TechSpot

PUM.Disabled. Security Center

Solved
By dzsuli
Oct 7, 2012
  1. I ran Malwarebyte Anti-Malware program because my keyboard was locked, and thought it has to be a virus, but noticed eventually that Ctrl key was stucked.
    When I restarted my computer a red ballon was telling me that my computer may be at risk, that automatic windows updates are turned off.
    I don't know what to do next. Please help me.

    Thank you for your time.


    Malwarebytes Anti-Malware 1.65.0.1400
    www.malwarebytes.org

    Database version: v2012.10.06.05

    Windows XP Service Pack 2 x86 NTFS
    Internet Explorer 7.0.5730.13
    Administrator :: ACER-88C919EA93 [administrator]

    06.10.2012 22:36:02
    mbam-log-2012-10-06 (22-36-02).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 192143
    Time elapsed: 1 hour(s), 43 minute(s), 32 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 3
    HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
    HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
    HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
  2. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
  3. dzsuli

    dzsuli TS Rookie Topic Starter Posts: 21

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-10-07 19:39:40
    Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-c ST3160215ACE rev.3.CKA
    Running: fbb6ris6.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kgncqpob.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xB696D932]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xB696D79D]

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xB6A16966]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Devices - GMER 1.0.15 ----

    Device \Driver\atapi \Device\Ide\IdePort0 89BD71E8
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 89BD71E8
    Device \Driver\atapi \Device\Ide\IdePort1 89BD71E8
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c 89BD71E8
    Device \Driver\atg9gbom \Device\Scsi\atg9gbom1 899BB1E8
    Device \Driver\atg9gbom \Device\Scsi\atg9gbom1Port3Path0Target0Lun0 899BB1E8
    Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
    Device \FileSystem\Ntfs \Ntfs 89C061E8

    AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    ---- EOF - GMER 1.0.15 ----

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_31
    Run by Administrator at 20:13:37 on 2012-10-07
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1791.983 [GMT 3:00]
    .
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\AVAST Software\Avast\avastUI.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\DAEMON Tools Lite\DTLite.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.ro/
    uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Auralog.TMMToolbar.IEToolbarEngineForDialogMode.ShowToolbarBHO: {48a9e944-94ec-4ce9-b23f-65c5c8c1e7b0} - mscoree.dll
    BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: {86a3cdaa-9b25-480e-b73f-c2d359b87966} - No File
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll
    TB: TELL ME MORE Toolbar: {142640dd-26df-42b6-ae10-6690633d3abe} - mscoree.dll
    uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
    uRun: [AdobeBridge]
    uRun: [PicPick Start] c:\program files\picpick\picpick.exe
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
    uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [nwiz] nwiz.exe /install
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [SkyTel] SkyTel.EXE
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: Free YouTube Download - c:\documents and settings\administrator\application data\dvdvideosoftiehelpers\freeyoutubedownload.htm
    IE: Free YouTube to MP3 Converter - c:\documents and settings\administrator\application data\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    TCP: Interfaces\{35FA86E1-0A8C-49F2-8DB7-8953A4DA1CAC} : DhcpNameServer = 169.254.100.1
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\9h4apeb4.default\
    FF - prefs.js: browser.startup.homepage - www.startlap.hu
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
    FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_265.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-2-24 729752]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-2-24 355632]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-2-24 21256]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-2-24 44808]
    R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2012-8-13 3064000]
    S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-3 160944]
    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-27 114144]
    S3 slnt;Real RTL8139 PCI Fast Ethernet Adapter;c:\windows\system32\drivers\slnt.sys [2012-2-23 18004]
    .
    =============== Created Last 30 ================
    .
    2012-10-06 19:35:14 -------- d-----w- c:\documents and settings\administrator\application data\Malwarebytes
    2012-10-06 19:35:03 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2012-10-06 19:35:01 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-10-06 19:35:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-09-26 15:38:42 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
    2012-09-15 17:41:47 442368 ----a-r- c:\windows\system32\vp6vfw.dll
    2012-09-15 13:30:06 -------- d-----w- c:\program files\DAEMON Tools Lite
    2012-09-15 13:17:49 477240 ----a-w- c:\windows\system32\drivers\sptd.sys
    2012-09-15 13:17:18 -------- d-----w- c:\documents and settings\administrator\application data\DAEMON Tools Lite
    2012-09-15 13:11:06 -------- d-----w- c:\documents and settings\all users\application data\DAEMON Tools Lite
    .
    ==================== Find3M ====================
    .
    2012-08-27 07:34:57 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-08-27 07:34:57 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-08-21 09:13:15 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-08-21 09:12:33 41224 ----a-w- c:\windows\avastSS.scr
    .
    ============= FINISH: 20:13:48,87 ===============
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 24.02.2012 09:49:53
    System Uptime: 07.10.2012 16:50:54 (4 hours ago)
    .
    Motherboard: Acer | | EM61SM/EM61PM
    Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+ | Socket M2 | 2009/201mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 20 GiB total, 12,524 GiB free.
    D: is FIXED (NTFS) - 130 GiB total, 29,822 GiB free.
    E: is CDROM ()
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    J: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    µTorrent
    4300
    4300_Help
    4300Trb
    Adobe AIR
    Adobe Anchor Service CS4
    Adobe Bridge CS4
    Adobe CMaps CS4
    Adobe Color - Photoshop Specific CS4
    Adobe Color EU Extra Settings CS4
    Adobe Color JA Extra Settings CS4
    Adobe Color NA Recommended Settings CS4
    Adobe Color Video Profiles CS CS4
    Adobe CSI CS4
    Adobe Default Language CS4
    Adobe Device Central CS4
    Adobe Drive CS4
    Adobe ExtendScript Toolkit CS4
    Adobe Extension Manager CS4
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Fonts All
    Adobe Linguistics CS4
    Adobe Media Player
    Adobe Output Module
    Adobe PDF Library Files CS4
    Adobe Photoshop CS4
    Adobe Photoshop CS4 Support
    Adobe Reader X (10.1.4)
    Adobe Search for Help
    Adobe Service Manager Extension
    Adobe Setup
    Adobe Shockwave Player 11.6
    Adobe Type Support CS4
    Adobe Update Manager CS4
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS4
    AdobeColorCommonSetCMYK
    AdobeColorCommonSetRGB
    AiO_Scan_CDA
    AiOSoftwareNPI
    avast! Free Antivirus
    BS.Player PRO
    BufferChm
    CCleaner
    Compatibility Pack for the 2007 Office system
    Connect
    DAEMON Tools Lite
    Destination Component
    DocProc
    DocProcQFolder
    eSupportQFolder
    Fax_CDA
    Free YouTube Download version 3.0.22.221
    Free YouTube to MP3 Converter version 3.10.15.1228
    HP Imaging Device Functions 11.5
    HP Photosmart, Officejet and Deskjet 7.0.A
    HP Scanjet G3110 11.5
    HP Solution Center 7.0
    hpg3110
    hpg3110QFolder
    HPPhotoSmartExpress
    HPProductAssistant
    InstantShareDevicesMFC
    Java Auto Updater
    Java(TM) 6 Update 31
    kuler
    LightScribe 1.4.124.1
    Malwarebytes Anti-Malware version 1.65.0.1400
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft Office Professional Edition 2003
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Mozilla Firefox 15.0.1 (x86 en-US)
    Mozilla Maintenance Service
    Nero 7 Essentials
    NewCopy_CDA
    NVIDIA Drivers
    OCR Software by I.R.I.S 7.0
    PanoStandAlone
    PDF Settings CS4
    PhotoFiltre
    PhotoScape
    Photoshop Camera Raw
    Picasa 3
    PicPick
    ProductContextNPI
    Readme
    Realtek High Definition Audio Driver
    Scan
    ScannerCopy
    Seterra 4.02
    Skype Click to Call
    Skype™ 5.10
    Software Update for Web Folders
    SolutionCenter
    Status
    Suite Shared Configuration CS4
    swMSM
    TELL ME MORE Toolbar
    Toolbox
    Total Commander (Remove or Repair)
    TrayApp
    Unload
    uTorrentControl2 Toolbar
    VLC media player 1.1.9
    WebReg
    Winamp
    Winamp Detector Plug-in
    Windows Driver Package - AMD System (04/06/2006 1.0.1.0)
    Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
    WinRAR archiver
    Yahoo! Messenger
    .
    ==== Event Viewer Messages From Past Week ========
    .
    07.10.2012 19:44:18, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
    03.10.2012 20:28:28, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    03.10.2012 20:27:58, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the ImapiService service.
    03.10.2012 20:27:28, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.
    .
    ==== End Of File ===========================


    May I sound stupid but I don't know how to get OTL.txt and Extras.txt?
  4. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    I didn't ask for those logs yet.

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

    ===============================

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    =============================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
  5. dzsuli

    dzsuli TS Rookie Topic Starter Posts: 21

    22:57:23.0308 3728 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
    22:57:23.0542 3728 ============================================================
    22:57:23.0542 3728 Current date / time: 2012/10/07 22:57:23.0542
    22:57:23.0542 3728 SystemInfo:
    22:57:23.0542 3728
    22:57:23.0542 3728 OS Version: 5.1.2600 ServicePack: 2.0
    22:57:23.0542 3728 Product type: Workstation
    22:57:23.0542 3728 ComputerName: ACER-88C919EA93
    22:57:23.0542 3728 UserName: Administrator
    22:57:23.0542 3728 Windows directory: C:\WINDOWS
    22:57:23.0542 3728 System windows directory: C:\WINDOWS
    22:57:23.0542 3728 Processor architecture: Intel x86
    22:57:23.0542 3728 Number of processors: 2
    22:57:23.0542 3728 Page size: 0x1000
    22:57:23.0542 3728 Boot type: Normal boot
    22:57:23.0542 3728 ============================================================
    22:57:24.0699 3728 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
    22:57:24.0792 3728 ============================================================
    22:57:24.0792 3728 \Device\Harddisk0\DR0:
    22:57:24.0808 3728 MBR partitions:
    22:57:24.0808 3728 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2711637
    22:57:24.0824 3728 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x27116B5, BlocksNum 0x1030354B
    22:57:24.0824 3728 ============================================================
    22:57:24.0886 3728 C: <-> \Device\Harddisk0\DR0\Partition1
    22:57:25.0058 3728 D: <-> \Device\Harddisk0\DR0\Partition2
    22:57:25.0058 3728 ============================================================
    22:57:25.0058 3728 Initialize success
    22:57:25.0058 3728 ============================================================
    22:58:54.0027 4072 ============================================================
    22:58:54.0027 4072 Scan started
    22:58:54.0027 4072 Mode: Manual;
    22:58:54.0027 4072 ============================================================
    22:58:54.0464 4072 ================ Scan system memory ========================
    22:58:54.0464 4072 System memory - ok
    22:58:54.0464 4072 ================ Scan services =============================
    22:58:54.0636 4072 [ 0352A73CD6B1782EA3ED7A03A8268F55 ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
    22:58:54.0636 4072 Aavmker4 - ok
    22:58:54.0652 4072 Abiosdsk - ok
    22:58:54.0652 4072 abp480n5 - ok
    22:58:54.0699 4072 [ A10C7534F7223F4A73A948967D00E69B ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
    22:58:54.0714 4072 ACPI - ok
    22:58:54.0777 4072 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
    22:58:54.0777 4072 ACPIEC - ok
    22:58:54.0824 4072 [ 6D7F09CD92A9FEF3A8EFCE66231FDD79 ] adfs C:\WINDOWS\system32\drivers\adfs.sys
    22:58:54.0824 4072 adfs - ok
    22:58:54.0839 4072 adpu160m - ok
    22:58:54.0886 4072 [ 1EE7B434BA961EF845DE136224C30FEC ] aec C:\WINDOWS\system32\drivers\aec.sys
    22:58:54.0902 4072 aec - ok
    22:58:54.0949 4072 [ 5AC495F4CB807B2B98AD2AD591E6D92E ] AFD C:\WINDOWS\System32\drivers\afd.sys
    22:58:54.0964 4072 AFD - ok
    22:58:54.0964 4072 Aha154x - ok
    22:58:54.0980 4072 aic78u2 - ok
    22:58:54.0980 4072 aic78xx - ok
    22:58:55.0011 4072 [ C7AE0FD3867DB0D42B03B73C18F3D671 ] Alerter C:\WINDOWS\system32\alrsvc.dll
    22:58:55.0027 4072 Alerter - ok
    22:58:55.0058 4072 [ F1958FBF86D5C004CF19A5951A9514B7 ] ALG C:\WINDOWS\System32\alg.exe
    22:58:55.0074 4072 ALG - ok
    22:58:55.0089 4072 AliIde - ok
    22:58:55.0089 4072 amsint - ok
    22:58:55.0136 4072 [ 9C3C12975C97119412802B181FBEEFFE ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
    22:58:55.0152 4072 AppMgmt - ok
    22:58:55.0199 4072 [ F0D692B0BFFB46E30EB3CEA168BBC49F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
    22:58:55.0199 4072 Arp1394 - ok
    22:58:55.0199 4072 asc - ok
    22:58:55.0214 4072 asc3350p - ok
    22:58:55.0214 4072 asc3550 - ok
    22:58:55.0339 4072 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    22:58:55.0355 4072 aspnet_state - ok
    22:58:55.0402 4072 [ F5DC168BF77572D51BE28BA261B30CB4 ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
    22:58:55.0402 4072 aswFsBlk - ok
    22:58:55.0449 4072 [ 2B9B1DF809E965EF63402CBBA6DB50AE ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
    22:58:55.0449 4072 aswMon2 - ok
    22:58:55.0464 4072 [ B7D5E4486BA658ED08624D8084ABB830 ] AswRdr C:\WINDOWS\system32\drivers\AswRdr.sys
    22:58:55.0480 4072 AswRdr - ok
    22:58:55.0495 4072 [ 30E45AF8B4D83176CA850FC9699E860B ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
    22:58:55.0511 4072 aswSnx - ok
    22:58:55.0527 4072 [ F04BDBCB965C05C51F4A7DE7B62063D6 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
    22:58:55.0527 4072 aswSP - ok
    22:58:55.0542 4072 [ DFE9152ABFA89BB8CFDC057409B2D4DA ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
    22:58:55.0542 4072 aswTdi - ok
    22:58:55.0589 4072 [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    22:58:55.0589 4072 AsyncMac - ok
    22:58:55.0636 4072 [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
    22:58:55.0636 4072 atapi - ok
    22:58:55.0652 4072 Atdisk - ok
    22:58:55.0699 4072 [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    22:58:55.0699 4072 Atmarpc - ok
    22:58:55.0745 4072 [ DB66DB626E4882EBEF55F136F12C1829 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
    22:58:55.0761 4072 AudioSrv - ok
    22:58:55.0824 4072 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
    22:58:55.0824 4072 audstub - ok
    22:58:55.0980 4072 [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    22:58:55.0980 4072 avast! Antivirus - ok
    22:58:56.0027 4072 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
    22:58:56.0027 4072 Beep - ok
    22:58:56.0089 4072 [ 17A0D43C80DB5348759C649835A78CFC ] BITS C:\WINDOWS\system32\qmgr.dll
    22:58:56.0120 4072 BITS - ok
    22:58:56.0167 4072 [ 39128B5A743545BAEDD3984C210F00A8 ] Browser C:\WINDOWS\System32\browser.dll
    22:58:56.0183 4072 Browser - ok
    22:58:56.0245 4072 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
    22:58:56.0245 4072 cbidf2k - ok
    22:58:56.0245 4072 cd20xrnt - ok
    22:58:56.0308 4072 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
    22:58:56.0308 4072 Cdaudio - ok
    22:58:56.0355 4072 [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
    22:58:56.0355 4072 Cdfs - ok
    22:58:56.0402 4072 [ 7B53584D94E9D8716B2DE91D5F1CB42D ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
    22:58:56.0417 4072 Cdrom - ok
    22:58:56.0417 4072 Changer - ok
    22:58:56.0464 4072 [ 3192BD04D032A9C4A85A3278C268A13A ] CiSvc C:\WINDOWS\system32\cisvc.exe
    22:58:56.0480 4072 CiSvc - ok
    22:58:56.0527 4072 [ C8DEC22C4137D7A90F8BDF41CA4B82AE ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
    22:58:56.0542 4072 ClipSrv - ok
    22:58:56.0589 4072 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    22:58:56.0605 4072 clr_optimization_v2.0.50727_32 - ok
    22:58:56.0605 4072 CmdIde - ok
    22:58:56.0620 4072 COMSysApp - ok
    22:58:56.0620 4072 Cpqarray - ok
    22:58:56.0667 4072 [ 87F3E2D2A3231F820F9248DB90090F42 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
    22:58:56.0683 4072 CryptSvc - ok
    22:58:56.0683 4072 dac2w2k - ok
    22:58:56.0699 4072 dac960nt - ok
    22:58:56.0745 4072 [ 348F04E3582EF2467EE5379D67B99FD7 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
    22:58:56.0777 4072 DcomLaunch - ok
    22:58:56.0824 4072 [ 3F15A1DBD86F7BDAF404648282D11ECE ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
    22:58:56.0855 4072 Dhcp - ok
    22:58:56.0902 4072 [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
    22:58:56.0902 4072 Disk - ok
    22:58:56.0917 4072 dmadmin - ok
    22:58:56.0980 4072 [ C0FBB516E06E243F0CF31F597E7EBF7D ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
    22:58:57.0011 4072 dmboot - ok
    22:58:57.0042 4072 [ F5E7B358A732D09F4BCF2824B88B9E28 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
    22:58:57.0074 4072 dmio - ok
    22:58:57.0120 4072 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
    22:58:57.0120 4072 dmload - ok
    22:58:57.0167 4072 [ 1639D9964C9E1B2ECCA95C8217D3E70D ] dmserver C:\WINDOWS\System32\dmserver.dll
    22:58:57.0183 4072 dmserver - ok
    22:58:57.0245 4072 [ A6F881284AC1150E37D9AE47FF601267 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
    22:58:57.0245 4072 DMusic - ok
    22:58:57.0292 4072 [ 7379DE06FD196E396A00AA97B990C00D ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
    22:58:57.0308 4072 Dnscache - ok
    22:58:57.0324 4072 dpti2o - ok
    22:58:57.0324 4072 [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
    22:58:57.0324 4072 drmkaud - ok
    22:58:57.0386 4072 [ 67DFF7BBBD0E80AAB7B3CF061448DB8A ] ERSvc C:\WINDOWS\System32\ersvc.dll
    22:58:57.0402 4072 ERSvc - ok
    22:58:57.0449 4072 [ C6CE6EEC82F187615D1002BB3BB50ED4 ] Eventlog C:\WINDOWS\system32\services.exe
    22:58:57.0480 4072 Eventlog - ok
    22:58:57.0495 4072 [ 3D9418CF112A11ADC45E2A0C0A44DF47 ] EventSystem C:\WINDOWS\system32\es.dll
    22:58:57.0511 4072 EventSystem - ok
    22:58:57.0558 4072 [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
    22:58:57.0574 4072 Fastfat - ok
    22:58:57.0636 4072 [ 53D9184A21C5CBF600D918E51EF3A7E5 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
    22:58:57.0652 4072 FastUserSwitchingCompatibility - ok
    22:58:57.0667 4072 [ CED2E8396A8838E59D8FD529C680E02C ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
    22:58:57.0667 4072 Fdc - ok
    22:58:57.0714 4072 [ E153AB8A11DE5452BCF5AC7652DBF3ED ] Fips C:\WINDOWS\system32\drivers\Fips.sys
    22:58:57.0730 4072 Fips - ok
    22:58:57.0839 4072 [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    22:58:57.0855 4072 FLEXnet Licensing Service - ok
    22:58:57.0902 4072 [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
    22:58:57.0902 4072 Flpydisk - ok
    22:58:57.0964 4072 [ 6CC5181F718820861EEADAE38F764B75 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
    22:58:57.0980 4072 FltMgr - ok
    22:58:58.0027 4072 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
    22:58:58.0027 4072 Fs_Rec - ok
    22:58:58.0089 4072 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    22:58:58.0105 4072 Ftdisk - ok
    22:58:58.0152 4072 [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
    22:58:58.0167 4072 Gpc - ok
    22:58:58.0230 4072 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    22:58:58.0245 4072 gusvc - ok
    22:58:58.0292 4072 [ 3FCC124B6E08EE0E9351F717DD136939 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    22:58:58.0292 4072 HDAudBus - ok
    22:58:58.0402 4072 [ 8827911A8C37E40C027CBFC88E69D967 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
    22:58:58.0417 4072 helpsvc - ok
    22:58:58.0480 4072 [ 9376E6893E52B368ABC6255BF54F0B28 ] HidServ C:\WINDOWS\System32\hidserv.dll
    22:58:58.0495 4072 HidServ - ok
    22:58:58.0511 4072 [ 1DE6783B918F540149AA69943BDFEBA8 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
    22:58:58.0511 4072 hidusb - ok
    22:58:58.0511 4072 hpn - ok
    22:58:58.0558 4072 [ 30CA91E657CEDE2F95359D6EF186F650 ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
    22:58:58.0558 4072 HPZid412 - ok
    22:58:58.0605 4072 [ EFD31AFA752AA7C7BBB57BCBE2B01C78 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
    22:58:58.0605 4072 HPZipr12 - ok
    22:58:58.0652 4072 [ 7AC43C38CA8FD7ED0B0A4466F753E06E ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
    22:58:58.0667 4072 HPZius12 - ok
    22:58:58.0714 4072 [ CA9A02A72CC7CBDA40AFB457AEA77D2E ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
    22:58:58.0730 4072 HTTP - ok
    22:58:58.0777 4072 [ 064D8581ADF77C25133E7D751D917D83 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
    22:58:58.0792 4072 HTTPFilter - ok
    22:58:58.0808 4072 i2omgmt - ok
    22:58:58.0808 4072 i2omp - ok
    22:58:58.0839 4072 [ 5502B58EEF7486EE6F93F3F164DCB808 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    22:58:58.0839 4072 i8042prt - ok
    22:58:58.0902 4072 [ 12C59B8929121ACE2F55ACC86682CF12 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
    22:58:58.0902 4072 Imapi - ok
    22:58:58.0917 4072 [ FA788520BCAC0F5D9D5CDE5615C0D931 ] ImapiService C:\WINDOWS\system32\imapi.exe
    22:58:58.0933 4072 ImapiService - ok
    22:58:58.0933 4072 ini910u - ok
    22:58:59.0074 4072 [ 3000E98F519CF6FDA669BAE8E47F7B4F ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
    22:58:59.0105 4072 IntcAzAudAddService - ok
    22:58:59.0105 4072 IntelIde - ok
    22:58:59.0152 4072 [ 4448006B6BC60E6C027932CFC38D6855 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
    22:58:59.0152 4072 Ip6Fw - ok
    22:58:59.0199 4072 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    22:58:59.0199 4072 IpFilterDriver - ok
    22:58:59.0245 4072 [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
    22:58:59.0261 4072 IpInIp - ok
    22:58:59.0277 4072 [ 472C75F85E631F8AA87D21C9FEE6238D ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
    22:58:59.0292 4072 IpNat - ok
    22:58:59.0339 4072 [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
    22:58:59.0355 4072 IPSec - ok
    22:58:59.0402 4072 [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
    22:58:59.0402 4072 IRENUM - ok
    22:58:59.0417 4072 [ E504F706CCB699C2596E9A3DA1596E87 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
    22:58:59.0417 4072 isapnp - ok
    22:58:59.0574 4072 [ 0A5709543986843D37A92290B7838340 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
    22:58:59.0605 4072 JavaQuickStarterService - ok
    22:58:59.0652 4072 [ EBDEE8A2EE5393890A1ACEE971C4C246 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    22:58:59.0652 4072 Kbdclass - ok
    22:58:59.0652 4072 [ E182FA8E49E8EE41B4ADC53093F3C7E6 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    22:58:59.0652 4072 kbdhid - ok
    22:58:59.0683 4072 [ 8531438246CE9474E41EE1599904C0C7 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
    22:58:59.0683 4072 kmixer - ok
    22:58:59.0730 4072 [ EB7FFE87FD367EA8FCA0506F74A87FBB ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
    22:58:59.0745 4072 KSecDD - ok
    22:58:59.0792 4072 [ 76B15AC51A74BE936EA86EA6E08817CF ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
    22:58:59.0808 4072 lanmanserver - ok
    22:58:59.0855 4072 [ 2299B1933CD9207630A00676E390F32F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
    22:58:59.0886 4072 lanmanworkstation - ok
    22:58:59.0886 4072 lbrtfdc - ok
    22:58:59.0995 4072 [ 6E5DAC168D1FF9843E84A59D51D31107 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    22:59:00.0011 4072 LightScribeService - ok
    22:59:00.0058 4072 [ B3EFF6D938C572E90A07B3D87A3C7657 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
    22:59:00.0074 4072 LmHosts - ok
    22:59:00.0089 4072 [ 95FD808E4AC22ABA025A7B3EAC0375D2 ] Messenger C:\WINDOWS\System32\msgsvc.dll
    22:59:00.0105 4072 Messenger - ok
    22:59:00.0152 4072 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
    22:59:00.0152 4072 mnmdd - ok
    22:59:00.0199 4072 [ F6415361201915B9FE3896B0E4E724FF ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
    22:59:00.0214 4072 mnmsrvc - ok
    22:59:00.0261 4072 [ 6FC6F9D7ACC36DCA9B914565A3AEDA05 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
    22:59:00.0261 4072 Modem - ok
    22:59:00.0277 4072 [ 34E1F0031153E491910E12551400192C ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
    22:59:00.0277 4072 Mouclass - ok
    22:59:00.0339 4072 [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
    22:59:00.0339 4072 MountMgr - ok
    22:59:00.0402 4072 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    22:59:00.0417 4072 MozillaMaintenance - ok
    22:59:00.0417 4072 mraid35x - ok
    22:59:00.0464 4072 [ 46EDCC8F2DB2F322C24F48785CB46366 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    22:59:00.0480 4072 MRxDAV - ok
    22:59:00.0495 4072 [ 321FE492903D8A07F79B7099D71FF578 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    22:59:00.0527 4072 MRxSmb - ok
    22:59:00.0574 4072 [ C7C3D89EB0A6F3DBA622EA737FA335B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
    22:59:00.0589 4072 MSDTC - ok
    22:59:00.0636 4072 [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
    22:59:00.0636 4072 Msfs - ok
    22:59:00.0636 4072 MSIServer - ok
    22:59:00.0683 4072 [ AE431A8DD3C1D0D0610CDBAC16057AD0 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
    22:59:00.0683 4072 MSKSSRV - ok
    22:59:00.0699 4072 [ 13E75FEF9DFEB08EEDED9D0246E1F448 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    22:59:00.0714 4072 MSPCLOCK - ok
    22:59:00.0714 4072 [ 1988A33FF19242576C3D0EF9CE785DA7 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
    22:59:00.0714 4072 MSPQM - ok
    22:59:00.0761 4072 [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    22:59:00.0761 4072 mssmbios - ok
    22:59:00.0824 4072 [ A1DD45CDCD2BF8C57A9A0493C09B00B3 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
    22:59:00.0839 4072 Mup - ok
    22:59:01.0011 4072 [ 0D01287D85B3715FA8270E8EC919B7F7 ] NBService C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    22:59:01.0042 4072 NBService - ok
    22:59:01.0089 4072 [ 558635D3AF1C7546D26067D5D9B6959E ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
    22:59:01.0120 4072 NDIS - ok
    22:59:01.0261 4072 [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    22:59:01.0261 4072 NdisTapi - ok
    22:59:01.0308 4072 [ 77D9BF86B912104C229D4F0D25BE3C12 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    22:59:01.0308 4072 Ndisuio - ok
    22:59:01.0324 4072 [ 0B90E255A9490166AB368CD55A529893 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    22:59:01.0339 4072 NdisWan - ok
    22:59:01.0402 4072 [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
    22:59:01.0402 4072 NDProxy - ok
    22:59:01.0449 4072 [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
    22:59:01.0449 4072 NetBIOS - ok
    22:59:01.0464 4072 [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
    22:59:01.0495 4072 NetBT - ok
    22:59:01.0542 4072 [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDE C:\WINDOWS\system32\netdde.exe
    22:59:01.0558 4072 NetDDE - ok
    22:59:01.0574 4072 [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
    22:59:01.0574 4072 NetDDEdsdm - ok
    22:59:01.0605 4072 [ 84885F9B82F4D55C6146EBF6065D75D2 ] Netlogon C:\WINDOWS\system32\lsass.exe
    22:59:01.0636 4072 Netlogon - ok
    22:59:01.0683 4072 [ 3516D8A18B36784B1005B950B84232E1 ] Netman C:\WINDOWS\System32\netman.dll
    22:59:01.0699 4072 Netman - ok
    22:59:01.0745 4072 [ 5C5C53DB4FEF16CF87B9911C7E8C6FBC ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
    22:59:01.0745 4072 NIC1394 - ok
    22:59:01.0808 4072 [ 4E74AF063C3271FBEA20DD940CFD1184 ] Nla C:\WINDOWS\System32\mswsock.dll
    22:59:01.0824 4072 Nla - ok
    22:59:01.0995 4072 [ C4EBBBD7165BE535F0BFD06B80601D91 ] NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    22:59:02.0011 4072 NMIndexingService - ok
    22:59:02.0058 4072 [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
    22:59:02.0058 4072 Npfs - ok
    22:59:02.0136 4072 [ 52723E766051AC8F0B70491AD91F0079 ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
    22:59:02.0152 4072 Ntfs - ok
    22:59:02.0167 4072 [ 84885F9B82F4D55C6146EBF6065D75D2 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
    22:59:02.0167 4072 NtLmSsp - ok
    22:59:02.0230 4072 [ B62F29C00AC55A761B2E45877D85EA0F ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
    22:59:02.0245 4072 NtmsSvc - ok
    22:59:02.0292 4072 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
    22:59:02.0292 4072 Null - ok
    22:59:02.0417 4072 [ B19C2AAE0922072FF4A467F2A37620AD ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    22:59:02.0511 4072 nv - ok
    22:59:02.0558 4072 [ 9ECCD189A9554C30A0D18A429778C7BA ] nvata C:\WINDOWS\system32\DRIVERS\nvata.sys
    22:59:02.0574 4072 nvata - ok
    22:59:02.0636 4072 [ 9F40402087B6D4A428571DD6CA83AC1E ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
    22:59:02.0652 4072 NVSvc - ok
    22:59:02.0699 4072 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    22:59:02.0699 4072 NwlnkFlt - ok
    22:59:02.0714 4072 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    22:59:02.0714 4072 NwlnkFwd - ok
    22:59:02.0777 4072 [ FC128C3D7D5AD30A13742DC3737B9DF7 ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    22:59:02.0777 4072 ohci1394 - ok
    22:59:02.0839 4072 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    22:59:02.0855 4072 ose - ok
    22:59:02.0902 4072 [ 29744EB4CE659DFE3B4122DEB45BC478 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
    22:59:02.0917 4072 Parport - ok
    22:59:02.0964 4072 [ 1628710C352BD79ABEBA234356E2B586 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
    22:59:02.0964 4072 PartMgr - ok
    22:59:02.0980 4072 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
    22:59:02.0980 4072 ParVdm - ok
    22:59:03.0042 4072 [ 8086D9979234B603AD5BC2F5D890B234 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
    22:59:03.0042 4072 PCI - ok
    22:59:03.0042 4072 PCIDump - ok
    22:59:03.0089 4072 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
    22:59:03.0089 4072 PCIIde - ok
    22:59:03.0105 4072 [ 82A087207DECEC8456FBE8537947D579 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
    22:59:03.0120 4072 Pcmcia - ok
    22:59:03.0136 4072 PDCOMP - ok
    22:59:03.0136 4072 PDFRAME - ok
    22:59:03.0136 4072 PDRELI - ok
    22:59:03.0152 4072 PDRFRAME - ok
    22:59:03.0152 4072 perc2 - ok
    22:59:03.0167 4072 perc2hib - ok
    22:59:03.0199 4072 [ C6CE6EEC82F187615D1002BB3BB50ED4 ] PlugPlay C:\WINDOWS\system32\services.exe
    22:59:03.0199 4072 PlugPlay - ok
    22:59:03.0245 4072 [ D31F88C5F19EEFA366A415D6BC5F2ABC ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
    22:59:03.0245 4072 Pml Driver HPZ12 - ok
    22:59:03.0261 4072 [ 84885F9B82F4D55C6146EBF6065D75D2 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
    22:59:03.0277 4072 PolicyAgent - ok
    22:59:03.0308 4072 [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
    22:59:03.0324 4072 PptpMiniport - ok
    22:59:03.0370 4072 [ 9E372A156F92425A1904B84589093A37 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
    22:59:03.0370 4072 Processor - ok
    22:59:03.0386 4072 [ 84885F9B82F4D55C6146EBF6065D75D2 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
    22:59:03.0386 4072 ProtectedStorage - ok
    22:59:03.0433 4072 [ 48671F327553DCF1D27F6197F622A668 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
    22:59:03.0433 4072 PSched - ok
    22:59:03.0480 4072 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
    22:59:03.0480 4072 Ptilink - ok
    22:59:03.0527 4072 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
    22:59:03.0527 4072 PxHelp20 - ok
    22:59:03.0542 4072 ql1080 - ok
    22:59:03.0542 4072 Ql10wnt - ok
    22:59:03.0542 4072 ql12160 - ok
    22:59:03.0558 4072 ql1240 - ok
    22:59:03.0558 4072 ql1280 - ok
    22:59:03.0589 4072 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
    22:59:03.0589 4072 RasAcd - ok
    22:59:03.0652 4072 [ 44DB7A9BDD2FB58747D123FBF1D35ADB ] RasAuto C:\WINDOWS\System32\rasauto.dll
    22:59:03.0667 4072 RasAuto - ok
    22:59:03.0699 4072 [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    22:59:03.0699 4072 Rasl2tp - ok
    22:59:03.0745 4072 [ ED5E89DEDB0111E2869CB37D62B46C7A ] RasMan C:\WINDOWS\System32\rasmans.dll
    22:59:03.0761 4072 RasMan - ok
    22:59:03.0777 4072 [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    22:59:03.0777 4072 RasPppoe - ok
    22:59:03.0824 4072 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
    22:59:03.0824 4072 Raspti - ok
    22:59:03.0886 4072 [ B48441A6DC703EE4C36DB14EE51A189C ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
    22:59:03.0886 4072 Rdbss - ok
    22:59:03.0949 4072 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    22:59:03.0949 4072 RDPCDD - ok
    22:59:03.0995 4072 [ A2CAE2C60BC37E0751EF9DDA7CEAF4AD ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    22:59:04.0027 4072 rdpdr - ok
    22:59:04.0058 4072 [ 047BEA21274C8A4A233674A76C958C2C ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
    22:59:04.0089 4072 RDPWD - ok
    22:59:04.0136 4072 [ 729798E0933076B8FCFCD9934698F164 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
    22:59:04.0152 4072 RDSessMgr - ok
    22:59:04.0199 4072 [ B31B4588E4086D8D84ADBF9845C2402B ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
    22:59:04.0199 4072 redbook - ok
    22:59:04.0245 4072 [ 3046DB917E3CFA040632799DD9B14865 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
    22:59:04.0261 4072 RemoteAccess - ok
    22:59:04.0308 4072 [ 3151427DB7D87107D1C5BE58FAC53960 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
    22:59:04.0324 4072 RemoteRegistry - ok
    22:59:04.0402 4072 [ 793F04A09B15E7C6C11DBDFFAF06C0AB ] RpcLocator C:\WINDOWS\system32\locator.exe
    22:59:04.0417 4072 RpcLocator - ok
    22:59:04.0449 4072 [ 348F04E3582EF2467EE5379D67B99FD7 ] RpcSs C:\WINDOWS\system32\rpcss.dll
    22:59:04.0449 4072 RpcSs - ok
    22:59:04.0495 4072 [ 0E11B35E972796042044BC27CE13B065 ] rspndr C:\WINDOWS\system32\DRIVERS\rspndr.sys
    22:59:04.0495 4072 rspndr - ok
    22:59:04.0558 4072 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
    22:59:04.0574 4072 RSVP - ok
    22:59:04.0589 4072 [ 84885F9B82F4D55C6146EBF6065D75D2 ] SamSs C:\WINDOWS\system32\lsass.exe
    22:59:04.0589 4072 SamSs - ok
    22:59:04.0636 4072 [ 25D8DE134DF108E3DBC8D7D23B1AA58E ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
    22:59:04.0652 4072 SCardSvr - ok
    22:59:04.0699 4072 [ 92360854316611F6CC471612213C3D92 ] Schedule C:\WINDOWS\system32\schedsvc.dll
    22:59:04.0714 4072 Schedule - ok
    22:59:04.0730 4072 [ 7570380037993520842C2868121A01F9 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
    22:59:04.0745 4072 Secdrv - ok
    22:59:04.0792 4072 [ B1E0CE09895376871746F36DC5773B4F ] seclogon C:\WINDOWS\System32\seclogon.dll
    22:59:04.0808 4072 seclogon - ok
    22:59:04.0870 4072 [ DFD9870CF39C791D86C4C209DA9FA919 ] SENS C:\WINDOWS\system32\sens.dll
    22:59:04.0886 4072 SENS - ok
    22:59:04.0902 4072 [ A2D868AEEFF612E70E213C451A70CAFB ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
    22:59:04.0902 4072 serenum - ok
    22:59:04.0917 4072 [ CD9404D115A00D249F70A371B46D5A26 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
    22:59:04.0917 4072 Serial - ok
    22:59:04.0964 4072 [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
    22:59:04.0964 4072 Sfloppy - ok
    22:59:05.0027 4072 [ 36CC8C01B5E50163037BEF56CB96DEFF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
    22:59:05.0042 4072 SharedAccess - ok
    22:59:05.0058 4072 [ 53D9184A21C5CBF600D918E51EF3A7E5 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
    22:59:05.0058 4072 ShellHWDetection - ok
    22:59:05.0058 4072 Simbad - ok
    22:59:05.0292 4072 [ 753D254205E0A62100A050BD8B458D06 ] Skype C2C Service C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    22:59:05.0370 4072 Skype C2C Service - ok
    22:59:05.0417 4072 [ EA396139541706B4B433641D62EA53CE ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
    22:59:05.0433 4072 SkypeUpdate - ok
    22:59:05.0480 4072 [ 384EED327E9A5BF93C91E8D00D694DF5 ] slnt C:\WINDOWS\system32\DRIVERS\slnt.sys
    22:59:05.0480 4072 slnt - ok
    22:59:05.0480 4072 Sparrow - ok
    22:59:05.0527 4072 [ 9BB1DD670CB7505A90FC4E61D4AA8227 ] splitter C:\WINDOWS\system32\drivers\splitter.sys
    22:59:05.0527 4072 splitter - ok
    22:59:05.0574 4072 [ AD3D9D191AEA7B5445FE1D82FFBB4788 ] Spooler C:\WINDOWS\system32\spoolsv.exe
    22:59:05.0652 4072 Spooler - ok
    22:59:05.0761 4072 [ 0022CFFF1A41E5CE3A764050A7DDF22A ] sptd C:\WINDOWS\System32\Drivers\sptd.sys
    22:59:05.0792 4072 sptd - ok
    22:59:05.0839 4072 [ E41B6D037D6CD08461470AF04500DC24 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
    22:59:05.0855 4072 sr - ok
    22:59:05.0886 4072 [ 92BDF74F12D6CBEC43C94D4B7F804838 ] srservice C:\WINDOWS\system32\srsvc.dll
    22:59:05.0902 4072 srservice - ok
    22:59:05.0949 4072 [ 5230953C21C811B5FC1FF31AE2B48097 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
    22:59:05.0980 4072 Srv - ok
    22:59:06.0027 4072 [ 4B8D61792F7175BED48859CC18CE4E38 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
    22:59:06.0042 4072 SSDPSRV - ok
    22:59:06.0105 4072 [ D9F097AA3B97034D3358A01B43E635B2 ] stisvc C:\WINDOWS\system32\wiaservc.dll
    22:59:06.0120 4072 stisvc - ok
    22:59:06.0183 4072 [ 03C1BAE4766E2450219D20B993D6E046 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
    22:59:06.0183 4072 swenum - ok
    22:59:06.0183 4072 [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
    22:59:06.0199 4072 swmidi - ok
    22:59:06.0199 4072 SwPrv - ok
    22:59:06.0199 4072 symc810 - ok
    22:59:06.0214 4072 symc8xx - ok
    22:59:06.0214 4072 sym_hi - ok
    22:59:06.0214 4072 sym_u3 - ok
    22:59:06.0245 4072 [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
    22:59:06.0245 4072 sysaudio - ok
    22:59:06.0308 4072 [ 8B54AA346D1B1B113FFAA75501B8B1B2 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
    22:59:06.0324 4072 SysmonLog - ok
    22:59:06.0370 4072 [ 1418A3A6E76E5A2E3F5E43866E793A8B ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
    22:59:06.0402 4072 TapiSrv - ok
    22:59:06.0449 4072 [ E6B15BCC470953E600EF7ADED3CAB142 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
    22:59:06.0464 4072 Tcpip - ok
    22:59:06.0480 4072 [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
    22:59:06.0480 4072 TDPIPE - ok
    22:59:06.0495 4072 [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
    22:59:06.0511 4072 TDTCP - ok
    22:59:06.0511 4072 [ A540A99C281D933F3D69D55E48727F47 ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
    22:59:06.0511 4072 TermDD - ok
    22:59:06.0714 4072 [ C33E6F5FD9209F4543B5C0D37CEB742C ] TermService C:\WINDOWS\System32\termsrv.dll
    22:59:06.0730 4072 TermService - ok
    22:59:06.0745 4072 [ 53D9184A21C5CBF600D918E51EF3A7E5 ] Themes C:\WINDOWS\System32\shsvcs.dll
    22:59:06.0761 4072 Themes - ok
    22:59:06.0792 4072 [ 37DB0A7D097310E8B4DE803FC3119C78 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
    22:59:06.0808 4072 TlntSvr - ok
    22:59:06.0808 4072 TosIde - ok
    22:59:06.0870 4072 [ 6D9AC544B30F96C57F8206566C1FB6A1 ] TrkWks C:\WINDOWS\system32\trkwks.dll
    22:59:06.0886 4072 TrkWks - ok
    22:59:06.0933 4072 [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
    22:59:06.0933 4072 Udfs - ok
    22:59:06.0949 4072 ultra - ok
    22:59:06.0995 4072 [ 1F03139B77B21C6D84C688798808BC28 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
    22:59:07.0011 4072 Update - ok
    22:59:07.0058 4072 [ 36ACA6CDC19C95FF468A1426EB7F32F0 ] upnphost C:\WINDOWS\System32\upnphost.dll
    22:59:07.0074 4072 upnphost - ok
    22:59:07.0120 4072 [ 3F5DF65B0758675F95A2D43918A740A3 ] UPS C:\WINDOWS\System32\ups.exe
    22:59:07.0136 4072 UPS - ok
    22:59:07.0167 4072 [ BFFD9F120CC63BCBAA3D840F3EEF9F79 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    22:59:07.0167 4072 usbccgp - ok
    22:59:07.0183 4072 [ 4A84DD272DF62BE5739394B3F90F8AE2 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
    22:59:07.0183 4072 usbehci - ok
    22:59:07.0199 4072 [ DB53E336C44CB0975D7DCB35BAC0ECDA ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
    22:59:07.0199 4072 usbhub - ok
    22:59:07.0245 4072 [ 9E36A32190CB43DE871FBBD7B13ACD09 ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
    22:59:07.0245 4072 usbohci - ok
    22:59:07.0292 4072 [ A42369B7CD8886CD7C70F33DA6FCBCF5 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
    22:59:07.0292 4072 usbprint - ok
    22:59:07.0339 4072 [ A6BC71402F4F7DD5B77FD7F4A8DDBA85 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
    22:59:07.0339 4072 usbscan - ok
    22:59:07.0355 4072 [ 6CD7B22193718F1D17A47A1CD6D37E75 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    22:59:07.0355 4072 usbstor - ok
    22:59:07.0433 4072 [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
    22:59:07.0433 4072 VgaSave - ok
    22:59:07.0449 4072 ViaIde - ok
    22:59:07.0480 4072 [ EE4660083DEBA849FF6C485D944B379B ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
    22:59:07.0480 4072 VolSnap - ok
    22:59:07.0511 4072 [ 3EE00364AE0FD8D604F46CBAF512838A ] VSS C:\WINDOWS\System32\vssvc.exe
    22:59:07.0527 4072 VSS - ok
    22:59:07.0542 4072 [ 2B281958F5D0CF99ED626E3EF39D5C8D ] W32Time C:\WINDOWS\system32\w32time.dll
    22:59:07.0558 4072 W32Time - ok
    22:59:07.0620 4072 [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
    22:59:07.0620 4072 Wanarp - ok
    22:59:07.0620 4072 WDICA - ok
    22:59:07.0652 4072 [ 0BFA8203B8148FB4E54BC212C41CE497 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
    22:59:07.0667 4072 wdmaud - ok
    22:59:07.0714 4072 [ 346E7D636ADFE4E3B1B32AF8326220FF ] WebClient C:\WINDOWS\System32\webclnt.dll
    22:59:07.0745 4072 WebClient - ok
    22:59:07.0839 4072 [ F399242A80C4066FD155EFA4CF96658E ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
    22:59:07.0855 4072 winmgmt - ok
    22:59:07.0917 4072 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
    22:59:07.0933 4072 WmdmPmSN - ok
    22:59:07.0995 4072 [ 1AFF244CA134956C54474F4E2433E4CE ] Wmi C:\WINDOWS\System32\advapi32.dll
    22:59:08.0011 4072 Wmi - ok
    22:59:08.0058 4072 [ BA8CECC3E813E1F7C441B20393D4F86C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
    22:59:08.0089 4072 WmiApSrv - ok
    22:59:08.0199 4072 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
    22:59:08.0230 4072 WMPNetworkSvc - ok
    22:59:08.0292 4072 [ 478995B4555958E52388496618D9C678 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
    22:59:08.0308 4072 wscsvc - ok
    22:59:08.0370 4072 [ D29AD7484B98279ED21877DE051A180F ] wuauserv C:\WINDOWS\system32\wuauserv.dll
    22:59:08.0370 4072 wuauserv - ok
    22:59:08.0417 4072 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    22:59:08.0433 4072 WudfPf - ok
    22:59:08.0433 4072 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    22:59:08.0449 4072 WudfRd - ok
    22:59:08.0495 4072 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
    22:59:08.0511 4072 WudfSvc - ok
    22:59:08.0574 4072 [ B1F190A2BF52B8F4601C677F475CE5E5 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
    22:59:08.0589 4072 WZCSVC - ok
    22:59:08.0636 4072 [ EEF46DAB68229A14DA3D8E73C99E2959 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
    22:59:08.0652 4072 xmlprov - ok
    22:59:08.0699 4072 [ 175E7DBC9DB42113DECDEB566CC4C098 ] yukonwxp C:\WINDOWS\system32\DRIVERS\yk51x86.sys
    22:59:08.0699 4072 yukonwxp - ok
    22:59:08.0714 4072 ================ Scan global ===============================
    22:59:08.0761 4072 [ 00EF9C3AF83EDBAF18CA7A2837750117 ] C:\WINDOWS\system32\basesrv.dll
    22:59:08.0839 4072 [ 3E958EBBE7DA5691E8B08429A7EDB44B ] C:\WINDOWS\system32\winsrv.dll
    22:59:08.0870 4072 [ 3E958EBBE7DA5691E8B08429A7EDB44B ] C:\WINDOWS\system32\winsrv.dll
    22:59:08.0886 4072 [ C6CE6EEC82F187615D1002BB3BB50ED4 ] C:\WINDOWS\system32\services.exe
    22:59:08.0886 4072 [Global] - ok
    22:59:08.0886 4072 ================ Scan MBR ==================================
    22:59:08.0917 4072 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
    22:59:09.0417 4072 \Device\Harddisk0\DR0 - ok
    22:59:09.0417 4072 ================ Scan VBR ==================================
    22:59:09.0433 4072 [ B13B680B6ABF9E9DC5ECAE743A214828 ] \Device\Harddisk0\DR0\Partition1
    22:59:09.0464 4072 \Device\Harddisk0\DR0\Partition1 - ok
    22:59:09.0480 4072 [ 2902F46A656EB6254FA8B037D2BB541F ] \Device\Harddisk0\DR0\Partition2
    22:59:09.0527 4072 \Device\Harddisk0\DR0\Partition2 - ok
    22:59:09.0527 4072 ============================================================
    22:59:09.0527 4072 Scan finished
    22:59:09.0527 4072 ============================================================
    22:59:09.0527 1876 Detected object count: 0
    22:59:09.0527 1876 Actual detected object count: 0



    RogueKiller V8.1.1 [10/03/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows XP (5.1.2600 Service Pack 2) 32 bits version
    Started in : Normal mode
    User : Administrator [Admin rights]
    Mode : Scan -- Date : 10/07/2012 23:03:19

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 2 ¤¤¤
    [HJ] HKLM\[...]\SystemRestore : DisableSR (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [LOADED] ¤¤¤
    IRP[DriverStartIo] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xBA5F77C6)

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\WINDOWS\system32\drivers\etc\hosts

    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: ST3160215ACE +++++
    --- User ---
    [MBR] 2fa9c6189ce352f02de3d64a1f8246e8
    [BSP] ad1ae0770717efc495dc7f07631897ef : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 20002 Mo
    1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 40965750 | Size: 132614 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[1].txt >>
    RKreport[1].txt


    RogueKiller V8.1.1 [10/03/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows XP (5.1.2600 Service Pack 2) 32 bits version
    Started in : Normal mode
    User : Administrator [Admin rights]
    Mode : Remove -- Date : 10/07/2012 23:03:38

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 2 ¤¤¤
    [HJ] HKLM\[...]\SystemRestore : DisableSR (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [LOADED] ¤¤¤
    IRP[DriverStartIo] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xBA5F77C6)

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\WINDOWS\system32\drivers\etc\hosts

    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: ST3160215ACE +++++
    --- User ---
    [MBR] 2fa9c6189ce352f02de3d64a1f8246e8
    [BSP] ad1ae0770717efc495dc7f07631897ef : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 20002 Mo
    1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 40965750 | Size: 132614 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[2].txt >>
    RKreport[1].txt ; RKreport[2].txt


    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-10-07 23:11:05
    -----------------------------
    23:11:05.652 OS Version: Windows 5.1.2600 Service Pack 2
    23:11:05.652 Number of processors: 2 586 0x4B02
    23:11:05.652 ComputerName: ACER-88C919EA93 UserName: Administrator
    23:11:06.308 Initialize success
    23:11:06.449 AVAST engine defs: 12100701
    23:11:22.761 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-c
    23:11:22.761 Disk 0 Vendor: ST3160215ACE 3.CKA Size: 152627MB BusType: 3
    23:11:22.777 Disk 0 MBR read successfully
    23:11:22.777 Disk 0 MBR scan
    23:11:22.777 Disk 0 Windows XP default MBR code
    23:11:22.777 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 20002 MB offset 63
    23:11:22.777 Disk 0 Partition - 00 0F Extended LBA 132614 MB offset 40965750
    23:11:22.792 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 132614 MB offset 40965813
    23:11:22.824 Disk 0 scanning sectors +312560640
    23:11:23.011 Disk 0 scanning C:\WINDOWS\system32\drivers
    23:11:36.886 Service scanning
    23:12:23.370 Modules scanning
    23:12:52.199 Disk 0 trace - called modules:
    23:12:52.214 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89bd71e8]<<
    23:12:52.214 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89b9cab8]
    23:12:52.214 3 CLASSPNP.SYS[ba8e8fcf] -> nt!IofCallDriver -> \Device\0000006a[0x89b4f3b8]
    23:12:52.214 5 ACPI.sys[ba664620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T1L0-c[0x89b8ed98]
    23:12:52.214 \Driver\atapi[0x89b708a8] -> IRP_MJ_CREATE -> 0x89bd71e8
    23:12:52.417 AVAST engine scan C:\WINDOWS
    23:12:58.324 AVAST engine scan C:\WINDOWS\system32
    23:16:18.964 AVAST engine scan C:\WINDOWS\system32\drivers
    23:16:38.886 AVAST engine scan C:\Documents and Settings\Administrator
    23:35:52.120 AVAST engine scan C:\Documents and Settings\All Users
    23:36:29.386 Scan finished successfully
    23:36:50.870 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
    23:36:50.870 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"
  6. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    Good :)

    Create new restore point before proceeding with the next step....
    How to:
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    ===================================

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If restarting doesn't help use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
  7. dzsuli

    dzsuli TS Rookie Topic Starter Posts: 21

    I have some questions...
    Should I disconnect from the internet manually?
    Can I delete the previous logs and programs that you asked for?
  8. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    No and no.
  9. dzsuli

    dzsuli TS Rookie Topic Starter Posts: 21

    Sorry for posting the log only now.
    ComboFix 12-10-14.03 - Administrator 14.10.2012 16:41:22.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1791.1085 [GMT 3:00]
    Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\TEMP
    c:\windows\pkunzip.pif
    c:\windows\pkzip.pif
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_NVSVC
    -------\Service_NVSvc
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-09-14 to 2012-10-14 )))))))))))))))))))))))))))))))
    .
    .
    2012-10-06 19:35 . 2012-10-06 19:35 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
    2012-10-06 19:35 . 2012-10-06 19:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2012-10-06 19:35 . 2012-10-06 19:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-10-06 19:35 . 2012-09-07 14:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-09-26 15:38 . 2012-09-26 15:38 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
    2012-09-15 17:41 . 2004-08-18 08:34 442368 ----a-r- c:\windows\system32\vp6vfw.dll
    2012-09-15 13:30 . 2012-09-15 13:30 -------- d-----w- c:\program files\DAEMON Tools Lite
    2012-09-15 13:17 . 2012-09-15 13:30 477240 ----a-w- c:\windows\system32\drivers\sptd.sys
    2012-09-15 13:17 . 2012-09-15 17:25 -------- d-----w- c:\documents and settings\Administrator\Application Data\DAEMON Tools Lite
    2012-09-15 13:11 . 2012-09-15 13:44 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
    2012-09-14 19:01 . 2012-09-15 12:38 -------- d-----w- c:\program files\Microsoft Silverlight
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-08-27 07:34 . 2012-03-31 05:40 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-08-27 07:34 . 2012-02-24 08:15 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-08-21 09:13 . 2012-02-24 08:19 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2012-08-21 09:13 . 2012-02-24 08:19 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2012-08-21 09:13 . 2012-02-24 08:19 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-08-21 09:13 . 2012-02-24 08:19 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2012-08-21 09:13 . 2012-02-24 08:19 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2012-08-21 09:13 . 2012-02-24 08:19 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2012-08-21 09:13 . 2012-02-24 08:19 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2012-08-21 09:13 . 2012-02-24 08:19 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2012-08-21 09:12 . 2012-02-24 08:19 41224 ----a-w- c:\windows\avastSS.scr
    2012-08-21 09:12 . 2012-02-24 08:19 227648 ----a-w- c:\windows\system32\aswBoot.exe
    2012-10-13 11:22 . 2012-10-13 11:21 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\drivers\atapi.sys
    [7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys
    .
    [7] 2004-08-03 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\asyncmac.sys
    [7] 2004-08-03 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\drivers\asyncmac.sys
    .
    [7] 2001-08-23 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
    [7] 2001-08-23 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys
    .
    [7] 2004-08-03 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\system32\drivers\kbdclass.sys
    .
    [7] 2004-08-03 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ndis.sys
    [7] 2004-08-03 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ndis.sys
    .
    [7] 2007-09-06 . 52723E766051AC8F0B70491AD91F0079 . 574976 . . [5.1.2600.3209] . . c:\windows\system32\dllcache\ntfs.sys
    [7] 2007-09-06 . 52723E766051AC8F0B70491AD91F0079 . 574976 . . [5.1.2600.3209] . . c:\windows\system32\drivers\ntfs.sys
    .
    [7] 2001-08-23 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys
    [7] 2001-08-23 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys
    .
    [7] 2007-12-31 . E6B15BCC470953E600EF7ADED3CAB142 . 360704 . . [5.1.2600.3002] . . c:\windows\system32\dllcache\tcpip.sys
    [7] 2007-12-31 . E6B15BCC470953E600EF7ADED3CAB142 . 360704 . . [5.1.2600.3002] . . c:\windows\system32\drivers\tcpip.sys
    .
    [7] 2007-12-31 . 39128B5A743545BAEDD3984C210F00A8 . 77824 . . [5.1.2600.2586] . . c:\windows\system32\browser.dll
    [7] 2007-12-31 . 39128B5A743545BAEDD3984C210F00A8 . 77824 . . [5.1.2600.2586] . . c:\windows\system32\dllcache\browser.dll
    .
    [7] 2004-08-03 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\system32\lsass.exe
    [7] 2004-08-03 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\lsass.exe
    .
    [7] 2007-12-31 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . c:\windows\system32\netman.dll
    [7] 2007-12-31 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . c:\windows\system32\dllcache\netman.dll
    .
    [7] 2004-08-03 22:56 . 6728270CB7DBB776ED086F5AC4C82310 . 792064 . . [2001.12.4414.258] . . c:\windows\system32\comres.dll
    [7] 2004-08-03 22:56 . 6728270CB7DBB776ED086F5AC4C82310 . 792064 . . [2001.12.4414.258] . . c:\windows\system32\dllcache\comres.dll
    .
    [7] 2007-12-31 . 17A0D43C80DB5348759C649835A78CFC . 408064 . . [6.7.2600.3143] . . c:\windows\system32\qmgr.dll
    [7] 2007-12-31 . 17A0D43C80DB5348759C649835A78CFC . 408064 . . [6.7.2600.3143] . . c:\windows\system32\dllcache\qmgr.dll
    .
    [7] 2007-12-31 . 348F04E3582EF2467EE5379D67B99FD7 . 399360 . . [5.1.2600.2948] . . c:\windows\system32\rpcss.dll
    [7] 2007-12-31 . 348F04E3582EF2467EE5379D67B99FD7 . 399360 . . [5.1.2600.2948] . . c:\windows\system32\dllcache\rpcss.dll
    .
    [7] 2004-08-03 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\windows\system32\services.exe
    [7] 2004-08-03 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\services.exe
    .
    [7] 2007-12-31 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\system32\spoolsv.exe
    [7] 2007-12-31 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\system32\dllcache\spoolsv.exe
    .
    [7] 2004-08-03 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
    [7] 2004-08-03 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\winlogon.exe
    .
    [7] 2007-12-31 . F3E9065EB617A7E3A832A7976BFA021B . 53080 . . [7.0.6000.381] . . c:\windows\system32\wuauclt.exe
    [7] 2007-12-31 . F3E9065EB617A7E3A832A7976BFA021B . 53080 . . [7.0.6000.381] . . c:\windows\system32\dllcache\wuauclt.exe
    .
    [7] 2004-08-03 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ipsec.sys
    [7] 2004-08-03 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ipsec.sys
    .
    [7] 2007-12-31 . C4E80875C1CF1222FC5EFD0314AE5C01 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
    [7] 2007-12-31 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
    [7] 2007-12-31 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
    [7] 2007-12-31 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
    .
    [7] 2007-12-31 . 87F3E2D2A3231F820F9248DB90090F42 . 62464 . . [5.1.2600.2845] . . c:\windows\system32\cryptsvc.dll
    [7] 2007-12-31 . 87F3E2D2A3231F820F9248DB90090F42 . 62464 . . [5.1.2600.2845] . . c:\windows\system32\dllcache\cryptsvc.dll
    .
    [7] 2007-12-31 08:26 . 3D9418CF112A11ADC45E2A0C0A44DF47 . 243200 . . [2001.12.4414.312] . . c:\windows\system32\es.dll
    [7] 2007-12-31 08:26 . 3D9418CF112A11ADC45E2A0C0A44DF47 . 243200 . . [2001.12.4414.312] . . c:\windows\system32\dllcache\es.dll
    .
    [7] 2004-08-03 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\system32\imm32.dll
    [7] 2004-08-03 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\imm32.dll
    .
    [7] 2007-12-31 . D65648DD6C8A0138414DB274BCD3ADC9 . 986112 . . [5.1.2600.3149] . . c:\windows\system32\kernel32.dll
    [7] 2007-12-31 . D65648DD6C8A0138414DB274BCD3ADC9 . 986112 . . [5.1.2600.3149] . . c:\windows\system32\dllcache\kernel32.dll
    .
    [7] 2007-12-31 . 212DEC5056523F8727C7B4E7E86782D5 . 19968 . . [5.1.2600.2839] . . c:\windows\system32\linkinfo.dll
    [7] 2007-12-31 . 212DEC5056523F8727C7B4E7E86782D5 . 19968 . . [5.1.2600.2839] . . c:\windows\system32\dllcache\linkinfo.dll
    .
    [7] 2004-08-03 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\system32\lpk.dll
    [7] 2004-08-03 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\lpk.dll
    .
    [7] 2007-12-31 . FD36A3FE387717AC0BD78FD5B230B945 . 3593728 . . [7.00.6000.20719] . . c:\windows\system32\mshtml.dll
    [7] 2007-12-31 . FD36A3FE387717AC0BD78FD5B230B945 . 3593728 . . [7.00.6000.20719] . . c:\windows\system32\dllcache\mshtml.dll
    .
    [7] 2007-12-31 . 4295F398C188D02DC7A5899EAC121914 . 343040 . . [7.0.2600.3085] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.3085_x-ww_e059201c\msvcrt.dll
    [7] 2007-12-31 . 154C00AE9C017C3650E33CE75116A312 . 343040 . . [7.0.2600.3085] . . c:\windows\system32\msvcrt.dll
    [7] 2007-12-31 . 154C00AE9C017C3650E33CE75116A312 . 343040 . . [7.0.2600.3085] . . c:\windows\system32\dllcache\msvcrt.dll
    [7] 2007-12-31 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
    .
    [7] 2004-08-03 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\windows\system32\mswsock.dll
    [7] 2004-08-03 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\mswsock.dll
    .
    [7] 2004-08-03 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\system32\netlogon.dll
    [7] 2004-08-03 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\netlogon.dll
    .
    [7] 2004-08-03 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\system32\powrprof.dll
    [7] 2004-08-03 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\powrprof.dll
    .
    [7] 2004-08-03 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\system32\scecli.dll
    [7] 2004-08-03 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\scecli.dll
    .
    [7] 2004-08-03 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\system32\sfc.dll
    [7] 2004-08-03 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\sfc.dll
    .
    [7] 2004-08-03 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\svchost.exe
    [7] 2004-08-03 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\svchost.exe
    .
    [7] 2007-12-31 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . c:\windows\system32\tapisrv.dll
    [7] 2007-12-31 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . c:\windows\system32\dllcache\tapisrv.dll
    .
    [7] 2007-12-31 . 7AA4F6C00405DFC4B70ED4214E7D687B . 578048 . . [5.1.2600.3099] . . c:\windows\system32\user32.dll
    [7] 2007-12-31 . 7AA4F6C00405DFC4B70ED4214E7D687B . 578048 . . [5.1.2600.3099] . . c:\windows\system32\dllcache\user32.dll
    .
    [7] 2004-08-03 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\system32\userinit.exe
    [7] 2004-08-03 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\userinit.exe
    .
    [7] 2007-12-31 . 0E5D918F87EFA7D2424D66B499C7EB04 . 825344 . . [7.00.6000.20696] . . c:\windows\system32\wininet.dll
    [7] 2007-12-31 . 0E5D918F87EFA7D2424D66B499C7EB04 . 825344 . . [7.00.6000.20696] . . c:\windows\system32\dllcache\wininet.dll
    .
    [7] 2004-08-03 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\system32\ws2_32.dll
    [7] 2004-08-03 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ws2_32.dll
    .
    [7] 2004-08-03 . 9BEACB911CA61E5881102188AB7FB431 . 19968 . . [5.1.2600.2180] . . c:\windows\system32\ws2help.dll
    [7] 2004-08-03 . 9BEACB911CA61E5881102188AB7FB431 . 19968 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ws2help.dll
    .
    [7] 2007-12-31 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\explorer.exe
    [7] 2007-12-31 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\system32\dllcache\explorer.exe
    .
    [7] 2004-08-03 . 783AFC80383C176B22DBF8333343992D . 146432 . . [5.1.2600.2180] . . c:\windows\regedit.exe
    [7] 2004-08-03 . 783AFC80383C176B22DBF8333343992D . 146432 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\regedit.exe
    .
    [7] 2007-12-31 . B044C6A4D1A8240085F61F2353BD2FE6 . 1286656 . . [5.1.2600.2948] . . c:\windows\system32\ole32.dll
    [7] 2007-12-31 . B044C6A4D1A8240085F61F2353BD2FE6 . 1286656 . . [5.1.2600.2948] . . c:\windows\system32\dllcache\ole32.dll
    .
    [7] 2007-12-31 . 6C5412581DD0EC50F47DCBE42ECEF834 . 406016 . . [1.0420.2600.3163] . . c:\windows\system32\usp10.dll
    [7] 2007-12-31 . 6C5412581DD0EC50F47DCBE42ECEF834 . 406016 . . [1.0420.2600.3163] . . c:\windows\system32\dllcache\usp10.dll
    .
    [7] 2004-08-03 . CBCD254547689BFF80C9F547B20911E9 . 4096 . . [5.3.2600.2180] . . c:\windows\system32\ksuser.dll
    [7] 2004-08-03 . CBCD254547689BFF80C9F547B20911E9 . 4096 . . [5.3.2600.2180] . . c:\windows\system32\dllcache\ksuser.dll
    .
    [7] 2004-08-03 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\system32\ctfmon.exe
    [7] 2004-08-03 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ctfmon.exe
    .
    [7] 2007-12-31 . 53D9184A21C5CBF600D918E51EF3A7E5 . 135168 . . [6.00.2900.3051] . . c:\windows\system32\shsvcs.dll
    [7] 2007-12-31 . 53D9184A21C5CBF600D918E51EF3A7E5 . 135168 . . [6.00.2900.3051] . . c:\windows\system32\dllcache\shsvcs.dll
    .
    [7] 2004-08-03 . B5331F2B6F37C66C29C847F3B94FF900 . 4608 . . [5.1.2600.2180] . . c:\windows\system32\msimg32.dll
    [7] 2004-08-03 . B5331F2B6F37C66C29C847F3B94FF900 . 4608 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\msimg32.dll
    .
    [7] 2004-08-03 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\system32\srsvc.dll
    [7] 2004-08-03 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\srsvc.dll
    .
    [7] 2004-08-03 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\system32\wscntfy.exe
    [7] 2004-08-03 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\wscntfy.exe
    .
    [7] 2004-08-03 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\system32\xmlprov.dll
    [7] 2004-08-03 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\xmlprov.dll
    .
    [7] 2004-08-03 . BB5CBFFC096497506167BCE1D9690EF2 . 708096 . . [5.1.2600.2180] . . c:\windows\system32\ntdll.dll
    [7] 2004-08-03 . BB5CBFFC096497506167BCE1D9690EF2 . 708096 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ntdll.dll
    .
    [7] 2004-08-03 . D87041EAA67ECA4394F6D5D09C0C2885 . 177152 . . [5.1.2600.2180] . . c:\windows\system32\MSCTFIME.IME
    [7] 2004-08-03 . D87041EAA67ECA4394F6D5D09C0C2885 . 177152 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\msctfime.ime
    .
    [7] 2007-12-31 . 56E7D7261A4BE548B784760896375D8A . 56320 . . [5.1.2600.3227] . . c:\windows\system32\eventlog.dll
    [7] 2007-12-31 . 56E7D7261A4BE548B784760896375D8A . 56320 . . [5.1.2600.3227] . . c:\windows\system32\dllcache\eventlog.dll
    .
    [-] 2010-06-28 . 0A874046BB7B547864811CFF0DD19724 . 1580544 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
    .
    [7] 2004-08-03 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ipsec.sys
    [7] 2004-08-03 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ipsec.sys
    .
    [7] 2004-08-03 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\system32\regsvc.dll
    [7] 2004-08-03 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\regsvc.dll
    .
    [7] 2004-08-03 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\system32\schedsvc.dll
    [7] 2004-08-03 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\schedsvc.dll
    .
    [7] 2004-08-03 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\system32\ssdpsrv.dll
    [7] 2004-08-03 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ssdpsrv.dll
    .
    [7] 2007-12-31 . C33E6F5FD9209F4543B5C0D37CEB742C . 295424 . . [5.1.2600.3251] . . c:\windows\system32\termsrv.dll
    [7] 2007-12-31 . C33E6F5FD9209F4543B5C0D37CEB742C . 295424 . . [5.1.2600.3251] . . c:\windows\system32\dllcache\termsrv.dll
    .
    [7] 2004-08-03 . 765B30C776A1780B46B479FE614F707C . 344064 . . [5.1.2600.2180] . . c:\windows\system32\hnetcfg.dll
    [7] 2004-08-03 . 765B30C776A1780B46B479FE614F707C . 344064 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\hnetcfg.dll
    .
    [7] 2004-08-03 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\windows\system32\appmgmts.dll
    [7] 2004-08-03 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\appmgmts.dll
    .
    [7] 2001-08-23 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys
    .
    [7] 2005-05-27 22:14 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\system32\dllcache\aec.sys
    [7] 2005-05-27 22:14 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\system32\drivers\aec.sys
    .
    [7] 2004-08-03 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ip6fw.sys
    [7] 2004-08-03 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ip6fw.sys
    .
    [7] 2007-12-31 08:27 . 925F8B61ED301A317BA850EBEECBDAA0 . 927504 . . [4.1.0.61] . . c:\windows\system32\mfc40u.dll
    [7] 2007-12-31 08:27 . 925F8B61ED301A317BA850EBEECBDAA0 . 927504 . . [4.1.0.61] . . c:\windows\system32\dllcache\mfc40u.dll
    .
    [7] 2004-08-03 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\system32\msgsvc.dll
    [7] 2004-08-03 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\msgsvc.dll
    .
    [7] 2007-12-31 08:38 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
    [7] 2007-12-31 08:38 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll
    .
    [7] 2007-12-31 . 65A682CBC9A82DB99257B77E325143A1 . 2020864 . . [5.1.2600.3181] . . c:\windows\system32\ntkrnlpa.exe
    .
    [7] 2004-08-03 22:56 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\system32\ntmssvc.dll
    [7] 2004-08-03 22:56 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\system32\dllcache\ntmssvc.dll
    .
    [7] 2007-12-31 . 36ACA6CDC19C95FF468A1426EB7F32F0 . 185344 . . [5.1.2600.3077] . . c:\windows\system32\upnphost.dll
    [7] 2007-12-31 . 36ACA6CDC19C95FF468A1426EB7F32F0 . 185344 . . [5.1.2600.3077] . . c:\windows\system32\dllcache\upnphost.dll
    .
    [7] 2004-08-03 . 55E148C01296696588EAFA425782C3E8 . 367616 . . [5.3.2600.2180] . . c:\windows\system32\dsound.dll
    [7] 2004-08-03 . 55E148C01296696588EAFA425782C3E8 . 367616 . . [5.3.2600.2180] . . c:\windows\system32\dllcache\dsound.dll
    .
    [7] 2004-08-03 . D67BDBBDA86CC9AEEBBAF3217C1717D8 . 1689088 . . [5.03.2600.2180] . . c:\windows\system32\d3d9.dll
    [7] 2004-08-03 . D67BDBBDA86CC9AEEBBAF3217C1717D8 . 1689088 . . [5.03.2600.2180] . . c:\windows\system32\dllcache\d3d9.dll
    .
    [7] 2004-08-03 . 7ED462F353B3D915A418A689FA881F96 . 266240 . . [5.03.2600.2180] . . c:\windows\system32\ddraw.dll
    [7] 2004-08-03 . 7ED462F353B3D915A418A689FA881F96 . 266240 . . [5.03.2600.2180] . . c:\windows\system32\dllcache\ddraw.dll
    .
    [7] 2004-08-03 22:56 . B48D3193DD1474DCBCC32BF4779AC698 . 83456 . . [5.1.2600.2180] . . c:\windows\system32\olepro32.dll
    [7] 2004-08-03 22:56 . B48D3193DD1474DCBCC32BF4779AC698 . 83456 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\olepro32.dll
    .
    [7] 2004-08-03 . 96492C721C6EA517E2BFD5381FEF55E3 . 39936 . . [5.1.2600.2180] . . c:\windows\system32\perfctrs.dll
    [7] 2004-08-03 . 96492C721C6EA517E2BFD5381FEF55E3 . 39936 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\perfctrs.dll
    .
    [7] 2004-08-03 . D38408967BE738D0C1B47005BCE8CEEB . 18944 . . [5.1.2600.2180] . . c:\windows\system32\version.dll
    [7] 2004-08-03 . D38408967BE738D0C1B47005BCE8CEEB . 18944 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\version.dll
    .
    [7] 2007-12-31 . 632BDE0179847234433CA50945442ACB . 625664 . . [7.00.6000.20696] . . c:\windows\system32\dllcache\iexplore.exe
    .
    .
    [7] 2007-12-31 . 1B71FB3703A4B95C8DE8EBDE77BDBCAC . 2141184 . . [5.1.2600.3181] . . c:\windows\system32\ntoskrnl.exe
    .
    [7] 2004-08-03 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\system32\srsvc.dll
    [7] 2004-08-03 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\srsvc.dll
    .
    [7] 2004-08-03 . 2B281958F5D0CF99ED626E3EF39D5C8D . 174592 . . [5.1.2600.2180] . . c:\windows\system32\w32time.dll
    [7] 2004-08-03 . 2B281958F5D0CF99ED626E3EF39D5C8D . 174592 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\w32time.dll
    .
    [7] 2007-12-31 . D9F097AA3B97034D3358A01B43E635B2 . 333824 . . [5.1.2600.3051] . . c:\windows\system32\wiaservc.dll
    [7] 2007-12-31 . D9F097AA3B97034D3358A01B43E635B2 . 333824 . . [5.1.2600.3051] . . c:\windows\system32\dllcache\wiaservc.dll
    .
    [7] 2004-08-03 . 3B4702155BB2AE9DC00C06A68834BDFA . 18944 . . [5.1.2600.2180] . . c:\windows\system32\midimap.dll
    [7] 2004-08-03 . 3B4702155BB2AE9DC00C06A68834BDFA . 18944 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\midimap.dll
    .
    [7] 2007-12-31 . B5D08C96B2DADAF5171FB69E341B272B . 7680 . . [5.1.2600.2938] . . c:\windows\system32\rasadhlp.dll
    [7] 2007-12-31 . B5D08C96B2DADAF5171FB69E341B272B . 7680 . . [5.1.2600.2938] . . c:\windows\system32\dllcache\rasadhlp.dll
    .
    [7] 2004-08-03 . A7F95A53EE055115DF03588997A47D4D . 19968 . . [5.1.2600.2180] . . c:\windows\system32\wshtcpip.dll
    [7] 2004-08-03 . A7F95A53EE055115DF03588997A47D4D . 19968 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\wshtcpip.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{48a9e944-94ec-4ce9-b23f-65c5c8c1e7b0}]
    2008-07-25 09:16 282112 ----a-w- c:\windows\system32\mscoree.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}]
    2011-05-09 08:49 176936 ----a-w- c:\program files\uTorrentControl2\prxtbuTor.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
    "{142640dd-26df-42b6-ae10-6690633d3abe}"= "mscoree.dll" [2008-07-25 282112]
    .
    [HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
    .
    [HKEY_CLASSES_ROOT\clsid\{142640dd-26df-42b6-ae10-6690633d3abe}]
    [HKEY_CLASSES_ROOT\Auralog.TMMToolbar.IEToolbarEngineForDialogMode.IEToolbarEngine]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{687578B9-7132-4A7A-80E4-30EE31099E03}"= "c:\program files\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-08-21 09:12 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PicPick Start"="c:\program files\PicPick\picpick.exe" [2012-03-24 10561536]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-08-28 3671904]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-12 7626752]
    "nwiz"="nwiz.exe" [2006-07-12 1519616]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-07-12 86016]
    "RTHDCPL"="RTHDCPL.EXE" [2006-06-01 16208384]
    "SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
    "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    2006-12-23 16:05 143360 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
    2012-02-22 18:49 6591800 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2006-01-12 13:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2012-01-18 12:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Winamp\\winamp.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5353:TCP"= 5353:TCP:Adobe CSI CS4
    .
    R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [24.02.2012 11:19 729752]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [24.02.2012 11:19 355632]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [24.02.2012 11:19 21256]
    R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [13.08.2012 13:33 3064000]
    S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [03.07.2012 13:19 160944]
    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [27.04.2012 21:52 115168]
    S3 slnt;Real RTL8139 PCI Fast Ethernet Adapter;c:\windows\system32\drivers\slnt.sys [23.02.2012 00:30 18004]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-10-14 c:\windows\Tasks\avast! Emergency Update.job
    - c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-06-29 09:12]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.ro/
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: Free YouTube Download - c:\documents and settings\Administrator\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
    IE: Free YouTube to MP3 Converter - c:\documents and settings\Administrator\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
    TCP: DhcpNameServer = 169.254.100.1
    FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9h4apeb4.default\
    FF - prefs.js: browser.startup.homepage - www.startlap.hu
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKCU-Run-AdobeBridge - (no file)
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-10-14 16:49
    Windows 5.1.2600 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(796)
    c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
    .
    - - - - - - - > 'explorer.exe'(2908)
    c:\windows\system32\wpdshserviceobj.dll
    c:\windows\system32\portabledevicetypes.dll
    c:\windows\system32\portabledeviceapi.dll
    c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\LightScribe\LSSrvc.exe
    c:\windows\system32\wscntfy.exe
    c:\windows\RTHDCPL.EXE
    c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
    .
    **************************************************************************
    .
    Completion time: 2012-10-14 17:03:02 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-10-14 14:02
    .
    Pre-Run: 12.589.158.400 bytes free
    Post-Run: 12.725.043.200 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
    .
    - - End Of File - - 310210123531C7A3304EC29D4F1AF1F5
  10. dzsuli

    dzsuli TS Rookie Topic Starter Posts: 21

    Now, even though the Internet Explorer is not my default browser when I want to access my emails from yahoo messenger, or click on a link for example in Microsoft Word it opens in Internet Explorer and in fact it doesn't open just says connecting and nothing happens. If I enter in Internet Explorer from the Desktop and type a website it works. Any idea how to fix this?
  11. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    Can you restate the issue for me?
    I'm not sure if I fully understand.

    Then....

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  12. dzsuli

    dzsuli TS Rookie Topic Starter Posts: 21

    Sorry, my English is pretty bad. So the problem is that after running Combofix, I noticed that when I click on a website link, which is situated in Microsoft Word, or yahoo messenger or other, instead of opening in Mozilla Firefox as usually does, it opens in Internet Explorer. It wouldn't be such a great problem that opens in another browser, BUT the website doesn't appear, it says "connecting".
  13. dzsuli

    dzsuli TS Rookie Topic Starter Posts: 21

    While running it has to be something disabled? (avast, firewall, internet connection)
  14. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    Open Firefox and make it default browser again (Tools>Options>Advanced tab>General).

    As for your last question - no.
  15. dzsuli

    dzsuli TS Rookie Topic Starter Posts: 21

    OTL logfile created on: 14.10.2012 20:11:51 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\Desktop
    Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.13)
    Locale: 00000418 | Country: Romania | Language: ROM | Date Format: dd.MM.yyyy

    1,75 Gb Total Physical Memory | 1,18 Gb Available Physical Memory | 67,39% Memory free
    1,60 Gb Paging File | 1,22 Gb Available in Paging File | 76,49% Paging File free
    Paging file location(s): [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 19,53 Gb Total Space | 11,80 Gb Free Space | 60,42% Space Free | Partition Type: NTFS
    Drive D: | 129,51 Gb Total Space | 24,79 Gb Free Space | 19,15% Space Free | Partition Type: NTFS

    Computer Name: ACER-88C919EA93 | User Name: Administrator | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012.10.14 19:13:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    PRC - [2012.08.28 16:52:56 | 003,671,904 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
    PRC - [2012.08.21 12:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2012.08.21 12:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2012.08.13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    PRC - [2012.03.24 08:17:20 | 010,561,536 | ---- | M] (NTeWORKS) -- C:\Program Files\PicPick\picpick.exe
    PRC - [2007.12.31 11:26:49 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012.10.14 11:07:08 | 001,816,064 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12101400\algo.dll
    MOD - [2012.02.22 21:49:56 | 000,921,600 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
    MOD - [2005.10.20 11:36:08 | 000,077,824 | R--- | M] () -- C:\Program Files\HP\Digital Imaging\bin\crm\xmltok.dll
    MOD - [2005.10.20 11:36:08 | 000,065,536 | R--- | M] () -- C:\Program Files\HP\Digital Imaging\bin\crm\xmlparse.dll
    MOD - [2004.08.04 01:56:44 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll


    ========== Services (SafeList) ==========

    SRV - [2012.10.13 14:22:23 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012.08.21 12:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2012.08.13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
    SRV - [2012.07.03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012.05.29 22:06:14 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2006.03.03 22:03:10 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mbr.sys -- (mbr)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme)
    DRV - File not found [Kernel | On_Demand | Unknown] -- -- (aa7vvufl)
    DRV - [2012.09.15 16:30:17 | 000,477,240 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
    DRV - [2012.08.21 12:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
    DRV - [2012.08.21 12:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2012.08.21 12:13:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2012.08.21 12:13:14 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
    DRV - [2012.08.21 12:13:14 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
    DRV - [2012.08.21 12:13:13 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
    DRV - [2012.08.21 12:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2008.03.04 16:39:07 | 000,285,952 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
    DRV - [2006.06.28 18:38:56 | 000,105,088 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata)
    DRV - [2006.06.06 05:09:26 | 004,284,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService)
    DRV - [2003.11.20 07:58:02 | 000,018,004 | ---- | M] (Silan Micro-Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slnt.sys -- (slnt)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
    IE - HKU\S-1-5-19\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...&oe={outputEncoding}&sourceid=ie7&rlz=1I7SPDA

    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
    IE - HKU\S-1-5-20\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...&oe={outputEncoding}&sourceid=ie7&rlz=1I7SPDA

    IE - HKU\S-1-5-21-1004336348-1897051121-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
    IE - HKU\S-1-5-21-1004336348-1897051121-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ro/
    IE - HKU\S-1-5-21-1004336348-1897051121-839522115-500\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTo0.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-1004336348-1897051121-839522115-500\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKU\S-1-5-21-1004336348-1897051121-839522115-500\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...&oe={outputEncoding}&sourceid=ie7&rlz=1I7SPDA
    IE - HKU\S-1-5-21-1004336348-1897051121-839522115-500\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253
    IE - HKU\S-1-5-21-1004336348-1897051121-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "www.startlap.hu"
    FF - prefs.js..extensions.enabledAddons: hu@dictionaries.addons.mozilla.org:1.6.1.1
    FF - prefs.js..extensions.enabledAddons: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.10
    FF - prefs.js..extensions.enabledAddons: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledAddons: {64161300-e22b-11db-8314-0800200c9a66}:0.9.6.10
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.13 14:22:24 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.13 14:22:13 | 000,000,000 | ---D | M]

    [2012.02.24 11:09:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
    [2012.10.10 00:03:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9h4apeb4.default\extensions
    [2012.03.02 16:03:32 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9h4apeb4.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
    [2012.06.26 11:15:58 | 000,000,000 | ---D | M] (Hungarian dictionary) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9h4apeb4.default\extensions\hu@dictionaries.addons.mozilla.org
    [2012.10.10 00:03:11 | 000,281,285 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9h4apeb4.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi
    [2012.07.25 21:27:17 | 000,741,958 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9h4apeb4.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    [2012.02.25 15:37:02 | 000,434,392 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9h4apeb4.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
    [2012.10.13 14:22:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012.10.13 14:22:04 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2012.02.24 11:12:07 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    [2012.10.13 14:22:23 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2011.06.30 21:30:14 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
    [2012.08.30 21:53:53 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012.10.13 14:22:21 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - homepage: http://www.google.com
    CHR - homepage: http://www.google.com
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.47\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
    CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
    CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
    CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
    CHR - Extension: YouTube = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Google Search = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: Gmail = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012.10.14 16:48:52 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTo0.dll (Conduit Ltd.)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (no name) - {86a3cdaa-9b25-480e-b73f-c2d359b87966} - No CLSID value found.
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O3 - HKLM\..\Toolbar: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTo0.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-21-1004336348-1897051121-839522115-500\..\Toolbar\WebBrowser: (uTorrentControl2 Toolbar) - {687578B9-7132-4A7A-80E4-30EE31099E03} - C:\Program Files\uTorrentControl2\prxtbuTo0.dll (Conduit Ltd.)
    O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
    O4 - HKU\S-1-5-21-1004336348-1897051121-839522115-500..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
    O4 - HKU\S-1-5-21-1004336348-1897051121-839522115-500..\Run: [PicPick Start] C:\Program Files\PicPick\picpick.exe (NTeWORKS)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1004336348-1897051121-839522115-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1004336348-1897051121-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-1004336348-1897051121-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-1004336348-1897051121-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
    O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Administrator\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
    O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\Administrator\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 169.254.100.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{35FA86E1-0A8C-49F2-8DB7-8953A4DA1CAC}: DhcpNameServer = 169.254.100.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EC625854-8DC9-41D9-BCFE-5036C9AD1604}: DhcpNameServer = 169.254.100.1
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2012.02.24 10:47:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012.10.14 19:13:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    [2012.10.14 16:39:49 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2012.10.14 16:38:05 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2012.10.14 16:38:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2012.10.14 16:38:05 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2012.10.14 16:38:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2012.10.14 16:37:54 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012.10.14 16:37:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
    [2012.10.13 14:21:48 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2012.10.12 18:26:33 | 004,980,339 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
    [2012.10.07 23:09:44 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Administrator\Desktop\aswMBR.exe
    [2012.10.07 23:03:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\RK_Quarantine
    [2012.10.07 22:56:28 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\TDSSKiller.exe
    [2012.10.07 19:50:17 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Administrative Tools
    [2012.10.06 22:35:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
    [2012.10.06 22:35:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012.10.06 22:35:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2012.10.06 22:35:01 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2012.10.06 22:35:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2012.10.06 22:33:48 | 010,524,080 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.65.0.1400.exe
    [2012.10.06 19:08:38 | 010,524,080 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\My Documents\mbam-setup-1.65.0.1400.exe
    [2012.10.06 15:13:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\New Folder
    [2012.09.26 18:38:42 | 000,107,888 | ---- | C] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
    [2012.09.15 20:41:47 | 000,442,368 | R--- | C] (On2.com) -- C:\WINDOWS\System32\vp6vfw.dll
    [2012.09.15 16:30:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DAEMON Tools Lite
    [2012.09.15 16:30:06 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
    [2012.09.15 16:17:49 | 000,477,240 | ---- | C] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\drivers\sptd.sys
    [2012.09.15 16:17:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools Lite
    [2012.09.15 16:11:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
    [2012.09.14 22:01:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
    [2012.09.14 22:01:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
    [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012.10.14 19:33:00 | 000,000,364 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
    [2012.10.14 19:13:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    [2012.10.14 17:56:16 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
    [2012.10.14 16:49:01 | 000,073,451 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
    [2012.10.14 16:48:52 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2012.10.14 16:47:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2012.10.14 16:39:55 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2012.10.14 16:37:31 | 004,980,339 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
    [2012.10.14 14:27:23 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2012.10.13 21:55:37 | 000,002,283 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
    [2012.10.11 19:16:10 | 000,070,656 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012.10.09 18:20:43 | 000,012,785 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\images.jpg
    [2012.10.07 23:36:50 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
    [2012.10.07 23:09:45 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Administrator\Desktop\aswMBR.exe
    [2012.10.07 23:01:39 | 001,422,336 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\RogueKiller.exe
    [2012.10.07 22:56:18 | 002,193,278 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\tdsskiller.zip
    [2012.10.07 18:59:03 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\fbb6ris6.exe
    [2012.10.06 22:35:04 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2012.10.06 22:34:19 | 010,524,080 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.65.0.1400.exe
    [2012.10.06 19:08:39 | 010,524,080 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\My Documents\mbam-setup-1.65.0.1400.exe
    [2012.10.05 06:45:46 | 006,396,486 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\FHZKW42_20121015_20121021_8uHIYR.pdf
    [2012.10.04 19:24:26 | 000,056,777 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Attachments_2012_10_4.zip
    [2012.10.03 20:34:43 | 000,077,315 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\31016_426603477399497_737036195_n.jpg
    [2012.09.27 20:53:25 | 000,062,580 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\580276_10151239005081257_540106901_n.jpg
    [2012.09.26 18:38:42 | 000,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
    [2012.09.17 19:25:14 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\TDSSKiller.exe
    [2012.09.15 16:30:19 | 000,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools Lite.lnk
    [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012.10.14 16:39:55 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2012.10.14 16:39:52 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2012.10.14 16:38:05 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2012.10.14 16:38:05 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2012.10.14 16:38:05 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2012.10.14 16:38:05 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2012.10.14 16:38:05 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2012.10.09 18:20:42 | 000,012,785 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\images.jpg
    [2012.10.07 23:36:50 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
    [2012.10.07 23:01:39 | 001,422,336 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\RogueKiller.exe
    [2012.10.07 22:56:17 | 002,193,278 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\tdsskiller.zip
    [2012.10.07 18:59:02 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\fbb6ris6.exe
    [2012.10.06 22:35:04 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2012.10.05 06:45:46 | 006,396,486 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\FHZKW42_20121015_20121021_8uHIYR.pdf
    [2012.10.04 19:24:25 | 000,056,777 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Attachments_2012_10_4.zip
    [2012.10.03 20:34:39 | 000,077,315 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\31016_426603477399497_737036195_n.jpg
    [2012.09.27 20:53:24 | 000,062,580 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\580276_10151239005081257_540106901_n.jpg
    [2012.09.15 16:30:19 | 000,001,613 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools Lite.lnk
    [2012.02.29 20:59:22 | 000,149,015 | ---- | C] () -- C:\WINDOWS\hpgins32.dat
    [2012.02.29 20:59:22 | 000,000,149 | ---- | C] () -- C:\WINDOWS\hpgmdl32.dat
    [2012.02.29 20:37:57 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
    [2012.02.29 20:31:43 | 000,117,393 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
    [2012.02.24 17:46:48 | 000,070,656 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012.02.24 13:41:14 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2012.02.24 12:34:54 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2012.02.24 12:33:09 | 002,010,096 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2012.02.24 11:36:10 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2012.02.24 11:08:29 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
    [2012.02.24 11:08:29 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
    [2012.02.24 10:49:58 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2012.02.24 10:41:50 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2012.02.23 22:53:44 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
    [2012.02.23 22:53:37 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
    [2012.02.23 22:53:36 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
    [2012.02.23 22:53:29 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
    [2012.02.23 22:53:10 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
    [2012.02.23 22:53:04 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
    [2012.02.23 22:53:04 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
    [2012.02.23 22:52:58 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
    [2012.02.23 22:52:36 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
    [2012.02.23 22:52:36 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
    [2012.02.23 22:52:28 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe

    ========== ZeroAccess Check ==========

    [2012.03.02 16:01:18 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shdocvw.dll -- [2007.12.31 11:28:24 | 001,498,112 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2004.08.04 01:56:44 | 000,472,064 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2004.08.04 01:56:48 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2012.06.28 21:57:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Big Fish Games
    [2012.04.03 21:03:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BSplayer PRO
    [2012.09.15 20:25:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools Lite
    [2012.03.06 21:37:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DVDVideoSoft
    [2012.03.03 13:20:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DVDVideoSoftIEHelpers
    [2012.03.02 16:06:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GHISLER
    [2012.04.23 21:45:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PhotoFiltre
    [2012.05.08 13:16:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PhotoScape
    [2012.10.13 23:44:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
    [2012.06.06 12:30:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Auralog
    [2012.02.24 11:19:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
    [2012.06.29 12:10:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
    [2012.09.15 16:44:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite

    ========== Purity Check ==========



    < End of report >
  16. dzsuli

    dzsuli TS Rookie Topic Starter Posts: 21

    OTL Extras logfile created on: 14.10.2012 20:11:51 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\Desktop
    Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.13)
    Locale: 00000418 | Country: Romania | Language: ROM | Date Format: dd.MM.yyyy

    1,75 Gb Total Physical Memory | 1,18 Gb Available Physical Memory | 67,39% Memory free
    1,60 Gb Paging File | 1,22 Gb Available in Paging File | 76,49% Paging File free
    Paging file location(s): [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 19,53 Gb Total Space | 11,80 Gb Free Space | 60,42% Space Free | Partition Type: NTFS
    Drive D: | 129,51 Gb Total Space | 24,79 Gb Free Space | 19,15% Space Free | Partition Type: NTFS

    Computer Name: ACER-88C919EA93 | User Name: Administrator | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    [HKEY_USERS\S-1-5-21-1004336348-1897051121-839522115-500\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    https [open] -- Reg Error: Key error.
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
    Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
    Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 -- (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "C:\Program Files\Winamp\winamp.exe" = C:\Program Files\Winamp\winamp.exe:*:Enabled:Winamp -- (Nullsoft, Inc.)
    "C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
    "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
    "C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
    "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
    "C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
    "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
    "C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
    "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
    "{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
    "{063CC377-E480-4867-AB6E-818244CA586A}" = HP Scanjet G3110 11.5
    "{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
    "{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
    "{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
    "{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
    "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
    "{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
    "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{1C00A3F1-6DA0-49F8-94E4-01AB6FC01033}" = Nero 7 Essentials
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
    "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
    "{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
    "{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
    "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
    "{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
    "{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
    "{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
    "{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{61B1A9C8-B2AD-4F54-B916-388FFD07BDE7}" = 4300
    "{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
    "{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
    "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
    "{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
    "{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
    "{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
    "{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
    "{70E1E357-E57C-4284-B04E-58196DC27BC1}" = PanoStandAlone
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
    "{7B7E2EB3-2212-4A4F-B838-352C1FC54863}" = hpg3110QFolder
    "{7C7C274C-DBC8-47FE-923F-9AAD59A4F9F4}}_is1" = Seterra 4.02
    "{7CCEBC24-62DB-4280-A8EC-BFA49F167920}" = Software Update for Web Folders
    "{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
    "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
    "{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
    "{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
    "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
    "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A12C2BB-CCF0-4394-801E-B56B187B1AE0}" = TELL ME MORE Toolbar
    "{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
    "{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
    "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
    "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
    "{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
    "{A744C7C3-76F5-42F5-9E15-497A3DFBC709}" = 4300Trb
    "{AA2E8A46-B45E-4aea-8A23-88AB57D04523}" = WebReg
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
    "{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
    "{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{BB311402-80EC-449C-BF85-2A66E655984D}" = hpg3110
    "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
    "{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
    "{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}" = BufferChm
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
    "{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
    "{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
    "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
    "{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
    "{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
    "{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
    "{E769999E-D0D9-4D51-AEFE-1BD44289E550}" = 4300_Help
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
    "{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
    "{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
    "{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
    "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
    "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
    "{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
    "{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
    "{FDAF94DB-9BF7-4871-B457-5D7F14D27905}" = Scan
    "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.6
    "Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
    "avast" = avast! Free Antivirus
    "BSPlayerp" = BS.Player PRO
    "CCleaner" = CCleaner
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "DAEMON Tools Lite" = DAEMON Tools Lite
    "F3B506E1FDAEA4DC6669B53B2D3F0B68FBA20C2D" = Windows Driver Package - AMD System (04/06/2006 1.0.1.0)
    "Free YouTube Download_is1" = Free YouTube Download version 3.0.22.221
    "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.15.1228
    "HP Imaging Device Functions" = HP Imaging Device Functions 11.5
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
    "HPOCR" = OCR Software by I.R.I.S 7.0
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
    "Mozilla Firefox 16.0.1 (x86 en-US)" = Mozilla Firefox 16.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "NVIDIA Drivers" = NVIDIA Drivers
    "PhotoScape" = PhotoScape
    "Picasa 3" = Picasa 3
    "PicPick" = PicPick
    "Totalcmd" = Total Commander (Remove or Repair)
    "uTorrent" = µTorrent
    "uTorrentControl2 Toolbar" = uTorrentControl2 Toolbar
    "VLC media player" = VLC media player 1.1.9
    "Winamp" = Winamp
    "WinRAR archiver" = WinRAR archiver
    "Yahoo! Messenger" = Yahoo! Messenger

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1004336348-1897051121-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "PhotoFiltre" = PhotoFiltre
    "Winamp Detect" = Winamp Detector Plug-in

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 09.07.2012 16:14:11 | Computer Name = ACER-88C919EA93 | Source = Application Hang | ID = 1002
    Description = Hanging application YahooMessenger.exe, version 11.5.0.192, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 20.07.2012 02:21:32 | Computer Name = ACER-88C919EA93 | Source = crypt32 | ID = 131083
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file.

    Error - 20.07.2012 02:21:32 | Computer Name = ACER-88C919EA93 | Source = crypt32 | ID = 131083
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file.

    Error - 01.08.2012 04:09:52 | Computer Name = ACER-88C919EA93 | Source = Application Hang | ID = 1002
    Description = Hanging application AcroRd32.exe, version 10.1.3.23, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 27.08.2012 13:33:13 | Computer Name = ACER-88C919EA93 | Source = Application Hang | ID = 1002
    Description = Hanging application Picasa3.exe, version 3.9.135.93, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 15.09.2012 09:17:53 | Computer Name = ACER-88C919EA93 | Source = Application Error | ID = 1000
    Description = Faulting application daemon tools toolbar.exe, version 1.1.0.283,
    faulting module setuphlp.dll, version 0.0.0.0, fault address 0x00011b3b.

    Error - 29.09.2012 13:28:15 | Computer Name = ACER-88C919EA93 | Source = Application Error | ID = 1000
    Description = Faulting application sims2.exe, version 1.0.0.1022, faulting module
    ~df394b.tmp, version 0.0.0.0, fault address 0x0008e86b.

    Error - 29.09.2012 13:33:40 | Computer Name = ACER-88C919EA93 | Source = Application Error | ID = 1000
    Description = Faulting application sims2.exe, version 1.0.0.1022, faulting module
    ~df394b.tmp, version 0.0.0.0, fault address 0x0008e86b.

    Error - 29.09.2012 13:34:43 | Computer Name = ACER-88C919EA93 | Source = Application Error | ID = 1000
    Description = Faulting application sims2.exe, version 1.0.0.1022, faulting module
    ~df394b.tmp, version 0.0.0.0, fault address 0x0008e86b.

    Error - 07.10.2012 01:56:34 | Computer Name = ACER-88C919EA93 | Source = Microsoft Office 11 | ID = 2001
    Description = Rejected Safe Mode action : Microsoft Office Word.

    [ System Events ]
    Error - 08.10.2012 05:00:47 | Computer Name = ACER-88C919EA93 | Source = Service Control Manager | ID = 7023
    Description = The System Restore Service service terminated with the following error:
    %%2

    Error - 08.10.2012 14:49:53 | Computer Name = ACER-88C919EA93 | Source = SRService | ID = 104
    Description = The System Restore initialization process failed.

    Error - 08.10.2012 14:49:54 | Computer Name = ACER-88C919EA93 | Source = Service Control Manager | ID = 7023
    Description = The System Restore Service service terminated with the following error:
    %%2

    Error - 09.10.2012 03:53:16 | Computer Name = ACER-88C919EA93 | Source = SRService | ID = 104
    Description = The System Restore initialization process failed.

    Error - 09.10.2012 03:53:18 | Computer Name = ACER-88C919EA93 | Source = Service Control Manager | ID = 7023
    Description = The System Restore Service service terminated with the following error:
    %%2

    Error - 09.10.2012 05:55:50 | Computer Name = ACER-88C919EA93 | Source = SRService | ID = 104
    Description = The System Restore initialization process failed.

    Error - 09.10.2012 05:55:52 | Computer Name = ACER-88C919EA93 | Source = Service Control Manager | ID = 7023
    Description = The System Restore Service service terminated with the following error:
    %%2

    Error - 09.10.2012 09:58:15 | Computer Name = ACER-88C919EA93 | Source = SRService | ID = 104
    Description = The System Restore initialization process failed.

    Error - 09.10.2012 09:58:17 | Computer Name = ACER-88C919EA93 | Source = Service Control Manager | ID = 7023
    Description = The System Restore Service service terminated with the following error:
    %%2

    Error - 14.10.2012 09:37:45 | Computer Name = ACER-88C919EA93 | Source = Service Control Manager | ID = 7034
    Description = The Skype C2C Service service terminated unexpectedly. It has done
    this 1 time(s).


    < End of report >
  17. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      DRV - File not found [Kernel | On_Demand | Unknown] -- -- (aa7vvufl)
      O2 - BHO: (no name) - {86a3cdaa-9b25-480e-b73f-c2d359b87966} - No CLSID value found.
      [2012.03.02 16:01:18 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
      
      [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
      
      [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
      
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
      "" = %SystemRoot%\system32\shdocvw.dll -- [2007.12.31 11:28:24 | 001,498,112 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment
      
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
      "" = %systemroot%\system32\wbem\fastprox.dll -- [2004.08.04 01:56:44 | 000,472,064 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Free
      
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
      "" = %systemroot%\system32\wbem\wbemess.dll -- [2004.08.04 01:56:48 | 000,273,920 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Both
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    ==================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    3. Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    Next...

    • Double click on adwcleaner.exe to run the tool.
    • Click on Uninstall.
    • Confirm with yes.

    4. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    5. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  18. dzsuli

    dzsuli TS Rookie Topic Starter Posts: 21

    All processes killed
    ========== OTL ==========
    Error: No service named aa7vvufl was found to stop!
    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aa7vvufl deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{86a3cdaa-9b25-480e-b73f-c2d359b87966}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{86a3cdaa-9b25-480e-b73f-c2d359b87966}\ not found.
    C:\WINDOWS\assembly\Desktop.ini moved successfully.
    File EY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
    File EY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] not found.
    File EY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
    Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]\ not found.
    Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]\ not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 1641996 bytes
    ->Temporary Internet Files folder emptied: 10177422 bytes
    ->Java cache emptied: 668207 bytes
    ->FireFox cache emptied: 649955398 bytes
    ->Google Chrome cache emptied: 6624795 bytes
    ->Flash cache emptied: 119282 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 56475 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 2142714 bytes
    %systemroot%\System32 .tmp files removed: 2577 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 640,00 mb


    [EMPTYJAVA]

    User: Administrator
    ->Java cache emptied: 0 bytes

    User: All Users

    User: Default User

    User: LocalService

    User: NetworkService

    Total Java Files Cleaned = 0,00 mb


    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: LocalService

    User: NetworkService

    Total Flash Files Cleaned = 0,00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 10142012_203904

    Files\Folders moved on Reboot...
    File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
  19. dzsuli

    dzsuli TS Rookie Topic Starter Posts: 21

    Results of screen317's Security Check version 0.99.51
    Windows XP Service Pack 2 x86
    Out of date service pack!!
    Internet Explorer 7 Out of date!
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    avast! Antivirus
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.65.0.1400
    CCleaner
    Java(TM) 6 Update 31
    Java version out of Date!
    Adobe Flash Player 11.4.402.265
    Adobe Reader X (10.1.4)
    Mozilla Firefox (16.0.1)
    ````````Process Check: objlist.exe by Laurent````````
    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast avastUI.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C:: 19% Defragment your hard drive soon! (Do NOT defrag if SSD!)
    ````````````````````End of Log``````````````````````
  20. dzsuli

    dzsuli TS Rookie Topic Starter Posts: 21

    Farbar Service Scanner Version: 07-10-2012
    Ran by Administrator (administrator) on 14-10-2012 at 21:00:38
    Running from "C:\Documents and Settings\Administrator\Desktop"
    Microsoft Windows XP Professional Service Pack 2 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Security Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    File Check:
    ========
    C:\WINDOWS\system32\dhcpcsvc.dll
    [2007-12-31 11:26] - [2007-12-31 11:26] - 0112128 ____A (Microsoft Corporation) 3F15A1DBD86F7BDAF404648282D11ECE

    C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\netbt.sys
    [2004-08-04 00:14] - [2004-08-04 00:14] - 0162816 ____A (Microsoft Corporation) 0C80E410CD2F47134407EE7DD19CC86B

    C:\WINDOWS\system32\Drivers\tcpip.sys
    [2007-12-31 11:28] - [2007-12-31 11:28] - 0360704 ____A (Microsoft Corporation) E6B15BCC470953E600EF7ADED3CAB142

    C:\WINDOWS\system32\Drivers\ipsec.sys
    [2004-08-04 00:14] - [2004-08-04 00:14] - 0074752 ____A (Microsoft Corporation) 64537AA5C003A6AFEEE1DF819062D0D1

    C:\WINDOWS\system32\dnsrslvr.dll
    [2004-08-04 01:56] - [2004-08-04 01:56] - 0045568 ____A (Microsoft Corporation) 7379DE06FD196E396A00AA97B990C00D

    C:\WINDOWS\system32\ipnathlp.dll
    [2004-08-04 01:56] - [2004-08-04 01:56] - 0331264 ____A (Microsoft Corporation) 36CC8C01B5E50163037BEF56CB96DEFF

    C:\WINDOWS\system32\netman.dll
    [2007-12-31 11:28] - [2007-12-31 11:28] - 0197632 ____A (Microsoft Corporation) 3516D8A18B36784B1005B950B84232E1

    C:\WINDOWS\system32\wbem\WMIsvc.dll
    [2012-02-24 10:39] - [2004-08-04 01:56] - 0144896 ____A (Microsoft Corporation) F399242A80C4066FD155EFA4CF96658E

    C:\WINDOWS\system32\srsvc.dll
    [2012-02-24 10:42] - [2004-08-04 01:56] - 0170496 ____A (Microsoft Corporation) 92BDF74F12D6CBEC43C94D4B7F804838

    C:\WINDOWS\system32\Drivers\sr.sys
    [2012-02-24 10:42] - [2004-08-04 00:06] - 0073472 ____A (Microsoft Corporation) E41B6D037D6CD08461470AF04500DC24

    C:\WINDOWS\system32\wscsvc.dll
    [2007-12-31 11:28] - [2007-12-31 11:28] - 0080896 ____A (Microsoft Corporation) 478995B4555958E52388496618D9C678

    C:\WINDOWS\system32\wbem\WMIsvc.dll
    [2012-02-24 10:39] - [2004-08-04 01:56] - 0144896 ____A (Microsoft Corporation) F399242A80C4066FD155EFA4CF96658E

    C:\WINDOWS\system32\wuauserv.dll
    [2012-02-24 10:43] - [2007-12-31 11:28] - 0025944 ____A (Microsoft Corporation) D29AD7484B98279ED21877DE051A180F

    C:\WINDOWS\system32\qmgr.dll
    [2012-02-24 10:43] - [2007-12-31 11:28] - 0408064 ____A (Microsoft Corporation) 17A0D43C80DB5348759C649835A78CFC

    C:\WINDOWS\system32\es.dll
    [2007-12-31 11:26] - [2007-12-31 11:26] - 0243200 ____A (Microsoft Corporation) 3D9418CF112A11ADC45E2A0C0A44DF47

    C:\WINDOWS\system32\cryptsvc.dll
    [2007-12-31 11:26] - [2007-12-31 11:26] - 0062464 ____A (Microsoft Corporation) 87F3E2D2A3231F820F9248DB90090F42

    C:\WINDOWS\system32\svchost.exe
    [2004-08-04 01:56] - [2004-08-04 01:56] - 0014336 ____A (Microsoft Corporation) 8F078AE4ED187AAABC0A305146DE6716

    C:\WINDOWS\system32\rpcss.dll
    [2007-12-31 11:28] - [2007-12-31 11:28] - 0399360 ____A (Microsoft Corporation) 348F04E3582EF2467EE5379D67B99FD7

    C:\WINDOWS\system32\services.exe
    [2004-08-04 01:56] - [2004-08-04 01:56] - 0108032 ____A (Microsoft Corporation) C6CE6EEC82F187615D1002BB3BB50ED4


    Extra List:
    =======
    aswTdi(8) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
    0x080000000400000001000000020000000300000008000000050000000600000007000000
    IpSec Tag value is correct.

    **** End of log ****
  21. dzsuli

    dzsuli TS Rookie Topic Starter Posts: 21

    When trying to run AdwCleaner pops up a window saying that avast is analysing the program because is suspicous. Run it anyway the program?
  22. Broni

    Broni Malware Annihilator Posts: 46,775   +254

  23. dzsuli

    dzsuli TS Rookie Topic Starter Posts: 21

    # AdwCleaner v2.005 - Logfile created 10/14/2012 at 21:26:41
    # Updated 14/10/2012 by Xplode
    # Operating system : Microsoft Windows XP Service Pack 2 (32 bits)
    # User : Administrator - ACER-88C919EA93
    # Boot Mode : Normal
    # Running from : C:\Documents and Settings\Administrator\Desktop\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit
    Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\uTorrentControl2
    Folder Deleted : C:\Program Files\Conduit
    Folder Deleted : C:\Program Files\uTorrentControl2

    ***** [Registry] *****

    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{687578B9-7132-4A7A-80E4-30EE31099E03}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
    Key Deleted : HKCU\Software\SmartBar
    Key Deleted : HKCU\Software\uTorrentControl2
    Key Deleted : HKCU\Toolbar
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{687578B9-7132-4A7A-80E4-30EE31099E03}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A6C2170C-FC80-41A2-95E2-A114705A2DDE}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{673EAB2A-3B55-4C15-968A-8DB906BD5FD5}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A3FFDF3E-58B2-414C-ABB9-6AFC7235127E}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\uTorrentControl2 Toolbar
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{687578B9-7132-4A7A-80E4-30EE31099E03}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl2 Toolbar
    Key Deleted : HKLM\Software\uTorrentControl2
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{687578B9-7132-4A7A-80E4-30EE31099E03}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{687578B9-7132-4A7A-80E4-30EE31099E03}]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v7.0.5730.13

    [OK] Registry is clean.

    -\\ Mozilla Firefox v16.0.1 (en-US)

    Profile name : default
    File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9h4apeb4.default\prefs.js

    [OK] File is clean.

    -\\ Google Chrome v [Unable to get version]

    File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[S1].txt - [3270 octets] - [14/10/2012 21:26:41]

    ########## EOF - C:\AdwCleaner[S1].txt - [3330 octets] ##########
  24. dzsuli

    dzsuli TS Rookie Topic Starter Posts: 21

    D:\ujprogi\unlocker1.8.9.exe Win32/Adware.ADON application cleaned by deleting - quarantined
  25. dzsuli

    dzsuli TS Rookie Topic Starter Posts: 21

    Finally finished? Can't realize how bad it was the infection or what was the problem? On the future can you give me some advise how to avoid infecting my computer? And if I download something is there an efficient program that would scan for any kind of malware?
    I would like to THANK YOU VERY VERY MUCH for guiding me, for ALL of your effort dealing with my computer.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.