Users\Grega\AppData\Roaming\Mozilla\Firefox\Profiles\rxl90lyy.default\extensions\screencaptureelite@plugin
    [2011.03.24 08:57:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    () (No name found) -- C:\USERS\GREGA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RXL90LYY.DEFAULT\EXTENSIONS\{563E4790-7E70-11DA-A72B-0800200C9A66}.XPI
    () (No name found) -- C:\USERS\GREGA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RXL90LYY.DEFAULT\EXTENSIONS\{75CEEE46-9B64-46F8-94BF-54012DE155F0}.XPI
    () (No name found) -- C:\USERS\GREGA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RXL90LYY.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI
    () (No name found) -- C:\USERS\GREGA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RXL90LYY.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
    () (No name found) -- C:\USERS\GREGA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RXL90LYY.DEFAULT\EXTENSIONS\FIREGESTURES@XULDEV.ORG.XPI
    () (No name found) -- C:\USERS\GREGA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RXL90LYY.DEFAULT\EXTENSIONS\FIREQUERY@BINARYAGE.COM.XPI
    () (No name found) -- C:\USERS\GREGA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RXL90LYY.DEFAULT\EXTENSIONS\YSLOW@YAHOO-INC.COM.XPI
    [2011.09.07 19:35:15 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2010.01.01 10:00:00 | 000,010,799 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\ceneji.xml
    [2010.01.01 10:00:00 | 000,001,420 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\najdi-si.xml
    [2010.01.01 10:00:00 | 000,003,584 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\odpiralni.xml
    [2010.01.01 10:00:00 | 000,006,155 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
    [2010.01.01 10:00:00 | 000,001,328 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-sl.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Grega\AppData\Local\Google\Chrome\Application\14.0.835.186\pdf.dll
    CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\Grega\AppData\Local\Google\Chrome\Application\14.0.835.186\gears.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Grega\AppData\Local\Google\Chrome\Application\14.0.835.186\gcswf32.dll
    CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Grega\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.0.0.6778_0\npSkypeChromePlugin.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.160.1 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
    CHR - plugin: Java(TM) Platform SE 6 U16 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
    CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
    CHR - plugin: getPlusPlus for Adobe 16248 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
    CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VLC\npvlc.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: Firebug Lite for Google Chrome\u2122 = C:\Users\Grega\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmagokdooijbeehmkpknfglimnifench\1.4.0.11337_0\
    CHR - Extension: Gilt for Chrome = C:\Users\Grega\AppData\Local\Google\Chrome\User Data\Default\Extensions\iocebbchlphdehmmkhjimmhaefolfpoh\0.8.1_0\
    CHR - Extension: Skype Extension = C:\Users\Grega\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.0.0.6778_0\

    O1 HOSTS File: ([2011.09.27 22:21:19 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
    O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
    O3 - HKU\S-1-5-21-1877162705-2736592578-1845153819-1001\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKU\S-1-5-21-1877162705-2736592578-1845153819-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1877162705-2736592578-1845153819-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1877162705-2736592578-1845153819-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1877162705-2736592578-1845153819-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\S-1-5-21-1877162705-2736592578-1845153819-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
    O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O15 - HKU\S-1-5-21-1877162705-2736592578-1845153819-1001\..Trusted Domains: nlb.si ([ac] https in Trusted sites)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
    O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
    O16 - DPF: {CC4271BF-1582-4FD4-81CD-9AE877B17644} https://edavki.durs.si/PersonalPortal/[89659]/Controls/ESignDocControls/hslESignDoc2.cab (ESignDoc2 Object)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C7D442CD-7F57-49F3-BAD6-A8362FA16535}: DhcpNameServer = 192.168.2.1
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2009.03.03 19:06:23 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.CSCD - camcodec.dll File not found
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org)
    Drivers32: vidc.IPJ2 - jp2avi.dll File not found
    Drivers32: vidc.LAGS - lagarith.dll File not found
    Drivers32: vidc.VP40 - vp4vfw.dll File not found
    Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
    Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
    Drivers32: vidc.VP70 - vp7vfw.dll File not found
    Drivers32: vidc.yv12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011.09.28 06:22:04 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Grega\Desktop\OTL.exe
    [2011.09.27 22:23:18 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2011.09.27 22:23:16 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2011.09.27 20:13:53 | 000,000,000 | ---D | C] -- C:\Users\Grega\AppData\Local\temp
    [2011.09.27 19:50:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011.09.27 19:50:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011.09.27 19:50:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011.09.27 19:50:53 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011.09.27 19:50:53 | 000,000,000 | ---D | C] -- C:\ComboFixs
    [2011.09.27 19:42:08 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011.09.27 19:36:42 | 004,230,516 | R--- | C] (Swearware) -- C:\Users\Grega\Desktop\ComboFixs.exe
    [2011.09.27 19:08:13 | 001,548,080 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Grega\Desktop\tdsskiller.exe
    [2011.09.27 15:54:29 | 000,000,000 | ---D | C] -- C:\Users\Grega\Desktop\DummyCreator
    [2011.09.26 22:53:05 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Grega\Desktop\dds.scr
    [2011.09.26 22:36:52 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2011.09.26 22:36:52 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011.09.26 22:13:38 | 000,000,000 | ---D | C] -- C:\Users\Grega\AppData\Roaming\Avira
    [2011.09.26 22:11:21 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Grega\Desktop\mbam-setup-1.51.2.1300(1).exe
    [2011.09.26 22:10:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
    [2011.09.26 22:10:34 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
    [2011.09.26 22:10:33 | 000,138,192 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
    [2011.09.26 22:10:33 | 000,066,616 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
    [2011.09.26 22:10:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
    [2011.09.26 22:10:33 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
    [2011.09.26 19:17:00 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
    [2011.09.25 20:13:19 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Grega\Desktop\mbam-setup-1.51.2.1300.exe
    [2011.09.25 18:44:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
    [2011.09.25 18:44:32 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
    [2011.09.25 18:43:21 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
    [2011.09.25 18:31:19 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2011.09.25 18:31:10 | 000,000,000 | ---D | C] -- C:\Users\Grega\AppData\Roaming\Malwarebytes
    [2011.09.25 18:31:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2011.09.25 18:31:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware1
    [2011.09.25 17:11:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
    [2011.09.25 17:11:02 | 006,394,688 | ---- | C] (SurfRight B.V.) -- C:\Users\Grega\Desktop\HitmanPro35.exe
    [2011.09.25 16:05:56 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
    [2011.09.25 16:04:45 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
    [2011.09.25 12:40:16 | 000,000,000 | ---D | C] -- C:\Users\Grega\Desktop\backup_sasopagma6663com2511_info_1109251149.xml
    [2011.09.23 20:17:34 | 000,000,000 | ---D | C] -- C:\Users\Grega\Desktop\pogodba
    [2011.09.19 22:42:04 | 000,000,000 | ---D | C] -- C:\Users\Grega\Desktop\jquery-mousewheel-3.0.4
    [2011.09.19 22:27:47 | 000,000,000 | ---D | C] -- C:\Users\Grega\Desktop\scroll
    [2011.09.17 13:06:08 | 000,000,000 | ---D | C] -- C:\Users\Grega\Desktop\phplist-2.10.16
    [2011.09.14 16:12:19 | 000,000,000 | ---D | C] -- C:\Users\Grega\Desktop\SloDanes
    [2011.09.11 11:27:11 | 000,000,000 | ---D | C] -- C:\Users\Grega\AppData\Roaming\GlobalSCAPE
    [2011.09.11 11:27:11 | 000,000,000 | ---D | C] -- C:\Users\Grega\AppData\Local\GlobalSCAPE
    [2011.09.11 11:27:11 | 000,000,000 | ---D | C] -- C:\ProgramData\GlobalSCAPE
    [2011.09.11 11:27:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GlobalSCAPE
    [2011.09.11 11:27:00 | 000,000,000 | ---D | C] -- C:\Program Files\GlobalSCAPE
    [2011.09.11 11:26:03 | 000,000,000 | ---D | C] -- C:\Users\Grega\Documents\Downloads
    [2011.09.10 15:39:09 | 000,000,000 | ---D | C] -- C:\Users\Grega\Desktop\backup-sat-sep-10-04_04_06-2011
    [2011.09.03 12:43:20 | 000,000,000 | ---D | C] -- C:\Users\Grega\AppData\Roaming\Moyea
    [2011.09.03 10:53:44 | 000,000,000 | ---D | C] -- C:\Users\Grega\AppData\Roaming\GetRightToGo
    [2011.09.03 10:32:35 | 000,000,000 | ---D | C] -- C:\Users\Grega\Desktop\SoYouGotWasted
    [2011.09.01 17:13:27 | 000,000,000 | ---D | C] -- C:\Users\Grega\Desktop\SayWhatWhenFail
    [2011.08.30 18:08:21 | 000,000,000 | ---D | C] -- C:\Users\Grega\Desktop\FAIL_IMG
    [4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [1 C:\*.tmp files -> C:\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011.09.28 06:22:06 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Grega\Desktop\OTL.exe
    [2011.09.28 06:15:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011.09.28 06:15:41 | 1609,424,896 | -HS- | M] () -- C:\hiberfil.sys
    [2011.09.27 23:51:02 | 000,014,224 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011.09.27 23:51:02 | 000,014,224 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011.09.27 23:15:00 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1877162705-2736592578-1845153819-1001UA.job
    [2011.09.27 22:21:19 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2011.09.27 19:37:00 | 004,230,516 | R--- | M] (Swearware) -- C:\Users\Grega\Desktop\ComboFixs.exe
    [2011.09.27 19:27:09 | 001,916,416 | ---- | M] () -- C:\Users\Grega\Desktop\aswMBR.exe
    [2011.09.27 19:08:27 | 001,548,080 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Grega\Desktop\tdsskiller.exe
    [2011.09.27 16:02:25 | 000,139,264 | ---- | M] () -- C:\Users\Grega\Desktop\RKUnhookerLE.EXE
    [2011.09.27 15:54:08 | 000,455,503 | ---- | M] () -- C:\Users\Grega\Desktop\DummyCreator.zip
    [2011.09.26 22:53:08 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Grega\Desktop\dds.scr
    [2011.09.26 22:49:17 | 000,302,592 | ---- | M] () -- C:\Users\Grega\Desktop\6no6n5rd.exe
    [2011.09.26 22:37:39 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2011.09.26 22:11:44 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Grega\Desktop\mbam-setup-1.51.2.1300(1).exe
    [2011.09.26 22:10:51 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
    [2011.09.26 22:09:36 | 067,889,832 | ---- | M] () -- C:\Users\Grega\Desktop\avira_antivir_personal_en.exe
    [2011.09.26 21:29:17 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
    [2011.09.26 19:16:13 | 058,948,168 | ---- | M] () -- C:\Users\Grega\Desktop\setup_av_free.exe
    [2011.09.25 21:21:38 | 074,138,000 | ---- | M] () -- C:\Users\Grega\Desktop\msert.exe
    [2011.09.25 21:10:13 | 000,023,624 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
    [2011.09.25 21:08:33 | 000,000,486 | ---- | M] () -- C:\Windows\System32\.crusader
    [2011.09.25 20:46:05 | 016,913,411 | ---- | M] () -- C:\Users\Grega\Desktop\WampServer 2.0g.rar
    [2011.09.25 20:13:52 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Grega\Desktop\mbam-setup-1.51.2.1300.exe
    [2011.09.25 19:04:02 | 004,223,304 | R--- | M] () -- C:\Users\Grega\Desktop\ComboFix.exe
    [2011.09.25 18:45:31 | 001,473,042 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
    [2011.09.25 18:40:17 | 001,008,092 | ---- | M] () -- C:\Users\Grega\Desktop\rkill.com
    [2011.09.25 17:11:10 | 006,394,688 | ---- | M] (SurfRight B.V.) -- C:\Users\Grega\Desktop\HitmanPro35.exe
    [2011.09.25 16:12:50 | 000,609,896 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2011.09.25 16:12:50 | 000,104,214 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011.09.25 13:09:44 | 000,001,107 | ---- | M] () -- C:\Users\Grega\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
    [2011.09.25 09:15:00 | 000,001,014 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1877162705-2736592578-1845153819-1001Core.job
    [2011.09.23 22:50:04 | 000,001,680 | ---- | M] () -- C:\Users\Grega\AppData\Local\Adobe Save for Web 12.0 Prefs
    [2011.09.23 21:23:58 | 000,000,132 | ---- | M] () -- C:\Users\Grega\AppData\Roaming\Adobe PNG Format CS5 Prefs
    [2011.09.20 23:38:32 | 000,000,118 | ---- | M] () -- C:\Users\Grega\Desktop\backgroundView.png
    [2011.09.20 23:38:17 | 000,000,118 | ---- | M] () -- C:\Users\Grega\Desktop\backgroundPage.png
    [2011.09.19 22:27:38 | 000,001,423 | ---- | M] () -- C:\Users\Grega\Desktop\jquery.jscrollpane.css
    [2011.09.19 10:41:06 | 000,015,231 | ---- | M] () -- C:\Users\Grega\Desktop\btn-buy.png
    [2011.09.18 19:16:06 | 000,483,361 | ---- | M] () -- C:\Users\Grega\Desktop\whiteboard.zip
    [2011.09.18 18:50:22 | 003,981,530 | ---- | M] () -- C:\Users\Grega\Desktop\wordpress-3.2.1.zip
    [2011.09.17 22:45:35 | 000,696,848 | ---- | M] () -- C:\Users\Grega\Desktop\PHPlist-Platinum-Mailer-BrentwoodWebDesign.zip
    [2011.09.15 08:06:54 | 003,795,880 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2011.09.12 17:51:21 | 000,907,931 | ---- | M] () -- C:\Users\Grega\Desktop\jquery.flippage_v0.5.zip
    [2011.09.07 19:35:28 | 000,002,002 | ---- | M] () -- C:\Users\Grega\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2011.09.06 13:58:26 | 046,249,416 | ---- | M] () -- C:\Windows\System32\MRT.exe
    [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [1 C:\*.tmp files -> C:\*.tmp -> ]

    ========== Files Created - No Company Name ==========
     
  21. gregas

    gregas TS Rookie Topic Starter Posts: 26

    [2011.09.27 19:50:57 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2011.09.27 19:50:57 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2011.09.27 19:50:57 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011.09.27 19:50:57 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011.09.27 19:50:57 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011.09.27 19:26:39 | 001,916,416 | ---- | C] () -- C:\Users\Grega\Desktop\aswMBR.exe
    [2011.09.27 16:02:25 | 000,139,264 | ---- | C] () -- C:\Users\Grega\Desktop\RKUnhookerLE.EXE
    [2011.09.27 15:54:02 | 000,455,503 | ---- | C] () -- C:\Users\Grega\Desktop\DummyCreator.zip
    [2011.09.26 22:49:16 | 000,302,592 | ---- | C] () -- C:\Users\Grega\Desktop\6no6n5rd.exe
    [2011.09.26 22:10:51 | 000,002,016 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
    [2011.09.26 22:08:35 | 067,889,832 | ---- | C] () -- C:\Users\Grega\Desktop\avira_antivir_personal_en.exe
    [2011.09.26 19:15:16 | 058,948,168 | ---- | C] () -- C:\Users\Grega\Desktop\setup_av_free.exe
    [2011.09.25 21:59:49 | 000,000,495 | ---- | C] () -- C:\Users\Grega\Desktop\arrows-dark.png
    [2011.09.25 21:18:02 | 074,138,000 | ---- | C] () -- C:\Users\Grega\Desktop\msert.exe
    [2011.09.25 20:45:21 | 016,913,411 | ---- | C] () -- C:\Users\Grega\Desktop\WampServer 2.0g.rar
    [2011.09.25 19:03:54 | 004,223,304 | R--- | C] () -- C:\Users\Grega\Desktop\ComboFix.exe
    [2011.09.25 18:44:47 | 001,473,042 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
    [2011.09.25 18:40:13 | 001,008,092 | ---- | C] () -- C:\Users\Grega\Desktop\rkill.com
    [2011.09.25 17:29:14 | 000,000,486 | ---- | C] () -- C:\Windows\System32\.crusader
    [2011.09.25 17:11:50 | 000,023,624 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
    [2011.09.25 13:09:44 | 000,001,107 | ---- | C] () -- C:\Users\Grega\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
    [2011.09.23 21:19:21 | 000,000,132 | ---- | C] () -- C:\Users\Grega\AppData\Roaming\Adobe PNG Format CS5 Prefs
    [2011.09.20 23:38:31 | 000,000,118 | ---- | C] () -- C:\Users\Grega\Desktop\backgroundView.png
    [2011.09.20 23:38:14 | 000,000,118 | ---- | C] () -- C:\Users\Grega\Desktop\backgroundPage.png
    [2011.09.19 22:27:37 | 000,001,423 | ---- | C] () -- C:\Users\Grega\Desktop\jquery.jscrollpane.css
    [2011.09.19 10:41:06 | 000,015,231 | ---- | C] () -- C:\Users\Grega\Desktop\btn-buy.png
    [2011.09.18 19:16:01 | 000,483,361 | ---- | C] () -- C:\Users\Grega\Desktop\whiteboard.zip
    [2011.09.18 18:50:04 | 003,981,530 | ---- | C] () -- C:\Users\Grega\Desktop\wordpress-3.2.1.zip
    [2011.09.17 22:45:25 | 000,696,848 | ---- | C] () -- C:\Users\Grega\Desktop\PHPlist-Platinum-Mailer-BrentwoodWebDesign.zip
    [2011.09.12 17:51:19 | 000,907,931 | ---- | C] () -- C:\Users\Grega\Desktop\jquery.flippage_v0.5.zip
    [2011.08.31 19:02:16 | 018,957,782 | ---- | C] () -- C:\Users\Grega\Desktop\phpList 2 E-mail Campaign Manager.pdf
    [2011.05.14 18:50:20 | 000,000,038 | -HS- | C] () -- C:\Windows\camcodec100.ini
    [2011.05.14 18:50:20 | 000,000,028 | -HS- | C] () -- C:\Windows\lagarith.ini
    [2011.05.14 18:49:32 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
    [2011.05.01 18:44:37 | 000,001,680 | ---- | C] () -- C:\Users\Grega\AppData\Local\Adobe Save for Web 12.0 Prefs
    [2011.04.24 12:05:01 | 000,014,248 | -HS- | C] () -- C:\Users\Grega\AppData\Local\24i7851j8d6d4u43agcq3bpyk6bp4265btif5y72
    [2011.04.24 12:05:01 | 000,014,248 | -HS- | C] () -- C:\ProgramData\24i7851j8d6d4u43agcq3bpyk6bp4265btif5y72
    [2010.11.08 22:02:05 | 000,000,056 | ---- | C] () -- C:\Windows\System32\ezsidmv.dat
    [2010.08.23 18:25:55 | 000,150,184 | ---- | C] () -- C:\Windows\System32\mlfcache.dat
    [2010.03.15 22:41:58 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
    [2009.12.21 22:16:21 | 000,009,895 | ---- | C] () -- C:\Users\Grega\AppData\Roaming\PStrip.bko
    [2009.12.12 12:32:39 | 000,007,623 | ---- | C] () -- C:\Users\Grega\AppData\Local\resmon.resmoncfg
    [2009.12.12 12:29:15 | 000,009,865 | ---- | C] () -- C:\Users\Grega\AppData\Roaming\PStrip.bk!
    [2009.12.12 12:29:12 | 000,009,849 | ---- | C] () -- C:\Users\Grega\AppData\Roaming\PStrip.bak
    [2009.12.12 10:51:58 | 000,009,770 | ---- | C] () -- C:\Users\Grega\AppData\Roaming\PStrip.ini
    [2009.12.12 10:49:16 | 000,000,062 | ---- | C] () -- C:\Windows\wininit.ini
    [2009.11.30 18:11:19 | 000,164,913 | ---- | C] () -- C:\Windows\hpoins32.dat
    [2009.11.30 18:11:19 | 000,000,850 | ---- | C] () -- C:\Windows\hpomdl32.dat
    [2009.11.19 12:56:30 | 000,000,678 | ---- | C] () -- C:\ProgramData\nvUnsupRes.dat
    [2009.11.06 10:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
    [2009.11.02 11:47:46 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
    [2009.10.24 15:55:29 | 000,000,218 | ---- | C] () -- C:\Users\Grega\AppData\Roaming\default.rss
    [2009.10.14 11:57:47 | 046,249,416 | ---- | C] () -- C:\Windows\System32\MRT.exe
    [2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2009.07.14 06:33:53 | 003,795,880 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2009.07.14 04:05:48 | 000,609,896 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
    [2009.07.14 04:05:48 | 000,104,214 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
    [2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
    [2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
    [2009.07.14 02:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
    [2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
    [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
    [2009.07.14 01:41:47 | 000,001,536 | ---- | C] () -- C:\Windows\System32\winver.exe
    [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

    ========== LOP Check ==========

    [2010.04.02 18:21:41 | 000,000,000 | ---D | M] -- C:\Users\Grega\AppData\Roaming\BSplayer
    [2009.11.19 12:52:17 | 000,000,000 | ---D | M] -- C:\Users\Grega\AppData\Roaming\BSplayer Pro
    [2011.08.06 21:58:12 | 000,000,000 | ---D | M] -- C:\Users\Grega\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2009.11.02 13:06:00 | 000,000,000 | ---D | M] -- C:\Users\Grega\AppData\Roaming\DAEMON Tools Lite
    [2011.05.15 16:47:50 | 000,000,000 | ---D | M] -- C:\Users\Grega\AppData\Roaming\Emergency Soft
    [2011.08.17 23:21:55 | 000,000,000 | ---D | M] -- C:\Users\Grega\AppData\Roaming\FireShot
    [2011.09.11 11:27:20 | 000,000,000 | ---D | M] -- C:\Users\Grega\AppData\Roaming\GetRightToGo
    [2011.09.11 11:27:11 | 000,000,000 | ---D | M] -- C:\Users\Grega\AppData\Roaming\GlobalSCAPE
    [2010.11.01 12:35:51 | 000,000,000 | ---D | M] -- C:\Users\Grega\AppData\Roaming\Iceni
    [2009.10.23 20:53:55 | 000,000,000 | ---D | M] -- C:\Users\Grega\AppData\Roaming\K-Meleon
    [2011.05.15 17:16:49 | 000,000,000 | ---D | M] -- C:\Users\Grega\AppData\Roaming\Microsys
    [2011.09.03 13:14:09 | 000,000,000 | ---D | M] -- C:\Users\Grega\AppData\Roaming\Moyea
    [2010.08.10 02:14:52 | 000,000,000 | ---D | M] -- C:\Users\Grega\AppData\Roaming\Notepad++
    [2011.04.30 12:13:00 | 000,000,000 | ---D | M] -- C:\Users\Grega\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
    [2009.10.28 21:47:09 | 000,000,000 | ---D | M] -- C:\Users\Grega\AppData\Roaming\Subversion
    [2011.05.14 18:16:22 | 000,000,000 | ---D | M] -- C:\Users\Grega\AppData\Roaming\SystemRequirementsLab
    [2011.03.03 20:33:40 | 000,000,000 | ---D | M] -- C:\Users\Grega\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
    [2011.09.25 13:48:16 | 000,000,000 | ---D | M] -- C:\Users\Grega\AppData\Roaming\uTorrent
    [2011.08.16 18:26:34 | 000,032,616 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2009.07.14 03:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
    [2009.10.24 05:58:24 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
    [2011.09.27 22:23:15 | 000,014,496 | ---- | M] () -- C:\ComboFix.txt
    [2009.06.10 23:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2011.06.15 22:02:20 | 000,017,925 | ---- | M] () -- C:\gb.exe
    [2011.09.28 06:15:41 | 1609,424,896 | -HS- | M] () -- C:\hiberfil.sys
    [2008.11.12 21:19:26 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2008.11.12 21:19:26 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2011.09.28 06:15:44 | 2145,902,592 | -HS- | M] () -- C:\pagefile.sys
    [2011.09.27 19:10:06 | 000,079,074 | ---- | M] () -- C:\TDSSKiller.2.6.2.0_27.09.2011_19.08.46_log.txt
    [2009.10.23 20:04:51 | 000,171,136 | RHS- | M] () -- C:\w7ldr
    [1 C:\*.tmp files -> C:\*.tmp -> ]

    < %systemroot%\Fonts\*.com >
    [2009.07.14 06:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009.07.14 06:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009.07.14 06:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009.07.14 06:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009.06.10 23:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2009.07.14 03:15:26 | 000,307,200 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\hpzppw72.dll
    [2009.07.14 03:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
    [2006.10.26 20:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll
    [2009.07.14 03:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\winprint.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009.07.14 06:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2009.10.23 20:07:17 | 000,000,221 | -HS- | M] () -- C:\Users\Grega\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2011.09.26 22:49:17 | 000,302,592 | ---- | M] () -- C:\Users\Grega\Desktop\6no6n5rd.exe
    [2011.09.27 19:27:09 | 001,916,416 | ---- | M] () -- C:\Users\Grega\Desktop\aswMBR.exe
    [2011.09.26 22:09:36 | 067,889,832 | ---- | M] () -- C:\Users\Grega\Desktop\avira_antivir_personal_en.exe
    [2011.09.25 19:04:02 | 004,223,304 | R--- | M] () -- C:\Users\Grega\Desktop\ComboFix.exe
    [2011.09.27 19:37:00 | 004,230,516 | R--- | M] (Swearware) -- C:\Users\Grega\Desktop\ComboFixs.exe
    [2011.09.25 17:11:10 | 006,394,688 | ---- | M] (SurfRight B.V.) -- C:\Users\Grega\Desktop\HitmanPro35.exe
    [2011.09.26 22:11:44 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Grega\Desktop\mbam-setup-1.51.2.1300(1).exe
    [2011.09.25 20:13:52 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Grega\Desktop\mbam-setup-1.51.2.1300.exe
    [2011.09.25 21:21:38 | 074,138,000 | ---- | M] () -- C:\Users\Grega\Desktop\msert.exe
    [2011.09.28 06:22:06 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Grega\Desktop\OTL.exe
    [2011.09.27 16:02:25 | 000,139,264 | ---- | M] () -- C:\Users\Grega\Desktop\RKUnhookerLE.EXE
    [2011.09.26 19:16:13 | 058,948,168 | ---- | M] () -- C:\Users\Grega\Desktop\setup_av_free.exe
    [2011.09.27 19:08:27 | 001,548,080 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Grega\Desktop\tdsskiller.exe
    [2011.09.25 17:14:55 | 014,507,464 | ---- | M] (Microsoft Corporation) -- C:\Users\Grega\Desktop\windows-kb890830-v4.0.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009.06.10 23:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >
    [2011.05.15 00:00:04 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
    [2011.05.14 18:25:36 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
    [2011.05.14 18:25:36 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
    [2011.05.14 18:25:36 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
    [2011.05.14 18:25:36 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbtmp.log
    [2011.05.14 18:25:36 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2010.08.10 16:02:02 | 000,000,402 | -HS- | M] () -- C:\Users\Grega\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2011.04.24 12:16:24 | 000,014,248 | -HS- | M] () -- C:\ProgramData\24i7851j8d6d4u43agcq3bpyk6bp4265btif5y72
    [2009.11.30 18:16:43 | 000,001,118 | ---- | M] () -- C:\ProgramData\hpzinstall.log

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

    < End of report >
     
  22. gregas

    gregas TS Rookie Topic Starter Posts: 26

    OTL Extras logfile created on: 28.9.2011 6:24:47 - Run 1
    OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Grega\Desktop
    Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000424 | Country: Slovenija | Language: SLV | Date Format: d.M.yyyy

    2,00 Gb Total Physical Memory | 1,43 Gb Available Physical Memory | 71,33% Memory free
    4,00 Gb Paging File | 3,22 Gb Available in Paging File | 80,55% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 298,08 Gb Total Space | 211,19 Gb Free Space | 70,85% Space Free | Partition Type: NTFS
    Drive D: | 149,05 Gb Total Space | 119,37 Gb Free Space | 80,09% Space Free | Partition Type: NTFS

    Computer Name: GREGA-PC | User Name: Grega | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .js [@ = jsfile] -- Reg Error: Value error. File not found

    [HKEY_USERS\S-1-5-21-1877162705-2736592578-1845153819-1001\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htmlfile [edit] -- Reg Error: Key error.
    https [open] -- "C:\Program Files\K-Meleon\K-Meleon.exe" "%1"
    jsfile [open] -- Reg Error: Value error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0
    "DefaultOutboundAction" = 0
    "DefaultInboundAction" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0
    "DefaultOutboundAction" = 0
    "DefaultInboundAction" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
    "{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
    "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
    "{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help
    "{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{095FC6D2-DF7E-40C1-B4AF-FFB3EC472BEB}" = C5300
    "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
    "{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
    "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
    "{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
    "{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool
    "{11466e1d-a869-4a5e-87b2-b3da58cd4c47}" = Nero 9
    "{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
    "{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights
    "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
    "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
    "{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
    "{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{20EFC9AA-BBC1-4DFD-81FF-99654F71CBF8}" = HPPhotoSmartDiscLabel_PrintOnDisc
    "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
    "{288DB08D-0708-4A94-B055-55B99E39EB62}" = Adobe Creative Suite 5 Master Collection
    "{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
    "{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart
    "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
    "{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
    "{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
    "{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax
    "{38C6E781-7B8B-4DCD-AEAD-98256F282FD8}" = SMC EZ Connect N Wireless Utility
    "{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
    "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
    "{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help
    "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
    "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
    "{4C24C6EB-FF40-4855-9C1D-42F8AFC75112}" = Zend Optimizer
    "{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help
    "{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
    "{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
    "{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
    "{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
    "{567C4A87-9029-4001-ACF1-CFC0717EC1A0}" = PS_AIO_04_C5300_Software_Min
    "{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision
    "{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help
    "{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
    "{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
    "{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
    "{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
    "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
    "{6E9EF98E-259E-416D-B5F8-0ABDB99942CE}" = Adobe Flash Player 10 ActiveX
    "{6FA29B87-FED3-45A1-8A95-2FDEE0F6DD18}" = HP Photosmart C5300 All-In-One Driver Software 13.0 Rel. 4
    "{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed
    "{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed
    "{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed
    "{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
    "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
    "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
    "{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express
    "{948FFAAE-C57F-447B-9B07-3721E950BFDC}" = Nero ShowTime
    "{949DBB22-2FB7-4de1-804C-23D495A988D8}" = CuteFTP 8 Home
    "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
    "{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
    "{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
    "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
    "{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress
    "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
    "{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner
    "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AA0FE8DB-61C4-4098-9553-C842D3986DD2}" = C5300_NCL_Help
    "{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool
    "{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed
    "{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
    "{AC76BA86-1033-F400-7760-000000000004}_920" = Adobe Acrobat 9.2.0 - CPSID_50026
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.4
    "{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
    "{B28635AB-1DF3-4F07-BFEA-975D911B549B}" = hpphotosmartdisclabelplugin
    "{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 270.61
    "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 270.61
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 270.61
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 270.61
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.1.34
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.48 (April 23, 2011) version v2011.build.48
    "{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help
    "{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
    "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
    "{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
    "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
    "{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
    "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
    "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
    "{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
    "{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
    "{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
    "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
    "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
    "{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent
    "{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
    "{CE246151-F0E8-ABC8-AEB2-7F3E188EFBF5}" = TweetDeck
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.4 Game
    "{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
    "{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
    "{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{D9D8F2CF-FE2D-4644-9762-01F916FE90A9}" = HPPhotoSmartDiscLabel_PaperLabel
    "{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
    "{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
    "{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget
    "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
    "{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help
    "{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
    "{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights
    "{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision
    "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
    "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
    "{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
    "{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
    "{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
    "43442AE9-6512-4392-B5DD-9167BECD1114_is1" = Infix 4.24
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
    "Aptana Studio 2.0" = Aptana Studio 2.0
    "Aptana Studio 3" = Aptana Studio 3
    "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
    "BSPlayerf" = BS.Player FREE
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "GT Legends_is1" = GT Legends
    "HP Imaging Device Functions" = HP Imaging Device Functions 13.0
    "HP Photosmart Essential" = HP Photosmart Essential 3.5
    "HP Smart Web Printing" = HP Smart Web Printing 4.51
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
    "HPExtendedCapabilities" = HP Customer Participation Program 13.0
    "IETester" = IETester v0.4.4 (remove only)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
    "Mozilla Firefox 6.0.2 (x86 sl)" = Mozilla Firefox 6.0.2 (x86 sl)
    "Notepad++" = Notepad++
    "NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "OpenAL" = OpenAL
    "PowerStrip 3 (remove only)" = PowerStrip 3 (remove only)
    "RaceRoom The Game_is1" = RaceRoom The Game
    "Shop for HP Supplies" = Shop for HP Supplies
    "SystemRequirementsLab" = System Requirements Lab
    "TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1" = TweetDeck
    "uTorrent" = µTorrent
    "VLC media player" = VLC media player 1.0.3
    "WampServer 2_is1" = WampServer 2.0
    "Wget-1.11.4-1_is1" = GnuWin32: Wget-1.11.4-1
    "WinRAR" = WinRAR

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1877162705-2736592578-1845153819-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google Chrome" = Google Chrome

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 27.9.2011 16:57:31 | Computer Name = Grega-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: AUDIODG.EXE, version: 6.1.7600.16385, time
    stamp: 0x4a5bcb44 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception
    code: 0xc0000005 Fault offset: 0x75ff70a9 Faulting process id: 0x8c0 Faulting application
    start time: 0x01cc7d581304c58c Faulting application path: C:\Windows\system32\AUDIODG.EXE
    Faulting
    module path: unknown Report Id: 50b5a5e5-e94b-11e0-b611-0013f7618452

    Error - 27.9.2011 16:57:31 | Computer Name = Grega-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: AUDIODG.EXE, version: 6.1.7600.16385, time
    stamp: 0x4a5bcb44 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception
    code: 0xc0000005 Fault offset: 0x75ff70a9 Faulting process id: 0xf94 Faulting application
    start time: 0x01cc7d581310d3a9 Faulting application path: C:\Windows\system32\AUDIODG.EXE
    Faulting
    module path: unknown Report Id: 50cc1469-e94b-11e0-b611-0013f7618452

    Error - 27.9.2011 16:57:31 | Computer Name = Grega-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: AUDIODG.EXE, version: 6.1.7600.16385, time
    stamp: 0x4a5bcb44 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception
    code: 0xc0000005 Fault offset: 0x75ff70a9 Faulting process id: 0x938 Faulting application
    start time: 0x01cc7d5813271b1c Faulting application path: C:\Windows\system32\AUDIODG.EXE
    Faulting
    module path: unknown Report Id: 50d7ad54-e94b-11e0-b611-0013f7618452

    Error - 27.9.2011 16:57:32 | Computer Name = Grega-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: AUDIODG.EXE, version: 6.1.7600.16385, time
    stamp: 0x4a5bcb44 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception
    code: 0xc0000005 Fault offset: 0x75ff70a9 Faulting process id: 0x70c Faulting application
    start time: 0x01cc7d5813328cf7 Faulting application path: C:\Windows\system32\AUDIODG.EXE
    Faulting
    module path: unknown Report Id: 50e31f2f-e94b-11e0-b611-0013f7618452

    Error - 27.9.2011 16:57:32 | Computer Name = Grega-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: AUDIODG.EXE, version: 6.1.7600.16385, time
    stamp: 0x4a5bcb44 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception
    code: 0xc0000005 Fault offset: 0x75ff70a9 Faulting process id: 0xdac Faulting application
    start time: 0x01cc7d58133dfed2 Faulting application path: C:\Windows\system32\AUDIODG.EXE
    Faulting
    module path: unknown Report Id: 50ee910a-e94b-11e0-b611-0013f7618452

    Error - 27.9.2011 16:57:32 | Computer Name = Grega-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: AUDIODG.EXE, version: 6.1.7600.16385, time
    stamp: 0x4a5bcb44 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception
    code: 0xc0000005 Fault offset: 0x75ff70a9 Faulting process id: 0xa24 Faulting application
    start time: 0x01cc7d581349bece Faulting application path: C:\Windows\system32\AUDIODG.EXE
    Faulting
    module path: unknown Report Id: 50fa02e5-e94b-11e0-b611-0013f7618452

    Error - 27.9.2011 16:57:32 | Computer Name = Grega-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: AUDIODG.EXE, version: 6.1.7600.16385, time
    stamp: 0x4a5bcb44 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception
    code: 0xc0000005 Fault offset: 0x75ff70a9 Faulting process id: 0x980 Faulting application
    start time: 0x01cc7d581354e288 Faulting application path: C:\Windows\system32\AUDIODG.EXE
    Faulting
    module path: unknown Report Id: 51054daf-e94b-11e0-b611-0013f7618452

    Error - 27.9.2011 16:57:32 | Computer Name = Grega-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: AUDIODG.EXE, version: 6.1.7600.16385, time
    stamp: 0x4a5bcb44 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception
    code: 0xc0000005 Fault offset: 0x75ff70a9 Faulting process id: 0x7cc Faulting application
    start time: 0x01cc7d5813602d52 Faulting application path: C:\Windows\system32\AUDIODG.EXE
    Faulting
    module path: unknown Report Id: 5110bf8a-e94b-11e0-b611-0013f7618452

    Error - 27.9.2011 16:57:32 | Computer Name = Grega-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: AUDIODG.EXE, version: 6.1.7600.16385, time
    stamp: 0x4a5bcb44 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception
    code: 0xc0000005 Fault offset: 0x75ff70a9 Faulting process id: 0x4f0 Faulting application
    start time: 0x01cc7d58136cd7b2 Faulting application path: C:\Windows\system32\AUDIODG.EXE
    Faulting
    module path: unknown Report Id: 511d69ea-e94b-11e0-b611-0013f7618452

    Error - 27.9.2011 16:57:32 | Computer Name = Grega-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: AUDIODG.EXE, version: 6.1.7600.16385, time
    stamp: 0x4a5bcb44 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception
    code: 0xc0000005 Fault offset: 0x75ff70a9 Faulting process id: 0xf48 Faulting application
    start time: 0x01cc7d58137897ae Faulting application path: C:\Windows\system32\AUDIODG.EXE
    Faulting
    module path: unknown Report Id: 5133d86e-e94b-11e0-b611-0013f7618452

    [ System Events ]
    Error - 27.9.2011 14:18:04 | Computer Name = Grega-PC | Source = Service Control Manager | ID = 7000
    Description = The MBAMService service failed to start due to the following error:
    %%5

    Error - 27.9.2011 16:10:45 | Computer Name = Grega-PC | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 27.9.2011 16:18:26 | Computer Name = Grega-PC | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 27.9.2011 16:21:20 | Computer Name = Grega-PC | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 27.9.2011 17:50:20 | Computer Name = Grega-PC | Source = Service Control Manager | ID = 7000
    Description = The wampmysqld service failed to start due to the following error:
    %%2

    Error - 28.9.2011 0:16:07 | Computer Name = Grega-PC | Source = Service Control Manager | ID = 7000
    Description = The Avira AntiVir Scheduler service failed to start due to the following
    error: %%2

    Error - 28.9.2011 0:16:08 | Computer Name = Grega-PC | Source = Service Control Manager | ID = 7000
    Description = The adfs service failed to start due to the following error: %%2

    Error - 28.9.2011 0:16:08 | Computer Name = Grega-PC | Source = Service Control Manager | ID = 7000
    Description = The Avira AntiVir Guard service failed to start due to the following
    error: %%5

    Error - 28.9.2011 0:18:15 | Computer Name = Grega-PC | Source = Service Control Manager | ID = 7000
    Description = The Google Update Service (gupdate) service failed to start due to
    the following error: %%2

    Error - 28.9.2011 0:18:15 | Computer Name = Grega-PC | Source = Service Control Manager | ID = 7000
    Description = The MBAMService service failed to start due to the following error:
    %%5


    < End of report >
     
  23. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    I suggest you reinstall Avira.

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ==============================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      SRV - File not found [On_Demand | Stopped] -- -- (gupdatem) Storitev Posodobitve za Google (gupdatem)
      SRV - File not found [Auto | Stopped] -- -- (gupdate) Google Update Service (gupdate)
      O15 - HKU\S-1-5-21-1877162705-2736592578-1845153819-1001\..Trusted Domains: nlb.si ([ac] https in Trusted sites)
      [4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
      [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
      [1 C:\*.tmp files -> C:\*.tmp -> ]
      [2011.04.24 12:05:01 | 000,014,248 | -HS- | C] () -- C:\Users\Grega\AppData\Local\24i7851j8d6d4u43agcq3bpyk6bp4265btif5y72
      [2011.04.24 12:05:01 | 000,014,248 | -HS- | C] () -- C:\ProgramData\24i7851j8d6d4u43agcq3bpyk6bp4265btif5y72
      @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
      @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ====================================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  24. gregas

    gregas TS Rookie Topic Starter Posts: 26

    All processes killed
    ========== OTL ==========
    Error: No service named gupdatem) Storitev Posodobitve za Google (gupdatem was found to stop!
    Service\Driver key gupdatem) Storitev Posodobitve za Google (gupdatem not found.
    Error: No service named gupdate) Google Update Service (gupdate was found to stop!
    Service\Driver key gupdate) Google Update Service (gupdate not found.
    Registry key HKEY_USERS\S-1-5-21-1877162705-2736592578-1845153819-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\nlb.si\ac\ deleted successfully.
    C:\Windows\System32\tmp43F4.tmp deleted successfully.
    C:\Windows\System32\tmp4443.tmp deleted successfully.
    C:\Windows\System32\tmp58CD.tmp deleted successfully.
    C:\Windows\System32\tmp591C.tmp deleted successfully.
    C:\Windows\msdownld.tmp folder deleted successfully.
    C:\w.tmp deleted successfully.
    C:\Users\Grega\AppData\Local\24i7851j8d6d4u43agcq3bpyk6bp4265btif5y72 moved successfully.
    C:\ProgramData\24i7851j8d6d4u43agcq3bpyk6bp4265btif5y72 moved successfully.
    ADS C:\ProgramData\TEMP:430C6D84 deleted successfully.
    ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 56468 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Grega
    ->Temp folder emptied: 122198822 bytes
    ->Temporary Internet Files folder emptied: 1224315 bytes
    ->Java cache emptied: 33708302 bytes
    ->FireFox cache emptied: 162808709 bytes
    ->Google Chrome cache emptied: 7904174 bytes
    ->Flash cache emptied: 1996001 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 56466 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 6274 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 315,00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Grega
    ->Flash cache emptied: 0 bytes

    User: Public

    User: UpdatusUser
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0,00 mb


    OTL by OldTimer - Version 3.2.29.1 log created on 09282011_071324

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
     
  25. gregas

    gregas TS Rookie Topic Starter Posts: 26

    Results of screen317's Security Check version 0.99.7
    Windows 7 (UAC is disabled!)
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Disabled!
    Avira AntiVir Personal - Free Antivirus
    WMI entry may not exist for antivirus; attempting automatic update.
    Avira successfully updated!
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 27
    Out of date Java installed!
    Adobe Flash Player 10.3.181.26
    Adobe Reader 9.4.4
    Out of date Adobe Reader installed!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Malwarebytes' Anti-Malware mbamgui.exe
    Avira Antivir avgnt.exe
    Avira Antivir avguard.exe
    ``````````End of Log````````````
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...