Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Win32.Buzus.utb


  • This topic is locked This topic is locked
12 replies to this topic

#1 BookwormAa

BookwormAa

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:54 AM

Posted 25 December 2008 - 10:54 AM

Windows Home XP SP2 (WinNT 5.01.2600)
This infection came via USB MP3 Player, didn't scan , doubleclick on drive icon, kaspesky didn't pick it and on later scan there it was.
Player was cleaned:

12/14/2008 11:43:12 PM Deleted Trojan program Trojan.Win32.Buzus.utb G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe

Later, when I burned a CD the same thing was detected, on a CD by Nod32 on another PC.

I scaned:

Spybot - Search & Destroy - 0
Ad-Aware - 0
SUPERAntiSpyware - 0
Kaspersky Internet Security 2009 - 0
AVG Anti-Spyware - 0
F-Secure BlackLight - 0

Malwarebytes' Anti-Malware - 1
Avira AntiRootkit Tool - 1


logS:

Malwarebytes' Anti-Malware 1.31
Database version: 1540
Windows 5.1.2600 Service Pack 2

12/24/2008 5:24:34 PM
mbam-log-2008-12-24 (17-24-34).txt

Scan type: Full Scan (C:\|)
Objects scanned: 236166
Time elapsed: 49 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\RECYCLER\ADAPT_Installer.exe (Heuristics.Malware) -> Quarantined and deleted successfully.




Avira AntiRootkit Tool - Beta (1.0.1.17)

========================================================================================================
- Scan started Wednesday, December 24, 2008 - 12:24:00 PM
========================================================================================================

--------------------------------------------------------------------------------------------------------
Configuration:
--------------------------------------------------------------------------------------------------------
- [X] Scan files
- [X] Scan registry
- [X] Scan processes
- [ ] Fast scan
- Working disk total size : 31.16 GB
- Working disk free size : 13.75 GB (44 %)
--------------------------------------------------------------------------------------------------------

Results:
Hidden value : HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version -> version

--------------------------------------------------------------------------------------------------------
Files: 0/211753
Registry items: 1/458785
Processes: 0/36
Scan time: 00:08:01
--------------------------------------------------------------------------------------------------------
Active processes:
- apujkuwc.exe (PID 2848) (Avira AntiRootkit Tool - Beta)
- System (PID 4)
- smss.exe (PID 872)
- csrss.exe (PID 1292)
- winlogon.exe (PID 1324)
- services.exe (PID 1368)
- lsass.exe (PID 1380)
- svchost.exe (PID 1540)
- svchost.exe (PID 1704)
- svchost.exe (PID 1900)
- svchost.exe (PID 144)
- aawservice.exe (PID 596)
- spoolsv.exe (PID 748)
- guard.exe (PID 912)
- avp.exe (PID 940)
- Crypserv.exe (PID 964)
- ioloServiceManager.exe (PID 1020)
- jqs.exe (PID 1068)
- MDM.EXE (PID 1176)
- NBService.exe (PID 1264)
- NMSAccessU.exe (PID 1628)
- nvsvc32.exe (PID 1880)
- IoctlSvc.exe (PID 256)
- SbieSvc.exe (PID 264)
- searchindexer.exe (PID 1804)
- alg.exe (PID 2240)
- SDMCP.exe (PID 3872)
- ctfmon.exe (PID 4088)
- explorer.exe (PID 1848)
- ADeck.exe (PID 280)
- PDVDServ.exe (PID 2052)
- rundll32.exe (PID 1740)
- jusched.exe (PID 2188)
- avp.exe (PID 2236)
- SbieCtrl.exe (PID 3528)
- avirarkd.exe (PID 584)
========================================================================================================
- Scan finished Wednesday, December 24, 2008 - 12:32:01 PM
========================================================================================================




DDS



DDS (Version 1.1.0) - NTFSx86
Run by korisnik at 1:11:35.40 on Thu 12/25/2008
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1024.676 [GMT 1:00]

AV: Kaspersky Internet Security *On-access scanning enabled* (Updated)
FW: Kaspersky Internet Security *enabled*


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Documents and Settings\korisnik\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
mWinlogon: UIHost=c:\documents and settings\all users\application data\tuneup software\tuneup utilities\winstyler\tu_logonui.exe
mWinlogon: UIHost=c:\documents and settings\all users\application data\tuneup software\tuneup utilities\winstyler\tu_logonui.exe
BHO: IE7Pro BHO: {00011268-E188-40DF-A514-835FCD78B1BF} - c:\program files\iepro\iepro.dll
BHO: Octh Class: {000123B4-9B42-4900-B3F7-F4B073EFC214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: IDMIEHlprObj Class: {0055C089-8582-441B-A0BF-17B458C2A3A8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: BitComet Helper: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - c:\program files\bitcomet\tools\BitCometBHO_1.2.8.7.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - c:\program files\kaspersky lab\kaspersky internet security 2009\ievkbd.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: IECatcher Class: {B930BA63-9E5A-11D3-A288-0000E80E2EDE} - c:\progra~1\massdo~1\MDHELPER.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Grab Pro: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - c:\program files\orbitdownloader\GrabPro.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SandboxieControl] "c:\program files\sandboxie\SbieCtrl.exe"
uRun: [Yahoo! Pager] "c:\docume~1\korisnik\locals~1\temp\rarsfx0\YahooMessenger.exe" -quiet
mRun: [AudioDeck] c:\program files\viaudioi\sbadeck\ADeck.exe 1
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2009\avp.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: + &Download Express: download this file - c:\program files\download express\Add_Url.htm
IE: + &Mass Downloader: download this file - c:\program files\mass downloader\Add_Url.htm
IE: + Mass Downloader: download &All files - c:\program files\mass downloader\Add_All.htm
IE: Add to Banner Ad Blocker - c:\program files\kaspersky lab\kaspersky internet security 2009\ie_banner_deny.htm
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: {0FD01980-CCCB-11D3-80D4-0000E80E2EDE} - c:\program files\mass downloader\massdown.exe
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.2.8.7.dll/206
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {000002a3-84fe-43f1-b958-f2c3ca804f1a} - {CD275D4E-791A-4993-9D4D-6A071EDD2709} - c:\program files\iepro\iepro.dll
IE: {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - {B119EB0C-C021-46CF-85B0-34A760E0D5FE} - c:\program files\iepro\iepro.dll
IE: {0FD01980-CCCB-11D3-80D4-0000E80E2EDE} - c:\program files\mass downloader\massdown.exe
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky internet security 2009\SCIEPlgn.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.2.8.7.dll/206
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
Name-Space Handler: ftp\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - c:\progra~1\downlo~1\mdpph.dll
Name-Space Handler: http\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - c:\progra~1\downlo~1\mdpph.dll
Name-Space Handler: https\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - c:\progra~1\downlo~1\mdpph.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: klogon - c:\windows\system32\klogon.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
Notify: MCPClient - c:\progra~1\common~1\stardock\mcpstub.dll
Notify: WBSrv - c:\program files\stardock\object desktop\windowblinds\wbsrv.dll
AppInit_DLLs: wbsys.dll,c:\progra~1\kasper~1\kasper~2\mzvkbd.dll,c:\progra~1\kasper~1\kasper~2\mzvkbd3.dll,c:\progra~1\kasper~1\kasper~2\adialhk.dll,c:\progra~1\kasper~1\kasper~2\kloehk.dll
SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - c:\progra~1\common~1\stardock\MCPCore.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: DVDIdleShell Class: {93994DE8-8239-4655-B1D1-5F4E91300429} - c:\progra~1\dvdreg~1\DVDShell.dll
SEH: CShellExecuteHookImpl Object: {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - c:\program files\grisoft\avg anti-spyware 7.5\shellexecutehook.dll
SEH: SABShellExecuteHook Class: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
SEH: Windows Desktop Search Namespace Manager: {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\korisnik\applic~1\mozilla\firefox\profiles\rvges5mj.default\
FF - component: c:\documents and settings\korisnik\application data\idm\idmmzcc2\components\idmmzcc.dll
FF - component: c:\documents and settings\korisnik\application data\mozilla\firefox\profiles\rvges5mj.default\extensions\{6ac85730-7d0f-4de0-b3fa-21142dd85326}\platform\winnt\components\ColorZilla.dll
FF - component: c:\documents and settings\korisnik\application data\mozilla\firefox\profiles\rvges5mj.default\extensions\{d249fd00-4df9-11d9-9fdc-0080481ada61}\components\mpint.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nppopcaploader.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\opera\program\plugins\NP_IDM1.dll
FF - plugin: c:\program files\opera\program\plugins\NP_IDM2.dll
FF - plugin: c:\program files\opera\program\plugins\NP_IDM3.dll
FF - plugin: c:\program files\opera\program\plugins\NP_IDM5.dll
FF - plugin: c:\program files\opera\program\plugins\npfdm.dll
FF - plugin: c:\program files\opera\program\plugins\nppopcaploader.dll
FF - plugin: c:\program files\opera\program\plugins\NPTURNMED.dll
FF - plugin: c:\program files\panda security\nanoscan\plugins\npnanoscan.dll

ATTENTION: FIREFOX POLICES IS IN FORCE
user_pref('capability.policy.policynames', 'localfilelinks');user_pref('capability.policy.localfilelinks.sites', 'hxxp://www.webmynd.com http://www.google.com');user_pref('...ri.enabled', 'allAccess');
============= SERVICES / DRIVERS ===============

R0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2008-7-21 121872]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-1-29 32784]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-9-28 28544]
R1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver;\??\c:\program files\grisoft\avg anti-spyware 7.5\guard.sys [2007-5-30 11000]
R1 AvgAsCln;AVG Anti-Spyware Clean Driver;c:\windows\system32\drivers\AvgAsCln.sys [2008-3-1 10872]
R1 cdrblock;cdrblock;c:\windows\system32\drivers\cdrblock.sys [2008-11-8 20864]
R1 cdrport;cdrport;c:\windows\system32\drivers\cdrport.sys [2008-11-8 4608]
R1 klif;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2008-10-27 227344]
R1 SASDIFSV;SASDIFSV;\??\c:\program files\superantispyware\SASDIFSV.SYS [2008-2-29 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\SASKUTIL.sys [2008-2-29 55024]
R2 aawservice;Lavasoft Ad-Aware Service;"c:\program files\lavasoft\ad-aware\aawservice.exe" [2008-5-12 611664]
R2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard;c:\program files\grisoft\avg anti-spyware 7.5\guard.exe [2007-5-30 312880]
R2 avp;Kaspersky Internet Security;c:\program files\kaspersky lab\kaspersky internet security 2009\avp.exe -r []
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2008-4-20 572776]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2008-4-20 572776]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-3-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2007-4-4 24592]
R3 SbieDrv;SbieDrv;\??\c:\program files\sandboxie\SbieDrv.sys [2008-11-15 102912]
S3 Ql1suiuorks;Ql1suiuorks; []
S3 SASENUM;SASENUM;\??\c:\program files\superantispyware\SASENUM.SYS [2006-2-16 4096]
S3 ultradfg;ultradfg;c:\windows\system32\drivers\ultradfg.sys [2008-3-3 23040]
S4 Ipdtttdpsciw;Ipdtttdpsciw; []

=============== Created Last 30 ================

2008-12-24 12:44 <DIR> --d----- c:\docume~1\korisnik\applic~1\Malwarebytes
2008-12-24 12:44 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-12-24 12:44 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-24 12:44 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2008-12-24 12:44 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2008-12-24 00:03 <DIR> --d----- c:\program files\Ace Utilities
2008-12-23 21:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Martau
2008-12-23 21:57 <DIR> --d----- c:\program files\Total Uninstall 5
2008-12-10 06:06 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Alawar Stargaze
2008-12-10 06:06 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AlawarWrapper
2008-12-04 13:46 <DIR> --d----- c:\program files\Mass Downloader
2008-11-27 22:29 <DIR> --d----- C:\mub
2008-11-27 01:03 <DIR> --d----- c:\program files\AruaROSE
2008-11-25 02:39 410,984 a------- c:\windows\system32\deploytk.dll

==================== Find3M ====================

2008-12-24 11:10 47,002,400 a--sh--- c:\windows\system32\drivers\fidbox.dat
2008-12-24 11:10 1,509,408 a--sh--- c:\windows\system32\drivers\fidbox2.dat
2008-12-24 11:10 636,836 a--sh--- c:\windows\system32\drivers\fidbox.idx
2008-12-24 11:10 147,800 a--sh--- c:\windows\system32\drivers\fidbox2.idx
2008-11-14 05:28 25,992 a------- c:\windows\system32\pgdfgsvc.exe
2008-11-14 03:29 2,320,000 a------- c:\windows\system32\TUKernel.exe
2008-11-14 00:31 355,584 a------- c:\windows\system32\TuneUpDefragService.exe
2008-11-11 20:00 218,376 a------- c:\windows\system32\klogon.dll
2008-11-11 19:58 25,601 a------- c:\windows\system32\drivers\klopp.dat
2008-08-06 22:44 0 a------- c:\program files\temp01
2006-04-09 07:04 256 a------- c:\documents and settings\korisnik\vsykhy.dll

============= FINISH: 1:12:50.73 ===============




HijackThis



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:03:49 AM, on 12/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\hijackthis_sfx\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: IE7Pro BHO - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: IECatcher Class - {B930BA63-9E5A-11D3-A288-0000E80E2EDE} - C:\PROGRA~1\MASSDO~1\MDHELPER.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\DOCUME~1\korisnik\LOCALS~1\Temp\RarSFX0\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: + &Download Express: download this file - C:\Program Files\Download Express\Add_Url.htm
O8 - Extra context menu item: + &Mass Downloader: download this file - C:\Program Files\Mass Downloader\Add_Url.htm
O8 - Extra context menu item: + Mass Downloader: download &All files - C:\Program Files\Mass Downloader\Add_All.htm
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: Mass Downloader - {0FD01980-CCCB-11D3-80D4-0000E80E2EDE} - C:\Program Files\Mass Downloader\massdown.exe
O9 - Extra 'Tools' menuitem: &Mass Downloader - {0FD01980-CCCB-11D3-80D4-0000E80E2EDE} - C:\Program Files\Mass Downloader\massdown.exe
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1204346417046
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1227821469093
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab
O20 - AppInit_DLLs: wbsys.dll,C:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~2\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~2\kloehk.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security (avp) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Ql1suiuorks - Sonic Solutions - (no file)
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home XII\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home XII\RpcSandraSrv.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 12849 bytes


thanks

Attached Files



BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:54 PM

Posted 02 January 2009 - 07:44 AM

Hi BookwormAa,

Welcome to BC HijackThis forum and sorry for the delay. I am farbar. I am going to assist you with your problem.

Please refrain from making any changes to your system (updating Windows, installing applications, removing files, etc.) from now on as it might prolong handling your log and make the job for both of us more difficult.
  • Tell me if you have done anything since previous post. Or you have run any other tools. Also tell me how is the current condition of your computer.

  • To get an idea about the current condition of you computer download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of just log.txt

    Note 1: If you have difficulty finding the log, the log is in this folder: C:\rsit

    Note 2: The tool takes not more than one minute to scan the system.
You might want to save this page on your favorites, so you can find it again when you return.

#3 BookwormAa

BookwormAa
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:54 AM

Posted 02 January 2009 - 02:19 PM

Hi Happy New Year


first:

RemoveIT Pro v4 - SE (Build date: 6.6.2008) full information log file.
Generated at: 12/28/2008 on 12:23:09 AM
Microsoft Windows XP Home Edition Service Pack 2 (Build 2600)
Author: Damjan Irgolic
http://www.incodesolutions.com
support@incodesolutions.com


You have some viruses in your computer.
Please Scan your computer with RemoveIT Pro to remove discovered viruses.
Virus list:
Infected with Sys32.dbmsqlgc - File C:\WINDOWS\system32\dbmsqlgc.dll
Infected with Sys32.sysprs7 - File C:\WINDOWS\system32\sysprs7.dll

Running processes: (30)
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\InCode Solutions\RemoveIT Pro v4 - SE\removeit.exe
C:\PROGRA~1\DVDREG~1\DVDRegionFree.exe

Startup files:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\ctfmon.exe
[C:\WINDOWS\system32\ctfmon.exe]
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\SandboxieControl
["C:\Program Files\Sandboxie\SbieCtrl.exe"]
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Yahoo! Pager
["C:\DOCUME~1\korisnik\LOCALS~1\Temp\RarSFX0\YahooMessenger.exe" -quiet]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\AudioDeck
[C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1 ]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\RemoteControl
["C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\NvCplDaemon
[RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\nwiz
[nwiz.exe /install]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\NvMediaCenter
[RunDLL32.exe NvMCTray.dll,NvTaskbarInit]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Adobe Reader Speed Launcher
["C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Kernel and Hardware Abstraction Layer
[KHALMNPR.EXE]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\QuickTime Task
["C:\Program Files\QuickTime\QTTask.exe" -atboottime]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\NeroFilterCheck
[C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\NBKeyScan
["C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\SunJavaUpdateSched
["C:\Program Files\Java\jre6\bin\jusched.exe"]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\AVP
["C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"]

Detail report: (113)
Clsid c:\progra~1\common~1\stardock\mcpcore.dll[e0475dbae1d9e5f229acb3e1dc1264c2][86016]
Clsid c:\progra~1\common~1\stardock\mcpstub.dll[0eb2de8403f97505ad3c3cdceed09455][49152]
Clsid c:\progra~1\kasper~1\kasper~2\mzvkbd.dll[42d13f21ac4dc7f5674d18697ccfc8ab][79112]
Clsid c:\program files\common files\logishrd\bluetooth\lbtwlgn.dll[2acbfef9984f0fe9849da857206ccecc][72208]
Clsid c:\program files\stardock\object desktop\windowblinds\wbsrv.dll[cf0f2c907ac7dbff34a38d9406c030ca][229376]
Clsid c:\program files\superantispyware\saswinlo.dll[edc730a6f345c01d9a12f09621665c5a][352256]
Clsid C:\WINDOWS\system32\crypt32.dll[efc958396a7a7ef7e6d4a52b97512e18][597504]
Clsid C:\WINDOWS\system32\cryptnet.dll[cad4aa32e7eca00c23cc39c0eb833f9d][63488]
Clsid C:\WINDOWS\system32\cscdll.dll[587729679b4fe04ce06a5c61d6c56dcd][101888]
Clsid c:\windows\system32\klogon.dll[a09ef6a4793948a74060c70ad423f067][218376]
Clsid C:\WINDOWS\system32\sclgntfy.dll[d636fa41e50671160d838ea2dace3330][20992]
Clsid c:\windows\system32\stobject.dll[297101a925ecffdcdf7f6341ffbb6c1a][121856]
Clsid c:\windows\system32\webcheck.dll[a957a1f45374c4499029527599f3948d][233472]
Clsid C:\WINDOWS\system32\wlnotify.dll[a599e5e366c1408e48aa5d37882d4e3e][92672]
Clsid c:\windows\system32\wpdshserviceobj.dll[045e228f71c31901084b64be59093499][133632]
Proc C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe[a6ea07a7d47c733d22b3f0dd6c393012][241664]
Proc C:\PROGRA~1\DVDREG~1\DVDRegionFree.exe[f6bb2cae6106ff963836e0680ce4b8a1][258560]
Proc C:\Program Files\CDBurnerXP\NMSAccessU.exe[fd306fbcce7adb1077b709742e7148e9][71096]
Proc C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[11f714f85530a2bd134074dc30e99fca][322120]
Proc C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[8fb740d758b14b1bc950cc347c21e461][32768]
Proc C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[5dcd235c061022bcda9aa48670b64211][312880]
Proc C:\Program Files\InCode Solutions\RemoveIT Pro v4 - SE\removeit.exe[99546533c14bd739959f97c6f0da630d][551424]
Proc C:\Program Files\iolo\common\lib\ioloServiceManager.exe[a08e0b97528083cb83e86dd34d0d0311][572776]
Proc C:\Program Files\Java\jre6\bin\jqs.exe[32192b4ebe8720ed8d49a455c962cb91][152984]
Proc C:\Program Files\Java\jre6\bin\jusched.exe[b98ffa8288efaabc436c30d198608345][136600]
Proc C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[17067069b9a7865028c1f2e6971d0ccc][611664]
Proc C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[2aae889742376edc5c3203dfb74f28fd][877864]
Proc C:\Program Files\Sandboxie\SbieCtrl.exe[20213fa77deb6c0892c6e3b2968d2470][313856]
Proc C:\Program Files\Sandboxie\SbieSvc.exe[a8ab93a38f3a941c2946a17724a43ca3][52736]
Proc C:\Program Files\VIAudioi\SBADeck\ADeck.exe[accbea050864b65d208434e9539bd5c3][450560]
Proc C:\WINDOWS\Explorer.EXE[97bd6515465659ff8f3b7be375b2ea87][1033216]
Proc C:\WINDOWS\System32\alg.exe[f1958fbf86d5c004cf19a5951a9514b7][44544]
Proc C:\WINDOWS\system32\crypserv.exe[85a6662b5f12b84d599a74119f04b381][52224]
Proc C:\WINDOWS\system32\ctfmon.exe[24232996a38c0b0cf151c2140ae29fc8][15360]
Proc C:\WINDOWS\system32\IoctlSvc.exe[875e4e0661f3a5994df9e5e3a0a4f96b][81920]
Proc C:\WINDOWS\system32\lsass.exe[84885f9b82f4d55c6146ebf6065d75d2][13312]
Proc C:\WINDOWS\system32\nvsvc32.exe[0febe37db6650faa5965c00545009d1d][159810]
Proc C:\WINDOWS\system32\RunDLL32.exe[da285490bbd8a1d0ce6623577d5ba1ff][33280]
Proc C:\WINDOWS\system32\SearchIndexer.exe[7778bdfa3f6f6fba0e75b9594098f737][439808]
Proc C:\WINDOWS\system32\services.exe[c6ce6eec82f187615d1002bb3bb50ed4][108032]
Proc C:\WINDOWS\system32\spoolsv.exe[da81ec57acd4cdc3d4c51cf3d409af9f][57856]
Proc C:\WINDOWS\system32\svchost.exe[8f078ae4ed187aaabc0a305146de6716][14336]
RegRun c:\docume~1\korisnik\locals~1\temp\rarsfx0\yahoomessenger.exe [bb5e7b73a3a54ccf329325807e5122fe][4662776]
RegRun c:\program files\adobe\reader 9.0\reader\reader_sl.exe[69b16c7b7746ba5c642fc05b3561fc73][34672]
RegRun c:\program files\common files\nero\lib\nerocheck.exe[925659214e5e6749c4b6b6e87b3a82d6][570664]
RegRun c:\program files\cyberlink\powerdvd\pdvdserv.exe[8fb740d758b14b1bc950cc347c21e461][32768]
RegRun c:\program files\java\jre6\bin\jusched.exe[b98ffa8288efaabc436c30d198608345][136600]
RegRun c:\program files\kaspersky lab\kaspersky internet security 2009\avp.exe[16784221ea2556605ead8f09439ca638][206088]
RegRun c:\program files\nero\nero8\nero backitup\nbkeyscan.exe[de9bd75fadb913f4e418cfba381d7198][2221352]
RegRun c:\program files\quicktime\qttask.exe [6cd5c3276c83f72677d647f27ee14abd][413696]
RegRun c:\program files\sandboxie\sbiectrl.exe[20213fa77deb6c0892c6e3b2968d2470][313856]
RegRun c:\program files\viaudioi\sbadeck\adeck.exe [accbea050864b65d208434e9539bd5c3][450560]
RegRun C:\WINDOWS\khalmnpr.exe[e6a9f68d26a094fb78b98180a40a29fc][76304]
RegRun c:\windows\system32\ctfmon.exe[24232996a38c0b0cf151c2140ae29fc8][15360]
RegRun c:\windows\system32\nvcpl.dll[c1ea489dd8b5e57b03e2fd5a1500621b][7700480]
Service c:\program files\cdburnerxp\nmsaccessu.exe[fd306fbcce7adb1077b709742e7148e9][71096]
Service c:\program files\common files\adobe systems shared\service\adobelmsvc.exe[8b46d5a1d3ef08232c04d0eafb871fb2][72704]
Service c:\program files\common files\installshield\driver\1050\intel 32\idrivert.exe[6f95324909b502e2651442c1548ab12f][73728]
Service c:\program files\common files\logishrd\bluetooth\lbtserv.exe[a0f7dc0080e4f97dc97de08b699e231b][121360]
Service c:\program files\common files\microsoft shared\source engine\ose.exe[7a56cf3e3f12e8af599963b16f50fb6a][89136]
Service c:\program files\common files\microsoft shared\vs7debug\mdm.exe[11f714f85530a2bd134074dc30e99fca][322120]
Service c:\program files\common files\nero\lib\nmindexingservice.exe[cb992ae1506985d9167e85883b4c3240][537896]
Service c:\program files\grisoft\avg anti-spyware 7.5\guard.exe[5dcd235c061022bcda9aa48670b64211][312880]
Service c:\program files\iolo\common\lib\ioloservicemanager.exe[a08e0b97528083cb83e86dd34d0d0311][572776]
Service c:\program files\java\jre6\bin\jqs.exe [32192b4ebe8720ed8d49a455c962cb91][152984]
Service c:\program files\kaspersky lab\kaspersky internet security 2009\avp.exe [16784221ea2556605ead8f09439ca638][206088]
Service c:\program files\lavasoft\ad-aware\aawservice.exe[17067069b9a7865028c1f2e6971d0ccc][611664]
Service c:\program files\microsoft sql server\80\tools\binn\sqladhlp.exe[cb7524c21727404bd3140dca32deb7de][66112]
Service c:\program files\nero\nero8\nero backitup\nbservice.exe[2aae889742376edc5c3203dfb74f28fd][877864]
Service c:\program files\sandboxie\sbiesvc.exe[a8ab93a38f3a941c2946a17724a43ca3][52736]
Service c:\program files\sisoftware\sisoftware sandra professional home xii\rpcsandrasrv.exe[0ac17a2de485c1d6a7076c97eab904a1][1441968]
Service c:\program files\sisoftware\sisoftware sandra professional home xii\win32\rpcdatasrv.exe[7f73076ff632bb4ec0b3e3194a9db1a0][184504]
Service c:\program files\sony\shared plug-ins\media manager\mssql$sony_mediamgr\binn\sqlagent.exe [e3f974bdedc336490a2e6f3a703f016a][311872]
Service c:\program files\sony\shared plug-ins\media manager\mssql$sony_mediamgr\binn\sqlservr.exe [f80eec5e1d6cdf82cb974daada0c57dd][7520337]
Service c:\program files\windows media player\wmpnetwk.exe[f74e3d9a7fa9556c3bbb14d4e5e63d3b][913408]
Service c:\windows\microsoft.net\framework\v2.0.50727\aspnet_state.exe[4eabf511b1af176a971c3271e48fa3a8][33800]
Service c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe[234b1bc2796483e1f5c3f26649fb3388][70144]
Service c:\windows\microsoft.net\framework\v3.0\windows communication foundation\infocard.exe[e7cc3aeaed9893a88876744cd439f76c][864256]
Service c:\windows\microsoft.net\framework\v3.0\windows communication foundation\smsvchost.exe[f9102685f97f9ba85f4a70afcf722cfe][122880]
Service c:\windows\microsoft.net\framework\v3.0\wpf\presentationfontcache.exe[993883524aa9cf1c90e1545411a9ac9c][36864]
Service c:\windows\system32\alg.exe[f1958fbf86d5c004cf19a5951a9514b7][44544]
Service c:\windows\system32\cisvc.exe[3192bd04d032a9c4a85a3278c268a13a][5632]
Service c:\windows\system32\clipsrv.exe[c8dec22c4137d7a90f8bdf41ca4b82ae][33280]
Service C:\WINDOWS\system32\crypserv.exe[85a6662b5f12b84d599a74119f04b381][52224]
Service c:\windows\system32\dllhost.exe [dd87db7387b9eb441c5674888a0d840c][5120]
Service c:\windows\system32\dmadmin.exe [554c7cb178fe3bd12450b81ad63adbc3][224768]
Service c:\windows\system32\imapi.exe[fa788520bcac0f5d9d5cde5615c0d931][150016]
Service c:\windows\system32\ioctlsvc.exe[875e4e0661f3a5994df9e5e3a0a4f96b][81920]
Service c:\windows\system32\locator.exe[793f04a09b15e7c6c11dbdffaf06c0ab][75264]
Service c:\windows\system32\lsass.exe[84885f9b82f4d55c6146ebf6065d75d2][13312]
Service c:\windows\system32\mnmsrvc.exe[f6415361201915b9fe3896b0e4e724ff][32768]
Service c:\windows\system32\msdtc.exe[c7c3d89eb0a6f3dba622ea737fa335b1][6144]
Service c:\windows\system32\msiexec.exe [f5f0146580e7023adb963879840777f8][78848]
Service c:\windows\system32\netdde.exe[05afb5ad06462257bea7495283c86d50][111104]
Service c:\windows\system32\nvsvc32.exe[0febe37db6650faa5965c00545009d1d][159810]
Service c:\windows\system32\rsvp.exe[471b3f9741d762abe75e9deea4787e47][132608]
Service c:\windows\system32\scardsvr.exe[25d8de134df108e3dbc8d7d23b1aa58e][95744]
Service c:\windows\system32\searchindexer.exe [7778bdfa3f6f6fba0e75b9594098f737][439808]
Service c:\windows\system32\services.exe[c6ce6eec82f187615d1002bb3bb50ed4][108032]
Service c:\windows\system32\sessmgr.exe[729798e0933076b8fcfcd9934698f164][140800]
Service c:\windows\system32\smlogsvc.exe[8b54aa346d1b1b113ffaa75501b8b1b2][89600]
Service c:\windows\system32\spoolsv.exe[da81ec57acd4cdc3d4c51cf3d409af9f][57856]
Service c:\windows\system32\svchost.exe [8f078ae4ed187aaabc0a305146de6716][14336]
Service c:\windows\system32\tuneupdefragservice.exe[0d630405311e1ae574bc2ec6681e485e][355584]
Service c:\windows\system32\ups.exe[3f5df65b0758675f95a2d43918a740a3][18432]
Service c:\windows\system32\vssvc.exe[3ee00364ae0fd8d604f46cbaf512838a][289792]
Service c:\windows\system32\wbem\wmiapsrv.exe[ba8cecc3e813e1f7c441b20393d4f86c][126464]
Startup c:\documents and settings\all users\start menu\programs\startup\desktop.ini[d6a6856702e3f0953e7246a9b4a9fe35][84]
Startup c:\documents and settings\korisnik\start menu\programs\startup\desktop.ini[d6a6856702e3f0953e7246a9b4a9fe35][84]
Startup c:\program files\common files\adobe\calibration\adobe gamma loader.exe[c2ff17734176cd15221c10044ef0ba1a][113664]
Startup c:\program files\logitech\setpoint\setpoint.exe[d0948be9b3547b9669195d7f84fc09f7][805392]
Startup c:\program files\windows desktop search\windowssearch.exe[b5c9f63c01fcfec3f64ec6a0940a1825][123904]
System.ini c:\windows\system32\svchost.exe [8f078ae4ed187aaabc0a305146de6716][14336]

Startup folder: (5)
Startup name: desktop.ini
Command: C:\Documents and Settings\korisnik\Start Menu\Programs\Startup\desktop.ini
Startup name: Adobe Gamma.lnk
Command: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Startup name: desktop.ini
Command: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
Startup name: Logitech SetPoint.lnk
Command: C:\Program Files\Logitech\SetPoint\SetPoint.exe
Startup name: Windows Search.lnk
Command: C:\Program Files\Windows Desktop Search\WindowsSearch.exe

Win.ini Startup: (1)
Path: No additional driver found!

Win.ini Startup: (1)
Path: No additional driver found!

Keyboard drivers: (1)
Name: No Keyboard Filter driver found!

Services: (111)
Service Name: .NET Runtime Optimization Service v2.0.50727_X86 [Stopped],
Path: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
Service Name: Adobe LM Service [Stopped],
Path: "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"
Service Name: Alerter [Stopped],
Path: C:\WINDOWS\system32\svchost.exe -k LocalService
Service Name: Application Layer Gateway Service [Running],
Path: C:\WINDOWS\System32\alg.exe
Service Name: Application Management [Stopped],
Path: C:\WINDOWS\system32\svchost.exe -k netsvcs
Service Name: ASP.NET State Service [Stopped],
Path: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
Service Name: Automatic Updates [Running],
Path: C:\WINDOWS\system32\svchost.exe -k netsvcs
Service Name: AVG Anti-Spyware Guard [Running],
Path: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
Service Name: Background Intelligent Transfer Service [Stopped],
Path: C:\WINDOWS\system32\svchost.exe -k netsvcs
Service Name: ClipBook [Stopped],
Path: C:\WINDOWS\system32\clipsrv.exe
Service Name: COM+ Event System [Running],
Path: C:\WINDOWS\system32\svchost.exe -k netsvcs
Service Name: COM+ System Application [Stopped],
Path: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
Service Name: Computer Browser [Running],
Path: C:\WINDOWS\system32\svchost.exe -k netsvcs
Service Name: Crypkey License [Running],
Path: crypserv.exe
Service Name: Cryptographic Services [Running],
Path: C:\WINDOWS\system32\svchost.exe -k netsvcs
Service Name: DCOM Server Process Launcher [Running],
Path: C:\WINDOWS\system32\svchost -k DcomLaunch
Service Name: DHCP Client [Running],
Path: C:\WINDOWS\system32\svchost.exe -k netsvcs
Service Name: Distributed Link Tracking Client [Running],
Path: C:\WINDOWS\system32\svchost.exe -k netsvcs
Service Name: Distributed Transaction Coordinator [Stopped],
Path: C:\WINDOWS\system32\msdtc.exe
Service Name: DNS Client [Stopped],
Path: C:\WINDOWS\system32\svchost.exe -k NetworkService
Service Name: Error Reporting Service [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Event Log [Running],
Path: C:\WINDOWS\system32\services.exe
Service Name: Fast User Switching Compatibility [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Help and Support [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: HTTP SSL [Stopped],
Path: C:\WINDOWS\System32\svchost.exe -k HTTPFilter
Service Name: Human Interface Device Access [Stopped],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: IMAPI CD-Burning COM Service [Stopped],
Path: C:\WINDOWS\system32\imapi.exe
Service Name: Indexing Service [Stopped],
Path: C:\WINDOWS\system32\cisvc.exe
Service Name: InstallDriver Table Manager [Stopped],
Path: "C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"
Service Name: iolo FileInfoList Service [Running],
Path: C:\Program Files\iolo\common\lib\ioloServiceManager.exe
Service Name: iolo System Service [Running],
Path: C:\Program Files\iolo\common\lib\ioloServiceManager.exe
Service Name: Ipdtttdpsciw [Stopped],
Path:
Service Name: IPSEC Services [Running],
Path: C:\WINDOWS\system32\lsass.exe
Service Name: Java Quick Starter [Running],
Path: "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
Service Name: Kaspersky Internet Security [Running],
Path: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe -r
Service Name: Lavasoft Ad-Aware Service [Running],
Path: "C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe"
Service Name: Logical Disk Manager [Stopped],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Logical Disk Manager Administrative Service [Stopped],
Path: C:\WINDOWS\System32\dmadmin.exe /com
Service Name: Logitech Bluetooth Service [Stopped],
Path: C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
Service Name: Machine Debug Manager [Running],
Path: "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"
Service Name: Messenger [Stopped],
Path: C:\WINDOWS\system32\svchost.exe -k netsvcs
Service Name: MS Software Shadow Copy Provider [Stopped],
Path: C:\WINDOWS\system32\dllhost.exe /Processid:{31066B5F-7916-44B6-872D-552FCF86407F}
Service Name: MSSQL$SONY_MEDIAMGR [Stopped],
Path: C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -sSONY_MEDIAMGR
Service Name: MSSQLServerADHelper [Stopped],
Path: C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe
Service Name: Nero BackItUp Scheduler 3 [Running],
Path: C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
Service Name: Net Logon [Stopped],
Path: C:\WINDOWS\system32\lsass.exe
Service Name: Net.Tcp Port Sharing Service [Stopped],
Path: "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"
Service Name: NetMeeting Remote Desktop Sharing [Stopped],
Path: C:\WINDOWS\system32\mnmsrvc.exe
Service Name: Network Connections [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Network DDE [Stopped],
Path: C:\WINDOWS\system32\netdde.exe
Service Name: Network DDE DSDM [Stopped],
Path: C:\WINDOWS\system32\netdde.exe
Service Name: Network Location Awareness (NLA) [Running],
Path: C:\WINDOWS\system32\svchost.exe -k netsvcs
Service Name: Network Provisioning Service [Stopped],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: NMIndexingService [Stopped],
Path: "C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe"
Service Name: NMSAccessU [Running],
Path: C:\Program Files\CDBurnerXP\NMSAccessU.exe
Service Name: NT LM Security Support Provider [Stopped],
Path: C:\WINDOWS\system32\lsass.exe
Service Name: NVIDIA Display Driver Service [Running],
Path: C:\WINDOWS\system32\nvsvc32.exe
Service Name: Office Source Engine [Stopped],
Path: "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
Service Name: Performance Logs and Alerts [Stopped],
Path: C:\WINDOWS\system32\smlogsvc.exe
Service Name: PLFlash DeviceIoControl Service [Running],
Path: C:\WINDOWS\system32\IoctlSvc.exe
Service Name: Plug and Play [Running],
Path: C:\WINDOWS\system32\services.exe
Service Name: Portable Media Serial Number Service [Stopped],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Print Spooler [Running],
Path: C:\WINDOWS\system32\spoolsv.exe
Service Name: Protected Storage [Running],
Path: C:\WINDOWS\system32\lsass.exe
Service Name: Ql1suiuorks [Stopped],
Path:
Service Name: QoS RSVP [Stopped],
Path: C:\WINDOWS\system32\rsvp.exe
Service Name: Remote Access Auto Connection Manager [Stopped],
Path: C:\WINDOWS\system32\svchost.exe -k netsvcs
Service Name: Remote Access Connection Manager [Running],
Path: C:\WINDOWS\system32\svchost.exe -k netsvcs
Service Name: Remote Desktop Help Session Manager [Stopped],
Path: C:\WINDOWS\system32\sessmgr.exe
Service Name: Remote Procedure Call (RPC) [Running],
Path: C:\WINDOWS\system32\svchost -k rpcss
Service Name: Remote Procedure Call (RPC) Locator [Stopped],
Path: C:\WINDOWS\system32\locator.exe
Service Name: Removable Storage [Stopped],
Path: C:\WINDOWS\system32\svchost.exe -k netsvcs
Service Name: Routing and Remote Access [Stopped],
Path: C:\WINDOWS\system32\svchost.exe -k netsvcs
Service Name: Sandboxie Service [Running],
Path: C:\Program Files\Sandboxie\SbieSvc.exe
Service Name: Secondary Logon [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Security Accounts Manager [Running],
Path: C:\WINDOWS\system32\lsass.exe
Service Name: Security Center [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Server [Running],
Path: C:\WINDOWS\system32\svchost.exe -k netsvcs
Service Name: Shell Hardware Detection [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: SiSoftware Database Agent Service [Stopped],
Path: C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home XII\Win32\RpcDataSrv.exe
Service Name: SiSoftware Sandra Agent Service [Stopped],
Path: C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home XII\RpcSandraSrv.exe
Service Name: Smart Card [Stopped],
Path: C:\WINDOWS\System32\SCardSvr.exe
Service Name: SQLAgent$SONY_MEDIAMGR [Stopped],
Path: C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -i SONY_MEDIAMGR
Service Name: SSDP Discovery Service [Running],
Path: C:\WINDOWS\system32\svchost.exe -k LocalService
Service Name: System Event Notification [Running],
Path: C:\WINDOWS\system32\svchost.exe -k netsvcs
Service Name: System Restore Service [Stopped],
Path: C:\WINDOWS\system32\svchost.exe -k netsvcs
Service Name: Task Scheduler [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: TCP/IP NetBIOS Helper [Running],
Path: C:\WINDOWS\system32\svchost.exe -k LocalService
Service Name: Telephony [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Terminal Services [Running],
Path: C:\WINDOWS\System32\svchost -k DComLaunch
Service Name: Themes [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: TuneUp Drive Defrag Service [Stopped],
Path: C:\WINDOWS\System32\TuneUpDefragService.exe
Service Name: TuneUp Theme Extension [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Uninterruptible Power Supply [Stopped],
Path: C:\WINDOWS\System32\ups.exe
Service Name: Universal Plug and Play Device Host [Running],
Path: C:\WINDOWS\system32\svchost.exe -k LocalService
Service Name: Volume Shadow Copy [Stopped],
Path: C:\WINDOWS\System32\vssvc.exe
Service Name: WebClient [Running],
Path: C:\WINDOWS\system32\svchost.exe -k LocalService
Service Name: Windows Audio [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Windows CardSpace [Stopped],
Path: "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
Service Name: Windows Driver Foundation - User-mode Driver Framework [Stopped],
Path: C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
Service Name: Windows Firewall/Internet Connection Sharing (ICS) [Running],
Path: C:\WINDOWS\system32\svchost.exe -k netsvcs
Service Name: Windows Image Acquisition (WIA) [Stopped],
Path: C:\WINDOWS\system32\svchost.exe -k imgsvc
Service Name: Windows Installer [Stopped],
Path: C:\WINDOWS\system32\msiexec.exe /V
Service Name: Windows Management Instrumentation [Running],
Path: C:\WINDOWS\system32\svchost.exe -k netsvcs
Service Name: Windows Media Player Network Sharing Service [Stopped],
Path: "C:\Program Files\Windows Media Player\WMPNetwk.exe"
Service Name: Windows Presentation Foundation Font Cache 3.0.0.0 [Stopped],
Path: C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
Service Name: Windows Search [Running],
Path: C:\WINDOWS\system32\SearchIndexer.exe /Embedding
Service Name: Windows Time [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Wireless Zero Configuration [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: WMI Performance Adapter [Stopped],
Path: C:\WINDOWS\system32\wbem\wmiapsrv.exe
Service Name: Workstation [Running],
Path: C:\WINDOWS\system32\svchost.exe -k netsvcs
Finished...


and RSIT

in the next one
thanks

#4 BookwormAa

BookwormAa
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:54 AM

Posted 02 January 2009 - 02:41 PM

No changes in PC.Everything little slower. But haven't burned anything yet.
Anti Trojan Elite - 0
Trojan Killer - 0
Trojan Remover - 0



Logfile of random's system information tool 1.05 (written by random/random)
Run by korisnik at 2009-01-02 20:19:53
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 12 GB (38%) free of 32 GB
Total RAM: 1024 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:20:08 PM, on 1/2/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Documents and Settings\korisnik\Desktop\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\hijackthis_sfx\korisnik.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: IE7Pro BHO - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: IECatcher Class - {B930BA63-9E5A-11D3-A288-0000E80E2EDE} - C:\PROGRA~1\MASSDO~1\MDHELPER.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\DOCUME~1\korisnik\LOCALS~1\Temp\RarSFX4\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: + &Download Express: download this file - C:\Program Files\Download Express\Add_Url.htm
O8 - Extra context menu item: + &Mass Downloader: download this file - C:\Program Files\Mass Downloader\Add_Url.htm
O8 - Extra context menu item: + Mass Downloader: download &All files - C:\Program Files\Mass Downloader\Add_All.htm
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: Mass Downloader - {0FD01980-CCCB-11D3-80D4-0000E80E2EDE} - C:\Program Files\Mass Downloader\massdown.exe
O9 - Extra 'Tools' menuitem: &Mass Downloader - {0FD01980-CCCB-11D3-80D4-0000E80E2EDE} - C:\Program Files\Mass Downloader\massdown.exe
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1204346417046
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1227821469093
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab
O20 - AppInit_DLLs: wbsys.dll,C:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~2\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~2\kloehk.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Asynx8hi - Canopus Co,. Ltd. - C:\WINDOWS\system32\drivers\cdrblock.sys
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security (avp) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Ql1suiuorks - Sonic Solutions - (no file)
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home XII\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home XII\RpcSandraSrv.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 12781 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00011268-E188-40DF-A514-835FCD78B1BF}]
IE7Pro BHO - C:\Program Files\IEPro\iepro.dll [2008-09-24 756840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}]
Octh Class - C:\Program Files\Orbitdownloader\orbitcth.dll [2008-10-31 130248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
IDMIEHlprObj Class - C:\Program Files\Internet Download Manager\IDMIECC.dll [2008-11-15 153008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-07-06 308856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll [2008-08-11 656696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll [2008-11-11 62728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-10 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B930BA63-9E5A-11D3-A288-0000E80E2EDE}]
IECatcher Class - C:\PROGRA~1\MASSDO~1\MDHELPER.DLL [2008-04-14 57344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-10 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-10 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{C55BBCD6-41AD-48AD-9953-3609C48EACC7} - Grab Pro - C:\Program Files\Orbitdownloader\GrabPro.dll [2008-10-31 441464]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AudioDeck"=C:\Program Files\VIAudioi\SBADeck\ADeck.exe [2006-12-27 450560]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMCTray.dll [2006-10-22 86016]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2008-02-29 76304]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2008-06-19 570664]
"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-06-08 2221352]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-10 136600]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2008-11-11 206088]
"TrojanScanner"=C:\Program Files\Trojan Remover\Trjscan.exe [2008-12-10 1230728]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2006-02-28 15360]
"SandboxieControl"=C:\Program Files\Sandboxie\SbieCtrl.exe [2008-11-15 313856]
"Yahoo! Pager"=C:\DOCUME~1\korisnik\LOCALS~1\Temp\RarSFX4\YahooMessenger.exe [2006-10-24 4662776]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="wbsys.dll,C:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~2\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~2\kloehk.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2008-12-23 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2008-11-11 218376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2008-05-02 72208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\MCPClient]
C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll [2005-01-31 49152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WBSrv]
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll [2008-03-02 229376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - C:\PROGRA~1\COMMON~1\Stardock\MCPCore.dll [2005-05-10 86016]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"=C:\PROGRA~1\DVDREG~1\DVDShell.dll [2004-10-09 49152]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"=C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [2007-05-30 79408]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-22 77824]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home XII\Win32\RpcDataSrv.exe"="C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home XII\Win32\RpcDataSrv.exe:*:Enabled:SiSoftware Database Agent Service"
"C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home XII\RpcSandraSrv.exe"="C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home XII\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service"
"C:\Program Files\IEPro\MiniDM.exe"="C:\Program Files\IEPro\MiniDM.exe:*:Enabled:MiniDM"
"C:\Program Files\Orbitdownloader\orbitdm.exe"="C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit"
"C:\Program Files\Orbitdownloader\orbitnet.exe"="C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit"
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd163057-2d8b-11dd-9e3c-000c6e9a9f15}]
shell\Auto\command - AdobeR.exe e
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d4e11b06-53a1-11dd-a2a5-000c6e9a9f15}]
shell\Auto\command - AdobeR.exe e
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d592391e-16b8-11dd-8d9c-000c6e9a9f15}]
shell\Auto\command - AdobeR.exe e
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e


======File associations======

.js - open -

======List of files/folders created in the last 1 months======

2009-01-02 04:37:45 ----D---- C:\Program Files\Carmageddon II Carpocalypse Now
2009-01-02 01:29:06 ----D---- C:\Program Files\Xicat
2008-12-28 10:39:20 ----D---- C:\Program Files\Trojan Remover
2008-12-28 10:39:20 ----D---- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-12-28 02:48:56 ----D---- C:\Program Files\Anti Trojan Elite
2008-12-27 23:23:42 ----D---- C:\Program Files\InCode Solutions
2008-12-27 22:52:25 ----D---- C:\Program Files\Trojan Killer
2008-12-27 22:18:57 ----D---- C:\Documents and Settings\korisnik\Application Data\Simply Super Software
2008-12-25 11:11:18 ----A---- C:\Documents and Settings\All Users\Application Data\xml2767.tmp
2008-12-25 11:11:18 ----A---- C:\Documents and Settings\All Users\Application Data\xml2766.tmp
2008-12-25 11:11:18 ----A---- C:\Documents and Settings\All Users\Application Data\xml2765.tmp
2008-12-25 11:11:18 ----A---- C:\Documents and Settings\All Users\Application Data\xml2764.tmp
2008-12-25 02:05:18 ----D---- C:\rsit
2008-12-24 12:44:39 ----D---- C:\Documents and Settings\korisnik\Application Data\Malwarebytes
2008-12-24 12:44:32 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-24 12:44:32 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-24 00:03:49 ----D---- C:\Program Files\Ace Utilities
2008-12-23 21:57:45 ----D---- C:\Documents and Settings\All Users\Application Data\Martau
2008-12-23 21:57:43 ----D---- C:\Program Files\Total Uninstall 5
2008-12-23 18:32:23 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-10 06:06:37 ----D---- C:\Documents and Settings\All Users\Application Data\Alawar Stargaze
2008-12-10 06:06:06 ----D---- C:\Documents and Settings\All Users\Application Data\AlawarWrapper
2008-12-04 13:46:20 ----D---- C:\Program Files\Mass Downloader
2008-12-04 07:46:20 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-04 07:46:20 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-04 07:46:20 ----A---- C:\WINDOWS\system32\java.exe

======List of files/folders modified in the last 1 months======

2009-01-02 20:20:07 ----D---- C:\hijackthis_sfx
2009-01-02 20:12:04 ----D---- C:\Documents and Settings\korisnik\Application Data\MailWasherPro
2009-01-02 18:43:50 ----D---- C:\Program Files\Mozilla Firefox
2009-01-02 16:29:56 ----D---- C:\WINDOWS\Temp
2009-01-02 16:28:18 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2009-01-02 16:28:10 ----D---- C:\WINDOWS\Prefetch
2009-01-02 16:27:54 ----D---- C:\WINDOWS
2009-01-02 11:03:04 ----D---- C:\WINDOWS\system32\drivers
2009-01-02 11:01:20 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-02 11:00:26 ----D---- C:\Documents and Settings\All Users\Application Data\Soulseek
2009-01-02 04:37:45 ----D---- C:\Program Files
2009-01-02 03:58:43 ----A---- C:\WINDOWS\NeroDigital.ini
2009-01-02 02:06:49 ----A---- C:\WINDOWS\Sandboxie.ini
2009-01-02 01:29:06 ----HD---- C:\Program Files\InstallShield Installation Information
2009-01-02 01:27:17 ----HD---- C:\WINDOWS\inf
2009-01-02 01:27:09 ----D---- C:\WINDOWS\system32
2009-01-02 00:36:44 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-01-01 21:09:29 ----D---- C:\Program Files\AruaROSE
2009-01-01 18:08:06 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-30 21:13:39 ----A---- C:\WINDOWS\DVDRegionFree.INI
2008-12-28 10:01:21 ----D---- C:\Documents and Settings\korisnik\Application Data\uTorrent
2008-12-28 03:17:28 ----D---- C:\ff
2008-12-28 03:12:54 ----SHD---- C:\WINDOWS\Installer
2008-12-28 03:12:54 ----SHD---- C:\Config.Msi
2008-12-27 23:14:54 ----D---- C:\Program Files\The Cleaner Free
2008-12-27 23:09:00 ----D---- C:\Documents and Settings\korisnik\Application Data\DMCache
2008-12-27 23:04:47 ----D---- C:\Program Files\Orbitdownloader
2008-12-26 17:09:01 ----D---- C:\def
2008-12-24 17:24:34 ----SHD---- C:\RECYCLER
2008-12-23 18:32:56 ----D---- C:\Documents and Settings
2008-12-23 14:35:59 ----D---- C:\WINDOWS\system32\MsDtc
2008-12-23 14:35:59 ----D---- C:\WINDOWS\system32\config
2008-12-23 14:35:58 ----D---- C:\WINDOWS\repair
2008-12-23 14:35:57 ----D---- C:\WINDOWS\Logs
2008-12-23 13:52:31 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-23 11:42:02 ----D---- C:\Program Files\SUPERAntiSpyware
2008-12-22 13:17:14 ----D---- C:\Program Files\Opera
2008-12-22 11:32:33 ----D---- C:\Documents and Settings\korisnik\Application Data\Azureus
2008-12-22 11:29:26 ----D---- C:\Program Files\Azureus
2008-12-22 11:16:28 ----D---- C:\Program Files\BitComet
2008-12-16 07:04:22 ----SHD---- C:\System Volume Information
2008-12-16 07:04:22 ----D---- C:\WINDOWS\system32\Restore
2008-12-15 06:23:58 ----A---- C:\WINDOWS\win.ini
2008-12-14 18:21:52 ----D---- C:\Program Files\eMule
2008-12-13 10:04:11 ----D---- C:\Documents and Settings\korisnik\Application Data\Adobe
2008-12-12 22:16:48 ----D---- C:\Program Files\Alawar
2008-12-09 05:40:58 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-12-09 03:20:01 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-09 03:17:24 ----D---- C:\Program Files\Kaspersky Lab
2008-12-09 03:10:28 ----SD---- C:\WINDOWS\Tasks
2008-12-09 02:57:46 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-12-05 01:48:40 ----D---- C:\Downloads
2008-12-04 13:45:30 ----D---- C:\Documents and Settings\korisnik\Application Data\MetaProducts
2008-12-04 13:44:15 ----D---- C:\WINDOWS\Minidump
2008-12-04 07:46:17 ----D---- C:\Program Files\Java

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2006-02-28 37376]
R1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver; \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys []
R1 AvgAsCln;AVG Anti-Spyware Clean Driver; C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys [2007-05-30 10872]
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2007-03-22 43584]
R1 cdrblock;cdrblock; C:\WINDOWS\system32\DRIVERS\cdrblock.sys [2007-05-31 20864]
R1 cdrport;cdrport; C:\WINDOWS\system32\DRIVERS\cdrport.sys [2005-03-11 4608]
R1 FileDisk;FileDisk; C:\WINDOWS\system32\drivers\FileDisk.sys [2006-07-24 9341]
R1 klif;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2008-10-27 227344]
R1 NetworkX;NetworkX; C:\WINDOWS\system32\ckldrv.sys [2000-02-03 24608]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-05 28352]
R2 hardlock;hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
R2 Haspnt;Haspnt; \??\C:\WINDOWS\system32\drivers\Haspnt.sys []
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2008-09-22 43520]
R3 GearAspiWDM;GEARAspiWDM; C:\WINDOWS\system32\drivers\gearaspiwdm.sys [2006-11-14 15664]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 KLFLTDEV;Kaspersky Lab KLFltDev; C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592]
R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2008-02-29 20240]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2008-02-29 35344]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2008-02-29 36880]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 netrcacm;RCA USB Digital Cable Modem Driver; C:\WINDOWS\system32\DRIVERS\netrcacm.sys [2003-04-03 20648]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-22 3994624]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2008-02-28 10368]
R3 SbieDrv;SbieDrv; \??\C:\Program Files\Sandboxie\SbieDrv.sys []
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-02-28 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-02-28 57600]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2006-02-28 20480]
R3 VIAudio;Vinyl AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\vinyl97.sys [2006-12-27 202112]
R3 vulfnths;VIA USB Host Controller Lower Filter; C:\WINDOWS\System32\Drivers\vulfnth.sys [2005-01-05 6912]
R3 vulfntrs;VIA USB Roothub Lower Filter; C:\WINDOWS\System32\Drivers\vulfntr.sys [2005-06-06 11264]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-08-06 4122112]
S3 ATE_PROCMON;ATE_PROCMON; \??\C:\Program Files\Anti Trojan Elite\ATEPMon.sys []
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2008-02-29 28944]
S3 MS1000;MS1000; C:\WINDOWS\System32\DRIVERS\MS1000.sys [2008-09-24 5376]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 ultradfg;ultradfg; C:\WINDOWS\System32\DRIVERS\ultradfg.sys [2008-03-03 23040]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2006-02-28 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-07-12 611664]
R2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard; C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe [2007-05-30 312880]
R2 avp;Kaspersky Internet Security; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2008-11-11 206088]
R2 Crypkey License;Crypkey License; C:\WINDOWS\system32\crypserv.exe [2000-06-29 52224]
R2 ioloFileInfoList;iolo FileInfoList Service; C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2007-11-21 572776]
R2 ioloSystemService;iolo System Service; C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2007-11-21 572776]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-10 152984]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-06-08 877864]
R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-03-09 71096]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]
R2 SbieSvc;Sandboxie Service; C:\Program Files\Sandboxie\SbieSvc.exe [2008-11-15 52736]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2006-02-28 14336]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-03-07 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 Asynx8hi;Asynx8hi; C:\WINDOWS\system32\drivers\cdrblock.sys [2007-05-31 20864]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [2008-05-02 121360]
S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-06-24 537896]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SandraDataSrv;SiSoftware Database Agent Service; C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home XII\Win32\RpcDataSrv.exe [2007-08-15 184504]
S3 SandraTheSrv;SiSoftware Sandra Agent Service; C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home XII\RpcSandraSrv.exe [2007-08-15 1441968]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2008-11-14 355584]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2006-02-28 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

#5 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:54 PM

Posted 02 January 2009 - 11:12 PM

Hi again,

A Happy new year to you too.

Note 1: Your log(s) show that you are using so called peer-to-peer or file-sharing programs. These programs allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

Note 2: Your computer is infected with a flash drive infection. This type of infection get usually carried over through removable storage devices (flash drive/ USB drive/ thumb drive/ ipod/ memory stick/ memory card/ photo camera memory card/ external hard drive, etc) and networks. Please make sure you have your removable devices ready to disinfect. Don't connect them yet and please carry out the steps in the oreder they are written.

Note 3: You have too many security related programs on your computer and two of them have running services. It is good to be protected but overprotection can negatively effect your system. I suggest besides Kaspersky you keep two or at most three antspyware/antimalware and get rid of the rest. It is entirely optional and up to you but I recommend keeping MBAM and Spybot S&D and getting rid of all others.

Removal Instructions
  • AVG antispyware 7 is outdated. Please go to start > control panel > Add/Remove Programs and uninstall AVG 7 from there.

  • You have the latest version of Java and it is good. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please go to "Add or Remove Programs"
    Uninstall the following by clicking on the following entries and selecting "remove":

    All Java versions except Java™ 6 Update 11

  • Go to start > Run copy/paste the following lines one by one in the run box and click OK after each line.

    sc delete Ql1suiuorks
    sc delete Ipdtttdpsciw


  • We are going to repair a possible broken file associations.
    • Download Deckard's Association File Tool daft.exe and save it to your desktop.
    • Double click on it and click Run.
    • Click on the Scan button.
    • The faulty file associations will appear in red beside a checkbox. Just place a checkmark (tick) in the boxes in question.
    • Click the Fix button.
  • Open a notepad (Start > Run and type in Notepad ) make sure the wordwrap under Format menu is not selected.
    Copy and paste the text in code box into it.

    REGEDIT4 
    
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd163057-2d8b-11dd-9e3c-000c6e9a9f15}]
    
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d4e11b06-53a1-11dd-a2a5-000c6e9a9f15}]
    
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d592391e-16b8-11dd-8d9c-000c6e9a9f15}]
    • Save the file to the desktop as regfix.reg
    • Make sure the Save as type field says All files.
    • Locate regfix.reg on the desktop and double-click on it and confirm.
    • A window pops up asking if you are sure to add the file to the registry. Click Yes.
    • You get another window popup saying that regfix.reg successfully added to the registry.
    Note: You have to turn off any registry protector software you have in order the changes to be taken place.

  • Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
    • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
    • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
    • Wait until it has finished scanning and then exit the program.
    • Reboot your computer when done.
    Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.

  • Please read this carefully: http://www.zyxware.com/articles/2007/08/14...virus-infection

    Note: It is important to have autoplay feature turned off and not to open the thump drives by double clicking. Instead rightclick the drive and select Explore

    How do I turn off Autoplay in Windows XP for my external hard drive?
    • Open My Computer.
    • Right click on the drive letter assigned to your external drive.
    • Choose properties.
    • Click on the Autoplay tab.
    • Click the "Select an action to perform" option.
    • Choose "Take no action."
    • Click OK .
  • Please make sure that you can view all system and hidden files. Instructions on how to do this can be found here:
    How to see hidden files in Windows
    Note: When you finished the step you may set the folder view options to its default again.

  • Use the windows search advanced options:
    • Go to start -> Search -> click All files and folders.
    • Click More advanced options.
    • Put a check mark in the box nest to search system folders, search hidden files and folders and search sub-folders.
    • Make sure Case Sensitive box in not checked.
    • Type AdobeR.exe in the upper box and click on search.
    • Please let me know if you found any instances of the file. If yes please note down the path to the file.
  • Please run RSIT, set the list of Files/Folders created to 2 Months and copy/paste the content of log.txt to your reply (this time RSIT creates just one log).


#6 BookwormAa

BookwormAa
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:54 AM

Posted 03 January 2009 - 09:33 AM

sorry, hollidays.
doing everything!!!!
be back in 15 with results.
thanks

#7 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:54 PM

Posted 03 January 2009 - 09:50 AM

OK. Enjoy holidays!

#8 BookwormAa

BookwormAa
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:54 AM

Posted 03 January 2009 - 10:43 AM

finished


no instances of AdobeR.exe





Logfile of random's system information tool 1.05 (written by random/random)
Run by korisnik at 2009-01-03 16:27:29
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 12 GB (38%) free of 32 GB
Total RAM: 1024 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:27:36 PM, on 1/3/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\korisnik\Desktop\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\hijackthis_sfx\korisnik.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: IE7Pro BHO - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: IECatcher Class - {B930BA63-9E5A-11D3-A288-0000E80E2EDE} - C:\PROGRA~1\MASSDO~1\MDHELPER.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\DOCUME~1\korisnik\LOCALS~1\Temp\RarSFX4\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: + &Download Express: download this file - C:\Program Files\Download Express\Add_Url.htm
O8 - Extra context menu item: + &Mass Downloader: download this file - C:\Program Files\Mass Downloader\Add_Url.htm
O8 - Extra context menu item: + Mass Downloader: download &All files - C:\Program Files\Mass Downloader\Add_All.htm
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Mass Downloader - {0FD01980-CCCB-11D3-80D4-0000E80E2EDE} - C:\Program Files\Mass Downloader\massdown.exe
O9 - Extra 'Tools' menuitem: &Mass Downloader - {0FD01980-CCCB-11D3-80D4-0000E80E2EDE} - C:\Program Files\Mass Downloader\massdown.exe
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1204346417046
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1227821469093
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab
O20 - AppInit_DLLs: wbsys.dll,C:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~2\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~2\kloehk.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Internet Security (avp) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home XII\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home XII\RpcSandraSrv.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 12693 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00011268-E188-40DF-A514-835FCD78B1BF}]
IE7Pro BHO - C:\Program Files\IEPro\iepro.dll [2008-09-24 756840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}]
Octh Class - C:\Program Files\Orbitdownloader\orbitcth.dll [2008-10-31 130248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
IDMIEHlprObj Class - C:\Program Files\Internet Download Manager\IDMIECC.dll [2008-11-15 153008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-07-06 308856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll [2008-08-11 656696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll [2008-11-11 62728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-10 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B930BA63-9E5A-11D3-A288-0000E80E2EDE}]
IECatcher Class - C:\PROGRA~1\MASSDO~1\MDHELPER.DLL [2008-04-14 57344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-10 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-10 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{C55BBCD6-41AD-48AD-9953-3609C48EACC7} - Grab Pro - C:\Program Files\Orbitdownloader\GrabPro.dll [2008-10-31 441464]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AudioDeck"=C:\Program Files\VIAudioi\SBADeck\ADeck.exe [2006-12-27 450560]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMCTray.dll [2006-10-22 86016]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2008-02-29 76304]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2008-06-19 570664]
"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-06-08 2221352]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2008-11-11 206088]
"TrojanScanner"=C:\Program Files\Trojan Remover\Trjscan.exe [2008-12-10 1230728]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-10 136600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2006-02-28 15360]
"SandboxieControl"=C:\Program Files\Sandboxie\SbieCtrl.exe [2008-11-15 313856]
"Yahoo! Pager"=C:\DOCUME~1\korisnik\LOCALS~1\Temp\RarSFX4\YahooMessenger.exe [2006-10-24 4662776]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="wbsys.dll,C:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~2\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~2\kloehk.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2008-12-23 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2008-11-11 218376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2008-05-02 72208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\MCPClient]
C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll [2005-01-31 49152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WBSrv]
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll [2008-03-02 229376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - C:\PROGRA~1\COMMON~1\Stardock\MCPCore.dll [2005-05-10 86016]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"=C:\PROGRA~1\DVDREG~1\DVDShell.dll [2004-10-09 49152]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-22 77824]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=36
"NoDriveAutoRun"=FFFFFFFF

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home XII\Win32\RpcDataSrv.exe"="C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home XII\Win32\RpcDataSrv.exe:*:Enabled:SiSoftware Database Agent Service"
"C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home XII\RpcSandraSrv.exe"="C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home XII\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service"
"C:\Program Files\IEPro\MiniDM.exe"="C:\Program Files\IEPro\MiniDM.exe:*:Enabled:MiniDM"
"C:\Program Files\Orbitdownloader\orbitdm.exe"="C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit"
"C:\Program Files\Orbitdownloader\orbitnet.exe"="C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit"
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 2 months======

2009-01-03 16:18:32 ----RASHD---- C:\autorun.inf
2009-01-02 21:19:52 ----A---- C:\WINDOWS\system32\ptpusb.dll
2009-01-02 21:19:51 ----A---- C:\WINDOWS\system32\ptpusd.dll
2009-01-02 04:37:45 ----D---- C:\Program Files\Carmageddon II Carpocalypse Now
2009-01-02 01:29:06 ----D---- C:\Program Files\Xicat
2008-12-28 10:39:20 ----D---- C:\Program Files\Trojan Remover
2008-12-28 10:39:20 ----D---- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-12-28 02:48:56 ----D---- C:\Program Files\Anti Trojan Elite
2008-12-27 23:23:42 ----D---- C:\Program Files\InCode Solutions
2008-12-27 22:52:25 ----D---- C:\Program Files\Trojan Killer
2008-12-27 22:18:57 ----D---- C:\Documents and Settings\korisnik\Application Data\Simply Super Software
2008-12-25 11:11:18 ----A---- C:\Documents and Settings\All Users\Application Data\xml2767.tmp
2008-12-25 11:11:18 ----A---- C:\Documents and Settings\All Users\Application Data\xml2766.tmp
2008-12-25 11:11:18 ----A---- C:\Documents and Settings\All Users\Application Data\xml2765.tmp
2008-12-25 11:11:18 ----A---- C:\Documents and Settings\All Users\Application Data\xml2764.tmp
2008-12-25 02:05:18 ----D---- C:\rsit
2008-12-24 12:44:39 ----D---- C:\Documents and Settings\korisnik\Application Data\Malwarebytes
2008-12-24 12:44:32 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-24 12:44:32 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-24 00:03:49 ----D---- C:\Program Files\Ace Utilities
2008-12-23 21:57:45 ----D---- C:\Documents and Settings\All Users\Application Data\Martau
2008-12-23 21:57:43 ----D---- C:\Program Files\Total Uninstall 5
2008-12-23 18:32:23 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-10 06:06:37 ----D---- C:\Documents and Settings\All Users\Application Data\Alawar Stargaze
2008-12-10 06:06:06 ----D---- C:\Documents and Settings\All Users\Application Data\AlawarWrapper
2008-12-04 13:46:20 ----D---- C:\Program Files\Mass Downloader
2008-12-04 07:46:20 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-04 07:46:20 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-04 07:46:20 ----A---- C:\WINDOWS\system32\java.exe
2008-11-27 22:29:22 ----D---- C:\mub
2008-11-27 01:03:07 ----D---- C:\Program Files\AruaROSE
2008-11-25 02:39:53 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-11-22 21:16:19 ----D---- C:\Documents and Settings\korisnik\Application Data\GetRight Pro
2008-11-18 09:22:12 ----D---- C:\Documents and Settings\korisnik\Application Data\dvdcss
2008-11-15 00:59:39 ----D---- C:\Documents and Settings\korisnik\Application Data\IDM
2008-11-15 00:59:38 ----D---- C:\Documents and Settings\korisnik\Application Data\DMCache
2008-11-15 00:59:36 ----D---- C:\Program Files\Internet Download Manager
2008-11-14 03:29:24 ----A---- C:\WINDOWS\system32\TUKernel.exe
2008-11-14 00:31:11 ----A---- C:\WINDOWS\system32\uxtuneup.dll
2008-11-14 00:31:09 ----A---- C:\WINDOWS\system32\TuneUpDefragService.exe
2008-11-14 00:31:05 ----D---- C:\Documents and Settings\korisnik\Application Data\TuneUp Software
2008-11-14 00:30:37 ----D---- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-11-14 00:30:32 ----D---- C:\Program Files\TuneUp Utilities 2008
2008-11-12 00:15:33 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-11-11 20:00:04 ----A---- C:\WINDOWS\system32\klogon.dll
2008-11-10 04:00:34 ----D---- C:\Documents and Settings\korisnik\Application Data\Nero
2008-11-10 03:56:11 ----D---- C:\Program Files\Common Files\Nero
2008-11-08 21:15:57 ----D---- C:\Documents and Settings\korisnik\Application Data\MainConcept
2008-11-08 21:05:55 ----D---- C:\Program Files\Common Files\MainConcept
2008-11-08 20:31:14 ----A---- C:\WINDOWS\canopus.ini
2008-11-08 20:18:12 ----A---- C:\WINDOWS\hasp_windows.dll
2008-11-08 20:18:12 ----A---- C:\WINDOWS\csejpeg.dll
2008-11-08 20:18:11 ----D---- C:\Program Files\Common Files\Snell & Wilcox Shared
2008-11-08 20:17:49 ----A---- C:\WINDOWS\system32\csempeg3.dll
2008-11-08 20:17:48 ----D---- C:\Program Files\Common Files\Canopus
2008-11-08 20:14:05 ----A---- C:\WINDOWS\system32\MFC71JPN.DLL
2008-11-08 20:14:05 ----A---- C:\WINDOWS\system32\MFC71ENU.DLL
2008-11-08 20:14:04 ----A---- C:\WINDOWS\system32\MFC71u.dll
2008-11-08 20:14:04 ----A---- C:\WINDOWS\system32\MFC71ITA.DLL
2008-11-08 20:14:04 ----A---- C:\WINDOWS\system32\MFC71FRA.DLL
2008-11-08 20:14:04 ----A---- C:\WINDOWS\system32\MFC71DEU.DLL
2008-11-08 20:14:04 ----A---- C:\WINDOWS\system32\MFC71CHT.DLL
2008-11-08 20:14:04 ----A---- C:\WINDOWS\system32\MFC71CHS.DLL
2008-11-08 20:11:17 ----N---- C:\WINDOWS\system32\pavplal.dll
2008-11-08 20:11:17 ----N---- C:\WINDOWS\system32\paveno.dll
2008-11-08 20:11:17 ----N---- C:\WINDOWS\system32\pavapi.dll
2008-11-08 20:11:17 ----A---- C:\WINDOWS\system32\pavedius4db.dll
2008-11-08 20:11:17 ----A---- C:\WINDOWS\system32\pavedius.dll
2008-11-08 19:16:44 ----D---- C:\Documents and Settings\korisnik\Application Data\MCMPEGEnc
2008-11-08 18:54:10 ----D---- C:\Program Files\MainConcept

======List of files/folders modified in the last 2 months======

2009-01-03 16:27:34 ----D---- C:\hijackthis_sfx
2009-01-03 16:23:55 ----D---- C:\WINDOWS\Temp
2009-01-03 16:19:30 ----D---- C:\Program Files\Mozilla Firefox
2009-01-03 16:19:20 ----A---- C:\WINDOWS\NeroDigital.ini
2009-01-03 16:18:32 ----D---- C:\WINDOWS\Prefetch
2009-01-03 15:58:01 ----D---- C:\WINDOWS\Help
2009-01-03 15:47:16 ----SHD---- C:\WINDOWS\Installer
2009-01-03 15:47:16 ----SHD---- C:\Config.Msi
2009-01-03 15:47:10 ----D---- C:\Program Files\Java
2009-01-03 15:47:10 ----D---- C:\Program Files\Common Files
2009-01-03 15:46:58 ----D---- C:\WINDOWS\system32
2009-01-03 15:41:44 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2009-01-03 15:41:21 ----D---- C:\WINDOWS\system32\drivers
2009-01-02 23:27:30 ----A---- C:\WINDOWS\DVDRegionFree.INI
2009-01-02 21:19:58 ----D---- C:\WINDOWS
2009-01-02 21:19:56 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-01-02 21:19:48 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-02 20:12:04 ----D---- C:\Documents and Settings\korisnik\Application Data\MailWasherPro
2009-01-02 11:01:20 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-02 11:00:26 ----D---- C:\Documents and Settings\All Users\Application Data\Soulseek
2009-01-02 04:37:45 ----D---- C:\Program Files
2009-01-02 02:06:49 ----A---- C:\WINDOWS\Sandboxie.ini
2009-01-02 01:29:06 ----HD---- C:\Program Files\InstallShield Installation Information
2009-01-02 01:27:17 ----HD---- C:\WINDOWS\inf
2009-01-02 00:36:44 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-28 10:01:21 ----D---- C:\Documents and Settings\korisnik\Application Data\uTorrent
2008-12-28 03:17:28 ----D---- C:\ff
2008-12-27 23:14:54 ----D---- C:\Program Files\The Cleaner Free
2008-12-27 23:04:47 ----D---- C:\Program Files\Orbitdownloader
2008-12-26 17:09:01 ----D---- C:\def
2008-12-24 17:24:34 ----SHD---- C:\RECYCLER
2008-12-23 18:32:56 ----D---- C:\Documents and Settings
2008-12-23 14:35:59 ----D---- C:\WINDOWS\system32\MsDtc
2008-12-23 14:35:59 ----D---- C:\WINDOWS\system32\config
2008-12-23 14:35:58 ----D---- C:\WINDOWS\repair
2008-12-23 14:35:57 ----D---- C:\WINDOWS\Logs
2008-12-23 13:52:31 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-23 11:42:02 ----D---- C:\Program Files\SUPERAntiSpyware
2008-12-22 13:17:14 ----D---- C:\Program Files\Opera
2008-12-22 11:32:33 ----D---- C:\Documents and Settings\korisnik\Application Data\Azureus
2008-12-22 11:29:26 ----D---- C:\Program Files\Azureus
2008-12-22 11:16:28 ----D---- C:\Program Files\BitComet
2008-12-16 07:04:22 ----SHD---- C:\System Volume Information
2008-12-16 07:04:22 ----D---- C:\WINDOWS\system32\Restore
2008-12-15 06:23:58 ----A---- C:\WINDOWS\win.ini
2008-12-14 18:21:52 ----D---- C:\Program Files\eMule
2008-12-13 10:04:11 ----D---- C:\Documents and Settings\korisnik\Application Data\Adobe
2008-12-12 22:16:48 ----D---- C:\Program Files\Alawar
2008-12-09 05:40:58 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-12-09 03:20:01 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-09 03:17:24 ----D---- C:\Program Files\Kaspersky Lab
2008-12-09 03:10:28 ----SD---- C:\WINDOWS\Tasks
2008-12-09 02:57:46 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-12-05 01:48:40 ----D---- C:\Downloads
2008-12-04 13:45:30 ----D---- C:\Documents and Settings\korisnik\Application Data\MetaProducts
2008-12-04 13:44:15 ----D---- C:\WINDOWS\Minidump
2008-11-30 21:27:23 ----D---- C:\Program Files\Soulseek
2008-11-27 22:37:13 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-11-27 22:31:25 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-25 19:25:22 ----RSD---- C:\WINDOWS\Fonts
2008-11-25 01:33:19 ----D---- C:\Program Files\Download Express
2008-11-22 03:56:36 ----D---- C:\Program Files\Miranda IM
2008-11-20 02:40:44 ----D---- C:\Documents and Settings\korisnik\Application Data\Orbit
2008-11-17 15:03:41 ----D---- C:\Program Files\Sony
2008-11-17 14:58:01 ----RSD---- C:\WINDOWS\assembly
2008-11-17 14:56:47 ----D---- C:\Documents and Settings\All Users\Application Data\Sony
2008-11-17 14:55:42 ----D---- C:\Program Files\Sony Setup
2008-11-15 02:46:12 ----D---- C:\Program Files\Common Files\Stardock
2008-11-14 05:28:45 ----A---- C:\WINDOWS\system32\pgdfgsvc.exe
2008-11-14 03:29:25 ----RSH---- C:\boot.ini
2008-11-14 01:06:20 ----D---- C:\Documents and Settings\All Users\Application Data\DriverScanner
2008-11-14 00:29:36 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-11-13 21:54:30 ----D---- C:\Program Files\Halloween Haunting Screen Saver 2.6
2008-11-10 03:56:12 ----D---- C:\Documents and Settings\All Users\Application Data\Nero
2008-11-10 03:56:11 ----D---- C:\Program Files\Nero
2008-11-10 03:56:06 ----D---- C:\WINDOWS\Cursors
2008-11-10 03:24:18 ----A---- C:\WINDOWS\Irremote.ini
2008-11-08 21:49:37 ----D---- C:\Program Files\Canopus
2008-11-08 20:42:26 ----D---- C:\Documents and Settings\All Users\Application Data\Canopus
2008-11-08 20:18:49 ----D---- C:\WINDOWS\system32\DirectX
2008-11-08 20:17:09 ----D---- C:\Documents and Settings\korisnik\Application Data\Canopus
2008-11-08 20:16:50 ----D---- C:\Program Files\Common Files\Canopus Shared
2008-11-08 20:15:30 ----D---- C:\WINDOWS\WinSxS
2008-11-07 18:00:13 ----D---- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-11-07 17:46:26 ----D---- C:\Program Files\AviSynth 2.5
2008-11-07 16:39:19 ----D---- C:\KAV
2008-11-07 16:26:09 ----A---- C:\WINDOWS\SysMech7.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2006-02-28 37376]
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2007-03-22 43584]
R1 cdrblock;cdrblock; C:\WINDOWS\system32\DRIVERS\cdrblock.sys [2007-05-31 20864]
R1 cdrport;cdrport; C:\WINDOWS\system32\DRIVERS\cdrport.sys [2005-03-11 4608]
R1 FileDisk;FileDisk; C:\WINDOWS\system32\drivers\FileDisk.sys [2006-07-24 9341]
R1 klif;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2008-10-27 227344]
R1 NetworkX;NetworkX; C:\WINDOWS\system32\ckldrv.sys [2000-02-03 24608]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-05 28352]
R2 hardlock;hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
R2 Haspnt;Haspnt; \??\C:\WINDOWS\system32\drivers\Haspnt.sys []
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2008-09-22 43520]
R3 GearAspiWDM;GEARAspiWDM; C:\WINDOWS\system32\drivers\gearaspiwdm.sys [2006-11-14 15664]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 KLFLTDEV;Kaspersky Lab KLFltDev; C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592]
R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2008-02-29 20240]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2008-02-29 35344]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2008-02-29 36880]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 netrcacm;RCA USB Digital Cable Modem Driver; C:\WINDOWS\system32\DRIVERS\netrcacm.sys [2003-04-03 20648]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-22 3994624]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2008-02-28 10368]
R3 SbieDrv;SbieDrv; \??\C:\Program Files\Sandboxie\SbieDrv.sys []
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-02-28 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-02-28 57600]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2006-02-28 20480]
R3 VIAudio;Vinyl AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\vinyl97.sys [2006-12-27 202112]
R3 vulfnths;VIA USB Host Controller Lower Filter; C:\WINDOWS\System32\Drivers\vulfnth.sys [2005-01-05 6912]
R3 vulfntrs;VIA USB Roothub Lower Filter; C:\WINDOWS\System32\Drivers\vulfntr.sys [2005-06-06 11264]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-08-06 4122112]
S3 ATE_PROCMON;ATE_PROCMON; \??\C:\Program Files\Anti Trojan Elite\ATEPMon.sys []
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2008-02-29 28944]
S3 MS1000;MS1000; C:\WINDOWS\System32\DRIVERS\MS1000.sys [2008-09-24 5376]
S3 Netdfrafis;Netdfrafis; C:\WINDOWS\system32\drivers\Netdfrafis.sys []
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 ultradfg;ultradfg; C:\WINDOWS\System32\DRIVERS\ultradfg.sys [2008-03-03 23040]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2006-02-28 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-07-12 611664]
R2 avp;Kaspersky Internet Security; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2008-11-11 206088]
R2 Crypkey License;Crypkey License; C:\WINDOWS\system32\crypserv.exe [2000-06-29 52224]
R2 ioloFileInfoList;iolo FileInfoList Service; C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2007-11-21 572776]
R2 ioloSystemService;iolo System Service; C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2007-11-21 572776]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-10 152984]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-06-08 877864]
R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-03-09 71096]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]
R2 SbieSvc;Sandboxie Service; C:\Program Files\Sandboxie\SbieSvc.exe [2008-11-15 52736]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2006-02-28 14336]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-03-07 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [2008-05-02 121360]
S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-06-24 537896]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SandraDataSrv;SiSoftware Database Agent Service; C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home XII\Win32\RpcDataSrv.exe [2007-08-15 184504]
S3 SandraTheSrv;SiSoftware Sandra Agent Service; C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home XII\RpcSandraSrv.exe [2007-08-15 1441968]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2008-11-14 355584]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2006-02-28 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

#9 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:54 PM

Posted 03 January 2009 - 11:07 AM

How is your computer running?

Edited by farbar, 03 January 2009 - 11:24 AM.


#10 BookwormAa

BookwormAa
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:54 AM

Posted 03 January 2009 - 11:46 AM

seems ok
thanks

#11 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:54 PM

Posted 03 January 2009 - 03:34 PM

Your are welcome.

Do you have any questions before we close the topic?

#12 BookwormAa

BookwormAa
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:54 AM

Posted 03 January 2009 - 05:02 PM

No
I'm fine
THANKS!!!!!!!!!!!!!!!!!!!!!!!!!!
Happy New Year!!!

#13 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:54 PM

Posted 03 January 2009 - 08:30 PM

Happy New Year to you too!

And you are very welcome!


This thread will now be closed.

If you need this topic reopened, please send me a PM and I will reopen it for you. Include the address of this thread in your request.

If you should have a new issue, please start a new topic.

This applies only to the original topic starter. Everyone else please begin a New Topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users