Solved PUM.Disabled. Security Center

[dzsuli]

I ran Malwarebyte Anti-Malware program because my keyboard was locked, and thought it has to be a virus, but noticed eventually that Ctrl key was stucked.
When I restarted my computer a red ballon was telling me that my computer may be at risk, that automatic windows updates are turned off.
I don't know what to do next. Please help me.

Thank you for your time.


Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.06.05

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 7.0.5730.13
Administrator :: ACER-88C919EA93 [administrator]

06.10.2012 22:36:02
mbam-log-2012-10-06 (22-36-02).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 192143
Time elapsed: 1 hour(s), 43 minute(s), 32 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 3
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

[Broni]

Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

 

[dzsuli]

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-10-07 19:39:40
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-c ST3160215ACE rev.3.CKA
Running: fbb6ris6.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kgncqpob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xB696D932]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xB696D79D]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xB6A16966]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi \Device\Ide\IdePort0 89BD71E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 89BD71E8
Device \Driver\atapi \Device\Ide\IdePort1 89BD71E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c 89BD71E8
Device \Driver\atg9gbom \Device\Scsi\atg9gbom1 899BB1E8
Device \Driver\atg9gbom \Device\Scsi\atg9gbom1Port3Path0Target0Lun0 899BB1E8
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
Device \FileSystem\Ntfs \Ntfs 89C061E8

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- EOF - GMER 1.0.15 ----

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_31
Run by Administrator at 20:13:37 on 2012-10-07
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1791.983 [GMT 3:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ro/
uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Auralog.TMMToolbar.IEToolbarEngineForDialogMode.ShowToolbarBHO: {48a9e944-94ec-4ce9-b23f-65c5c8c1e7b0} - mscoree.dll
BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {86a3cdaa-9b25-480e-b73f-c2d359b87966} - No File
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll
TB: TELL ME MORE Toolbar: {142640dd-26df-42b6-ae10-6690633d3abe} - mscoree.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [AdobeBridge]
uRun: [PicPick Start] c:\program files\picpick\picpick.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Free YouTube Download - c:\documents and settings\administrator\application data\dvdvideosoftiehelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\documents and settings\administrator\application data\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: Interfaces\{35FA86E1-0A8C-49F2-8DB7-8953A4DA1CAC} : DhcpNameServer = 169.254.100.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\9h4apeb4.default\
FF - prefs.js: browser.startup.homepage - www.startlap.hu
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_265.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-2-24 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-2-24 355632]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-2-24 21256]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-2-24 44808]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2012-8-13 3064000]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-3 160944]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-27 114144]
S3 slnt;Real RTL8139 PCI Fast Ethernet Adapter;c:\windows\system32\drivers\slnt.sys [2012-2-23 18004]
.
=============== Created Last 30 ================
.
2012-10-06 19:35:14 -------- d-----w- c:\documents and settings\administrator\application data\Malwarebytes
2012-10-06 19:35:03 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-10-06 19:35:01 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-06 19:35:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-26 15:38:42 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2012-09-15 17:41:47 442368 ----a-r- c:\windows\system32\vp6vfw.dll
2012-09-15 13:30:06 -------- d-----w- c:\program files\DAEMON Tools Lite
2012-09-15 13:17:49 477240 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-09-15 13:17:18 -------- d-----w- c:\documents and settings\administrator\application data\DAEMON Tools Lite
2012-09-15 13:11:06 -------- d-----w- c:\documents and settings\all users\application data\DAEMON Tools Lite
.
==================== Find3M ====================
.
2012-08-27 07:34:57 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-27 07:34:57 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-21 09:13:15 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:12:33 41224 ----a-w- c:\windows\avastSS.scr
.
============= FINISH: 20:13:48,87 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 24.02.2012 09:49:53
System Uptime: 07.10.2012 16:50:54 (4 hours ago)
.
Motherboard: Acer | | EM61SM/EM61PM
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+ | Socket M2 | 2009/201mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 20 GiB total, 12,524 GiB free.
D: is FIXED (NTFS) - 130 GiB total, 29,822 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
µTorrent
4300
4300_Help
4300Trb
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe Linguistics CS4
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader X (10.1.4)
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Shockwave Player 11.6
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
AiO_Scan_CDA
AiOSoftwareNPI
avast! Free Antivirus
BS.Player PRO
BufferChm
CCleaner
Compatibility Pack for the 2007 Office system
Connect
DAEMON Tools Lite
Destination Component
DocProc
DocProcQFolder
eSupportQFolder
Fax_CDA
Free YouTube Download version 3.0.22.221
Free YouTube to MP3 Converter version 3.10.15.1228
HP Imaging Device Functions 11.5
HP Photosmart, Officejet and Deskjet 7.0.A
HP Scanjet G3110 11.5
HP Solution Center 7.0
hpg3110
hpg3110QFolder
HPPhotoSmartExpress
HPProductAssistant
InstantShareDevicesMFC
Java Auto Updater
Java(TM) 6 Update 31
kuler
LightScribe 1.4.124.1
Malwarebytes Anti-Malware version 1.65.0.1400
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mozilla Firefox 15.0.1 (x86 en-US)
Mozilla Maintenance Service
Nero 7 Essentials
NewCopy_CDA
NVIDIA Drivers
OCR Software by I.R.I.S 7.0
PanoStandAlone
PDF Settings CS4
PhotoFiltre
PhotoScape
Photoshop Camera Raw
Picasa 3
PicPick
ProductContextNPI
Readme
Realtek High Definition Audio Driver
Scan
ScannerCopy
Seterra 4.02
Skype Click to Call
Skype™ 5.10
Software Update for Web Folders
SolutionCenter
Status
Suite Shared Configuration CS4
swMSM
TELL ME MORE Toolbar
Toolbox
Total Commander (Remove or Repair)
TrayApp
Unload
uTorrentControl2 Toolbar
VLC media player 1.1.9
WebReg
Winamp
Winamp Detector Plug-in
Windows Driver Package - AMD System (04/06/2006 1.0.1.0)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
WinRAR archiver
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
07.10.2012 19:44:18, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
03.10.2012 20:28:28, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
03.10.2012 20:27:58, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the ImapiService service.
03.10.2012 20:27:28, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.
.
==== End Of File ===========================


May I sound stupid but I don't know how to get OTL.txt and Extras.txt?

 

[Broni]

I didn't ask for those logs yet.

Download TDSSKiller and save it to your desktop.

• Extract (unzip) its contents to your desktop.
• Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

===============================

• Download RogueKiller on the desktop
• Close all the running programs
• Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
• Otherwise just double-click on RogueKiller.exe
• Pre-scan will start. Let it finish.
• Click on SCAN button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

=============================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

 

[dzsuli]

22:57:23.0308 3728 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
22:57:23.0542 3728 ============================================================
22:57:23.0542 3728 Current date / time: 2012/10/07 22:57:23.0542
22:57:23.0542 3728 SystemInfo:
22:57:23.0542 3728
22:57:23.0542 3728 OS Version: 5.1.2600 ServicePack: 2.0
22:57:23.0542 3728 Product type: Workstation
22:57:23.0542 3728 ComputerName: ACER-88C919EA93
22:57:23.0542 3728 UserName: Administrator
22:57:23.0542 3728 Windows directory: C:\WINDOWS
22:57:23.0542 3728 System windows directory: C:\WINDOWS
22:57:23.0542 3728 Processor architecture: Intel x86
22:57:23.0542 3728 Number of processors: 2
22:57:23.0542 3728 Page size: 0x1000
22:57:23.0542 3728 Boot type: Normal boot
22:57:23.0542 3728 ============================================================
22:57:24.0699 3728 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
22:57:24.0792 3728 ============================================================
22:57:24.0792 3728 \Device\Harddisk0\DR0:
22:57:24.0808 3728 MBR partitions:
22:57:24.0808 3728 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2711637
22:57:24.0824 3728 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x27116B5, BlocksNum 0x1030354B
22:57:24.0824 3728 ============================================================
22:57:24.0886 3728 C: <-> \Device\Harddisk0\DR0\Partition1
22:57:25.0058 3728 D: <-> \Device\Harddisk0\DR0\Partition2
22:57:25.0058 3728 ============================================================
22:57:25.0058 3728 Initialize success
22:57:25.0058 3728 ============================================================
22:58:54.0027 4072 ============================================================
22:58:54.0027 4072 Scan started
22:58:54.0027 4072 Mode: Manual;
22:58:54.0027 4072 ============================================================
22:58:54.0464 4072 ================ Scan system memory ========================
22:58:54.0464 4072 System memory - ok
22:58:54.0464 4072 ================ Scan services =============================
22:58:54.0636 4072 [ 0352A73CD6B1782EA3ED7A03A8268F55 ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
22:58:54.0636 4072 Aavmker4 - ok
22:58:54.0652 4072 Abiosdsk - ok
22:58:54.0652 4072 abp480n5 - ok
22:58:54.0699 4072 [ A10C7534F7223F4A73A948967D00E69B ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:58:54.0714 4072 ACPI - ok
22:58:54.0777 4072 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
22:58:54.0777 4072 ACPIEC - ok
22:58:54.0824 4072 [ 6D7F09CD92A9FEF3A8EFCE66231FDD79 ] adfs C:\WINDOWS\system32\drivers\adfs.sys
22:58:54.0824 4072 adfs - ok
22:58:54.0839 4072 adpu160m - ok
22:58:54.0886 4072 [ 1EE7B434BA961EF845DE136224C30FEC ] aec C:\WINDOWS\system32\drivers\aec.sys
22:58:54.0902 4072 aec - ok
22:58:54.0949 4072 [ 5AC495F4CB807B2B98AD2AD591E6D92E ] AFD C:\WINDOWS\System32\drivers\afd.sys
22:58:54.0964 4072 AFD - ok
22:58:54.0964 4072 Aha154x - ok
22:58:54.0980 4072 aic78u2 - ok
22:58:54.0980 4072 aic78xx - ok
22:58:55.0011 4072 [ C7AE0FD3867DB0D42B03B73C18F3D671 ] Alerter C:\WINDOWS\system32\alrsvc.dll
22:58:55.0027 4072 Alerter - ok
22:58:55.0058 4072 [ F1958FBF86D5C004CF19A5951A9514B7 ] ALG C:\WINDOWS\System32\alg.exe
22:58:55.0074 4072 ALG - ok
22:58:55.0089 4072 AliIde - ok
22:58:55.0089 4072 amsint - ok
22:58:55.0136 4072 [ 9C3C12975C97119412802B181FBEEFFE ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
22:58:55.0152 4072 AppMgmt - ok
22:58:55.0199 4072 [ F0D692B0BFFB46E30EB3CEA168BBC49F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
22:58:55.0199 4072 Arp1394 - ok
22:58:55.0199 4072 asc - ok
22:58:55.0214 4072 asc3350p - ok
22:58:55.0214 4072 asc3550 - ok
22:58:55.0339 4072 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
22:58:55.0355 4072 aspnet_state - ok
22:58:55.0402 4072 [ F5DC168BF77572D51BE28BA261B30CB4 ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
22:58:55.0402 4072 aswFsBlk - ok
22:58:55.0449 4072 [ 2B9B1DF809E965EF63402CBBA6DB50AE ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
22:58:55.0449 4072 aswMon2 - ok
22:58:55.0464 4072 [ B7D5E4486BA658ED08624D8084ABB830 ] AswRdr C:\WINDOWS\system32\drivers\AswRdr.sys
22:58:55.0480 4072 AswRdr - ok
22:58:55.0495 4072 [ 30E45AF8B4D83176CA850FC9699E860B ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
22:58:55.0511 4072 aswSnx - ok
22:58:55.0527 4072 [ F04BDBCB965C05C51F4A7DE7B62063D6 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
22:58:55.0527 4072 aswSP - ok
22:58:55.0542 4072 [ DFE9152ABFA89BB8CFDC057409B2D4DA ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
22:58:55.0542 4072 aswTdi - ok
22:58:55.0589 4072 [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:58:55.0589 4072 AsyncMac - ok
22:58:55.0636 4072 [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
22:58:55.0636 4072 atapi - ok
22:58:55.0652 4072 Atdisk - ok
22:58:55.0699 4072 [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:58:55.0699 4072 Atmarpc - ok
22:58:55.0745 4072 [ DB66DB626E4882EBEF55F136F12C1829 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
22:58:55.0761 4072 AudioSrv - ok
22:58:55.0824 4072 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
22:58:55.0824 4072 audstub - ok
22:58:55.0980 4072 [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
22:58:55.0980 4072 avast! Antivirus - ok
22:58:56.0027 4072 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
22:58:56.0027 4072 Beep - ok
22:58:56.0089 4072 [ 17A0D43C80DB5348759C649835A78CFC ] BITS C:\WINDOWS\system32\qmgr.dll
22:58:56.0120 4072 BITS - ok
22:58:56.0167 4072 [ 39128B5A743545BAEDD3984C210F00A8 ] Browser C:\WINDOWS\System32\browser.dll
22:58:56.0183 4072 Browser - ok
22:58:56.0245 4072 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
22:58:56.0245 4072 cbidf2k - ok
22:58:56.0245 4072 cd20xrnt - ok
22:58:56.0308 4072 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
22:58:56.0308 4072 Cdaudio - ok
22:58:56.0355 4072 [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
22:58:56.0355 4072 Cdfs - ok
22:58:56.0402 4072 [ 7B53584D94E9D8716B2DE91D5F1CB42D ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:58:56.0417 4072 Cdrom - ok
22:58:56.0417 4072 Changer - ok
22:58:56.0464 4072 [ 3192BD04D032A9C4A85A3278C268A13A ] CiSvc C:\WINDOWS\system32\cisvc.exe
22:58:56.0480 4072 CiSvc - ok
22:58:56.0527 4072 [ C8DEC22C4137D7A90F8BDF41CA4B82AE ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
22:58:56.0542 4072 ClipSrv - ok
22:58:56.0589 4072 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:58:56.0605 4072 clr_optimization_v2.0.50727_32 - ok
22:58:56.0605 4072 CmdIde - ok
22:58:56.0620 4072 COMSysApp - ok
22:58:56.0620 4072 Cpqarray - ok
22:58:56.0667 4072 [ 87F3E2D2A3231F820F9248DB90090F42 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
22:58:56.0683 4072 CryptSvc - ok
22:58:56.0683 4072 dac2w2k - ok
22:58:56.0699 4072 dac960nt - ok
22:58:56.0745 4072 [ 348F04E3582EF2467EE5379D67B99FD7 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
22:58:56.0777 4072 DcomLaunch - ok
22:58:56.0824 4072 [ 3F15A1DBD86F7BDAF404648282D11ECE ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
22:58:56.0855 4072 Dhcp - ok
22:58:56.0902 4072 [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
22:58:56.0902 4072 Disk - ok
22:58:56.0917 4072 dmadmin - ok
22:58:56.0980 4072 [ C0FBB516E06E243F0CF31F597E7EBF7D ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
22:58:57.0011 4072 dmboot - ok
22:58:57.0042 4072 [ F5E7B358A732D09F4BCF2824B88B9E28 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
22:58:57.0074 4072 dmio - ok
22:58:57.0120 4072 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
22:58:57.0120 4072 dmload - ok
22:58:57.0167 4072 [ 1639D9964C9E1B2ECCA95C8217D3E70D ] dmserver C:\WINDOWS\System32\dmserver.dll
22:58:57.0183 4072 dmserver - ok
22:58:57.0245 4072 [ A6F881284AC1150E37D9AE47FF601267 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
22:58:57.0245 4072 DMusic - ok
22:58:57.0292 4072 [ 7379DE06FD196E396A00AA97B990C00D ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
22:58:57.0308 4072 Dnscache - ok
22:58:57.0324 4072 dpti2o - ok
22:58:57.0324 4072 [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
22:58:57.0324 4072 drmkaud - ok
22:58:57.0386 4072 [ 67DFF7BBBD0E80AAB7B3CF061448DB8A ] ERSvc C:\WINDOWS\System32\ersvc.dll
22:58:57.0402 4072 ERSvc - ok
22:58:57.0449 4072 [ C6CE6EEC82F187615D1002BB3BB50ED4 ] Eventlog C:\WINDOWS\system32\services.exe
22:58:57.0480 4072 Eventlog - ok
22:58:57.0495 4072 [ 3D9418CF112A11ADC45E2A0C0A44DF47 ] EventSystem C:\WINDOWS\system32\es.dll
22:58:57.0511 4072 EventSystem - ok
22:58:57.0558 4072 [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
22:58:57.0574 4072 Fastfat - ok
22:58:57.0636 4072 [ 53D9184A21C5CBF600D918E51EF3A7E5 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
22:58:57.0652 4072 FastUserSwitchingCompatibility - ok
22:58:57.0667 4072 [ CED2E8396A8838E59D8FD529C680E02C ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
22:58:57.0667 4072 Fdc - ok
22:58:57.0714 4072 [ E153AB8A11DE5452BCF5AC7652DBF3ED ] Fips C:\WINDOWS\system32\drivers\Fips.sys
22:58:57.0730 4072 Fips - ok
22:58:57.0839 4072 [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
22:58:57.0855 4072 FLEXnet Licensing Service - ok
22:58:57.0902 4072 [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
22:58:57.0902 4072 Flpydisk - ok
22:58:57.0964 4072 [ 6CC5181F718820861EEADAE38F764B75 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
22:58:57.0980 4072 FltMgr - ok
22:58:58.0027 4072 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:58:58.0027 4072 Fs_Rec - ok
22:58:58.0089 4072 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:58:58.0105 4072 Ftdisk - ok
22:58:58.0152 4072 [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:58:58.0167 4072 Gpc - ok
22:58:58.0230 4072 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
22:58:58.0245 4072 gusvc - ok
22:58:58.0292 4072 [ 3FCC124B6E08EE0E9351F717DD136939 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:58:58.0292 4072 HDAudBus - ok
22:58:58.0402 4072 [ 8827911A8C37E40C027CBFC88E69D967 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
22:58:58.0417 4072 helpsvc - ok
22:58:58.0480 4072 [ 9376E6893E52B368ABC6255BF54F0B28 ] HidServ C:\WINDOWS\System32\hidserv.dll
22:58:58.0495 4072 HidServ - ok
22:58:58.0511 4072 [ 1DE6783B918F540149AA69943BDFEBA8 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:58:58.0511 4072 hidusb - ok
22:58:58.0511 4072 hpn - ok
22:58:58.0558 4072 [ 30CA91E657CEDE2F95359D6EF186F650 ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
22:58:58.0558 4072 HPZid412 - ok
22:58:58.0605 4072 [ EFD31AFA752AA7C7BBB57BCBE2B01C78 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
22:58:58.0605 4072 HPZipr12 - ok
22:58:58.0652 4072 [ 7AC43C38CA8FD7ED0B0A4466F753E06E ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
22:58:58.0667 4072 HPZius12 - ok
22:58:58.0714 4072 [ CA9A02A72CC7CBDA40AFB457AEA77D2E ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
22:58:58.0730 4072 HTTP - ok
22:58:58.0777 4072 [ 064D8581ADF77C25133E7D751D917D83 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
22:58:58.0792 4072 HTTPFilter - ok
22:58:58.0808 4072 i2omgmt - ok
22:58:58.0808 4072 i2omp - ok
22:58:58.0839 4072 [ 5502B58EEF7486EE6F93F3F164DCB808 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:58:58.0839 4072 i8042prt - ok
22:58:58.0902 4072 [ 12C59B8929121ACE2F55ACC86682CF12 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
22:58:58.0902 4072 Imapi - ok
22:58:58.0917 4072 [ FA788520BCAC0F5D9D5CDE5615C0D931 ] ImapiService C:\WINDOWS\system32\imapi.exe
22:58:58.0933 4072 ImapiService - ok
22:58:58.0933 4072 ini910u - ok
22:58:59.0074 4072 [ 3000E98F519CF6FDA669BAE8E47F7B4F ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
22:58:59.0105 4072 IntcAzAudAddService - ok
22:58:59.0105 4072 IntelIde - ok
22:58:59.0152 4072 [ 4448006B6BC60E6C027932CFC38D6855 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
22:58:59.0152 4072 Ip6Fw - ok
22:58:59.0199 4072 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:58:59.0199 4072 IpFilterDriver - ok
22:58:59.0245 4072 [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:58:59.0261 4072 IpInIp - ok
22:58:59.0277 4072 [ 472C75F85E631F8AA87D21C9FEE6238D ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:58:59.0292 4072 IpNat - ok
22:58:59.0339 4072 [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:58:59.0355 4072 IPSec - ok
22:58:59.0402 4072 [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
22:58:59.0402 4072 IRENUM - ok
22:58:59.0417 4072 [ E504F706CCB699C2596E9A3DA1596E87 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:58:59.0417 4072 isapnp - ok
22:58:59.0574 4072 [ 0A5709543986843D37A92290B7838340 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
22:58:59.0605 4072 JavaQuickStarterService - ok
22:58:59.0652 4072 [ EBDEE8A2EE5393890A1ACEE971C4C246 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:58:59.0652 4072 Kbdclass - ok
22:58:59.0652 4072 [ E182FA8E49E8EE41B4ADC53093F3C7E6 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:58:59.0652 4072 kbdhid - ok
22:58:59.0683 4072 [ 8531438246CE9474E41EE1599904C0C7 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
22:58:59.0683 4072 kmixer - ok
22:58:59.0730 4072 [ EB7FFE87FD367EA8FCA0506F74A87FBB ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
22:58:59.0745 4072 KSecDD - ok
22:58:59.0792 4072 [ 76B15AC51A74BE936EA86EA6E08817CF ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
22:58:59.0808 4072 lanmanserver - ok
22:58:59.0855 4072 [ 2299B1933CD9207630A00676E390F32F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
22:58:59.0886 4072 lanmanworkstation - ok
22:58:59.0886 4072 lbrtfdc - ok
22:58:59.0995 4072 [ 6E5DAC168D1FF9843E84A59D51D31107 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
22:59:00.0011 4072 LightScribeService - ok
22:59:00.0058 4072 [ B3EFF6D938C572E90A07B3D87A3C7657 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
22:59:00.0074 4072 LmHosts - ok
22:59:00.0089 4072 [ 95FD808E4AC22ABA025A7B3EAC0375D2 ] Messenger C:\WINDOWS\System32\msgsvc.dll
22:59:00.0105 4072 Messenger - ok
22:59:00.0152 4072 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
22:59:00.0152 4072 mnmdd - ok
22:59:00.0199 4072 [ F6415361201915B9FE3896B0E4E724FF ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
22:59:00.0214 4072 mnmsrvc - ok
22:59:00.0261 4072 [ 6FC6F9D7ACC36DCA9B914565A3AEDA05 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
22:59:00.0261 4072 Modem - ok
22:59:00.0277 4072 [ 34E1F0031153E491910E12551400192C ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:59:00.0277 4072 Mouclass - ok
22:59:00.0339 4072 [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
22:59:00.0339 4072 MountMgr - ok
22:59:00.0402 4072 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
22:59:00.0417 4072 MozillaMaintenance - ok
22:59:00.0417 4072 mraid35x - ok
22:59:00.0464 4072 [ 46EDCC8F2DB2F322C24F48785CB46366 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:59:00.0480 4072 MRxDAV - ok
22:59:00.0495 4072 [ 321FE492903D8A07F79B7099D71FF578 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:59:00.0527 4072 MRxSmb - ok
22:59:00.0574 4072 [ C7C3D89EB0A6F3DBA622EA737FA335B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
22:59:00.0589 4072 MSDTC - ok
22:59:00.0636 4072 [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
22:59:00.0636 4072 Msfs - ok
22:59:00.0636 4072 MSIServer - ok
22:59:00.0683 4072 [ AE431A8DD3C1D0D0610CDBAC16057AD0 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:59:00.0683 4072 MSKSSRV - ok
22:59:00.0699 4072 [ 13E75FEF9DFEB08EEDED9D0246E1F448 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:59:00.0714 4072 MSPCLOCK - ok
22:59:00.0714 4072 [ 1988A33FF19242576C3D0EF9CE785DA7 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
22:59:00.0714 4072 MSPQM - ok
22:59:00.0761 4072 [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:59:00.0761 4072 mssmbios - ok
22:59:00.0824 4072 [ A1DD45CDCD2BF8C57A9A0493C09B00B3 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
22:59:00.0839 4072 Mup - ok
22:59:01.0011 4072 [ 0D01287D85B3715FA8270E8EC919B7F7 ] NBService C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
22:59:01.0042 4072 NBService - ok
22:59:01.0089 4072 [ 558635D3AF1C7546D26067D5D9B6959E ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
22:59:01.0120 4072 NDIS - ok
22:59:01.0261 4072 [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:59:01.0261 4072 NdisTapi - ok
22:59:01.0308 4072 [ 77D9BF86B912104C229D4F0D25BE3C12 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:59:01.0308 4072 Ndisuio - ok
22:59:01.0324 4072 [ 0B90E255A9490166AB368CD55A529893 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:59:01.0339 4072 NdisWan - ok
22:59:01.0402 4072 [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
22:59:01.0402 4072 NDProxy - ok
22:59:01.0449 4072 [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
22:59:01.0449 4072 NetBIOS - ok
22:59:01.0464 4072 [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
22:59:01.0495 4072 NetBT - ok
22:59:01.0542 4072 [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDE C:\WINDOWS\system32\netdde.exe
22:59:01.0558 4072 NetDDE - ok
22:59:01.0574 4072 [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
22:59:01.0574 4072 NetDDEdsdm - ok
22:59:01.0605 4072 [ 84885F9B82F4D55C6146EBF6065D75D2 ] Netlogon C:\WINDOWS\system32\lsass.exe
22:59:01.0636 4072 Netlogon - ok
22:59:01.0683 4072 [ 3516D8A18B36784B1005B950B84232E1 ] Netman C:\WINDOWS\System32\netman.dll
22:59:01.0699 4072 Netman - ok
22:59:01.0745 4072 [ 5C5C53DB4FEF16CF87B9911C7E8C6FBC ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
22:59:01.0745 4072 NIC1394 - ok
22:59:01.0808 4072 [ 4E74AF063C3271FBEA20DD940CFD1184 ] Nla C:\WINDOWS\System32\mswsock.dll
22:59:01.0824 4072 Nla - ok
22:59:01.0995 4072 [ C4EBBBD7165BE535F0BFD06B80601D91 ] NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
22:59:02.0011 4072 NMIndexingService - ok
22:59:02.0058 4072 [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
22:59:02.0058 4072 Npfs - ok
22:59:02.0136 4072 [ 52723E766051AC8F0B70491AD91F0079 ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
22:59:02.0152 4072 Ntfs - ok
22:59:02.0167 4072 [ 84885F9B82F4D55C6146EBF6065D75D2 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
22:59:02.0167 4072 NtLmSsp - ok
22:59:02.0230 4072 [ B62F29C00AC55A761B2E45877D85EA0F ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
22:59:02.0245 4072 NtmsSvc - ok
22:59:02.0292 4072 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
22:59:02.0292 4072 Null - ok
22:59:02.0417 4072 [ B19C2AAE0922072FF4A467F2A37620AD ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
22:59:02.0511 4072 nv - ok
22:59:02.0558 4072 [ 9ECCD189A9554C30A0D18A429778C7BA ] nvata C:\WINDOWS\system32\DRIVERS\nvata.sys
22:59:02.0574 4072 nvata - ok
22:59:02.0636 4072 [ 9F40402087B6D4A428571DD6CA83AC1E ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
22:59:02.0652 4072 NVSvc - ok
22:59:02.0699 4072 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:59:02.0699 4072 NwlnkFlt - ok
22:59:02.0714 4072 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:59:02.0714 4072 NwlnkFwd - ok
22:59:02.0777 4072 [ FC128C3D7D5AD30A13742DC3737B9DF7 ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
22:59:02.0777 4072 ohci1394 - ok
22:59:02.0839 4072 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:59:02.0855 4072 ose - ok
22:59:02.0902 4072 [ 29744EB4CE659DFE3B4122DEB45BC478 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
22:59:02.0917 4072 Parport - ok
22:59:02.0964 4072 [ 1628710C352BD79ABEBA234356E2B586 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
22:59:02.0964 4072 PartMgr - ok
22:59:02.0980 4072 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
22:59:02.0980 4072 ParVdm - ok
22:59:03.0042 4072 [ 8086D9979234B603AD5BC2F5D890B234 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
22:59:03.0042 4072 PCI - ok
22:59:03.0042 4072 PCIDump - ok
22:59:03.0089 4072 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
22:59:03.0089 4072 PCIIde - ok
22:59:03.0105 4072 [ 82A087207DECEC8456FBE8537947D579 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
22:59:03.0120 4072 Pcmcia - ok
22:59:03.0136 4072 PDCOMP - ok
22:59:03.0136 4072 PDFRAME - ok
22:59:03.0136 4072 PDRELI - ok
22:59:03.0152 4072 PDRFRAME - ok
22:59:03.0152 4072 perc2 - ok
22:59:03.0167 4072 perc2hib - ok
22:59:03.0199 4072 [ C6CE6EEC82F187615D1002BB3BB50ED4 ] PlugPlay C:\WINDOWS\system32\services.exe
22:59:03.0199 4072 PlugPlay - ok
22:59:03.0245 4072 [ D31F88C5F19EEFA366A415D6BC5F2ABC ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
22:59:03.0245 4072 Pml Driver HPZ12 - ok
22:59:03.0261 4072 [ 84885F9B82F4D55C6146EBF6065D75D2 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
22:59:03.0277 4072 PolicyAgent - ok
22:59:03.0308 4072 [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:59:03.0324 4072 PptpMiniport - ok
22:59:03.0370 4072 [ 9E372A156F92425A1904B84589093A37 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
22:59:03.0370 4072 Processor - ok
22:59:03.0386 4072 [ 84885F9B82F4D55C6146EBF6065D75D2 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
22:59:03.0386 4072 ProtectedStorage - ok
22:59:03.0433 4072 [ 48671F327553DCF1D27F6197F622A668 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
22:59:03.0433 4072 PSched - ok
22:59:03.0480 4072 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:59:03.0480 4072 Ptilink - ok
22:59:03.0527 4072 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:59:03.0527 4072 PxHelp20 - ok
22:59:03.0542 4072 ql1080 - ok
22:59:03.0542 4072 Ql10wnt - ok
22:59:03.0542 4072 ql12160 - ok
22:59:03.0558 4072 ql1240 - ok
22:59:03.0558 4072 ql1280 - ok
22:59:03.0589 4072 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:59:03.0589 4072 RasAcd - ok
22:59:03.0652 4072 [ 44DB7A9BDD2FB58747D123FBF1D35ADB ] RasAuto C:\WINDOWS\System32\rasauto.dll
22:59:03.0667 4072 RasAuto - ok
22:59:03.0699 4072 [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:59:03.0699 4072 Rasl2tp - ok
22:59:03.0745 4072 [ ED5E89DEDB0111E2869CB37D62B46C7A ] RasMan C:\WINDOWS\System32\rasmans.dll
22:59:03.0761 4072 RasMan - ok
22:59:03.0777 4072 [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:59:03.0777 4072 RasPppoe - ok
22:59:03.0824 4072 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
22:59:03.0824 4072 Raspti - ok
22:59:03.0886 4072 [ B48441A6DC703EE4C36DB14EE51A189C ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:59:03.0886 4072 Rdbss - ok
22:59:03.0949 4072 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:59:03.0949 4072 RDPCDD - ok
22:59:03.0995 4072 [ A2CAE2C60BC37E0751EF9DDA7CEAF4AD ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:59:04.0027 4072 rdpdr - ok
22:59:04.0058 4072 [ 047BEA21274C8A4A233674A76C958C2C ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
22:59:04.0089 4072 RDPWD - ok
22:59:04.0136 4072 [ 729798E0933076B8FCFCD9934698F164 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
22:59:04.0152 4072 RDSessMgr - ok
22:59:04.0199 4072 [ B31B4588E4086D8D84ADBF9845C2402B ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
22:59:04.0199 4072 redbook - ok
22:59:04.0245 4072 [ 3046DB917E3CFA040632799DD9B14865 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
22:59:04.0261 4072 RemoteAccess - ok
22:59:04.0308 4072 [ 3151427DB7D87107D1C5BE58FAC53960 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
22:59:04.0324 4072 RemoteRegistry - ok
22:59:04.0402 4072 [ 793F04A09B15E7C6C11DBDFFAF06C0AB ] RpcLocator C:\WINDOWS\system32\locator.exe
22:59:04.0417 4072 RpcLocator - ok
22:59:04.0449 4072 [ 348F04E3582EF2467EE5379D67B99FD7 ] RpcSs C:\WINDOWS\system32\rpcss.dll
22:59:04.0449 4072 RpcSs - ok
22:59:04.0495 4072 [ 0E11B35E972796042044BC27CE13B065 ] rspndr C:\WINDOWS\system32\DRIVERS\rspndr.sys
22:59:04.0495 4072 rspndr - ok
22:59:04.0558 4072 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
22:59:04.0574 4072 RSVP - ok
22:59:04.0589 4072 [ 84885F9B82F4D55C6146EBF6065D75D2 ] SamSs C:\WINDOWS\system32\lsass.exe
22:59:04.0589 4072 SamSs - ok
22:59:04.0636 4072 [ 25D8DE134DF108E3DBC8D7D23B1AA58E ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
22:59:04.0652 4072 SCardSvr - ok
22:59:04.0699 4072 [ 92360854316611F6CC471612213C3D92 ] Schedule C:\WINDOWS\system32\schedsvc.dll
22:59:04.0714 4072 Schedule - ok
22:59:04.0730 4072 [ 7570380037993520842C2868121A01F9 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:59:04.0745 4072 Secdrv - ok
22:59:04.0792 4072 [ B1E0CE09895376871746F36DC5773B4F ] seclogon C:\WINDOWS\System32\seclogon.dll
22:59:04.0808 4072 seclogon - ok
22:59:04.0870 4072 [ DFD9870CF39C791D86C4C209DA9FA919 ] SENS C:\WINDOWS\system32\sens.dll
22:59:04.0886 4072 SENS - ok
22:59:04.0902 4072 [ A2D868AEEFF612E70E213C451A70CAFB ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
22:59:04.0902 4072 serenum - ok
22:59:04.0917 4072 [ CD9404D115A00D249F70A371B46D5A26 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
22:59:04.0917 4072 Serial - ok
22:59:04.0964 4072 [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
22:59:04.0964 4072 Sfloppy - ok
22:59:05.0027 4072 [ 36CC8C01B5E50163037BEF56CB96DEFF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
22:59:05.0042 4072 SharedAccess - ok
22:59:05.0058 4072 [ 53D9184A21C5CBF600D918E51EF3A7E5 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
22:59:05.0058 4072 ShellHWDetection - ok
22:59:05.0058 4072 Simbad - ok
22:59:05.0292 4072 [ 753D254205E0A62100A050BD8B458D06 ] Skype C2C Service C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
22:59:05.0370 4072 Skype C2C Service - ok
22:59:05.0417 4072 [ EA396139541706B4B433641D62EA53CE ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
22:59:05.0433 4072 SkypeUpdate - ok
22:59:05.0480 4072 [ 384EED327E9A5BF93C91E8D00D694DF5 ] slnt C:\WINDOWS\system32\DRIVERS\slnt.sys
22:59:05.0480 4072 slnt - ok
22:59:05.0480 4072 Sparrow - ok
22:59:05.0527 4072 [ 9BB1DD670CB7505A90FC4E61D4AA8227 ] splitter C:\WINDOWS\system32\drivers\splitter.sys
22:59:05.0527 4072 splitter - ok
22:59:05.0574 4072 [ AD3D9D191AEA7B5445FE1D82FFBB4788 ] Spooler C:\WINDOWS\system32\spoolsv.exe
22:59:05.0652 4072 Spooler - ok
22:59:05.0761 4072 [ 0022CFFF1A41E5CE3A764050A7DDF22A ] sptd C:\WINDOWS\System32\Drivers\sptd.sys
22:59:05.0792 4072 sptd - ok
22:59:05.0839 4072 [ E41B6D037D6CD08461470AF04500DC24 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
22:59:05.0855 4072 sr - ok
22:59:05.0886 4072 [ 92BDF74F12D6CBEC43C94D4B7F804838 ] srservice C:\WINDOWS\system32\srsvc.dll
22:59:05.0902 4072 srservice - ok
22:59:05.0949 4072 [ 5230953C21C811B5FC1FF31AE2B48097 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
22:59:05.0980 4072 Srv - ok
22:59:06.0027 4072 [ 4B8D61792F7175BED48859CC18CE4E38 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
22:59:06.0042 4072 SSDPSRV - ok
22:59:06.0105 4072 [ D9F097AA3B97034D3358A01B43E635B2 ] stisvc C:\WINDOWS\system32\wiaservc.dll
22:59:06.0120 4072 stisvc - ok
22:59:06.0183 4072 [ 03C1BAE4766E2450219D20B993D6E046 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
22:59:06.0183 4072 swenum - ok
22:59:06.0183 4072 [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
22:59:06.0199 4072 swmidi - ok
22:59:06.0199 4072 SwPrv - ok
22:59:06.0199 4072 symc810 - ok
22:59:06.0214 4072 symc8xx - ok
22:59:06.0214 4072 sym_hi - ok
22:59:06.0214 4072 sym_u3 - ok
22:59:06.0245 4072 [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
22:59:06.0245 4072 sysaudio - ok
22:59:06.0308 4072 [ 8B54AA346D1B1B113FFAA75501B8B1B2 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
22:59:06.0324 4072 SysmonLog - ok
22:59:06.0370 4072 [ 1418A3A6E76E5A2E3F5E43866E793A8B ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
22:59:06.0402 4072 TapiSrv - ok
22:59:06.0449 4072 [ E6B15BCC470953E600EF7ADED3CAB142 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:59:06.0464 4072 Tcpip - ok
22:59:06.0480 4072 [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
22:59:06.0480 4072 TDPIPE - ok
22:59:06.0495 4072 [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
22:59:06.0511 4072 TDTCP - ok
22:59:06.0511 4072 [ A540A99C281D933F3D69D55E48727F47 ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
22:59:06.0511 4072 TermDD - ok
22:59:06.0714 4072 [ C33E6F5FD9209F4543B5C0D37CEB742C ] TermService C:\WINDOWS\System32\termsrv.dll
22:59:06.0730 4072 TermService - ok
22:59:06.0745 4072 [ 53D9184A21C5CBF600D918E51EF3A7E5 ] Themes C:\WINDOWS\System32\shsvcs.dll
22:59:06.0761 4072 Themes - ok
22:59:06.0792 4072 [ 37DB0A7D097310E8B4DE803FC3119C78 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
22:59:06.0808 4072 TlntSvr - ok
22:59:06.0808 4072 TosIde - ok
22:59:06.0870 4072 [ 6D9AC544B30F96C57F8206566C1FB6A1 ] TrkWks C:\WINDOWS\system32\trkwks.dll
22:59:06.0886 4072 TrkWks - ok
22:59:06.0933 4072 [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
22:59:06.0933 4072 Udfs - ok
22:59:06.0949 4072 ultra - ok
22:59:06.0995 4072 [ 1F03139B77B21C6D84C688798808BC28 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
22:59:07.0011 4072 Update - ok
22:59:07.0058 4072 [ 36ACA6CDC19C95FF468A1426EB7F32F0 ] upnphost C:\WINDOWS\System32\upnphost.dll
22:59:07.0074 4072 upnphost - ok
22:59:07.0120 4072 [ 3F5DF65B0758675F95A2D43918A740A3 ] UPS C:\WINDOWS\System32\ups.exe
22:59:07.0136 4072 UPS - ok
22:59:07.0167 4072 [ BFFD9F120CC63BCBAA3D840F3EEF9F79 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:59:07.0167 4072 usbccgp - ok
22:59:07.0183 4072 [ 4A84DD272DF62BE5739394B3F90F8AE2 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:59:07.0183 4072 usbehci - ok
22:59:07.0199 4072 [ DB53E336C44CB0975D7DCB35BAC0ECDA ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:59:07.0199 4072 usbhub - ok
22:59:07.0245 4072 [ 9E36A32190CB43DE871FBBD7B13ACD09 ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
22:59:07.0245 4072 usbohci - ok
22:59:07.0292 4072 [ A42369B7CD8886CD7C70F33DA6FCBCF5 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:59:07.0292 4072 usbprint - ok
22:59:07.0339 4072 [ A6BC71402F4F7DD5B77FD7F4A8DDBA85 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:59:07.0339 4072 usbscan - ok
22:59:07.0355 4072 [ 6CD7B22193718F1D17A47A1CD6D37E75 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:59:07.0355 4072 usbstor - ok
22:59:07.0433 4072 [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
22:59:07.0433 4072 VgaSave - ok
22:59:07.0449 4072 ViaIde - ok
22:59:07.0480 4072 [ EE4660083DEBA849FF6C485D944B379B ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
22:59:07.0480 4072 VolSnap - ok
22:59:07.0511 4072 [ 3EE00364AE0FD8D604F46CBAF512838A ] VSS C:\WINDOWS\System32\vssvc.exe
22:59:07.0527 4072 VSS - ok
22:59:07.0542 4072 [ 2B281958F5D0CF99ED626E3EF39D5C8D ] W32Time C:\WINDOWS\system32\w32time.dll
22:59:07.0558 4072 W32Time - ok
22:59:07.0620 4072 [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:59:07.0620 4072 Wanarp - ok
22:59:07.0620 4072 WDICA - ok
22:59:07.0652 4072 [ 0BFA8203B8148FB4E54BC212C41CE497 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
22:59:07.0667 4072 wdmaud - ok
22:59:07.0714 4072 [ 346E7D636ADFE4E3B1B32AF8326220FF ] WebClient C:\WINDOWS\System32\webclnt.dll
22:59:07.0745 4072 WebClient - ok
22:59:07.0839 4072 [ F399242A80C4066FD155EFA4CF96658E ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
22:59:07.0855 4072 winmgmt - ok
22:59:07.0917 4072 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
22:59:07.0933 4072 WmdmPmSN - ok
22:59:07.0995 4072 [ 1AFF244CA134956C54474F4E2433E4CE ] Wmi C:\WINDOWS\System32\advapi32.dll
22:59:08.0011 4072 Wmi - ok
22:59:08.0058 4072 [ BA8CECC3E813E1F7C441B20393D4F86C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
22:59:08.0089 4072 WmiApSrv - ok
22:59:08.0199 4072 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
22:59:08.0230 4072 WMPNetworkSvc - ok
22:59:08.0292 4072 [ 478995B4555958E52388496618D9C678 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
22:59:08.0308 4072 wscsvc - ok
22:59:08.0370 4072 [ D29AD7484B98279ED21877DE051A180F ] wuauserv C:\WINDOWS\system32\wuauserv.dll
22:59:08.0370 4072 wuauserv - ok
22:59:08.0417 4072 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:59:08.0433 4072 WudfPf - ok
22:59:08.0433 4072 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:59:08.0449 4072 WudfRd - ok
22:59:08.0495 4072 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
22:59:08.0511 4072 WudfSvc - ok
22:59:08.0574 4072 [ B1F190A2BF52B8F4601C677F475CE5E5 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
22:59:08.0589 4072 WZCSVC - ok
22:59:08.0636 4072 [ EEF46DAB68229A14DA3D8E73C99E2959 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
22:59:08.0652 4072 xmlprov - ok
22:59:08.0699 4072 [ 175E7DBC9DB42113DECDEB566CC4C098 ] yukonwxp C:\WINDOWS\system32\DRIVERS\yk51x86.sys
22:59:08.0699 4072 yukonwxp - ok
22:59:08.0714 4072 ================ Scan global ===============================
22:59:08.0761 4072 [ 00EF9C3AF83EDBAF18CA7A2837750117 ] C:\WINDOWS\system32\basesrv.dll
22:59:08.0839 4072 [ 3E958EBBE7DA5691E8B08429A7EDB44B ] C:\WINDOWS\system32\winsrv.dll
22:59:08.0870 4072 [ 3E958EBBE7DA5691E8B08429A7EDB44B ] C:\WINDOWS\system32\winsrv.dll
22:59:08.0886 4072 [ C6CE6EEC82F187615D1002BB3BB50ED4 ] C:\WINDOWS\system32\services.exe
22:59:08.0886 4072 [Global] - ok
22:59:08.0886 4072 ================ Scan MBR ==================================
22:59:08.0917 4072 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
22:59:09.0417 4072 \Device\Harddisk0\DR0 - ok
22:59:09.0417 4072 ================ Scan VBR ==================================
22:59:09.0433 4072 [ B13B680B6ABF9E9DC5ECAE743A214828 ] \Device\Harddisk0\DR0\Partition1
22:59:09.0464 4072 \Device\Harddisk0\DR0\Partition1 - ok
22:59:09.0480 4072 [ 2902F46A656EB6254FA8B037D2BB541F ] \Device\Harddisk0\DR0\Partition2
22:59:09.0527 4072 \Device\Harddisk0\DR0\Partition2 - ok
22:59:09.0527 4072 ============================================================
22:59:09.0527 4072 Scan finished
22:59:09.0527 4072 ============================================================
22:59:09.0527 1876 Detected object count: 0
22:59:09.0527 1876 Actual detected object count: 0



RogueKiller V8.1.1 [10/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 2) 32 bits version
Started in : Normal mode
User : Administrator [Admin rights]
Mode : Scan -- Date : 10/07/2012 23:03:19

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ] HKLM\[...]\SystemRestore : DisableSR (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
IRP[DriverStartIo] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xBA5F77C6)

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3160215ACE +++++
--- User ---
[MBR] 2fa9c6189ce352f02de3d64a1f8246e8
[BSP] ad1ae0770717efc495dc7f07631897ef : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 20002 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 40965750 | Size: 132614 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt


RogueKiller V8.1.1 [10/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 2) 32 bits version
Started in : Normal mode
User : Administrator [Admin rights]
Mode : Remove -- Date : 10/07/2012 23:03:38

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ] HKLM\[...]\SystemRestore : DisableSR (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
IRP[DriverStartIo] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xBA5F77C6)

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3160215ACE +++++
--- User ---
[MBR] 2fa9c6189ce352f02de3d64a1f8246e8
[BSP] ad1ae0770717efc495dc7f07631897ef : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 20002 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 40965750 | Size: 132614 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-07 23:11:05
-----------------------------
23:11:05.652 OS Version: Windows 5.1.2600 Service Pack 2
23:11:05.652 Number of processors: 2 586 0x4B02
23:11:05.652 ComputerName: ACER-88C919EA93 UserName: Administrator
23:11:06.308 Initialize success
23:11:06.449 AVAST engine defs: 12100701
23:11:22.761 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-c
23:11:22.761 Disk 0 Vendor: ST3160215ACE 3.CKA Size: 152627MB BusType: 3
23:11:22.777 Disk 0 MBR read successfully
23:11:22.777 Disk 0 MBR scan
23:11:22.777 Disk 0 Windows XP default MBR code
23:11:22.777 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 20002 MB offset 63
23:11:22.777 Disk 0 Partition - 00 0F Extended LBA 132614 MB offset 40965750
23:11:22.792 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 132614 MB offset 40965813
23:11:22.824 Disk 0 scanning sectors +312560640
23:11:23.011 Disk 0 scanning C:\WINDOWS\system32\drivers
23:11:36.886 Service scanning
23:12:23.370 Modules scanning
23:12:52.199 Disk 0 trace - called modules:
23:12:52.214 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89bd71e8]<<
23:12:52.214 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89b9cab8]
23:12:52.214 3 CLASSPNP.SYS[ba8e8fcf] -> nt!IofCallDriver -> \Device\0000006a[0x89b4f3b8]
23:12:52.214 5 ACPI.sys[ba664620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T1L0-c[0x89b8ed98]
23:12:52.214 \Driver\atapi[0x89b708a8] -> IRP_MJ_CREATE -> 0x89bd71e8
23:12:52.417 AVAST engine scan C:\WINDOWS
23:12:58.324 AVAST engine scan C:\WINDOWS\system32
23:16:18.964 AVAST engine scan C:\WINDOWS\system32\drivers
23:16:38.886 AVAST engine scan C:\Documents and Settings\Administrator
23:35:52.120 AVAST engine scan C:\Documents and Settings\All Users
23:36:29.386 Scan finished successfully
23:36:50.870 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
23:36:50.870 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"

 

[Broni]

Good

Create new restore point before proceeding with the next step....
How to:
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

===================================

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  If restarting doesn't help use restore point you created prior to running Combofix.
• Double click on combofix.exe & follow the prompts.

• 
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

 

[dzsuli]

I have some questions...
Should I disconnect from the internet manually?
Can I delete the previous logs and programs that you asked for?

 

[Broni]

No and no.

 

[dzsuli]

Sorry for posting the log only now.
ComboFix 12-10-14.03 - Administrator 14.10.2012 16:41:22.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1791.1085 [GMT 3:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NVSVC
-------\Service_NVSvc
.
.
((((((((((((((((((((((((( Files Created from 2012-09-14 to 2012-10-14 )))))))))))))))))))))))))))))))
.
.
2012-10-06 19:35 . 2012-10-06 19:35 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2012-10-06 19:35 . 2012-10-06 19:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-10-06 19:35 . 2012-10-06 19:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-10-06 19:35 . 2012-09-07 14:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-26 15:38 . 2012-09-26 15:38 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2012-09-15 17:41 . 2004-08-18 08:34 442368 ----a-r- c:\windows\system32\vp6vfw.dll
2012-09-15 13:30 . 2012-09-15 13:30 -------- d-----w- c:\program files\DAEMON Tools Lite
2012-09-15 13:17 . 2012-09-15 13:30 477240 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-09-15 13:17 . 2012-09-15 17:25 -------- d-----w- c:\documents and settings\Administrator\Application Data\DAEMON Tools Lite
2012-09-15 13:11 . 2012-09-15 13:44 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2012-09-14 19:01 . 2012-09-15 12:38 -------- d-----w- c:\program files\Microsoft Silverlight
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-27 07:34 . 2012-03-31 05:40 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-27 07:34 . 2012-02-24 08:15 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-21 09:13 . 2012-02-24 08:19 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-21 09:13 . 2012-02-24 08:19 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-21 09:13 . 2012-02-24 08:19 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13 . 2012-02-24 08:19 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-08-21 09:13 . 2012-02-24 08:19 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-08-21 09:13 . 2012-02-24 08:19 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-08-21 09:13 . 2012-02-24 08:19 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-21 09:13 . 2012-02-24 08:19 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-08-21 09:12 . 2012-02-24 08:19 41224 ----a-w- c:\windows\avastSS.scr
2012-08-21 09:12 . 2012-02-24 08:19 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-13 11:22 . 2012-10-13 11:21 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\drivers\atapi.sys
[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys
.
[7] 2004-08-03 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\asyncmac.sys
[7] 2004-08-03 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\drivers\asyncmac.sys
.
[7] 2001-08-23 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
[7] 2001-08-23 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys
.
[7] 2004-08-03 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\system32\drivers\kbdclass.sys
.
[7] 2004-08-03 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ndis.sys
[7] 2004-08-03 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ndis.sys
.
[7] 2007-09-06 . 52723E766051AC8F0B70491AD91F0079 . 574976 . . [5.1.2600.3209] . . c:\windows\system32\dllcache\ntfs.sys
[7] 2007-09-06 . 52723E766051AC8F0B70491AD91F0079 . 574976 . . [5.1.2600.3209] . . c:\windows\system32\drivers\ntfs.sys
.
[7] 2001-08-23 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys
[7] 2001-08-23 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys
.
[7] 2007-12-31 . E6B15BCC470953E600EF7ADED3CAB142 . 360704 . . [5.1.2600.3002] . . c:\windows\system32\dllcache\tcpip.sys
[7] 2007-12-31 . E6B15BCC470953E600EF7ADED3CAB142 . 360704 . . [5.1.2600.3002] . . c:\windows\system32\drivers\tcpip.sys
.
[7] 2007-12-31 . 39128B5A743545BAEDD3984C210F00A8 . 77824 . . [5.1.2600.2586] . . c:\windows\system32\browser.dll
[7] 2007-12-31 . 39128B5A743545BAEDD3984C210F00A8 . 77824 . . [5.1.2600.2586] . . c:\windows\system32\dllcache\browser.dll
.
[7] 2004-08-03 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\system32\lsass.exe
[7] 2004-08-03 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\lsass.exe
.
[7] 2007-12-31 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . c:\windows\system32\netman.dll
[7] 2007-12-31 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . c:\windows\system32\dllcache\netman.dll
.
[7] 2004-08-03 22:56 . 6728270CB7DBB776ED086F5AC4C82310 . 792064 . . [2001.12.4414.258] . . c:\windows\system32\comres.dll
[7] 2004-08-03 22:56 . 6728270CB7DBB776ED086F5AC4C82310 . 792064 . . [2001.12.4414.258] . . c:\windows\system32\dllcache\comres.dll
.
[7] 2007-12-31 . 17A0D43C80DB5348759C649835A78CFC . 408064 . . [6.7.2600.3143] . . c:\windows\system32\qmgr.dll
[7] 2007-12-31 . 17A0D43C80DB5348759C649835A78CFC . 408064 . . [6.7.2600.3143] . . c:\windows\system32\dllcache\qmgr.dll
.
[7] 2007-12-31 . 348F04E3582EF2467EE5379D67B99FD7 . 399360 . . [5.1.2600.2948] . . c:\windows\system32\rpcss.dll
[7] 2007-12-31 . 348F04E3582EF2467EE5379D67B99FD7 . 399360 . . [5.1.2600.2948] . . c:\windows\system32\dllcache\rpcss.dll
.
[7] 2004-08-03 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\windows\system32\services.exe
[7] 2004-08-03 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\services.exe
.
[7] 2007-12-31 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\system32\spoolsv.exe
[7] 2007-12-31 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\system32\dllcache\spoolsv.exe
.
[7] 2004-08-03 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
[7] 2004-08-03 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\winlogon.exe
.
[7] 2007-12-31 . F3E9065EB617A7E3A832A7976BFA021B . 53080 . . [7.0.6000.381] . . c:\windows\system32\wuauclt.exe
[7] 2007-12-31 . F3E9065EB617A7E3A832A7976BFA021B . 53080 . . [7.0.6000.381] . . c:\windows\system32\dllcache\wuauclt.exe
.
[7] 2004-08-03 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ipsec.sys
[7] 2004-08-03 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ipsec.sys
.
[7] 2007-12-31 . C4E80875C1CF1222FC5EFD0314AE5C01 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
[7] 2007-12-31 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[7] 2007-12-31 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[7] 2007-12-31 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
.
[7] 2007-12-31 . 87F3E2D2A3231F820F9248DB90090F42 . 62464 . . [5.1.2600.2845] . . c:\windows\system32\cryptsvc.dll
[7] 2007-12-31 . 87F3E2D2A3231F820F9248DB90090F42 . 62464 . . [5.1.2600.2845] . . c:\windows\system32\dllcache\cryptsvc.dll
.
[7] 2007-12-31 08:26 . 3D9418CF112A11ADC45E2A0C0A44DF47 . 243200 . . [2001.12.4414.312] . . c:\windows\system32\es.dll
[7] 2007-12-31 08:26 . 3D9418CF112A11ADC45E2A0C0A44DF47 . 243200 . . [2001.12.4414.312] . . c:\windows\system32\dllcache\es.dll
.
[7] 2004-08-03 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\system32\imm32.dll
[7] 2004-08-03 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\imm32.dll
.
[7] 2007-12-31 . D65648DD6C8A0138414DB274BCD3ADC9 . 986112 . . [5.1.2600.3149] . . c:\windows\system32\kernel32.dll
[7] 2007-12-31 . D65648DD6C8A0138414DB274BCD3ADC9 . 986112 . . [5.1.2600.3149] . . c:\windows\system32\dllcache\kernel32.dll
.
[7] 2007-12-31 . 212DEC5056523F8727C7B4E7E86782D5 . 19968 . . [5.1.2600.2839] . . c:\windows\system32\linkinfo.dll
[7] 2007-12-31 . 212DEC5056523F8727C7B4E7E86782D5 . 19968 . . [5.1.2600.2839] . . c:\windows\system32\dllcache\linkinfo.dll
.
[7] 2004-08-03 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\system32\lpk.dll
[7] 2004-08-03 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\lpk.dll
.
[7] 2007-12-31 . FD36A3FE387717AC0BD78FD5B230B945 . 3593728 . . [7.00.6000.20719] . . c:\windows\system32\mshtml.dll
[7] 2007-12-31 . FD36A3FE387717AC0BD78FD5B230B945 . 3593728 . . [7.00.6000.20719] . . c:\windows\system32\dllcache\mshtml.dll
.
[7] 2007-12-31 . 4295F398C188D02DC7A5899EAC121914 . 343040 . . [7.0.2600.3085] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.3085_x-ww_e059201c\msvcrt.dll
[7] 2007-12-31 . 154C00AE9C017C3650E33CE75116A312 . 343040 . . [7.0.2600.3085] . . c:\windows\system32\msvcrt.dll
[7] 2007-12-31 . 154C00AE9C017C3650E33CE75116A312 . 343040 . . [7.0.2600.3085] . . c:\windows\system32\dllcache\msvcrt.dll
[7] 2007-12-31 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
.
[7] 2004-08-03 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\windows\system32\mswsock.dll
[7] 2004-08-03 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\mswsock.dll
.
[7] 2004-08-03 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\system32\netlogon.dll
[7] 2004-08-03 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\netlogon.dll
.
[7] 2004-08-03 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\system32\powrprof.dll
[7] 2004-08-03 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\powrprof.dll
.
[7] 2004-08-03 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\system32\scecli.dll
[7] 2004-08-03 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\scecli.dll
.
[7] 2004-08-03 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\system32\sfc.dll
[7] 2004-08-03 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\sfc.dll
.
[7] 2004-08-03 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\svchost.exe
[7] 2004-08-03 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\svchost.exe
.
[7] 2007-12-31 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . c:\windows\system32\tapisrv.dll
[7] 2007-12-31 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . c:\windows\system32\dllcache\tapisrv.dll
.
[7] 2007-12-31 . 7AA4F6C00405DFC4B70ED4214E7D687B . 578048 . . [5.1.2600.3099] . . c:\windows\system32\user32.dll
[7] 2007-12-31 . 7AA4F6C00405DFC4B70ED4214E7D687B . 578048 . . [5.1.2600.3099] . . c:\windows\system32\dllcache\user32.dll
.
[7] 2004-08-03 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\system32\userinit.exe
[7] 2004-08-03 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\userinit.exe
.
[7] 2007-12-31 . 0E5D918F87EFA7D2424D66B499C7EB04 . 825344 . . [7.00.6000.20696] . . c:\windows\system32\wininet.dll
[7] 2007-12-31 . 0E5D918F87EFA7D2424D66B499C7EB04 . 825344 . . [7.00.6000.20696] . . c:\windows\system32\dllcache\wininet.dll
.
[7] 2004-08-03 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\system32\ws2_32.dll
[7] 2004-08-03 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ws2_32.dll
.
[7] 2004-08-03 . 9BEACB911CA61E5881102188AB7FB431 . 19968 . . [5.1.2600.2180] . . c:\windows\system32\ws2help.dll
[7] 2004-08-03 . 9BEACB911CA61E5881102188AB7FB431 . 19968 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ws2help.dll
.
[7] 2007-12-31 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\explorer.exe
[7] 2007-12-31 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\system32\dllcache\explorer.exe
.
[7] 2004-08-03 . 783AFC80383C176B22DBF8333343992D . 146432 . . [5.1.2600.2180] . . c:\windows\regedit.exe
[7] 2004-08-03 . 783AFC80383C176B22DBF8333343992D . 146432 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\regedit.exe
.
[7] 2007-12-31 . B044C6A4D1A8240085F61F2353BD2FE6 . 1286656 . . [5.1.2600.2948] . . c:\windows\system32\ole32.dll
[7] 2007-12-31 . B044C6A4D1A8240085F61F2353BD2FE6 . 1286656 . . [5.1.2600.2948] . . c:\windows\system32\dllcache\ole32.dll
.
[7] 2007-12-31 . 6C5412581DD0EC50F47DCBE42ECEF834 . 406016 . . [1.0420.2600.3163] . . c:\windows\system32\usp10.dll
[7] 2007-12-31 . 6C5412581DD0EC50F47DCBE42ECEF834 . 406016 . . [1.0420.2600.3163] . . c:\windows\system32\dllcache\usp10.dll
.
[7] 2004-08-03 . CBCD254547689BFF80C9F547B20911E9 . 4096 . . [5.3.2600.2180] . . c:\windows\system32\ksuser.dll
[7] 2004-08-03 . CBCD254547689BFF80C9F547B20911E9 . 4096 . . [5.3.2600.2180] . . c:\windows\system32\dllcache\ksuser.dll
.
[7] 2004-08-03 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\system32\ctfmon.exe
[7] 2004-08-03 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ctfmon.exe
.
[7] 2007-12-31 . 53D9184A21C5CBF600D918E51EF3A7E5 . 135168 . . [6.00.2900.3051] . . c:\windows\system32\shsvcs.dll
[7] 2007-12-31 . 53D9184A21C5CBF600D918E51EF3A7E5 . 135168 . . [6.00.2900.3051] . . c:\windows\system32\dllcache\shsvcs.dll
.
[7] 2004-08-03 . B5331F2B6F37C66C29C847F3B94FF900 . 4608 . . [5.1.2600.2180] . . c:\windows\system32\msimg32.dll
[7] 2004-08-03 . B5331F2B6F37C66C29C847F3B94FF900 . 4608 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\msimg32.dll
.
[7] 2004-08-03 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\system32\srsvc.dll
[7] 2004-08-03 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\srsvc.dll
.
[7] 2004-08-03 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\system32\wscntfy.exe
[7] 2004-08-03 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\wscntfy.exe
.
[7] 2004-08-03 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\system32\xmlprov.dll
[7] 2004-08-03 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\xmlprov.dll
.
[7] 2004-08-03 . BB5CBFFC096497506167BCE1D9690EF2 . 708096 . . [5.1.2600.2180] . . c:\windows\system32\ntdll.dll
[7] 2004-08-03 . BB5CBFFC096497506167BCE1D9690EF2 . 708096 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ntdll.dll
.
[7] 2004-08-03 . D87041EAA67ECA4394F6D5D09C0C2885 . 177152 . . [5.1.2600.2180] . . c:\windows\system32\MSCTFIME.IME
[7] 2004-08-03 . D87041EAA67ECA4394F6D5D09C0C2885 . 177152 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\msctfime.ime
.
[7] 2007-12-31 . 56E7D7261A4BE548B784760896375D8A . 56320 . . [5.1.2600.3227] . . c:\windows\system32\eventlog.dll
[7] 2007-12-31 . 56E7D7261A4BE548B784760896375D8A . 56320 . . [5.1.2600.3227] . . c:\windows\system32\dllcache\eventlog.dll
.
[-] 2010-06-28 . 0A874046BB7B547864811CFF0DD19724 . 1580544 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
.
[7] 2004-08-03 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ipsec.sys
[7] 2004-08-03 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ipsec.sys
.
[7] 2004-08-03 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\system32\regsvc.dll
[7] 2004-08-03 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\regsvc.dll
.
[7] 2004-08-03 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\system32\schedsvc.dll
[7] 2004-08-03 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\schedsvc.dll
.
[7] 2004-08-03 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\system32\ssdpsrv.dll
[7] 2004-08-03 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ssdpsrv.dll
.
[7] 2007-12-31 . C33E6F5FD9209F4543B5C0D37CEB742C . 295424 . . [5.1.2600.3251] . . c:\windows\system32\termsrv.dll
[7] 2007-12-31 . C33E6F5FD9209F4543B5C0D37CEB742C . 295424 . . [5.1.2600.3251] . . c:\windows\system32\dllcache\termsrv.dll
.
[7] 2004-08-03 . 765B30C776A1780B46B479FE614F707C . 344064 . . [5.1.2600.2180] . . c:\windows\system32\hnetcfg.dll
[7] 2004-08-03 . 765B30C776A1780B46B479FE614F707C . 344064 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\hnetcfg.dll
.
[7] 2004-08-03 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\windows\system32\appmgmts.dll
[7] 2004-08-03 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\appmgmts.dll
.
[7] 2001-08-23 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys
.
[7] 2005-05-27 22:14 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\system32\dllcache\aec.sys
[7] 2005-05-27 22:14 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\system32\drivers\aec.sys
.
[7] 2004-08-03 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ip6fw.sys
[7] 2004-08-03 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ip6fw.sys
.
[7] 2007-12-31 08:27 . 925F8B61ED301A317BA850EBEECBDAA0 . 927504 . . [4.1.0.61] . . c:\windows\system32\mfc40u.dll
[7] 2007-12-31 08:27 . 925F8B61ED301A317BA850EBEECBDAA0 . 927504 . . [4.1.0.61] . . c:\windows\system32\dllcache\mfc40u.dll
.
[7] 2004-08-03 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\system32\msgsvc.dll
[7] 2004-08-03 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\msgsvc.dll
.
[7] 2007-12-31 08:38 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
[7] 2007-12-31 08:38 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll
.
[7] 2007-12-31 . 65A682CBC9A82DB99257B77E325143A1 . 2020864 . . [5.1.2600.3181] . . c:\windows\system32\ntkrnlpa.exe
.
[7] 2004-08-03 22:56 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\system32\ntmssvc.dll
[7] 2004-08-03 22:56 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\system32\dllcache\ntmssvc.dll
.
[7] 2007-12-31 . 36ACA6CDC19C95FF468A1426EB7F32F0 . 185344 . . [5.1.2600.3077] . . c:\windows\system32\upnphost.dll
[7] 2007-12-31 . 36ACA6CDC19C95FF468A1426EB7F32F0 . 185344 . . [5.1.2600.3077] . . c:\windows\system32\dllcache\upnphost.dll
.
[7] 2004-08-03 . 55E148C01296696588EAFA425782C3E8 . 367616 . . [5.3.2600.2180] . . c:\windows\system32\dsound.dll
[7] 2004-08-03 . 55E148C01296696588EAFA425782C3E8 . 367616 . . [5.3.2600.2180] . . c:\windows\system32\dllcache\dsound.dll
.
[7] 2004-08-03 . D67BDBBDA86CC9AEEBBAF3217C1717D8 . 1689088 . . [5.03.2600.2180] . . c:\windows\system32\d3d9.dll
[7] 2004-08-03 . D67BDBBDA86CC9AEEBBAF3217C1717D8 . 1689088 . . [5.03.2600.2180] . . c:\windows\system32\dllcache\d3d9.dll
.
[7] 2004-08-03 . 7ED462F353B3D915A418A689FA881F96 . 266240 . . [5.03.2600.2180] . . c:\windows\system32\ddraw.dll
[7] 2004-08-03 . 7ED462F353B3D915A418A689FA881F96 . 266240 . . [5.03.2600.2180] . . c:\windows\system32\dllcache\ddraw.dll
.
[7] 2004-08-03 22:56 . B48D3193DD1474DCBCC32BF4779AC698 . 83456 . . [5.1.2600.2180] . . c:\windows\system32\olepro32.dll
[7] 2004-08-03 22:56 . B48D3193DD1474DCBCC32BF4779AC698 . 83456 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\olepro32.dll
.
[7] 2004-08-03 . 96492C721C6EA517E2BFD5381FEF55E3 . 39936 . . [5.1.2600.2180] . . c:\windows\system32\perfctrs.dll
[7] 2004-08-03 . 96492C721C6EA517E2BFD5381FEF55E3 . 39936 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\perfctrs.dll
.
[7] 2004-08-03 . D38408967BE738D0C1B47005BCE8CEEB . 18944 . . [5.1.2600.2180] . . c:\windows\system32\version.dll
[7] 2004-08-03 . D38408967BE738D0C1B47005BCE8CEEB . 18944 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\version.dll
.
[7] 2007-12-31 . 632BDE0179847234433CA50945442ACB . 625664 . . [7.00.6000.20696] . . c:\windows\system32\dllcache\iexplore.exe
.
.
[7] 2007-12-31 . 1B71FB3703A4B95C8DE8EBDE77BDBCAC . 2141184 . . [5.1.2600.3181] . . c:\windows\system32\ntoskrnl.exe
.
[7] 2004-08-03 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\system32\srsvc.dll
[7] 2004-08-03 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\srsvc.dll
.
[7] 2004-08-03 . 2B281958F5D0CF99ED626E3EF39D5C8D . 174592 . . [5.1.2600.2180] . . c:\windows\system32\w32time.dll
[7] 2004-08-03 . 2B281958F5D0CF99ED626E3EF39D5C8D . 174592 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\w32time.dll
.
[7] 2007-12-31 . D9F097AA3B97034D3358A01B43E635B2 . 333824 . . [5.1.2600.3051] . . c:\windows\system32\wiaservc.dll
[7] 2007-12-31 . D9F097AA3B97034D3358A01B43E635B2 . 333824 . . [5.1.2600.3051] . . c:\windows\system32\dllcache\wiaservc.dll
.
[7] 2004-08-03 . 3B4702155BB2AE9DC00C06A68834BDFA . 18944 . . [5.1.2600.2180] . . c:\windows\system32\midimap.dll
[7] 2004-08-03 . 3B4702155BB2AE9DC00C06A68834BDFA . 18944 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\midimap.dll
.
[7] 2007-12-31 . B5D08C96B2DADAF5171FB69E341B272B . 7680 . . [5.1.2600.2938] . . c:\windows\system32\rasadhlp.dll
[7] 2007-12-31 . B5D08C96B2DADAF5171FB69E341B272B . 7680 . . [5.1.2600.2938] . . c:\windows\system32\dllcache\rasadhlp.dll
.
[7] 2004-08-03 . A7F95A53EE055115DF03588997A47D4D . 19968 . . [5.1.2600.2180] . . c:\windows\system32\wshtcpip.dll
[7] 2004-08-03 . A7F95A53EE055115DF03588997A47D4D . 19968 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\wshtcpip.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{48a9e944-94ec-4ce9-b23f-65c5c8c1e7b0}]
2008-07-25 09:16 282112 ----a-w- c:\windows\system32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}]
2011-05-09 08:49 176936 ----a-w- c:\program files\uTorrentControl2\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
"{142640dd-26df-42b6-ae10-6690633d3abe}"= "mscoree.dll" [2008-07-25 282112]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_CLASSES_ROOT\clsid\{142640dd-26df-42b6-ae10-6690633d3abe}]
[HKEY_CLASSES_ROOT\Auralog.TMMToolbar.IEToolbarEngineForDialogMode.IEToolbarEngine]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{687578B9-7132-4A7A-80E4-30EE31099E03}"= "c:\program files\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PicPick Start"="c:\program files\PicPick\picpick.exe" [2012-03-24 10561536]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-08-28 3671904]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-12 7626752]
"nwiz"="nwiz.exe" [2006-07-12 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-07-12 86016]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-01 16208384]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2006-12-23 16:05 143360 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2012-02-22 18:49 6591800 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 13:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 12:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
.
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [24.02.2012 11:19 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [24.02.2012 11:19 355632]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [24.02.2012 11:19 21256]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [13.08.2012 13:33 3064000]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [03.07.2012 13:19 160944]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [27.04.2012 21:52 115168]
S3 slnt;Real RTL8139 PCI Fast Ethernet Adapter;c:\windows\system32\drivers\slnt.sys [23.02.2012 00:30 18004]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-14 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-06-29 09:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ro/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Free YouTube Download - c:\documents and settings\Administrator\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\documents and settings\Administrator\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 169.254.100.1
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9h4apeb4.default\
FF - prefs.js: browser.startup.homepage - www.startlap.hu
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-AdobeBridge - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-14 16:49
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(796)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
- - - - - - - > 'explorer.exe'(2908)
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Completion time: 2012-10-14 17:03:02 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-14 14:02
.
Pre-Run: 12.589.158.400 bytes free
Post-Run: 12.725.043.200 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 310210123531C7A3304EC29D4F1AF1F5

 

[dzsuli]

Now, even though the Internet Explorer is not my default browser when I want to access my emails from yahoo messenger, or click on a link for example in Microsoft Word it opens in Internet Explorer and in fact it doesn't open just says connecting and nothing happens. If I enter in Internet Explorer from the Desktop and type a website it works. Any idea how to fix this?

 

[Broni]

Can you restate the issue for me?
I'm not sure if I fully understand.

Then....

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[dzsuli]

Sorry, my English is pretty bad. So the problem is that after running Combofix, I noticed that when I click on a website link, which is situated in Microsoft Word, or yahoo messenger or other, instead of opening in Mozilla Firefox as usually does, it opens in Internet Explorer. It wouldn't be such a great problem that opens in another browser, BUT the website doesn't appear, it says "connecting".

 

[dzsuli]

While running it has to be something disabled? (avast, firewall, internet connection)

 

[Broni]

Open Firefox and make it default browser again (Tools>Options>Advanced tab>General).

As for your last question - no.

 

[dzsuli]

OTL logfile created on: 14.10.2012 20:11:51 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000418 | Country: Romania | Language: ROM | Date Format: dd.MM.yyyy

1,75 Gb Total Physical Memory | 1,18 Gb Available Physical Memory | 67,39% Memory free
1,60 Gb Paging File | 1,22 Gb Available in Paging File | 76,49% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19,53 Gb Total Space | 11,80 Gb Free Space | 60,42% Space Free | Partition Type: NTFS
Drive D: | 129,51 Gb Total Space | 24,79 Gb Free Space | 19,15% Space Free | Partition Type: NTFS

Computer Name: ACER-88C919EA93 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.10.14 19:13:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2012.08.28 16:52:56 | 003,671,904 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2012.08.21 12:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012.08.21 12:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012.08.13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012.03.24 08:17:20 | 010,561,536 | ---- | M] (NTeWORKS) -- C:\Program Files\PicPick\picpick.exe
PRC - [2007.12.31 11:26:49 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012.10.14 11:07:08 | 001,816,064 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12101400\algo.dll
MOD - [2012.02.22 21:49:56 | 000,921,600 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2005.10.20 11:36:08 | 000,077,824 | R--- | M] () -- C:\Program Files\HP\Digital Imaging\bin\crm\xmltok.dll
MOD - [2005.10.20 11:36:08 | 000,065,536 | R--- | M] () -- C:\Program Files\HP\Digital Imaging\bin\crm\xmlparse.dll
MOD - [2004.08.04 01:56:44 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll


========== Services (SafeList) ==========

SRV - [2012.10.13 14:22:23 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.08.21 12:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.08.13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.07.03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.29 22:06:14 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2006.03.03 22:03:10 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mbr.sys -- (mbr)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (aa7vvufl)
DRV - [2012.09.15 16:30:17 | 000,477,240 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2012.08.21 12:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012.08.21 12:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012.08.21 12:13:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012.08.21 12:13:14 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012.08.21 12:13:14 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012.08.21 12:13:13 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012.08.21 12:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2008.03.04 16:39:07 | 000,285,952 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2006.06.28 18:38:56 | 000,105,088 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata)
DRV - [2006.06.06 05:09:26 | 004,284,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService)
DRV - [2003.11.20 07:58:02 | 000,018,004 | ---- | M] (Silan Micro-Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slnt.sys -- (slnt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-19\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...&oe={outputEncoding}&sourceid=ie7&rlz=1I7SPDA

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-20\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...&oe={outputEncoding}&sourceid=ie7&rlz=1I7SPDA

IE - HKU\S-1-5-21-1004336348-1897051121-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-21-1004336348-1897051121-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ro/
IE - HKU\S-1-5-21-1004336348-1897051121-839522115-500\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTo0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1004336348-1897051121-839522115-500\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1004336348-1897051121-839522115-500\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...&oe={outputEncoding}&sourceid=ie7&rlz=1I7SPDA
IE - HKU\S-1-5-21-1004336348-1897051121-839522115-500\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253
IE - HKU\S-1-5-21-1004336348-1897051121-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.startlap.hu"
FF - prefs.js..extensions.enabledAddons: hu@dictionaries.addons.mozilla.org:1.6.1.1
FF - prefs.js..extensions.enabledAddons: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.10
FF - prefs.js..extensions.enabledAddons: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledAddons: {64161300-e22b-11db-8314-0800200c9a66}:0.9.6.10
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.13 14:22:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.13 14:22:13 | 000,000,000 | ---D | M]

[2012.02.24 11:09:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2012.10.10 00:03:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9h4apeb4.default\extensions
[2012.03.02 16:03:32 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9h4apeb4.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.06.26 11:15:58 | 000,000,000 | ---D | M] (Hungarian dictionary) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9h4apeb4.default\extensions\hu@dictionaries.addons.mozilla.org
[2012.10.10 00:03:11 | 000,281,285 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9h4apeb4.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi
[2012.07.25 21:27:17 | 000,741,958 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9h4apeb4.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.02.25 15:37:02 | 000,434,392 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9h4apeb4.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2012.10.13 14:22:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.10.13 14:22:04 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.02.24 11:12:07 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012.10.13 14:22:23 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.06.30 21:30:14 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012.08.30 21:53:53 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.10.13 14:22:21 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.47\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - Extension: YouTube = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012.10.14 16:48:52 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTo0.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {86a3cdaa-9b25-480e-b73f-c2d359b87966} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTo0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1004336348-1897051121-839522115-500\..\Toolbar\WebBrowser: (uTorrentControl2 Toolbar) - {687578B9-7132-4A7A-80E4-30EE31099E03} - C:\Program Files\uTorrentControl2\prxtbuTo0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKU\S-1-5-21-1004336348-1897051121-839522115-500..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1004336348-1897051121-839522115-500..\Run: [PicPick Start] C:\Program Files\PicPick\picpick.exe (NTeWORKS)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1004336348-1897051121-839522115-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1004336348-1897051121-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1004336348-1897051121-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1004336348-1897051121-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Administrator\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\Administrator\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 169.254.100.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{35FA86E1-0A8C-49F2-8DB7-8953A4DA1CAC}: DhcpNameServer = 169.254.100.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EC625854-8DC9-41D9-BCFE-5036C9AD1604}: DhcpNameServer = 169.254.100.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.02.24 10:47:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012.10.14 19:13:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012.10.14 16:39:49 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012.10.14 16:38:05 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012.10.14 16:38:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012.10.14 16:38:05 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012.10.14 16:38:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012.10.14 16:37:54 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.10.14 16:37:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012.10.13 14:21:48 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.10.12 18:26:33 | 004,980,339 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2012.10.07 23:09:44 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Administrator\Desktop\aswMBR.exe
[2012.10.07 23:03:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\RK_Quarantine
[2012.10.07 22:56:28 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\TDSSKiller.exe
[2012.10.07 19:50:17 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Administrative Tools
[2012.10.06 22:35:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2012.10.06 22:35:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.06 22:35:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012.10.06 22:35:01 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.10.06 22:35:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.10.06 22:33:48 | 010,524,080 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.65.0.1400.exe
[2012.10.06 19:08:38 | 010,524,080 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\My Documents\mbam-setup-1.65.0.1400.exe
[2012.10.06 15:13:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\New Folder
[2012.09.26 18:38:42 | 000,107,888 | ---- | C] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[2012.09.15 20:41:47 | 000,442,368 | R--- | C] (On2.com) -- C:\WINDOWS\System32\vp6vfw.dll
[2012.09.15 16:30:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DAEMON Tools Lite
[2012.09.15 16:30:06 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2012.09.15 16:17:49 | 000,477,240 | ---- | C] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\drivers\sptd.sys
[2012.09.15 16:17:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools Lite
[2012.09.15 16:11:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2012.09.14 22:01:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2012.09.14 22:01:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.10.14 19:33:00 | 000,000,364 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012.10.14 19:13:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012.10.14 17:56:16 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012.10.14 16:49:01 | 000,073,451 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012.10.14 16:48:52 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012.10.14 16:47:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.10.14 16:39:55 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012.10.14 16:37:31 | 004,980,339 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2012.10.14 14:27:23 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.10.13 21:55:37 | 000,002,283 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012.10.11 19:16:10 | 000,070,656 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.10.09 18:20:43 | 000,012,785 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\images.jpg
[2012.10.07 23:36:50 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
[2012.10.07 23:09:45 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Administrator\Desktop\aswMBR.exe
[2012.10.07 23:01:39 | 001,422,336 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\RogueKiller.exe
[2012.10.07 22:56:18 | 002,193,278 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\tdsskiller.zip
[2012.10.07 18:59:03 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\fbb6ris6.exe
[2012.10.06 22:35:04 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.10.06 22:34:19 | 010,524,080 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.65.0.1400.exe
[2012.10.06 19:08:39 | 010,524,080 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\My Documents\mbam-setup-1.65.0.1400.exe
[2012.10.05 06:45:46 | 006,396,486 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\FHZKW42_20121015_20121021_8uHIYR.pdf
[2012.10.04 19:24:26 | 000,056,777 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Attachments_2012_10_4.zip
[2012.10.03 20:34:43 | 000,077,315 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\31016_426603477399497_737036195_n.jpg
[2012.09.27 20:53:25 | 000,062,580 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\580276_10151239005081257_540106901_n.jpg
[2012.09.26 18:38:42 | 000,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[2012.09.17 19:25:14 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\TDSSKiller.exe
[2012.09.15 16:30:19 | 000,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools Lite.lnk
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.10.14 16:39:55 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012.10.14 16:39:52 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012.10.14 16:38:05 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012.10.14 16:38:05 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012.10.14 16:38:05 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012.10.14 16:38:05 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012.10.14 16:38:05 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012.10.09 18:20:42 | 000,012,785 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\images.jpg
[2012.10.07 23:36:50 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
[2012.10.07 23:01:39 | 001,422,336 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\RogueKiller.exe
[2012.10.07 22:56:17 | 002,193,278 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\tdsskiller.zip
[2012.10.07 18:59:02 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\fbb6ris6.exe
[2012.10.06 22:35:04 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.10.05 06:45:46 | 006,396,486 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\FHZKW42_20121015_20121021_8uHIYR.pdf
[2012.10.04 19:24:25 | 000,056,777 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Attachments_2012_10_4.zip
[2012.10.03 20:34:39 | 000,077,315 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\31016_426603477399497_737036195_n.jpg
[2012.09.27 20:53:24 | 000,062,580 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\580276_10151239005081257_540106901_n.jpg
[2012.09.15 16:30:19 | 000,001,613 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools Lite.lnk
[2012.02.29 20:59:22 | 000,149,015 | ---- | C] () -- C:\WINDOWS\hpgins32.dat
[2012.02.29 20:59:22 | 000,000,149 | ---- | C] () -- C:\WINDOWS\hpgmdl32.dat
[2012.02.29 20:37:57 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2012.02.29 20:31:43 | 000,117,393 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2012.02.24 17:46:48 | 000,070,656 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.02.24 13:41:14 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2012.02.24 12:34:54 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012.02.24 12:33:09 | 002,010,096 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.02.24 11:36:10 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012.02.24 11:08:29 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2012.02.24 11:08:29 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2012.02.24 10:49:58 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012.02.24 10:41:50 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012.02.23 22:53:44 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2012.02.23 22:53:37 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2012.02.23 22:53:36 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2012.02.23 22:53:29 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2012.02.23 22:53:10 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2012.02.23 22:53:04 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2012.02.23 22:53:04 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2012.02.23 22:52:58 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2012.02.23 22:52:36 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2012.02.23 22:52:36 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2012.02.23 22:52:28 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe

========== ZeroAccess Check ==========

[2012.03.02 16:01:18 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2007.12.31 11:28:24 | 001,498,112 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2004.08.04 01:56:44 | 000,472,064 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2004.08.04 01:56:48 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012.06.28 21:57:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Big Fish Games
[2012.04.03 21:03:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BSplayer PRO
[2012.09.15 20:25:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools Lite
[2012.03.06 21:37:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DVDVideoSoft
[2012.03.03 13:20:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DVDVideoSoftIEHelpers
[2012.03.02 16:06:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GHISLER
[2012.04.23 21:45:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PhotoFiltre
[2012.05.08 13:16:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PhotoScape
[2012.10.13 23:44:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2012.06.06 12:30:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Auralog
[2012.02.24 11:19:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012.06.29 12:10:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2012.09.15 16:44:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite

========== Purity Check ==========



< End of report >

 

[dzsuli]

OTL Extras logfile created on: 14.10.2012 20:11:51 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000418 | Country: Romania | Language: ROM | Date Format: dd.MM.yyyy

1,75 Gb Total Physical Memory | 1,18 Gb Available Physical Memory | 67,39% Memory free
1,60 Gb Paging File | 1,22 Gb Available in Paging File | 76,49% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19,53 Gb Total Space | 11,80 Gb Free Space | 60,42% Space Free | Partition Type: NTFS
Drive D: | 129,51 Gb Total Space | 24,79 Gb Free Space | 19,15% Space Free | Partition Type: NTFS

Computer Name: ACER-88C919EA93 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1004336348-1897051121-839522115-500\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
https [open] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Winamp\winamp.exe" = C:\Program Files\Winamp\winamp.exe:*:Enabled:Winamp -- (Nullsoft, Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{063CC377-E480-4867-AB6E-818244CA586A}" = HP Scanjet G3110 11.5
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1C00A3F1-6DA0-49F8-94E4-01AB6FC01033}" = Nero 7 Essentials
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61B1A9C8-B2AD-4F54-B916-388FFD07BDE7}" = 4300
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{70E1E357-E57C-4284-B04E-58196DC27BC1}" = PanoStandAlone
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{7B7E2EB3-2212-4A4F-B838-352C1FC54863}" = hpg3110QFolder
"{7C7C274C-DBC8-47FE-923F-9AAD59A4F9F4}}_is1" = Seterra 4.02
"{7CCEBC24-62DB-4280-A8EC-BFA49F167920}" = Software Update for Web Folders
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A12C2BB-CCF0-4394-801E-B56B187B1AE0}" = TELL ME MORE Toolbar
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{A744C7C3-76F5-42F5-9E15-497A3DFBC709}" = 4300Trb
"{AA2E8A46-B45E-4aea-8A23-88AB57D04523}" = WebReg
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BB311402-80EC-449C-BF85-2A66E655984D}" = hpg3110
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}" = BufferChm
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E769999E-D0D9-4D51-AEFE-1BD44289E550}" = 4300_Help
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FDAF94DB-9BF7-4871-B457-5D7F14D27905}" = Scan
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"avast" = avast! Free Antivirus
"BSPlayerp" = BS.Player PRO
"CCleaner" = CCleaner
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DAEMON Tools Lite" = DAEMON Tools Lite
"F3B506E1FDAEA4DC6669B53B2D3F0B68FBA20C2D" = Windows Driver Package - AMD System (04/06/2006 1.0.1.0)
"Free YouTube Download_is1" = Free YouTube Download version 3.0.22.221
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.15.1228
"HP Imaging Device Functions" = HP Imaging Device Functions 11.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"Mozilla Firefox 16.0.1 (x86 en-US)" = Mozilla Firefox 16.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"PhotoScape" = PhotoScape
"Picasa 3" = Picasa 3
"PicPick" = PicPick
"Totalcmd" = Total Commander (Remove or Repair)
"uTorrent" = µTorrent
"uTorrentControl2 Toolbar" = uTorrentControl2 Toolbar
"VLC media player" = VLC media player 1.1.9
"Winamp" = Winamp
"WinRAR archiver" = WinRAR archiver
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1004336348-1897051121-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"PhotoFiltre" = PhotoFiltre
"Winamp Detect" = Winamp Detector Plug-in

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 09.07.2012 16:14:11 | Computer Name = ACER-88C919EA93 | Source = Application Hang | ID = 1002
Description = Hanging application YahooMessenger.exe, version 11.5.0.192, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 20.07.2012 02:21:32 | Computer Name = ACER-88C919EA93 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 20.07.2012 02:21:32 | Computer Name = ACER-88C919EA93 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 01.08.2012 04:09:52 | Computer Name = ACER-88C919EA93 | Source = Application Hang | ID = 1002
Description = Hanging application AcroRd32.exe, version 10.1.3.23, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 27.08.2012 13:33:13 | Computer Name = ACER-88C919EA93 | Source = Application Hang | ID = 1002
Description = Hanging application Picasa3.exe, version 3.9.135.93, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 15.09.2012 09:17:53 | Computer Name = ACER-88C919EA93 | Source = Application Error | ID = 1000
Description = Faulting application daemon tools toolbar.exe, version 1.1.0.283,
faulting module setuphlp.dll, version 0.0.0.0, fault address 0x00011b3b.

Error - 29.09.2012 13:28:15 | Computer Name = ACER-88C919EA93 | Source = Application Error | ID = 1000
Description = Faulting application sims2.exe, version 1.0.0.1022, faulting module
~df394b.tmp, version 0.0.0.0, fault address 0x0008e86b.

Error - 29.09.2012 13:33:40 | Computer Name = ACER-88C919EA93 | Source = Application Error | ID = 1000
Description = Faulting application sims2.exe, version 1.0.0.1022, faulting module
~df394b.tmp, version 0.0.0.0, fault address 0x0008e86b.

Error - 29.09.2012 13:34:43 | Computer Name = ACER-88C919EA93 | Source = Application Error | ID = 1000
Description = Faulting application sims2.exe, version 1.0.0.1022, faulting module
~df394b.tmp, version 0.0.0.0, fault address 0x0008e86b.

Error - 07.10.2012 01:56:34 | Computer Name = ACER-88C919EA93 | Source = Microsoft Office 11 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Word.

[ System Events ]
Error - 08.10.2012 05:00:47 | Computer Name = ACER-88C919EA93 | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2

Error - 08.10.2012 14:49:53 | Computer Name = ACER-88C919EA93 | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 08.10.2012 14:49:54 | Computer Name = ACER-88C919EA93 | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2

Error - 09.10.2012 03:53:16 | Computer Name = ACER-88C919EA93 | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 09.10.2012 03:53:18 | Computer Name = ACER-88C919EA93 | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2

Error - 09.10.2012 05:55:50 | Computer Name = ACER-88C919EA93 | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 09.10.2012 05:55:52 | Computer Name = ACER-88C919EA93 | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2

Error - 09.10.2012 09:58:15 | Computer Name = ACER-88C919EA93 | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 09.10.2012 09:58:17 | Computer Name = ACER-88C919EA93 | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2

Error - 14.10.2012 09:37:45 | Computer Name = ACER-88C919EA93 | Source = Service Control Manager | ID = 7034
Description = The Skype C2C Service service terminated unexpectedly. It has done
this 1 time(s).


< End of report >

 

[Broni]

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  DRV - File not found [Kernel | On_Demand | Unknown] -- -- (aa7vvufl)
  O2 - BHO: (no name) - {86a3cdaa-9b25-480e-b73f-c2d359b87966} - No CLSID value found.
  [2012.03.02 16:01:18 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
  
  [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
  
  [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
  
  [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
  "" = %SystemRoot%\system32\shdocvw.dll -- [2007.12.31 11:28:24 | 001,498,112 | ---- | M] (Microsoft Corporation)
  "ThreadingModel" = Apartment
  
  [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
  "" = %systemroot%\system32\wbem\fastprox.dll -- [2004.08.04 01:56:44 | 000,472,064 | ---- | M] (Microsoft Corporation)
  "ThreadingModel" = Free
  
  [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
  "" = %systemroot%\system32\wbem\wbemess.dll -- [2004.08.04 01:56:48 | 000,273,920 | ---- | M] (Microsoft Corporation)
  "ThreadingModel" = Both
  
  :Commands
  [purity]
  [emptytemp]
  [emptyjava]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

==================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  
  NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

3. Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on adwcleaner.exe to run the tool.
• Click on Delete.
• Confirm each time with Ok.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the contents of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

Next...

• Double click on adwcleaner.exe to run the tool.
• Click on Uninstall.
• Confirm with yes.

4. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

5. Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click on List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

 

[dzsuli]

All processes killed
========== OTL ==========
Error: No service named aa7vvufl was found to stop!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aa7vvufl deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{86a3cdaa-9b25-480e-b73f-c2d359b87966}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{86a3cdaa-9b25-480e-b73f-c2d359b87966}\ not found.
C:\WINDOWS\assembly\Desktop.ini moved successfully.
File EY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
File EY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] not found.
File EY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]\ not found.
Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 1641996 bytes
->Temporary Internet Files folder emptied: 10177422 bytes
->Java cache emptied: 668207 bytes
->FireFox cache emptied: 649955398 bytes
->Google Chrome cache emptied: 6624795 bytes
->Flash cache emptied: 119282 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2142714 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 640,00 mb


[EMPTYJAVA]

User: Administrator
->Java cache emptied: 0 bytes

User: All Users

User: Default User

User: LocalService

User: NetworkService

Total Java Files Cleaned = 0,00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10142012_203904

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

 

[dzsuli]

Results of screen317's Security Check version 0.99.51
Windows XP Service Pack 2 x86
Out of date service pack!!
Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.0.1400
CCleaner
Java(TM) 6 Update 31
Java version out of Date!
Adobe Flash Player 11.4.402.265
Adobe Reader X (10.1.4)
Mozilla Firefox (16.0.1)
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 19% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

 

[dzsuli]

Farbar Service Scanner Version: 07-10-2012
Ran by Administrator (administrator) on 14-10-2012 at 21:00:38
Running from "C:\Documents and Settings\Administrator\Desktop"
Microsoft Windows XP Professional Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll
[2007-12-31 11:26] - [2007-12-31 11:26] - 0112128 ____A (Microsoft Corporation) 3F15A1DBD86F7BDAF404648282D11ECE

C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys
[2004-08-04 00:14] - [2004-08-04 00:14] - 0162816 ____A (Microsoft Corporation) 0C80E410CD2F47134407EE7DD19CC86B

C:\WINDOWS\system32\Drivers\tcpip.sys
[2007-12-31 11:28] - [2007-12-31 11:28] - 0360704 ____A (Microsoft Corporation) E6B15BCC470953E600EF7ADED3CAB142

C:\WINDOWS\system32\Drivers\ipsec.sys
[2004-08-04 00:14] - [2004-08-04 00:14] - 0074752 ____A (Microsoft Corporation) 64537AA5C003A6AFEEE1DF819062D0D1

C:\WINDOWS\system32\dnsrslvr.dll
[2004-08-04 01:56] - [2004-08-04 01:56] - 0045568 ____A (Microsoft Corporation) 7379DE06FD196E396A00AA97B990C00D

C:\WINDOWS\system32\ipnathlp.dll
[2004-08-04 01:56] - [2004-08-04 01:56] - 0331264 ____A (Microsoft Corporation) 36CC8C01B5E50163037BEF56CB96DEFF

C:\WINDOWS\system32\netman.dll
[2007-12-31 11:28] - [2007-12-31 11:28] - 0197632 ____A (Microsoft Corporation) 3516D8A18B36784B1005B950B84232E1

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2012-02-24 10:39] - [2004-08-04 01:56] - 0144896 ____A (Microsoft Corporation) F399242A80C4066FD155EFA4CF96658E

C:\WINDOWS\system32\srsvc.dll
[2012-02-24 10:42] - [2004-08-04 01:56] - 0170496 ____A (Microsoft Corporation) 92BDF74F12D6CBEC43C94D4B7F804838

C:\WINDOWS\system32\Drivers\sr.sys
[2012-02-24 10:42] - [2004-08-04 00:06] - 0073472 ____A (Microsoft Corporation) E41B6D037D6CD08461470AF04500DC24

C:\WINDOWS\system32\wscsvc.dll
[2007-12-31 11:28] - [2007-12-31 11:28] - 0080896 ____A (Microsoft Corporation) 478995B4555958E52388496618D9C678

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2012-02-24 10:39] - [2004-08-04 01:56] - 0144896 ____A (Microsoft Corporation) F399242A80C4066FD155EFA4CF96658E

C:\WINDOWS\system32\wuauserv.dll
[2012-02-24 10:43] - [2007-12-31 11:28] - 0025944 ____A (Microsoft Corporation) D29AD7484B98279ED21877DE051A180F

C:\WINDOWS\system32\qmgr.dll
[2012-02-24 10:43] - [2007-12-31 11:28] - 0408064 ____A (Microsoft Corporation) 17A0D43C80DB5348759C649835A78CFC

C:\WINDOWS\system32\es.dll
[2007-12-31 11:26] - [2007-12-31 11:26] - 0243200 ____A (Microsoft Corporation) 3D9418CF112A11ADC45E2A0C0A44DF47

C:\WINDOWS\system32\cryptsvc.dll
[2007-12-31 11:26] - [2007-12-31 11:26] - 0062464 ____A (Microsoft Corporation) 87F3E2D2A3231F820F9248DB90090F42

C:\WINDOWS\system32\svchost.exe
[2004-08-04 01:56] - [2004-08-04 01:56] - 0014336 ____A (Microsoft Corporation) 8F078AE4ED187AAABC0A305146DE6716

C:\WINDOWS\system32\rpcss.dll
[2007-12-31 11:28] - [2007-12-31 11:28] - 0399360 ____A (Microsoft Corporation) 348F04E3582EF2467EE5379D67B99FD7

C:\WINDOWS\system32\services.exe
[2004-08-04 01:56] - [2004-08-04 01:56] - 0108032 ____A (Microsoft Corporation) C6CE6EEC82F187615D1002BB3BB50ED4


Extra List:
=======
aswTdi(8) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x080000000400000001000000020000000300000008000000050000000600000007000000
IpSec Tag value is correct.

**** End of log ****

 

[dzsuli]

When trying to run AdwCleaner pops up a window saying that avast is analysing the program because is suspicous. Run it anyway the program?

 

[Broni]

Yes.

 

[dzsuli]

# AdwCleaner v2.005 - Logfile created 10/14/2012 at 21:26:41
# Updated 14/10/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 2 (32 bits)
# User : Administrator - ACER-88C919EA93
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Administrator\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\uTorrentControl2
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\uTorrentControl2

***** [Registry] *****

Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\uTorrentControl2
Key Deleted : HKCU\Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A6C2170C-FC80-41A2-95E2-A114705A2DDE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{673EAB2A-3B55-4C15-968A-8DB906BD5FD5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A3FFDF3E-58B2-414C-ABB9-6AFC7235127E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\uTorrentControl2 Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl2 Toolbar
Key Deleted : HKLM\Software\uTorrentControl2
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{687578B9-7132-4A7A-80E4-30EE31099E03}]

***** [Internet Browsers] *****

-\\ Internet Explorer v7.0.5730.13

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.1 (en-US)

Profile name : default
File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9h4apeb4.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [3270 octets] - [14/10/2012 21:26:41]

########## EOF - C:\AdwCleaner[S1].txt - [3330 octets] ##########

 

[dzsuli]

D:\ujprogi\unlocker1.8.9.exe Win32/Adware.ADON application cleaned by deleting - quarantined

 

[dzsuli]

Finally finished? Can't realize how bad it was the infection or what was the problem? On the future can you give me some advise how to avoid infecting my computer? And if I download something is there an efficient program that would scan for any kind of malware?
I would like to THANK YOU VERY VERY MUCH for guiding me, for ALL of your effort dealing with my computer.