Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Very problematic computer, please read


  • This topic is locked This topic is locked
15 replies to this topic

#1 nemjeet

nemjeet

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:52 PM

Posted 10 October 2011 - 03:08 PM

Ok, well I've been getting very many computer restarts in the last few weeks and 2 of my hotmail accounts have been hacked and some other less important accounts as well. I really would like help and can someone please reply as fast as possible to give me some assurance that I'm not infected. I have the hijack and dds logs attached and posted.

________________________________

Firstly, the hijack this log:
________________________________

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:38:54 PM, on 10/10/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Users\Nemanja\AppData\Local\Google\Update\1.3.21.69\GoogleCrashHandler.e xe
C:\Users\Nemanja\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nemanja\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nemanja\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Nemanja\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nemanja\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nemanja\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nemanja\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=...m=aspire_m5800
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=...m=aspire_m5800
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\16.0.0.125\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: uTorrentBar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [CarboniteSetupLite] "C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe" /preinstalled
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files (x86)\Acer\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [Acer Assist Launcher] "C:\Program Files (x86)\Acer\Acer Assist\launcher.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe
O4 - HKLM\..\Run: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [GrpConv] grpconv -o
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Nemanja\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = C:\Users\Nemanja\AppData\Roaming\Dropbox\bin\Dropbox.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} (System Requirements Lab Class) - http://srtest-cdn.systemrequirements...qlabdetect.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - http://upload.facebook.com/controls/...Uploader55.cab
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicrosoftoffice.com/...soft/wrc32.ocx
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{351EDCB4-4957-4C6C-8C37-DBF8C82A0B48}: NameServer = 156.154.70.22,156.154.71.22
O17 - HKLM\System\CS2\Services\Tcpip\..\{351EDCB4-4957-4C6C-8C37-DBF8C82A0B48}: NameServer = 156.154.70.22,156.154.71.22
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Autodesk Network Licensing Service - Autodesk, Inc. - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskNetSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files (x86)\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: COMODO livePCsupport Service (CLPSLS) - COMODO - C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: CyberLink Media Server Monitor Service - Unknown owner - C:\Program Files (x86)\Acer Arcade Deluxe\Acer HomeMedia Connect\Kernel\DMS\CLMSMonitorService.exe
O23 - Service: CyberLink Media Server Service - CyberLink - C:\Program Files (x86)\Acer Arcade Deluxe\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: FLEXnet Licensing Service 64 - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Google Update Service (gupdate1ca68d5ade21109) (gupdate1ca68d5ade21109) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Con. Management Engine Local Manageability Service (LMS) - Unknown owner - C:\Program Files\Intel\AMT\LMS.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files (x86)\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - Unknown owner - C:\Program Files (x86)\PC Tools AntiVirus\PCTAVSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14788 bytes

__________________________________________________________

Here is the DDS log
__________________________________________________________
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_21
Run by Nemanja at 13:23:28 on 2011-10-10
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.8190.5173 [GMT -6:00]
.
AV: COMODO Antivirus *Enabled/Updated* {7554F4C5-5EC0-2FC6-8192-8DF831DBED51}
AV: Norton AntiVirus *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton AntiVirus *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: COMODO Defense+ *Enabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
C:\Program Files (x86)\Acer Arcade Deluxe\Acer HomeMedia Connect\Kernel\DMS\CLMSMonitorService.exe
C:\Program Files (x86)\Acer Arcade Deluxe\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
C:\Program Files (x86)\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\COMODO\COMODO GeekBuddy\CLPS.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Users\Nemanja\AppData\Local\Google\Update\1.3.21.69\GoogleCrashHandler.e xe
C:\Windows\system32\wuauclt.exe
C:\Windows\splwow64.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Users\Nemanja\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nemanja\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nemanja\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Nemanja\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nemanja\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Users\Nemanja\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nemanja\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Nemanja\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.ca/
uSearch Bar = Preserve
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&s=1&o=vp64&d=1009&m=aspire_m5800
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&s=1&o=vp64&d=1009&m=aspire_m5800
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\Program Files (x86)\Real\RealPlayer\rpbrowserrecordplugin.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton AntiVirus\Engine\16.0.0.125\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Google Update] "C:\Users\Nemanja\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [CarboniteSetupLite] "C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe" /preinstalled
mRun: [Acer Product Registration] "C:\Program Files (x86)\Acer\Acer Registration\ACE1.exe" /startup
mRun: [Acer Assist Launcher] "C:\Program Files (x86)\Acer\Acer Assist\launcher.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe
mRun: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce: [GrpConv] grpconv -o
StartupFolder: C:\Users\Nemanja\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup \Dropbox.lnk - C:\Users\Nemanja\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} - hxxp://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{351EDCB4-4957-4C6C-8C37-DBF8C82A0B48} : NameServer = 156.154.70.22,156.154.71.22
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\Real\RealPlayer\rpbrowserrecordplugin.dll
BHO-X64: Conduit Engine : {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll
BHO-X64: Conduit Engine - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\16.0.0.125\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
BHO-X64: uTorrentBar - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
TB-X64: Conduit Engine : {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
mRun-x64: [CarboniteSetupLite] "C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe" /preinstalled
mRun-x64: [Acer Product Registration] "C:\Program Files (x86)\Acer\Acer Registration\ACE1.exe" /startup
mRun-x64: [Acer Assist Launcher] "C:\Program Files (x86)\Acer\Acer Assist\launcher.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe
mRun-x64: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce-x64: [GrpConv] grpconv -o
AppInit_DLLs-X64: C:\Windows\SysWOW64\guard32.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;C:\Windows\system32\drivers\PCTCore64.sys --> C:\Windows\system32\drivers\PCTCore64.sys [?]
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\system32\Drivers\SmartDefrag Driver.sys --> C:\Windows\system32\Drivers\SmartDefragDriver.sys [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NAVx64\1000000.07D\SYMEFA64.SYS --> C:\Windows\system32\drivers\NAVx64\1000000.07D\SYMEFA64.SYS [?]
R1 ccHP;Symantec Hash Provider;\??\C:\Windows\system32\drivers\NAVx64\1000000.07D\ccHPx64.sys --> C:\Windows\system32\drivers\NAVx64\1000000.07D\ccHPx64.sys [?]
R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\system32\DRIVERS\cmderd.sys --> C:\Windows\system32\DRIVERS\cmderd.sys [?]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys --> C:\Windows\system32\DRIVERS\cmdguard.sys [?]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys --> C:\Windows\system32\DRIVERS\cmdhlp.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100312.001\IDSviA64.sys [2010-3-21 466992]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 CLHNService;CLHNService;C:\Program Files (x86)\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2009-10-10 75048]
R2 CLPSLS;COMODO livePCsupport Service;C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-5-25 161080]
R2 CyberLink Media Server Monitor Service;CyberLink Media Server Monitor Service;C:\Program Files (x86)\Acer Arcade Deluxe\Acer HomeMedia Connect\Kernel\DMS\CLMSMonitorService.exe [2009-10-10 58664]
R2 CyberLink Media Server Service;CyberLink Media Server Service;C:\Program Files (x86)\Acer Arcade Deluxe\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2009-10-10 288120]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 Norton AntiVirus;Norton AntiVirus;C:\Program Files (x86)\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe [2010-3-20 115560]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-9-23 144632]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-7-6 1153368]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\system32\DRIVERS\e1y60x64.sys --> C:\Windows\system32\DRIVERS\e1y60x64.sys [?]
R3 LTXMD_VAC;Litex Media Virtual Audio Cable (WDM);C:\Windows\system32\drivers\lmvac.sys --> C:\Windows\system32\drivers\lmvac.sys [?]
R3 SMARTMouseFilterx64;HID-compliant mouse;C:\Windows\system32\DRIVERS\SMARTMouseFilterx64.sys --> C:\Windows\system32\DRIVERS\SMARTMouseFilterx64.sys [?]
R3 SMARTVHidMiniVistaAmd64;SMART HID Device;C:\Windows\system32\DRIVERS\SMARTVHidMiniVistaAmd64.sys --> C:\Windows\system32\DRIVERS\SMARTVHidMiniVistaAmd64.sys [?]
R3 SMARTVTabletPCx64;SMART Virtual TabletPC;C:\Windows\system32\DRIVERS\SMARTVTabletPCx64.sys --> C:\Windows\system32\DRIVERS\SMARTVTabletPCx64.sys [?]
R3 SYMNDISV;SYMNDISV;\??\C:\Windows\system32\drivers\NAVx64\1000000.07D\SYMNDI SV.SYS --> C:\Windows\system32\drivers\NAVx64\1000000.07D\SYMNDISV.SYS [?]
RUnknown 4035968drv;4035968drv; [x]
RUnknown 96755843;96755843; [x]
S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate1ca68d5ade21109;Google Update Service (gupdate1ca68d5ade21109);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-11-18 133104]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-2-4 1030600]
S3 fssfltr;FssFltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-11-18 133104]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-9-23 50424]
S3 OV550I;OVT Scanner;C:\Windows\system32\Drivers\ov550ivx.sys --> C:\Windows\system32\Drivers\ov550ivx.sys [?]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0 400.exe [2010-3-18 1020768]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);C:\Windows\system32\drivers\WsAudio_D eviceS(1).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys [?]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);C:\Windows\system32\drivers\WsAudio_D eviceS(2).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys [?]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);C:\Windows\system32\drivers\WsAudio_D eviceS(3).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys [?]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);C:\Windows\system32\drivers\WsAudio_D eviceS(4).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys [?]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);C:\Windows\system32\drivers\WsAudio_D eviceS(5).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys [?]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-12-3 89920]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2011-10-10 18:58:22 -------- d-----w- C:\ProgramData\Kaspersky Lab
2011-10-10 18:39:26 -------- d-----w- C:\Users\Nemanja\AppData\Local\{1AB2B725-8A45-490C-8DF6-125BB17EAABE}
2011-10-10 18:39:16 -------- d-----w- C:\Users\Nemanja\AppData\Local\{3235D1E7-0140-4DD8-9DE4-B9301FFE0993}
2011-09-25 19:47:17 -------- d-----w- C:\Users\Nemanja\AppData\Local\{7B4B54C2-5F4A-48B2-8DBC-B082E653D6C2}
2011-09-25 19:47:07 -------- d-----w- C:\Users\Nemanja\AppData\Local\{94A67DD0-2A0F-4CCE-828F-FC3938DC897E}
2011-09-25 19:41:17 -------- d-----w- C:\Users\Nemanja\AppData\Local\{108B380C-0833-4704-BF99-A6C550650811}
2011-09-25 19:41:07 -------- d-----w- C:\Users\Nemanja\AppData\Local\{AF04AEDB-1091-4215-80FF-18E1BB4073E2}
2011-09-25 19:35:27 -------- d-----w- C:\Users\Nemanja\AppData\Local\{6A16C3DF-D594-4FED-9589-4412D0897C2D}
2011-09-25 19:35:17 -------- d-----w- C:\Users\Nemanja\AppData\Local\{A499D21C-23AF-40F7-B88F-BCCD340FCF3F}
2011-09-25 18:51:57 -------- d-----w- C:\Users\Nemanja\AppData\Local\{583BC7EA-1EF1-4E09-8352-CEA7D1B47C5E}
2011-09-25 18:51:48 -------- d-----w- C:\Users\Nemanja\AppData\Local\{09A917B2-E8A6-4DCD-B4EE-CB7F689C75F7}
2011-09-25 18:43:09 -------- d-----w- C:\Users\Nemanja\AppData\Local\{CB6CBE05-FAA9-430C-8418-676BEED3FA53}
2011-09-25 18:42:58 -------- d-----w- C:\Users\Nemanja\AppData\Local\{B4574739-43D3-4286-8919-62A9DD78EBCA}
2011-09-24 23:33:14 -------- d-----w- C:\Users\Nemanja\AppData\Local\{9706B1D2-C204-4049-ADE1-F83690CAB83A}
2011-09-24 23:33:02 -------- d-----w- C:\Users\Nemanja\AppData\Local\{E95F1D78-EC2D-42DB-B2AC-FDA25F356558}
2011-09-24 20:07:46 -------- d-----w- C:\Users\Nemanja\AppData\Roaming\SUPERAntiSpyware.com
2011-09-24 20:07:34 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2011-09-24 19:13:22 -------- d-----w- C:\Users\Nemanja\AppData\Local\{3D616F31-FC75-4A00-A59F-E52E18FCDCFB}
2011-09-24 19:13:10 -------- d-----w- C:\Users\Nemanja\AppData\Local\{578A7987-7077-4338-B17F-D3977224B69E}
2011-09-18 03:27:14 -------- d-----w- C:\ProgramData\Comodo Downloader
2011-09-16 01:27:33 0 ---ha-w- C:\Users\Nemanja\AppData\Local\BIT9FDE.tmp
2011-09-15 23:48:17 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
2011-09-15 23:48:17 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat
2011-09-11 17:09:07 -------- d-----w- C:\Users\Nemanja\AppData\Local\{573A35B8-9EF7-4B53-815F-7738456E7FA3}
2011-09-11 17:08:57 -------- d-----w- C:\Users\Nemanja\AppData\Local\{2255B4CF-4C6A-49FF-AA17-157EAEB1EA07}
.
==================== Find3M ====================
.
2011-09-24 20:22:42 276913 ----a-w- C:\Windows\DUMPad1f.tmp
2011-09-11 03:13:41 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-31 23:00:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-08-13 17:54:22 0 ----a-w- C:\Windows\SysWow64\ConduitEngine.tmp
2011-07-22 05:42:23 2303488 ----a-w- C:\Windows\System32\jscript9.dll
2011-07-22 05:36:16 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-07-22 05:32:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-07-22 02:54:43 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-07-22 02:48:26 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-07-22 02:44:36 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.

Attached Files


Edited by nemjeet, 10 October 2011 - 03:09 PM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:52 PM

Posted 15 October 2011 - 03:10 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/422831 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 nemjeet

nemjeet
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:52 PM

Posted 16 October 2011 - 11:41 AM

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_21
Run by Nemanja at 9:54:50 on 2011-10-16
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.8190.5747 [GMT -6:00]
.
AV: COMODO Antivirus *Enabled/Updated* {7554F4C5-5EC0-2FC6-8192-8DF831DBED51}
AV: Norton AntiVirus *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton AntiVirus *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: COMODO Defense+ *Enabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
C:\Program Files (x86)\Acer Arcade Deluxe\Acer HomeMedia Connect\Kernel\DMS\CLMSMonitorService.exe
C:\Program Files (x86)\Acer Arcade Deluxe\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
C:\Program Files (x86)\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Users\Nemanja\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe
C:\Windows\system32\WUDFHost.exe
C:\Users\Nemanja\AppData\Local\Google\Update\1.3.21.69\GoogleCrashHandler.exe
C:\Program Files\COMODO\COMODO GeekBuddy\CLPS.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe
C:\Windows\System32\mobsync.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Nemanja\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nemanja\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nemanja\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Nemanja\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nemanja\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nemanja\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.ca/
uSearch Bar = Preserve
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&s=1&o=vp64&d=1009&m=aspire_m5800
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&s=1&o=vp64&d=1009&m=aspire_m5800
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\Program Files (x86)\Real\RealPlayer\rpbrowserrecordplugin.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton AntiVirus\Engine\16.0.0.125\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Google Update] "C:\Users\Nemanja\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [CarboniteSetupLite] "C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe" /preinstalled
mRun: [Acer Product Registration] "C:\Program Files (x86)\Acer\Acer Registration\ACE1.exe" /startup
mRun: [Acer Assist Launcher] "C:\Program Files (x86)\Acer\Acer Assist\launcher.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe
mRun: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\Nemanja\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Nemanja\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} - hxxp://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{351EDCB4-4957-4C6C-8C37-DBF8C82A0B48} : NameServer = 156.154.70.22,156.154.71.22
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\Real\RealPlayer\rpbrowserrecordplugin.dll
BHO-X64: Conduit Engine : {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll
BHO-X64: Conduit Engine - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\16.0.0.125\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
BHO-X64: uTorrentBar - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
TB-X64: Conduit Engine : {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
mRun-x64: [CarboniteSetupLite] "C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe" /preinstalled
mRun-x64: [Acer Product Registration] "C:\Program Files (x86)\Acer\Acer Registration\ACE1.exe" /startup
mRun-x64: [Acer Assist Launcher] "C:\Program Files (x86)\Acer\Acer Assist\launcher.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe
mRun-x64: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
AppInit_DLLs-X64: C:\Windows\SysWOW64\guard32.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;C:\Windows\system32\drivers\PCTCore64.sys --> C:\Windows\system32\drivers\PCTCore64.sys [?]
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\system32\Drivers\SmartDefragDriver.sys --> C:\Windows\system32\Drivers\SmartDefragDriver.sys [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NAVx64\1000000.07D\SYMEFA64.SYS --> C:\Windows\system32\drivers\NAVx64\1000000.07D\SYMEFA64.SYS [?]
R1 ccHP;Symantec Hash Provider;\??\C:\Windows\system32\drivers\NAVx64\1000000.07D\ccHPx64.sys --> C:\Windows\system32\drivers\NAVx64\1000000.07D\ccHPx64.sys [?]
R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\system32\DRIVERS\cmderd.sys --> C:\Windows\system32\DRIVERS\cmderd.sys [?]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys --> C:\Windows\system32\DRIVERS\cmdguard.sys [?]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys --> C:\Windows\system32\DRIVERS\cmdhlp.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100312.001\IDSviA64.sys [2010-3-21 466992]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 CLHNService;CLHNService;C:\Program Files (x86)\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2009-10-10 75048]
R2 CLPSLS;COMODO livePCsupport Service;C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-5-25 161080]
R2 CyberLink Media Server Monitor Service;CyberLink Media Server Monitor Service;C:\Program Files (x86)\Acer Arcade Deluxe\Acer HomeMedia Connect\Kernel\DMS\CLMSMonitorService.exe [2009-10-10 58664]
R2 CyberLink Media Server Service;CyberLink Media Server Service;C:\Program Files (x86)\Acer Arcade Deluxe\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2009-10-10 288120]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 Norton AntiVirus;Norton AntiVirus;C:\Program Files (x86)\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe [2010-3-20 115560]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-9-23 144632]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-7-6 1153368]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\system32\DRIVERS\e1y60x64.sys --> C:\Windows\system32\DRIVERS\e1y60x64.sys [?]
R3 LTXMD_VAC;Litex Media Virtual Audio Cable (WDM);C:\Windows\system32\drivers\lmvac.sys --> C:\Windows\system32\drivers\lmvac.sys [?]
R3 SMARTMouseFilterx64;HID-compliant mouse;C:\Windows\system32\DRIVERS\SMARTMouseFilterx64.sys --> C:\Windows\system32\DRIVERS\SMARTMouseFilterx64.sys [?]
R3 SMARTVHidMiniVistaAmd64;SMART HID Device;C:\Windows\system32\DRIVERS\SMARTVHidMiniVistaAmd64.sys --> C:\Windows\system32\DRIVERS\SMARTVHidMiniVistaAmd64.sys [?]
R3 SMARTVTabletPCx64;SMART Virtual TabletPC;C:\Windows\system32\DRIVERS\SMARTVTabletPCx64.sys --> C:\Windows\system32\DRIVERS\SMARTVTabletPCx64.sys [?]
R3 SYMNDISV;SYMNDISV;\??\C:\Windows\system32\drivers\NAVx64\1000000.07D\SYMNDISV.SYS --> C:\Windows\system32\drivers\NAVx64\1000000.07D\SYMNDISV.SYS [?]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate1ca68d5ade21109;Google Update Service (gupdate1ca68d5ade21109);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-11-18 133104]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-2-4 1030600]
S3 fssfltr;FssFltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-11-18 133104]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-9-23 50424]
S3 OV550I;OVT Scanner;C:\Windows\system32\Drivers\ov550ivx.sys --> C:\Windows\system32\Drivers\ov550ivx.sys [?]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys [?]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys [?]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys [?]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys [?]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys [?]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-12-3 89920]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2011-10-14 02:43:21 -------- d-----w- C:\Program Files\iPod
2011-10-14 02:43:19 -------- d-----w- C:\Program Files\iTunes
2011-10-14 01:19:31 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2011-10-14 01:19:31 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2011-10-14 01:19:31 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2011-10-14 01:19:31 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2011-10-14 01:19:31 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2011-10-14 01:19:31 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2011-10-14 01:19:31 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2011-10-13 03:58:26 2764288 ----a-w- C:\Windows\System32\win32k.sys
2011-10-13 03:58:04 847360 ----a-w- C:\Windows\System32\oleaut32.dll
2011-10-13 03:58:04 735744 ----a-w- C:\Windows\System32\UIAutomationCore.dll
2011-10-13 03:58:04 563712 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-10-13 03:58:04 555520 ----a-w- C:\Windows\SysWow64\UIAutomationCore.dll
2011-10-13 03:58:04 4096 ----a-w- C:\Windows\System32\oleaccrc.dll
2011-10-13 03:58:04 332288 ----a-w- C:\Windows\System32\oleacc.dll
2011-10-13 03:58:04 238080 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-10-13 03:58:03 4096 ----a-w- C:\Windows\SysWow64\oleaccrc.dll
2011-10-13 03:57:59 375808 ----a-w- C:\Windows\System32\psisdecd.dll
2011-10-13 03:57:59 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
2011-10-13 03:57:59 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat
2011-10-13 03:57:58 73216 ----a-w- C:\Windows\System32\MSDvbNP.ax
2011-10-13 03:57:58 69632 ----a-w- C:\Windows\SysWow64\Mpeg2Data.ax
2011-10-13 03:57:58 293376 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2011-10-13 03:57:58 289792 ----a-w- C:\Windows\System32\psisrndr.ax
2011-10-13 03:57:58 217088 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2011-10-13 03:57:58 100352 ----a-w- C:\Windows\System32\Mpeg2Data.ax
2011-10-13 03:57:57 57856 ----a-w- C:\Windows\SysWow64\MSDvbNP.ax
2011-10-10 18:58:22 -------- d-----w- C:\ProgramData\Kaspersky Lab
2011-10-10 18:39:26 -------- d-----w- C:\Users\Nemanja\AppData\Local\{1AB2B725-8A45-490C-8DF6-125BB17EAABE}
2011-10-10 18:39:16 -------- d-----w- C:\Users\Nemanja\AppData\Local\{3235D1E7-0140-4DD8-9DE4-B9301FFE0993}
2011-09-25 19:47:17 -------- d-----w- C:\Users\Nemanja\AppData\Local\{7B4B54C2-5F4A-48B2-8DBC-B082E653D6C2}
2011-09-25 19:47:07 -------- d-----w- C:\Users\Nemanja\AppData\Local\{94A67DD0-2A0F-4CCE-828F-FC3938DC897E}
2011-09-25 19:41:17 -------- d-----w- C:\Users\Nemanja\AppData\Local\{108B380C-0833-4704-BF99-A6C550650811}
2011-09-25 19:41:07 -------- d-----w- C:\Users\Nemanja\AppData\Local\{AF04AEDB-1091-4215-80FF-18E1BB4073E2}
2011-09-25 19:35:27 -------- d-----w- C:\Users\Nemanja\AppData\Local\{6A16C3DF-D594-4FED-9589-4412D0897C2D}
2011-09-25 19:35:17 -------- d-----w- C:\Users\Nemanja\AppData\Local\{A499D21C-23AF-40F7-B88F-BCCD340FCF3F}
2011-09-25 18:51:57 -------- d-----w- C:\Users\Nemanja\AppData\Local\{583BC7EA-1EF1-4E09-8352-CEA7D1B47C5E}
2011-09-25 18:51:48 -------- d-----w- C:\Users\Nemanja\AppData\Local\{09A917B2-E8A6-4DCD-B4EE-CB7F689C75F7}
2011-09-25 18:43:09 -------- d-----w- C:\Users\Nemanja\AppData\Local\{CB6CBE05-FAA9-430C-8418-676BEED3FA53}
2011-09-25 18:42:58 -------- d-----w- C:\Users\Nemanja\AppData\Local\{B4574739-43D3-4286-8919-62A9DD78EBCA}
2011-09-24 23:33:14 -------- d-----w- C:\Users\Nemanja\AppData\Local\{9706B1D2-C204-4049-ADE1-F83690CAB83A}
2011-09-24 23:33:02 -------- d-----w- C:\Users\Nemanja\AppData\Local\{E95F1D78-EC2D-42DB-B2AC-FDA25F356558}
2011-09-24 20:07:46 -------- d-----w- C:\Users\Nemanja\AppData\Roaming\SUPERAntiSpyware.com
2011-09-24 20:07:34 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2011-09-24 19:13:22 -------- d-----w- C:\Users\Nemanja\AppData\Local\{3D616F31-FC75-4A00-A59F-E52E18FCDCFB}
2011-09-24 19:13:10 -------- d-----w- C:\Users\Nemanja\AppData\Local\{578A7987-7077-4338-B17F-D3977224B69E}
2011-09-18 03:27:14 -------- d-----w- C:\ProgramData\Comodo Downloader
.
==================== Find3M ====================
.
2011-09-24 20:22:42 276913 ----a-w- C:\Windows\DUMPad1f.tmp
2011-09-11 03:13:41 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-01 05:24:07 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-09-01 05:17:57 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-09-01 05:12:04 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-09-01 02:35:59 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-09-01 02:28:15 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-09-01 02:22:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-08-31 23:00:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-08-31 05:05:32 96104 ----a-w- C:\Windows\System32\dns-sd.exe
2011-08-31 05:05:32 85864 ----a-w- C:\Windows\System32\dnssd.dll
2011-08-31 05:05:32 212840 ----a-w- C:\Windows\System32\dnssdX.dll
2011-08-31 05:05:04 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe
2011-08-31 05:05:04 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll
2011-08-31 05:05:04 178536 ----a-w- C:\Windows\SysWow64\dnssdX.dll
2011-08-13 17:54:22 0 ----a-w- C:\Windows\SysWow64\ConduitEngine.tmp
.
============= FINISH: 9:58:02.95 ===============

I have windows vista 64 bit. I don't think I have the original Windows CD.

Attached Files



#4 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:10:52 PM

Posted 16 October 2011 - 12:31 PM

Hi,

My name is Casey and I will be helping you with your malware problems.

You may wish to "Watch Topic" so that you are immediately informed of any replies I make. I also ask that you reply to my posts within 5 days else your topic will be closed as stale.

Throughout the removal process, if you have any questions then you should ask them. If you are unsure of my instructions or something does not go as planned - then please tell me. Conversely, it is also important that you answer any questions I have and that you keep me updated on the state of the PC.

:step1: I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either Comodo AntiVirus or Norton AntiVirus.

:step2: P2P Warning

Your log(s) show that you are using so called peer-to-peer or file-sharing programs (in your case uTorrent). These programs allow file sharing between users as the name(s) suggest. In today's world cyber crime has become an enormous problem. Different ways are used to infect personal computers to make use of their stored data or machine power for further propagation of malware files. A popular means is the use of file-sharing tools as a huge amount of prospective victims can be reached through them.

It is therefore possible to be infected by downloading infected files via peer-to-peer tools and so these tools must be used with extreme care. Some further reading on this subject, along with included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

I strongly recommend that you uninstall these programs, however, should you decide to keep this program please refrain from using it until we get your computer clean and always show caution in any files you download.

:step3: Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

:step4: We need to create an OTL Report
  • Please download OTL from here
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized


Regards,

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#5 nemjeet

nemjeet
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:52 PM

Posted 16 October 2011 - 04:49 PM

Hi and thanks for helping.

I went to add/remove programs but Norton Antivirus doesn't show up. I'm quite sure I uninstalled it a long time ago.

I removed uTorrent.

Heres the TDSSKiller log:


15:45:25.0733 4848 TDSS rootkit removing tool 2.6.9.0 Oct 14 2011 11:33:24
15:45:26.0157 4848 ============================================================
15:45:26.0157 4848 Current date / time: 2011/10/16 15:45:26.0157
15:45:26.0157 4848 SystemInfo:
15:45:26.0157 4848
15:45:26.0157 4848 OS Version: 6.0.6002 ServicePack: 2.0
15:45:26.0157 4848 Product type: Workstation
15:45:26.0157 4848 ComputerName: NEMANJA-PC
15:45:26.0157 4848 UserName: Nemanja
15:45:26.0157 4848 Windows directory: C:\Windows
15:45:26.0157 4848 System windows directory: C:\Windows
15:45:26.0157 4848 Running under WOW64
15:45:26.0158 4848 Processor architecture: Intel x64
15:45:26.0158 4848 Number of processors: 4
15:45:26.0158 4848 Page size: 0x1000
15:45:26.0158 4848 Boot type: Normal boot
15:45:26.0158 4848 ============================================================
15:45:26.0572 4848 Initialize success
15:45:27.0285 1588 ============================================================
15:45:27.0285 1588 Scan started
15:45:27.0285 1588 Mode: Manual;
15:45:27.0285 1588 ============================================================
15:45:27.0654 1588 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
15:45:27.0656 1588 ACPI - ok
15:45:27.0688 1588 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
15:45:27.0691 1588 adp94xx - ok
15:45:27.0719 1588 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
15:45:27.0721 1588 adpahci - ok
15:45:27.0748 1588 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
15:45:27.0749 1588 adpu160m - ok
15:45:27.0780 1588 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
15:45:27.0781 1588 adpu320 - ok
15:45:27.0810 1588 Afc - ok
15:45:27.0846 1588 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
15:45:27.0849 1588 AFD - ok
15:45:27.0878 1588 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
15:45:27.0878 1588 agp440 - ok
15:45:27.0912 1588 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
15:45:27.0913 1588 aic78xx - ok
15:45:27.0938 1588 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
15:45:27.0938 1588 aliide - ok
15:45:28.0001 1588 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
15:45:28.0001 1588 amdide - ok
15:45:28.0023 1588 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
15:45:28.0024 1588 AmdK8 - ok
15:45:28.0159 1588 amdkmdag (522a8bd1414cc7517faec907f138db9c) C:\Windows\system32\DRIVERS\atikmdag.sys
15:45:28.0206 1588 amdkmdag - ok
15:45:28.0308 1588 amdkmdap (f712c26d40bf3cd2c020bb518e8150b1) C:\Windows\system32\DRIVERS\atikmpag.sys
15:45:28.0310 1588 amdkmdap - ok
15:45:28.0353 1588 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
15:45:28.0354 1588 arc - ok
15:45:28.0386 1588 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
15:45:28.0387 1588 arcsas - ok
15:45:28.0414 1588 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
15:45:28.0414 1588 AsyncMac - ok
15:45:28.0436 1588 atapi (1898fae8e07d97f2f6c2d5326c633fac) C:\Windows\system32\drivers\atapi.sys
15:45:28.0437 1588 atapi - ok
15:45:28.0592 1588 atikmdag (522a8bd1414cc7517faec907f138db9c) C:\Windows\system32\DRIVERS\atikmdag.sys
15:45:28.0640 1588 atikmdag - ok
15:45:28.0678 1588 ATITool (b07e6681d303a612680223c729b021e2) C:\Windows\system32\DRIVERS\ATITool64.sys
15:45:28.0679 1588 ATITool - ok
15:45:28.0708 1588 AVFilter - ok
15:45:28.0718 1588 AVHook - ok
15:45:28.0727 1588 AVRec - ok
15:45:28.0760 1588 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
15:45:28.0761 1588 blbdrive - ok
15:45:28.0825 1588 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
15:45:28.0826 1588 bowser - ok
15:45:28.0847 1588 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
15:45:28.0847 1588 BrFiltLo - ok
15:45:28.0858 1588 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
15:45:28.0858 1588 BrFiltUp - ok
15:45:28.0880 1588 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
15:45:28.0881 1588 Brserid - ok
15:45:28.0900 1588 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
15:45:28.0900 1588 BrSerWdm - ok
15:45:28.0918 1588 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
15:45:28.0919 1588 BrUsbMdm - ok
15:45:28.0935 1588 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
15:45:28.0935 1588 BrUsbSer - ok
15:45:28.0947 1588 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
15:45:28.0948 1588 BTHMODEM - ok
15:45:28.0994 1588 ccHP (3a6f5ad4d94dce27d22e3f1307e0146e) C:\Windows\system32\drivers\NAVx64\1000000.07D\ccHPx64.sys
15:45:28.0997 1588 ccHP - ok
15:45:29.0018 1588 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
15:45:29.0019 1588 cdfs - ok
15:45:29.0038 1588 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
15:45:29.0039 1588 cdrom - ok
15:45:29.0066 1588 CFRMD - ok
15:45:29.0108 1588 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
15:45:29.0109 1588 circlass - ok
15:45:29.0142 1588 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
15:45:29.0145 1588 CLFS - ok
15:45:29.0221 1588 cmderd (244a50232767fed81d7166bc80151364) C:\Windows\system32\DRIVERS\cmderd.sys
15:45:29.0221 1588 cmderd - ok
15:45:29.0232 1588 cmdGuard (51eda25d4f92978816a71c1ed7b492e7) C:\Windows\system32\DRIVERS\cmdguard.sys
15:45:29.0234 1588 cmdGuard - ok
15:45:29.0245 1588 cmdHlp (ed717f2d0a8eeddfb18eddc0347b4293) C:\Windows\system32\DRIVERS\cmdhlp.sys
15:45:29.0246 1588 cmdHlp - ok
15:45:29.0267 1588 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
15:45:29.0268 1588 cmdide - ok
15:45:29.0280 1588 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
15:45:29.0280 1588 Compbatt - ok
15:45:29.0299 1588 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
15:45:29.0299 1588 crcdisk - ok
15:45:29.0353 1588 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
15:45:29.0354 1588 DfsC - ok
15:45:29.0383 1588 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
15:45:29.0384 1588 disk - ok
15:45:29.0407 1588 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
15:45:29.0408 1588 drmkaud - ok
15:45:29.0501 1588 dump_wmimmc - ok
15:45:29.0558 1588 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
15:45:29.0563 1588 DXGKrnl - ok
15:45:29.0598 1588 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
15:45:29.0599 1588 E1G60 - ok
15:45:29.0611 1588 e1yexpress (50f95e488c99ae2b0d9def392acc61fc) C:\Windows\system32\DRIVERS\e1y60x64.sys
15:45:29.0613 1588 e1yexpress - ok
15:45:29.0673 1588 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
15:45:29.0674 1588 Ecache - ok
15:45:29.0747 1588 eeCtrl (8ecb5d35f400706016931bd25ae1b554) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
15:45:29.0750 1588 eeCtrl - ok
15:45:29.0799 1588 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
15:45:29.0802 1588 elxstor - ok
15:45:29.0823 1588 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
15:45:29.0824 1588 ErrDev - ok
15:45:29.0873 1588 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
15:45:29.0874 1588 exfat - ok
15:45:29.0917 1588 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
15:45:29.0919 1588 fastfat - ok
15:45:29.0932 1588 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
15:45:29.0932 1588 fdc - ok
15:45:29.0958 1588 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
15:45:29.0959 1588 FileInfo - ok
15:45:29.0992 1588 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
15:45:29.0992 1588 Filetrace - ok
15:45:30.0023 1588 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
15:45:30.0024 1588 flpydisk - ok
15:45:30.0058 1588 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
15:45:30.0060 1588 FltMgr - ok
15:45:30.0083 1588 fssfltr (96ac62f059225e543e4ab0fc44db6024) C:\Windows\system32\DRIVERS\fssfltr.sys
15:45:30.0084 1588 fssfltr - ok
15:45:30.0101 1588 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
15:45:30.0101 1588 Fs_Rec - ok
15:45:30.0125 1588 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
15:45:30.0126 1588 gagp30kx - ok
15:45:30.0146 1588 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:45:30.0147 1588 GEARAspiWDM - ok
15:45:30.0202 1588 HdAudAddService (68e732382b32417ff61fd663259b4b09) C:\Windows\system32\drivers\HdAudio.sys
15:45:30.0204 1588 HdAudAddService - ok
15:45:30.0226 1588 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:45:30.0232 1588 HDAudBus - ok
15:45:30.0246 1588 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
15:45:30.0247 1588 HidBth - ok
15:45:30.0261 1588 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
15:45:30.0262 1588 HidIr - ok
15:45:30.0273 1588 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
15:45:30.0274 1588 HidUsb - ok
15:45:30.0301 1588 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
15:45:30.0302 1588 HpCISSs - ok
15:45:30.0343 1588 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
15:45:30.0347 1588 HTTP - ok
15:45:30.0366 1588 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
15:45:30.0367 1588 i2omp - ok
15:45:30.0394 1588 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
15:45:30.0395 1588 i8042prt - ok
15:45:30.0411 1588 iaStor (8eacf469269fb1509561961a3188f670) C:\Windows\system32\DRIVERS\iaStor.sys
15:45:30.0414 1588 iaStor - ok
15:45:30.0436 1588 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
15:45:30.0439 1588 iaStorV - ok
15:45:30.0519 1588 IDSVia64 (9a793a1451b5e2cf54b4a33342cb58cf) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100312.001\IDSvia64.sys
15:45:30.0522 1588 IDSVia64 - ok
15:45:30.0544 1588 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
15:45:30.0545 1588 iirsp - ok
15:45:30.0583 1588 inspect (10f14cc4b14d086afa1cc873d9e1bdf1) C:\Windows\system32\DRIVERS\inspect.sys
15:45:30.0584 1588 inspect - ok
15:45:30.0637 1588 IntcAzAudAddService (fdfc40441fac0f3114a974168125279f) C:\Windows\system32\drivers\RTKVHD64.sys
15:45:30.0648 1588 IntcAzAudAddService - ok
15:45:30.0666 1588 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
15:45:30.0666 1588 intelide - ok
15:45:30.0692 1588 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
15:45:30.0692 1588 intelppm - ok
15:45:30.0732 1588 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:45:30.0733 1588 IpFilterDriver - ok
15:45:30.0747 1588 IpInIp - ok
15:45:30.0779 1588 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
15:45:30.0780 1588 IPMIDRV - ok
15:45:30.0802 1588 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
15:45:30.0803 1588 IPNAT - ok
15:45:30.0833 1588 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
15:45:30.0834 1588 IRENUM - ok
15:45:30.0855 1588 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
15:45:30.0856 1588 isapnp - ok
15:45:30.0874 1588 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
15:45:30.0876 1588 iScsiPrt - ok
15:45:30.0894 1588 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
15:45:30.0895 1588 iteatapi - ok
15:45:30.0908 1588 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
15:45:30.0909 1588 iteraid - ok
15:45:30.0929 1588 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
15:45:30.0930 1588 kbdclass - ok
15:45:30.0960 1588 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
15:45:30.0960 1588 kbdhid - ok
15:45:30.0994 1588 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
15:45:30.0997 1588 KSecDD - ok
15:45:31.0013 1588 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
15:45:31.0013 1588 ksthunk - ok
15:45:31.0063 1588 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
15:45:31.0064 1588 lltdio - ok
15:45:31.0104 1588 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
15:45:31.0105 1588 LSI_FC - ok
15:45:31.0126 1588 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
15:45:31.0127 1588 LSI_SAS - ok
15:45:31.0137 1588 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
15:45:31.0139 1588 LSI_SCSI - ok
15:45:31.0150 1588 LTXMD_VAC (3dcf0bd7e08f0c90c545178d02438b34) C:\Windows\system32\drivers\lmvac.sys
15:45:31.0150 1588 LTXMD_VAC - ok
15:45:31.0162 1588 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
15:45:31.0163 1588 luafv - ok
15:45:31.0189 1588 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
15:45:31.0190 1588 megasas - ok
15:45:31.0217 1588 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
15:45:31.0219 1588 MegaSR - ok
15:45:31.0248 1588 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
15:45:31.0249 1588 Modem - ok
15:45:31.0272 1588 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
15:45:31.0273 1588 monitor - ok
15:45:31.0283 1588 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
15:45:31.0283 1588 mouclass - ok
15:45:31.0295 1588 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
15:45:31.0295 1588 mouhid - ok
15:45:31.0308 1588 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
15:45:31.0309 1588 MountMgr - ok
15:45:31.0337 1588 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
15:45:31.0338 1588 mpio - ok
15:45:31.0355 1588 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
15:45:31.0356 1588 mpsdrv - ok
15:45:31.0378 1588 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
15:45:31.0379 1588 Mraid35x - ok
15:45:31.0401 1588 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
15:45:31.0402 1588 MRxDAV - ok
15:45:31.0421 1588 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:45:31.0423 1588 mrxsmb - ok
15:45:31.0455 1588 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:45:31.0457 1588 mrxsmb10 - ok
15:45:31.0478 1588 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:45:31.0480 1588 mrxsmb20 - ok
15:45:31.0498 1588 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
15:45:31.0499 1588 msahci - ok
15:45:31.0523 1588 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
15:45:31.0524 1588 msdsm - ok
15:45:31.0580 1588 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
15:45:31.0581 1588 Msfs - ok
15:45:31.0592 1588 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
15:45:31.0593 1588 msisadrv - ok
15:45:31.0634 1588 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
15:45:31.0635 1588 MSKSSRV - ok
15:45:31.0656 1588 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
15:45:31.0657 1588 MSPCLOCK - ok
15:45:31.0671 1588 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
15:45:31.0672 1588 MSPQM - ok
15:45:31.0710 1588 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
15:45:31.0712 1588 MsRPC - ok
15:45:31.0735 1588 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
15:45:31.0736 1588 mssmbios - ok
15:45:31.0752 1588 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
15:45:31.0753 1588 MSTEE - ok
15:45:31.0770 1588 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
15:45:31.0771 1588 Mup - ok
15:45:31.0808 1588 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
15:45:31.0809 1588 NativeWifiP - ok
15:45:31.0854 1588 NAVENG - ok
15:45:31.0863 1588 NAVEX15 - ok
15:45:31.0896 1588 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
15:45:31.0900 1588 NDIS - ok
15:45:31.0911 1588 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
15:45:31.0912 1588 NdisTapi - ok
15:45:31.0958 1588 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
15:45:31.0959 1588 Ndisuio - ok
15:45:32.0005 1588 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
15:45:32.0006 1588 NdisWan - ok
15:45:32.0017 1588 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
15:45:32.0018 1588 NDProxy - ok
15:45:32.0028 1588 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
15:45:32.0029 1588 NetBIOS - ok
15:45:32.0062 1588 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
15:45:32.0064 1588 netbt - ok
15:45:32.0101 1588 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
15:45:32.0102 1588 nfrd960 - ok
15:45:32.0135 1588 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
15:45:32.0136 1588 Npfs - ok
15:45:32.0148 1588 NPPTNT2 - ok
15:45:32.0163 1588 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
15:45:32.0164 1588 nsiproxy - ok
15:45:32.0209 1588 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
15:45:32.0218 1588 Ntfs - ok
15:45:32.0241 1588 NTIDrvr (7d397449aaf52b0e7c79b64f6ad4473e) C:\Windows\system32\Drivers\NTIDrvr.sys
15:45:32.0242 1588 NTIDrvr - ok
15:45:32.0257 1588 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
15:45:32.0257 1588 Null - ok
15:45:32.0286 1588 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
15:45:32.0287 1588 nvraid - ok
15:45:32.0321 1588 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
15:45:32.0322 1588 nvstor - ok
15:45:32.0336 1588 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
15:45:32.0338 1588 nv_agp - ok
15:45:32.0347 1588 NwlnkFlt - ok
15:45:32.0359 1588 NwlnkFwd - ok
15:45:32.0398 1588 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
15:45:32.0399 1588 ohci1394 - ok
15:45:32.0439 1588 OV550I (5f79934084df6dc0635578864376ce54) C:\Windows\system32\Drivers\ov550ivx.sys
15:45:32.0440 1588 OV550I - ok
15:45:32.0477 1588 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
15:45:32.0478 1588 Parport - ok
15:45:32.0499 1588 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
15:45:32.0500 1588 partmgr - ok
15:45:32.0532 1588 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
15:45:32.0533 1588 pci - ok
15:45:32.0556 1588 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
15:45:32.0557 1588 pciide - ok
15:45:32.0579 1588 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
15:45:32.0581 1588 pcmcia - ok
15:45:32.0615 1588 PCTCore (54e013b6d55b81c0aa1ebea80ff42383) C:\Windows\system32\drivers\PCTCore64.sys
15:45:32.0617 1588 PCTCore - ok
15:45:32.0659 1588 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
15:45:32.0664 1588 PEAUTH - ok
15:45:32.0736 1588 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
15:45:32.0737 1588 PptpMiniport - ok
15:45:32.0761 1588 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
15:45:32.0762 1588 Processor - ok
15:45:32.0797 1588 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
15:45:32.0798 1588 PSched - ok
15:45:32.0832 1588 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
15:45:32.0839 1588 ql2300 - ok
15:45:32.0888 1588 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
15:45:32.0889 1588 ql40xx - ok
15:45:32.0915 1588 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
15:45:32.0916 1588 QWAVEdrv - ok
15:45:32.0927 1588 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
15:45:32.0928 1588 RasAcd - ok
15:45:32.0965 1588 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:45:32.0966 1588 Rasl2tp - ok
15:45:32.0996 1588 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
15:45:32.0997 1588 RasPppoe - ok
15:45:33.0013 1588 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
15:45:33.0014 1588 RasSstp - ok
15:45:33.0029 1588 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
15:45:33.0031 1588 rdbss - ok
15:45:33.0042 1588 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:45:33.0043 1588 RDPCDD - ok
15:45:33.0078 1588 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
15:45:33.0080 1588 rdpdr - ok
15:45:33.0091 1588 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
15:45:33.0092 1588 RDPENCDD - ok
15:45:33.0136 1588 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
15:45:33.0138 1588 RDPWD - ok
15:45:33.0188 1588 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
15:45:33.0189 1588 rspndr - ok
15:45:33.0273 1588 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
15:45:33.0274 1588 SASDIFSV - ok
15:45:33.0288 1588 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
15:45:33.0289 1588 SASKUTIL - ok
15:45:33.0307 1588 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
15:45:33.0308 1588 sbp2port - ok
15:45:33.0362 1588 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:45:33.0362 1588 secdrv - ok
15:45:33.0403 1588 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
15:45:33.0404 1588 Serenum - ok
15:45:33.0423 1588 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
15:45:33.0424 1588 Serial - ok
15:45:33.0441 1588 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
15:45:33.0442 1588 sermouse - ok
15:45:33.0474 1588 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
15:45:33.0475 1588 sffdisk - ok
15:45:33.0491 1588 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
15:45:33.0492 1588 sffp_mmc - ok
15:45:33.0511 1588 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
15:45:33.0512 1588 sffp_sd - ok
15:45:33.0530 1588 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
15:45:33.0531 1588 sfloppy - ok
15:45:33.0563 1588 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
15:45:33.0564 1588 SiSRaid2 - ok
15:45:33.0578 1588 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
15:45:33.0580 1588 SiSRaid4 - ok
15:45:33.0648 1588 SmartDefragDriver (b68385fd0cb677a1bb3eab0beb2999b7) C:\Windows\system32\Drivers\SmartDefragDriver.sys
15:45:33.0649 1588 SmartDefragDriver - ok
15:45:33.0684 1588 SMARTMouseFilterx64 (323ddcd15db2a7fed09df1f835cafcfb) C:\Windows\system32\DRIVERS\SMARTMouseFilterx64.sys
15:45:33.0684 1588 SMARTMouseFilterx64 - ok
15:45:33.0701 1588 SMARTVHidMiniVistaAmd64 (6c691320c71ca8e8c38f52b2ce652c64) C:\Windows\system32\DRIVERS\SMARTVHidMiniVistaAmd64.sys
15:45:33.0702 1588 SMARTVHidMiniVistaAmd64 - ok
15:45:33.0738 1588 SMARTVTabletPCx64 (20563f6830badd675407af0f5bca76ba) C:\Windows\system32\DRIVERS\SMARTVTabletPCx64.sys
15:45:33.0739 1588 SMARTVTabletPCx64 - ok
15:45:33.0776 1588 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
15:45:33.0777 1588 Smb - ok
15:45:33.0816 1588 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
15:45:33.0817 1588 spldr - ok
15:45:33.0880 1588 SRTSP (91d64a876db6d09d9fcac0505c13195a) C:\Windows\system32\drivers\NAVx64\1000000.07D\SRTSP64.SYS
15:45:33.0883 1588 SRTSP - ok
15:45:33.0918 1588 SRTSPX (19025dee181e66e345887c2bed0165b5) C:\Windows\system32\drivers\NAVx64\1000000.07D\SRTSPX64.SYS
15:45:33.0919 1588 SRTSPX - ok
15:45:33.0953 1588 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
15:45:33.0955 1588 srv - ok
15:45:33.0986 1588 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
15:45:33.0987 1588 srv2 - ok
15:45:34.0015 1588 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
15:45:34.0016 1588 srvnet - ok
15:45:34.0040 1588 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
15:45:34.0041 1588 swenum - ok
15:45:34.0082 1588 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
15:45:34.0083 1588 Symc8xx - ok
15:45:34.0106 1588 SYMDNS (e3f863a3d671b58da3d47444a8d09300) C:\Windows\system32\drivers\NAVx64\1000000.07D\SYMDNS.SYS
15:45:34.0107 1588 SYMDNS - ok
15:45:34.0138 1588 SymEFA (09733fd4d2bb86bfa0987a454b3d8f8c) C:\Windows\system32\drivers\NAVx64\1000000.07D\SYMEFA64.SYS
15:45:34.0140 1588 SymEFA - ok
15:45:34.0167 1588 SymEvent (209d2e4c78026eba547121e73dd82ebe) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
15:45:34.0168 1588 SymEvent - ok
15:45:34.0182 1588 SYMFW (bcc7820b14690a88487ab7d052769da8) C:\Windows\system32\drivers\NAVx64\1000000.07D\SYMFW.SYS
15:45:34.0183 1588 SYMFW - ok
15:45:34.0195 1588 SymIM (4ec2bef14eb5c6f5c621894f46d057b5) C:\Windows\system32\DRIVERS\SymIMv.sys
15:45:34.0196 1588 SymIM - ok
15:45:34.0209 1588 SYMNDISV (1b66861b19e37bdcb7bd77f514455a8c) C:\Windows\system32\drivers\NAVx64\1000000.07D\SYMNDISV.SYS
15:45:34.0210 1588 SYMNDISV - ok
15:45:34.0223 1588 SYMREDRV (1cd10764236028a13e0c4b4c37c02ee0) C:\Windows\system32\drivers\NAVx64\1000000.07D\SYMREDRV.SYS
15:45:34.0224 1588 SYMREDRV - ok
15:45:34.0245 1588 SYMTDI (7370a041bc2bac762098c9e985193ea4) C:\Windows\system32\drivers\NAVx64\1000000.07D\SYMTDI.SYS
15:45:34.0247 1588 SYMTDI - ok
15:45:34.0270 1588 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
15:45:34.0271 1588 Sym_hi - ok
15:45:34.0299 1588 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
15:45:34.0300 1588 Sym_u3 - ok
15:45:34.0342 1588 tbhsd (93f0f5ef8a4ca261372df98b31b2bd05) C:\Windows\system32\drivers\tbhsd.sys
15:45:34.0343 1588 tbhsd - ok
15:45:34.0399 1588 Tcpip (19a7321e3a5f1ddb215d2815dcc8f8e4) C:\Windows\system32\drivers\tcpip.sys
15:45:34.0406 1588 Tcpip - ok
15:45:34.0449 1588 Tcpip6 (19a7321e3a5f1ddb215d2815dcc8f8e4) C:\Windows\system32\DRIVERS\tcpip.sys
15:45:34.0456 1588 Tcpip6 - ok
15:45:34.0481 1588 tcpipreg (2aa1b7ebc271e995f3358c1fa7a1d35b) C:\Windows\system32\drivers\tcpipreg.sys
15:45:34.0482 1588 tcpipreg - ok
15:45:34.0519 1588 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
15:45:34.0520 1588 TDPIPE - ok
15:45:34.0540 1588 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
15:45:34.0541 1588 TDTCP - ok
15:45:34.0574 1588 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
15:45:34.0575 1588 tdx - ok
15:45:34.0593 1588 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
15:45:34.0594 1588 TermDD - ok
15:45:34.0638 1588 TIEHDUSB (199c2e87d9a5ec58d0bcd94e893bf629) C:\Windows\system32\DRIVERS\tiehdusb.sys
15:45:34.0639 1588 TIEHDUSB - ok
15:45:34.0688 1588 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:45:34.0689 1588 tssecsrv - ok
15:45:34.0700 1588 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
15:45:34.0701 1588 tunmp - ok
15:45:34.0719 1588 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
15:45:34.0720 1588 tunnel - ok
15:45:34.0739 1588 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
15:45:34.0740 1588 uagp35 - ok
15:45:34.0775 1588 UBHelper (00c8ce31657624a125fdb90efd554371) C:\Windows\system32\drivers\UBHelper.sys
15:45:34.0776 1588 UBHelper - ok
15:45:34.0810 1588 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
15:45:34.0813 1588 udfs - ok
15:45:34.0864 1588 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
15:45:34.0865 1588 uliagpkx - ok
15:45:34.0885 1588 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
15:45:34.0887 1588 uliahci - ok
15:45:34.0906 1588 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
15:45:34.0908 1588 UlSata - ok
15:45:34.0929 1588 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
15:45:34.0930 1588 ulsata2 - ok
15:45:34.0961 1588 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
15:45:34.0962 1588 umbus - ok
15:45:35.0000 1588 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
15:45:35.0001 1588 USBAAPL64 - ok
15:45:35.0016 1588 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
15:45:35.0017 1588 usbccgp - ok
15:45:35.0050 1588 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
15:45:35.0051 1588 usbcir - ok
15:45:35.0071 1588 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
15:45:35.0073 1588 usbehci - ok
15:45:35.0087 1588 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
15:45:35.0089 1588 usbhub - ok
15:45:35.0119 1588 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
15:45:35.0120 1588 usbohci - ok
15:45:35.0148 1588 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
15:45:35.0149 1588 usbprint - ok
15:45:35.0187 1588 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
15:45:35.0188 1588 usbscan - ok
15:45:35.0214 1588 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:45:35.0216 1588 USBSTOR - ok
15:45:35.0228 1588 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
15:45:35.0229 1588 usbuhci - ok
15:45:35.0263 1588 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
15:45:35.0264 1588 vga - ok
15:45:35.0276 1588 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
15:45:35.0277 1588 VgaSave - ok
15:45:35.0299 1588 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
15:45:35.0300 1588 viaide - ok
15:45:35.0324 1588 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
15:45:35.0325 1588 volmgr - ok
15:45:35.0351 1588 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
15:45:35.0354 1588 volmgrx - ok
15:45:35.0387 1588 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
15:45:35.0389 1588 volsnap - ok
15:45:35.0415 1588 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
15:45:35.0416 1588 vsmraid - ok
15:45:35.0459 1588 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
15:45:35.0460 1588 WacomPen - ok
15:45:35.0488 1588 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
15:45:35.0489 1588 Wanarp - ok
15:45:35.0497 1588 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
15:45:35.0498 1588 Wanarpv6 - ok
15:45:35.0527 1588 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
15:45:35.0528 1588 Wd - ok
15:45:35.0557 1588 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
15:45:35.0563 1588 Wdf01000 - ok
15:45:35.0688 1588 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
15:45:35.0689 1588 WmiAcpi - ok
15:45:35.0764 1588 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
15:45:35.0765 1588 WpdUsb - ok
15:45:35.0785 1588 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
15:45:35.0786 1588 ws2ifsl - ok
15:45:35.0817 1588 WsAudio_DeviceS(1) (ad12f5c7251bb8d575d560894e73cbba) C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys
15:45:35.0818 1588 WsAudio_DeviceS(1) - ok
15:45:35.0837 1588 WsAudio_DeviceS(2) (ad12f5c7251bb8d575d560894e73cbba) C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys
15:45:35.0838 1588 WsAudio_DeviceS(2) - ok
15:45:35.0858 1588 WsAudio_DeviceS(3) (ad12f5c7251bb8d575d560894e73cbba) C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys
15:45:35.0859 1588 WsAudio_DeviceS(3) - ok
15:45:35.0886 1588 WsAudio_DeviceS(4) (ad12f5c7251bb8d575d560894e73cbba) C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys
15:45:35.0886 1588 WsAudio_DeviceS(4) - ok
15:45:35.0912 1588 WsAudio_DeviceS(5) (ad12f5c7251bb8d575d560894e73cbba) C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys
15:45:35.0913 1588 WsAudio_DeviceS(5) - ok
15:45:35.0971 1588 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:45:35.0972 1588 WUDFRd - ok
15:45:36.0003 1588 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
15:45:36.0013 1588 \Device\Harddisk0\DR0 - ok
15:45:36.0016 1588 Boot (0x1200) (cb22093a8f1bb3135cce7ab8c94526d0) \Device\Harddisk0\DR0\Partition0
15:45:36.0017 1588 \Device\Harddisk0\DR0\Partition0 - ok
15:45:36.0034 1588 Boot (0x1200) (97d7c487bef6b0d1dd199add074dcda7) \Device\Harddisk0\DR0\Partition1
15:45:36.0035 1588 \Device\Harddisk0\DR0\Partition1 - ok
15:45:36.0036 1588 ============================================================
15:45:36.0036 1588 Scan finished
15:45:36.0036 1588 ============================================================
15:45:36.0046 3972 Detected object count: 0
15:45:36.0046 3972 Actual detected object count: 0
15:45:47.0632 3576 Deinitialize success

Here are the OTL reports:


OTL logfile created on: 16/10/2011 3:35:54 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Nemanja\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

8.00 Gb Total Physical Memory | 5.65 Gb Available Physical Memory | 70.63% Memory free
8.15 Gb Paging File | 5.38 Gb Available in Paging File | 65.99% Paging File free
Paging file location(s): C:\pagefile.sys 288 2048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 341.97 Gb Total Space | 248.29 Gb Free Space | 72.61% Space Free | Partition Type: NTFS
Drive D: | 342.01 Gb Total Space | 334.66 Gb Free Space | 97.85% Space Free | Partition Type: NTFS
Drive E: | 2.85 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: NEMANJA-PC | User Name: Nemanja | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/16 15:33:22 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Nemanja\Desktop\OTL.exe
PRC - [2011/10/09 11:54:58 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2011/09/24 19:59:45 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Users\Nemanja\AppData\Local\Google\Update\1.3.21.69\GoogleCrashHandler.exe
PRC - [2011/05/25 14:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\Nemanja\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2010/03/20 20:20:59 | 000,115,560 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/12/24 17:34:12 | 000,288,120 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Acer Arcade Deluxe\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
PRC - [2008/12/24 17:34:10 | 000,058,664 | ---- | M] () -- C:\Program Files (x86)\Acer Arcade Deluxe\Acer HomeMedia Connect\Kernel\DMS\CLMSMonitorService.exe
PRC - [2008/12/18 13:51:34 | 000,075,048 | ---- | M] () -- C:\Program Files (x86)\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
PRC - [2008/12/04 11:00:26 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/12/04 11:00:20 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/10/02 21:18:36 | 000,294,544 | ---- | M] (Carbonite, Inc.) -- C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/12 02:37:54 | 000,420,920 | ---- | M] () -- C:\Users\Nemanja\AppData\Local\Google\Chrome\Application\15.0.874.92\ppgooglenaclpluginchrome.dll
MOD - [2011/10/12 02:37:52 | 003,702,840 | ---- | M] () -- C:\Users\Nemanja\AppData\Local\Google\Chrome\Application\15.0.874.92\pdf.dll
MOD - [2011/10/12 02:36:16 | 000,142,568 | ---- | M] () -- C:\Users\Nemanja\AppData\Local\Google\Chrome\Application\15.0.874.92\avutil-51.dll
MOD - [2011/10/12 02:36:15 | 000,249,080 | ---- | M] () -- C:\Users\Nemanja\AppData\Local\Google\Chrome\Application\15.0.874.92\avformat-53.dll
MOD - [2011/10/12 02:36:14 | 001,829,944 | ---- | M] () -- C:\Users\Nemanja\AppData\Local\Google\Chrome\Application\15.0.874.92\avcodec-53.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/08/11 17:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2011/06/30 09:37:30 | 002,528,096 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV:64bit: - [2011/05/25 21:43:26 | 000,161,080 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe -- (CLPSLS)
SRV:64bit: - [2011/02/04 19:08:37 | 001,030,600 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2010/10/27 03:51:38 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2008/01/20 20:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/03/20 20:20:59 | 000,115,560 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe -- (Norton AntiVirus)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/06 10:13:00 | 003,478,288 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2009/03/29 22:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/12/24 17:34:12 | 000,288,120 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\Acer Arcade Deluxe\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (CyberLink Media Server Service)
SRV - [2008/12/24 17:34:10 | 000,058,664 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Acer Arcade Deluxe\Acer HomeMedia Connect\Kernel\DMS\CLMSMonitorService.exe -- (CyberLink Media Server Monitor Service)
SRV - [2008/12/18 13:51:34 | 000,075,048 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService)
SRV - [2008/12/04 11:00:26 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/06/13 05:05:48 | 001,539,224 | ---- | M] (Autodesk, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskNetSrv.exe -- (Autodesk Network Licensing Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/07/22 10:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 15:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/06/30 09:37:58 | 000,016,016 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\cmderd.sys -- (cmderd)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/12/10 14:24:50 | 000,257,232 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PCTCore64.sys -- (PCTCore)
DRV:64bit: - [2010/11/26 19:02:28 | 000,017,720 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV:64bit: - [2010/10/27 05:00:16 | 008,012,288 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010/10/27 05:00:16 | 008,012,288 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/10/27 03:14:24 | 000,287,232 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/08/09 05:36:42 | 000,048,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/06/15 16:25:24 | 000,015,784 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SMARTVHidMiniVistaAmd64.sys -- (SMARTVHidMiniVistaAmd64)
DRV:64bit: - [2010/06/15 16:25:08 | 000,012,584 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SMARTMouseFilterx64.sys -- (SMARTMouseFilterx64)
DRV:64bit: - [2010/06/15 16:25:06 | 000,018,432 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SMARTVTabletPCx64.sys -- (SMARTVTabletPCx64)
DRV:64bit: - [2010/03/20 20:21:07 | 000,172,080 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2010/03/20 20:20:59 | 000,474,672 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NAVx64\1000000.07D\SRTSP64.SYS -- (SRTSP)
DRV:64bit: - [2010/03/20 20:20:59 | 000,428,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1000000.07D\ccHPx64.sys -- (ccHP)
DRV:64bit: - [2010/03/20 20:20:59 | 000,402,480 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1000000.07D\SYMEFA64.SYS -- (SymEFA)
DRV:64bit: - [2010/03/20 20:20:59 | 000,283,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1000000.07D\SYMTDI.SYS -- (SYMTDI)
DRV:64bit: - [2010/03/20 20:20:59 | 000,138,800 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NAVx64\1000000.07D\SYMFW.SYS -- (SYMFW)
DRV:64bit: - [2010/03/20 20:20:59 | 000,046,640 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NAVx64\1000000.07D\SYMNDISV.SYS -- (SYMNDISV)
DRV:64bit: - [2010/03/20 20:20:59 | 000,033,840 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NAVx64\1000000.07D\SYMREDRV.SYS -- (SYMREDRV)
DRV:64bit: - [2010/03/20 20:20:59 | 000,032,304 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\SymIMv.sys -- (SymIM)
DRV:64bit: - [2010/03/20 20:20:59 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1000000.07D\SRTSPX64.SYS -- (SRTSPX)
DRV:64bit: - [2010/03/20 20:20:59 | 000,016,432 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NAVx64\1000000.07D\SYMDNS.SYS -- (SYMDNS)
DRV:64bit: - [2009/12/10 16:45:26 | 000,046,112 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tbhsd.sys -- (tbhsd)
DRV:64bit: - [2009/12/04 12:33:50 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)) WsAudio_DeviceS(5)
DRV:64bit: - [2009/12/04 12:33:50 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)) WsAudio_DeviceS(4)
DRV:64bit: - [2009/12/04 12:33:50 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)) WsAudio_DeviceS(3)
DRV:64bit: - [2009/12/04 12:33:50 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)) WsAudio_DeviceS(2)
DRV:64bit: - [2009/12/04 12:33:50 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)) WsAudio_DeviceS(1)
DRV:64bit: - [2009/09/30 18:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/09/03 17:30:20 | 000,128,512 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\tiehdusb.sys -- (TIEHDUSB)
DRV:64bit: - [2009/05/21 16:24:28 | 000,030,736 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmvac.sys -- (LTXMD_VAC) Litex Media Virtual Audio Cable (WDM)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/12/03 22:48:52 | 000,407,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2008/07/16 02:39:06 | 000,316,544 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\e1y60x64.sys -- (e1yexpress) Intel®
DRV:64bit: - [2008/02/22 00:10:36 | 000,196,992 | ---- | M] (Omnivision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ov550ivx.sys -- (OV550I)
DRV:64bit: - [2008/01/30 03:48:32 | 000,016,384 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2008/01/30 03:48:16 | 000,016,384 | ---- | M] (NewTech Infosystems Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2006/11/10 07:08:58 | 000,030,720 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ATITool64.sys -- (ATITool)
DRV - [2010/03/20 13:03:32 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2010/03/05 18:55:08 | 000,466,992 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100312.001\IDSviA64.sys -- (IDSVia64)
DRV - [2009/02/10 10:13:18 | 000,021,904 | ---- | M] (PC Tools Research Pty Ltd ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\AVRec.sys -- (AVRec)
DRV - [2009/02/10 10:13:16 | 000,028,560 | ---- | M] (PC Tools Research Pty Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\AVHook.sys -- (AVHook)
DRV - [2009/02/10 10:13:16 | 000,021,904 | ---- | M] (PC Tools Research Pty Ltd) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\AVFilter.sys -- (AVFilter)
DRV - [2005/01/01 03:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&s=1&o=vp64&d=1009&m=aspire_m5800
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&s=1&o=vp64&d=1009&m=aspire_m5800
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&s=1&o=vp64&d=1009&m=aspire_m5800
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&s=1&o=vp64&d=1009&m=aspire_m5800
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1344220802-3597430497-1352206752-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-1344220802-3597430497-1352206752-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1344220802-3597430497-1352206752-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
IE - HKU\S-1-5-21-1344220802-3597430497-1352206752-1000\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1344220802-3597430497-1352206752-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1344220802-3597430497-1352206752-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.845
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: msntoolbar@msn.com:6.0
FF - prefs.js..extensions.enabledItems: {27182e60-b5f3-411c-b545-b44205977502}:1.0
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.90

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@vizzed.com/VizzedRGR: C:\Program Files (x86)\Vizzed\Vizzed Retro Game Room\NpVizzedRgr.dll (Vizzed)
FF - HKCU\Software\MozillaPlugins\@powerchallenge.com/PowerLoader: C:\Users\Nemanja\AppData\LocalLow\POWERC~1\nppowerloader.dll (Power Challenge Sweden AB)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Nemanja\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Nemanja\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Nemanja\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Nemanja\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/08/25 12:17:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2010/02/19 17:23:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nemanja\AppData\Roaming\Mozilla\Extensions
[2011/08/13 11:54:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nemanja\AppData\Roaming\Mozilla\Firefox\Profiles\fzd1pi09.default\extensions
[2010/09/29 17:35:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Nemanja\AppData\Roaming\Mozilla\Firefox\Profiles\fzd1pi09.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/25 18:03:01 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Users\Nemanja\AppData\Roaming\Mozilla\Firefox\Profiles\fzd1pi09.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2011/08/13 11:54:30 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Nemanja\AppData\Roaming\Mozilla\Firefox\Profiles\fzd1pi09.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2010/10/22 21:24:58 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Users\Nemanja\AppData\Roaming\Mozilla\Firefox\Profiles\fzd1pi09.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/11/16 19:44:25 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Nemanja\AppData\Roaming\Mozilla\Firefox\Profiles\fzd1pi09.default\extensions\firefox@tvunetworks.com
[2011/03/13 18:22:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/02/07 17:26:28 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/08/29 20:24:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2009/07/03 01:34:44 | 000,083,376 | ---- | M] (NHN USA Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npijjiautoinstallpluginff.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Nemanja\AppData\Local\Google\Chrome\Application\15.0.874.92\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.210.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U21 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Nemanja\AppData\Local\Google\Chrome\Application\15.0.874.92\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Nemanja\AppData\Local\Google\Chrome\Application\15.0.874.92\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Nemanja\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.0.0.6907_0\npSkypeChromePlugin.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Nemanja\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Nemanja\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: Vizzed Retro Game Room Plugin (Enabled) = C:\Program Files (x86)\Vizzed\Vizzed Retro Game Room\NpVizzedRgr.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Power Challenge Loader (Enabled) = C:\Users\Nemanja\AppData\LocalLow\POWERC~1\nppowerloader.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\Windows\system32\TVUAx\npTVUAx.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Skype Extension = C:\Users\Nemanja\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.0.0.6907_0\
CHR - Extension: Srbija - Serbia = C:\Users\Nemanja\AppData\Local\Google\Chrome\User Data\Default\Extensions\mokaekccaopodkibmlkmfoikhfppgbbb\1.3_0\

O1 HOSTS File: ([2011/09/24 13:17:46 | 000,437,632 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15054 more lines...
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (DAPIELoader Class) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files (x86)\DAP\DAPIELoader64.dll File not found
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll (Conduit Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\16.0.0.125\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
O3:64bit: - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-1344220802-3597430497-1352206752-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-1344220802-3597430497-1352206752-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files (x86)\Acer\Acer Registration\ACE1.exe (Leader Technologies)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [CarboniteSetupLite] C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe (COMODO)
O4 - HKLM..\Run: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe (COMODO)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1344220802-3597430497-1352206752-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-1344220802-3597430497-1352206752-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\Nemanja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Nemanja\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Reg Error: Key error.)
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{351EDCB4-4957-4C6C-8C37-DBF8C82A0B48}: NameServer = 156.154.70.22,156.154.71.22
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) -C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Nemanja\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Nemanja\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/02/04 18:54:50 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2007/08/13 18:30:58 | 000,402,696 | R--- | M] (Electronic Arts) - E:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2007/09/01 16:48:52 | 000,000,000 | R--D | M] - E:\Autorun -- [ UDF ]
O32 - AutoRun File - [2007/09/01 16:49:28 | 002,285,056 | R--- | M] () - E:\autorun.dat -- [ UDF ]
O32 - AutoRun File - [2007/09/01 16:43:02 | 000,000,136 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{1d3c505b-b595-11de-84ee-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1d3c505b-b595-11de-84ee-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2007/08/13 18:30:58 | 000,402,696 | R--- | M] (Electronic Arts)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/16 15:34:08 | 000,000,000 | ---D | C] -- C:\Users\Nemanja\Desktop\tdsskiller1
[2011/10/16 15:33:44 | 000,000,000 | ---D | C] -- C:\Users\Nemanja\Desktop\tdsskiller
[2011/10/16 15:33:20 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Nemanja\Desktop\OTL.exe
[2011/10/13 20:43:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/10/13 20:43:21 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/10/13 20:43:19 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/10/13 19:18:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/10/13 19:17:03 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/10/13 19:17:03 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/10/13 19:17:01 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/10/13 19:17:01 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/10/13 19:16:59 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/10/13 19:16:59 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/10/13 19:16:59 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/10/13 19:16:58 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/10/13 19:16:57 | 000,818,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/10/12 21:58:04 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2011/10/12 21:58:04 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAutomationCore.dll
[2011/10/12 21:58:04 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAutomationCore.dll
[2011/10/12 21:58:04 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2011/10/12 21:58:04 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaccrc.dll
[2011/10/12 21:58:03 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\oleaccrc.dll
[2011/10/12 21:57:59 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2011/10/12 21:57:58 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2011/10/12 21:57:58 | 000,289,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2011/10/12 21:57:58 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2011/10/12 21:57:58 | 000,100,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Mpeg2Data.ax
[2011/10/12 21:57:58 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSDvbNP.ax
[2011/10/12 21:57:58 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mpeg2Data.ax
[2011/10/12 21:57:57 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSDvbNP.ax
[2011/10/10 12:58:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/10/10 12:55:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/10/10 12:39:26 | 000,000,000 | ---D | C] -- C:\Users\Nemanja\AppData\Local\{1AB2B725-8A45-490C-8DF6-125BB17EAABE}
[2011/10/10 12:39:16 | 000,000,000 | ---D | C] -- C:\Users\Nemanja\AppData\Local\{3235D1E7-0140-4DD8-9DE4-B9301FFE0993}
[2011/09/25 13:47:17 | 000,000,000 | ---D | C] -- C:\Users\Nemanja\AppData\Local\{7B4B54C2-5F4A-48B2-8DBC-B082E653D6C2}
[2011/09/25 13:47:07 | 000,000,000 | ---D | C] -- C:\Users\Nemanja\AppData\Local\{94A67DD0-2A0F-4CCE-828F-FC3938DC897E}
[2011/09/25 13:41:17 | 000,000,000 | ---D | C] -- C:\Users\Nemanja\AppData\Local\{108B380C-0833-4704-BF99-A6C550650811}
[2011/09/25 13:41:07 | 000,000,000 | ---D | C] -- C:\Users\Nemanja\AppData\Local\{AF04AEDB-1091-4215-80FF-18E1BB4073E2}
[2011/09/25 13:35:27 | 000,000,000 | ---D | C] -- C:\Users\Nemanja\AppData\Local\{6A16C3DF-D594-4FED-9589-4412D0897C2D}
[2011/09/25 13:35:17 | 000,000,000 | ---D | C] -- C:\Users\Nemanja\AppData\Local\{A499D21C-23AF-40F7-B88F-BCCD340FCF3F}
[2011/09/25 12:51:57 | 000,000,000 | ---D | C] -- C:\Users\Nemanja\AppData\Local\{583BC7EA-1EF1-4E09-8352-CEA7D1B47C5E}
[2011/09/25 12:51:48 | 000,000,000 | ---D | C] -- C:\Users\Nemanja\AppData\Local\{09A917B2-E8A6-4DCD-B4EE-CB7F689C75F7}
[2011/09/25 12:43:09 | 000,000,000 | ---D | C] -- C:\Users\Nemanja\AppData\Local\{CB6CBE05-FAA9-430C-8418-676BEED3FA53}
[2011/09/25 12:42:58 | 000,000,000 | ---D | C] -- C:\Users\Nemanja\AppData\Local\{B4574739-43D3-4286-8919-62A9DD78EBCA}
[2011/09/24 18:02:07 | 000,000,000 | ---D | C] -- C:\Users\Nemanja\Desktop\123
[2011/09/24 17:33:14 | 000,000,000 | ---D | C] -- C:\Users\Nemanja\AppData\Local\{9706B1D2-C204-4049-ADE1-F83690CAB83A}
[2011/09/24 17:33:02 | 000,000,000 | ---D | C] -- C:\Users\Nemanja\AppData\Local\{E95F1D78-EC2D-42DB-B2AC-FDA25F356558}
[2011/09/24 14:07:46 | 000,000,000 | ---D | C] -- C:\Users\Nemanja\AppData\Roaming\SUPERAntiSpyware.com
[2011/09/24 14:07:34 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/09/24 13:46:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011/09/24 13:13:22 | 000,000,000 | ---D | C] -- C:\Users\Nemanja\AppData\Local\{3D616F31-FC75-4A00-A59F-E52E18FCDCFB}
[2011/09/24 13:13:10 | 000,000,000 | ---D | C] -- C:\Users\Nemanja\AppData\Local\{578A7987-7077-4338-B17F-D3977224B69E}
[2011/09/17 21:27:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo Downloader
[2009/03/27 13:53:10 | 000,049,152 | R--- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[2007/10/14 19:35:00 | 000,040,960 | ---- | C] ( ) -- C:\Windows\OMNIUNS.EXE
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\Nemanja\AppData\Local\*.tmp files -> C:\Users\Nemanja\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/16 15:38:58 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
[2011/10/16 15:33:22 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Nemanja\Desktop\OTL.exe
[2011/10/16 15:33:19 | 001,541,014 | ---- | M] () -- C:\Users\Nemanja\Desktop\tdsskiller.zip
[2011/10/16 15:29:16 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/16 15:29:16 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/16 15:04:03 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1344220802-3597430497-1352206752-1000UA.job
[2011/10/16 14:59:03 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/16 12:44:33 | 000,010,702 | ---- | M] () -- C:\Users\Nemanja\AppData\Roaming\wklnhst.dat
[2011/10/16 12:30:00 | 000,000,382 | ---- | M] () -- C:\Windows\tasks\RegistryConvoy.job
[2011/10/16 11:36:19 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/10/16 11:36:19 | 000,608,760 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/10/16 11:36:19 | 000,108,268 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/10/16 11:29:23 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/16 11:29:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/15 21:58:01 | 000,000,472 | ---- | M] () -- C:\Windows\tasks\COMODO System Cleaner Update.job
[2011/10/14 20:04:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1344220802-3597430497-1352206752-1000Core.job
[2011/10/13 20:43:51 | 000,001,658 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/10/13 19:47:08 | 000,333,040 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/10/13 19:18:55 | 000,001,720 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/10/10 14:06:37 | 000,000,000 | ---- | M] () -- C:\Users\Nemanja\defogger_reenable
[2011/10/10 12:55:05 | 000,001,760 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/10/10 11:42:36 | 000,008,704 | ---- | M] () -- C:\Users\Nemanja\Desktop\UploadResume.wps
[2011/10/05 22:51:43 | 000,019,968 | ---- | M] () -- C:\Users\Nemanja\Desktop\SickSocialEssay.wps
[2011/10/02 20:12:44 | 010,743,808 | ---- | M] () -- C:\Users\Nemanja\Desktop\forest placemat pics.wps
[2011/09/26 22:35:34 | 003,803,290 | ---- | M] () -- C:\Users\Nemanja\Desktop\Skrillex - Reptile.mp3
[2011/09/26 22:34:52 | 009,748,396 | ---- | M] () -- C:\Users\Nemanja\Desktop\Skrillex - Scary Monsters and Nice Sprites - Original Mix.mp3
[2011/09/26 22:33:22 | 010,808,792 | ---- | M] () -- C:\Users\Nemanja\Desktop\Deadmau5 & MC Flipside - Hi Friend! (Vocal Mix).mp3
[2011/09/26 22:32:00 | 013,522,132 | ---- | M] () -- C:\Users\Nemanja\Desktop\Deadmau5 - Slip.mp3
[2011/09/26 22:27:57 | 013,851,625 | ---- | M] () -- C:\Users\Nemanja\Desktop\Flux Pavilion - Night Goes on.mp3
[2011/09/26 22:25:14 | 006,471,493 | ---- | M] () -- C:\Users\Nemanja\Desktop\Bassnectar - Bass Head.mp3
[2011/09/26 22:22:42 | 005,940,045 | ---- | M] () -- C:\Users\Nemanja\Desktop\Mt Eden Dubstep - Escape.mp3
[2011/09/26 22:17:56 | 000,001,161 | ---- | M] () -- C:\Users\Nemanja\Desktop\06 Word Problems.mp3
[2011/09/25 22:10:39 | 005,090,589 | ---- | M] () -- C:\Users\Nemanja\Desktop\Mt Eden Dubstep - Sierra Leone.mp3
[2011/09/25 22:10:21 | 003,514,118 | ---- | M] () -- C:\Users\Nemanja\Desktop\Deadmau5 - Ghosts N' Stuff.mp3
[2011/09/25 22:00:45 | 002,653,480 | ---- | M] () -- C:\Users\Nemanja\Desktop\Flux Pavilion - I Can't Stop.mp3
[2011/09/25 21:59:01 | 012,828,990 | ---- | M] () -- C:\Users\Nemanja\Desktop\Dj Fresh - Gold Dust (Flux Pavillion Remix).mp3
[2011/09/24 13:17:46 | 000,437,632 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/09/17 21:28:51 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk
[2011/09/17 21:20:20 | 000,001,495 | ---- | M] () -- C:\Windows\SysNative\.ini
[2011/09/17 17:38:45 | 008,254,332 | ---- | M] () -- C:\Users\Nemanja\Desktop\Don Omar Ft. Lucenzo - Danza Kuduro (feat Lucenzo).mp3
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\Nemanja\AppData\Local\*.tmp files -> C:\Users\Nemanja\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/16 15:33:02 | 001,541,014 | ---- | C] () -- C:\Users\Nemanja\Desktop\tdsskiller.zip
[2011/10/13 20:43:51 | 000,001,658 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/10/13 19:18:55 | 000,001,720 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/10/10 14:06:37 | 000,000,000 | ---- | C] () -- C:\Users\Nemanja\defogger_reenable
[2011/10/10 12:55:05 | 000,001,760 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/10/05 19:52:17 | 000,019,968 | ---- | C] () -- C:\Users\Nemanja\Desktop\SickSocialEssay.wps
[2011/10/02 19:31:23 | 010,743,808 | ---- | C] () -- C:\Users\Nemanja\Desktop\forest placemat pics.wps
[2011/09/28 22:42:52 | 000,008,704 | ---- | C] () -- C:\Users\Nemanja\Desktop\UploadResume.wps
[2011/09/26 22:35:26 | 003,803,290 | ---- | C] () -- C:\Users\Nemanja\Desktop\Skrillex - Reptile.mp3
[2011/09/26 22:34:26 | 009,748,396 | ---- | C] () -- C:\Users\Nemanja\Desktop\Skrillex - Scary Monsters and Nice Sprites - Original Mix.mp3
[2011/09/26 22:32:49 | 010,808,792 | ---- | C] () -- C:\Users\Nemanja\Desktop\Deadmau5 & MC Flipside - Hi Friend! (Vocal Mix).mp3
[2011/09/26 22:31:14 | 013,522,132 | ---- | C] () -- C:\Users\Nemanja\Desktop\Deadmau5 - Slip.mp3
[2011/09/26 22:26:54 | 013,851,625 | ---- | C] () -- C:\Users\Nemanja\Desktop\Flux Pavilion - Night Goes on.mp3
[2011/09/26 22:24:44 | 006,471,493 | ---- | C] () -- C:\Users\Nemanja\Desktop\Bassnectar - Bass Head.mp3
[2011/09/26 22:22:07 | 005,940,045 | ---- | C] () -- C:\Users\Nemanja\Desktop\Mt Eden Dubstep - Escape.mp3
[2011/09/26 22:18:01 | 000,001,161 | ---- | C] () -- C:\Users\Nemanja\Desktop\06 Word Problems.mp3
[2011/09/25 22:00:47 | 002,653,480 | ---- | C] () -- C:\Users\Nemanja\Desktop\Flux Pavilion - I Can't Stop.mp3
[2011/09/25 21:58:05 | 012,828,990 | ---- | C] () -- C:\Users\Nemanja\Desktop\Dj Fresh - Gold Dust (Flux Pavillion Remix).mp3
[2011/09/25 21:57:10 | 003,514,118 | ---- | C] () -- C:\Users\Nemanja\Desktop\Deadmau5 - Ghosts N' Stuff.mp3
[2011/09/24 20:16:12 | 005,090,589 | ---- | C] () -- C:\Users\Nemanja\Desktop\Mt Eden Dubstep - Sierra Leone.mp3
[2011/09/17 21:28:51 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk
[2011/09/17 21:20:20 | 000,001,495 | ---- | C] () -- C:\Windows\SysNative\.ini
[2011/09/17 17:38:16 | 008,254,332 | ---- | C] () -- C:\Users\Nemanja\Desktop\Don Omar Ft. Lucenzo - Danza Kuduro (feat Lucenzo).mp3
[2011/09/05 14:00:08 | 000,000,010 | ---- | C] () -- C:\Users\Nemanja\AppData\Roaming\RSBuddy Login.ini
[2011/08/23 13:51:19 | 000,010,593 | ---- | C] () -- C:\Windows\CSTBox.INI
[2011/07/12 12:20:41 | 000,000,073 | ---- | C] () -- C:\Windows\wininit.ini
[2011/06/27 22:34:39 | 000,000,000 | ---- | C] () -- C:\Users\Nemanja\AppData\Local\{3642BEC4-A5B9-49A7-A41E-915B2EA3F5AF}
[2011/03/24 14:44:57 | 000,000,334 | ---- | C] () -- C:\Users\Nemanja\AppData\Roaming\RSBuddy_white full.ini
[2011/03/12 14:16:04 | 000,712,738 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/01/17 13:54:38 | 000,000,151 | ---- | C] () -- C:\Users\Nemanja\AppData\Roaming\RSBot_Accounts.ini
[2010/09/17 19:17:02 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/06/26 20:46:10 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/06/15 09:02:32 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport(7341).dll
[2010/02/19 17:23:20 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/02/09 19:22:10 | 000,010,702 | ---- | C] () -- C:\Users\Nemanja\AppData\Roaming\wklnhst.dat
[2010/02/02 19:17:15 | 000,000,000 | ---- | C] () -- C:\Windows\Mavis Beacon Teaches Typing.INI
[2010/01/18 20:38:34 | 000,000,680 | ---- | C] () -- C:\Users\Nemanja\AppData\Local\d3d9caps.dat
[2009/12/21 17:11:34 | 000,002,879 | ---- | C] () -- C:\Windows\Virtuosa.INI
[2009/12/21 17:01:21 | 000,765,952 | ---- | C] () -- C:\Windows\SysWow64\tvqenc.dll
[2009/12/21 17:01:21 | 000,573,440 | ---- | C] () -- C:\Windows\SysWow64\tvqdec.dll
[2009/12/21 17:01:21 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\mp3dec.dll
[2009/12/17 22:38:31 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2009/12/03 09:17:02 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/12/03 09:16:51 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/12/03 09:16:41 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/10/22 07:57:00 | 000,045,056 | ---- | C] () -- C:\Users\Nemanja\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/16 19:29:38 | 000,000,164 | ---- | C] () -- C:\Users\Nemanja\AppData\Roaming\RSBot Accounts.ini
[2009/10/10 10:39:04 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
[2009/10/10 10:39:04 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini
[2009/10/10 06:09:12 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/03/27 13:51:53 | 003,107,788 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.dat
[2009/03/27 10:27:57 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008/01/20 20:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 09:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 06:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 06:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 03:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

========== Alternate Data Streams ==========

@Alternate Data Stream - 793 bytes -> C:\Users\Nemanja\First Aid Receipts.eml:OECustomProperty
@Alternate Data Stream - 64 bytes -> C:\Users\Nemanja\Desktop\capture-1.avi:TOC.WMV
@Alternate Data Stream - 197 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 151 bytes -> C:\ProgramData\Temp:D1B5B4F1
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:0B174FAE
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:07BF512B
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:5D7E5A8F
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:A42A9F39
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:7E95B6FD
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:F3176E45
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:798A3728
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:2B11E0DF
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:793F316E
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:4D066AD2
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:A8ADE5D8
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:4CF61E54
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:DAFD38AE

< End of report >


OTL Extras logfile created on: 16/10/2011 3:35:54 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Nemanja\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

8.00 Gb Total Physical Memory | 5.65 Gb Available Physical Memory | 70.63% Memory free
8.15 Gb Paging File | 5.38 Gb Available in Paging File | 65.99% Paging File free
Paging file location(s): C:\pagefile.sys 288 2048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 341.97 Gb Total Space | 248.29 Gb Free Space | 72.61% Space Free | Partition Type: NTFS
Drive D: | 342.01 Gb Total Space | 334.66 Gb Free Space | 97.85% Space Free | Partition Type: NTFS
Drive E: | 2.85 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: NEMANJA-PC | User Name: Nemanja | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 18 53 95 7C DF AF CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00AB2C74-C1B1-4B08-B60E-11CE0950A4B9}" = rport=138 | protocol=17 | dir=out | app=system |
"{1CA4FB81-E5F0-46F4-AB14-EBEAAF13B536}" = lport=2869 | protocol=6 | dir=in | app=system |
"{26C071CB-024C-480D-9861-78DDE70F9F10}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{2A89EB75-C505-462D-817E-8B6AA5296004}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{2D427C85-A4E2-4B15-83B8-70AAFE091576}" = lport=138 | protocol=17 | dir=in | app=system |
"{32D2D9F5-973F-445F-AACA-BB513578E33E}" = lport=445 | protocol=6 | dir=in | app=system |
"{356602CC-B611-4BF4-B201-E21102023DEA}" = lport=443 | protocol=6 | dir=in | name=https |
"{3CF3E7DC-B2C2-456B-BD80-559C53FFE7AE}" = lport=139 | protocol=6 | dir=in | app=system |
"{49DE8E2A-163E-4695-84DA-E52A9CA392C3}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{548CE7A7-7EC2-4FF7-98BA-6703E45635CA}" = lport=49799 | protocol=6 | dir=in | name=akamai netsession interface |
"{551B43C5-B7D4-4281-BA9D-C6A53EAA92C9}" = rport=445 | protocol=6 | dir=out | app=system |
"{558CD7DD-B2A7-4AD6-9E7C-FF9CF11455DE}" = lport=80 | protocol=6 | dir=in | name=http |
"{5843A29D-2859-42B2-B714-576793A197FC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6E1437CD-623B-4355-86BF-2BE04D54CC1A}" = lport=9570 | protocol=17 | dir=in | name=news ticker |
"{71B78498-3CEE-49DD-9B6E-B7370F15FB0D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{782C4643-08D5-41BB-A265-6EDCD0419F0A}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{7EED0330-ADED-4EA2-856E-AE9FA84A790F}" = rport=137 | protocol=17 | dir=out | app=system |
"{83D420C0-1BE5-4271-B085-8E06961AB177}" = lport=137 | protocol=17 | dir=in | app=system |
"{9CF356A0-8210-4C29-B9D2-DB2CF8E2C6BB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{AE32BA63-B7AF-47DA-8429-8013B9EA0F08}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{AF3A6D48-6FAA-4048-8579-323DA2A2285D}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{BC0CCF57-ED8B-474B-BB1B-491146EA432D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{C83D783B-F8EE-441C-87EB-907B8A5F5DBE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{C9142EAC-76A8-4BD6-A7F5-356605588F2B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DB3C5184-FD89-4896-BEAC-13F316CC0527}" = lport=3658 | protocol=17 | dir=in | name=game packets |
"{DD7F165F-8909-4E98-8AE5-7DC62DE90B76}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{DE5A3F24-3CC9-4EE3-A5CC-EBF2E7CC1DCE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E74C6D74-AF5A-4ED6-943E-B66FF99C642A}" = rport=139 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{017DD34F-0977-4B61-ADF1-8883B367B651}" = protocol=6 | dir=in | app=c:\program files (x86)\ijji\ijji reactor\ijjioptimizer.exe |
"{07D77142-F4B4-4A29-BA82-4E5638A03745}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{0B624CED-FB0F-4D47-A598-FE525C82D559}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{1C7B6B86-7062-4031-886F-B55FACEC2AF5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{208EEF34-29DF-4AB7-A634-6D6C95A4FDC7}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{2E5C25A7-048F-42A5-835E-37EB5D2CA4E9}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{32F17B5F-E957-4B12-BA66-451D9184AF0D}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{34B7C6A0-5F69-4734-9FFF-9A2001C6AA5D}" = protocol=17 | dir=in | app=c:\program files (x86)\smart technologies\smart product drivers\ucgui.exe |
"{36871D93-DFFD-4779-A079-5A0479F11D6C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{371B191B-CA79-407B-B42D-CBF0E7C1F517}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{39312617-39D3-4BFB-824A-BE2DC18C2A49}" = protocol=6 | dir=in | app=c:\users\nemanja\appdata\roaming\dropbox\bin\dropbox.exe |
"{39882675-3A87-4ECF-89FF-05E3C041DF30}" = protocol=6 | dir=in | app=c:\program files (x86)\smart technologies\smart product drivers\ucservice.exe |
"{41E555CF-B8BC-4513-9138-24A0FF0C7B03}" = protocol=6 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{49782EB6-999E-45B6-9A3E-8930C77AEF83}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{4D9845D9-D7D7-4A64-8F25-0F650F7E2401}" = protocol=17 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{502486BD-B329-4FD3-AB69-EC02B2971E1C}" = protocol=6 | dir=in | app=c:\ijji\english\genesisad\anotherday.exe |
"{50E678FE-2A7C-448A-BF3A-1D7C7552C680}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{5811D801-FB65-4D20-B550-EF39A259FC88}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{5E637900-0D19-479A-A7D1-5102D59B6CA5}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{5E890C85-9217-4E6D-976F-81599B7C79BE}" = protocol=6 | dir=in | app=c:\program files (x86)\ijji\ijji reactor\ijjioptimizer.exe |
"{6170711C-8A46-434F-BF60-BCECE10FE889}" = protocol=17 | dir=in | app=c:\program files (x86)\smart technologies\smart product drivers\smartsnmpagent.exe |
"{62241F7D-8A16-4E1A-B0C8-C7416283B563}" = protocol=17 | dir=in | app=c:\ijji\english\genesisad\anotherday.exe |
"{64405498-73D1-4F20-9E50-12C9ADD82009}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{6755C1F3-B300-4304-BBF0-D9B4F973F4A6}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{6AFF6FDE-0711-4A5E-AC23-A37AA65C0609}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\homemedia\homemedia.exe |
"{6BF4F5F6-F8EA-4487-A21F-5124D54ECC55}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer homemedia connect\homemedia connect.exe |
"{77488EA9-206A-4765-8CCB-3902BEC606CE}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{788CEB83-32C2-444E-B583-3D6BDC56C66B}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\playmovie.exe |
"{79E865DC-7E7F-4D52-BCD4-056DEC876E94}" = protocol=17 | dir=in | app=c:\program files (x86)\smart technologies\smart product drivers\ucservice.exe |
"{7AACDF06-C0C7-4B55-A01B-6DE02612D87A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{7ADD215E-E0AC-4A58-A864-918903B8F32B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{85820E2C-4F66-4235-8812-7F491620A6B9}" = protocol=6 | dir=in | app=c:\ijji\english\genesisad\gameconsole.bin |
"{89BEA57C-153C-472E-B802-02A096867C3C}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{90D8BB12-BA1E-4F56-81C3-08D1BEA47917}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{934FC111-2B30-498E-8C1D-869E992710E3}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{9379B7B0-C582-4AEA-8782-52404FA31FA6}" = protocol=17 | dir=in | app=c:\program files (x86)\ijji\ijji reactor\ijjioptimizer.exe |
"{98284C7F-E869-47B0-B8CC-14E983829C6E}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{9BD93F1A-C075-4688-B377-038E642250DB}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{9FE7A9DB-DFE0-4C4E-9429-F2C47BF028BD}" = protocol=6 | dir=in | app=c:\program files (x86)\smart technologies\smart product drivers\smartsnmpagent.exe |
"{A4D91F76-2647-4815-A05C-A9DAAFD898B3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A96E1757-4A45-44F2-BB53-0A660C525007}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A9D4B548-3AEF-4D5B-82E3-99D9E4AE57B1}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer homemedia connect\kernel\dms\clmsservice.exe |
"{B149460D-CBDF-4C38-B5AB-E0E63592C080}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{CA2702AB-CF2E-44BC-B8A9-D50F39A5AAB6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CDFD1112-DC34-44C8-ADFF-BE6A45BDE787}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{D0D37F36-392B-4AE9-B880-5DF6037E9135}" = protocol=17 | dir=in | app=c:\ijji\english\genesisad\gameconsole.bin |
"{D55C0113-603A-4011-A639-EFFD79D846E9}" = protocol=6 | dir=in | app=c:\program files (x86)\smart technologies\smart product drivers\ucgui.exe |
"{D5E83E4C-4B58-4C3C-987F-2CC4696C9AD8}" = protocol=17 | dir=in | app=c:\users\nemanja\appdata\roaming\dropbox\bin\dropbox.exe |
"{D65A70F4-4295-40B7-86E6-4E280D8DC4B6}" = protocol=17 | dir=in | app=c:\program files (x86)\ijji\ijji reactor\ijjioptimizer.exe |
"{DF745D93-444A-40FF-8241-F7ADD524773E}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{DFAAA7EF-DF5A-4390-AE7E-02A0FFC83652}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer homemedia connect\kernel\dms\clmsserver.exe |
"{DFDDFE2E-7024-4DC4-AC80-978A20D0FE5A}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{E9F851A7-4098-4BC3-8B48-DC75A382B3AC}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{ED12F2A0-A124-48C4-B723-8B7F819DDF46}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\pmvservice.exe |
"{F5018540-85D8-466E-9370-C408C6A9BA10}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"TCP Query User{05990B87-618D-4FCA-AD51-8B8E096E88FE}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"TCP Query User{30292987-71B1-4724-86DE-2D523E4C6843}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe |
"TCP Query User{3AF376DC-E3FB-45F9-8BF9-7BE1B23B8E47}C:\users\nemanja\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\nemanja\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{4235A406-57FE-4037-BF03-6AD1B630357D}C:\program files (x86)\freephoneline\freephoneline.exe" = protocol=6 | dir=in | app=c:\program files (x86)\freephoneline\freephoneline.exe |
"TCP Query User{43E0E844-0F21-41EE-9738-BF43A863545C}C:\program files (x86)\ea sports\fifa 08\fifa08.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea sports\fifa 08\fifa08.exe |
"TCP Query User{4D5FE01B-CC6E-48B9-AC6C-CB08066FE86C}C:\program files (x86)\java\jdk1.6.0_18\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jdk1.6.0_18\bin\java.exe |
"TCP Query User{72707A32-AD21-49C8-85E3-DD0E6F624C59}C:\nexon\combat arms\engine.exe" = protocol=6 | dir=in | app=c:\nexon\combat arms\engine.exe |
"TCP Query User{9C4DFB41-4276-4B98-A2E0-171F02C3CB8F}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe |
"TCP Query User{A4247940-556A-4790-B730-E969336A48F0}C:\users\nemanja\documents\rsandg\rsps\new\cyclicserver - copy\client.exe" = protocol=6 | dir=in | app=c:\users\nemanja\documents\rsandg\rsps\new\cyclicserver - copy\client.exe |
"TCP Query User{CE6B08BF-CA30-46B7-BED5-B45EBFA05B1B}C:\program files (x86)\ijji\ijji reactor\reactor.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ijji\ijji reactor\reactor.exe |
"TCP Query User{DB70747F-1A4F-46A7-8399-71A6C7AB1494}C:\ijji\english\u_sf\soldierfront.exe" = protocol=6 | dir=in | app=c:\ijji\english\u_sf\soldierfront.exe |
"TCP Query User{DDBD282E-D544-40A0-B079-36302BEA3EF5}C:\users\nemanja\desktop\inis\vbaserver.exe" = protocol=6 | dir=in | app=c:\users\nemanja\desktop\inis\vbaserver.exe |
"TCP Query User{E33903B9-CE30-40CC-A12A-489882846E7C}C:\program files\java\jdk1.6.0_16\jre\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jdk1.6.0_16\jre\bin\java.exe |
"TCP Query User{E365BC66-AAC4-4454-AAE9-3FA52ECAA7F8}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{EDB69413-9E68-4FB9-A1C4-9384B9D224B2}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"TCP Query User{EFE9FA39-48A8-4577-B56F-DD7CA8235C7E}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{F05E839B-6EDA-4153-910E-D84D8471E502}C:\program files (x86)\smart technologies\smart product drivers\smartsnmpagent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\smart technologies\smart product drivers\smartsnmpagent.exe |
"TCP Query User{F3EF88F0-FFE2-44D2-A87A-610B32C7F6D2}C:\users\nemanja\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\nemanja\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{FE349E93-D503-4DF8-833C-202227C2E48A}C:\program files (x86)\java\jdk1.6.0_18\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jdk1.6.0_18\bin\java.exe |
"UDP Query User{096F3B56-6412-4D54-B5C6-5E970063AFEA}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{2AA11B27-3AC5-4832-B13B-FE99881CFF09}C:\program files (x86)\ijji\ijji reactor\reactor.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ijji\ijji reactor\reactor.exe |
"UDP Query User{32D15037-EC72-40AC-81EA-166D3D84FE7C}C:\ijji\english\u_sf\soldierfront.exe" = protocol=17 | dir=in | app=c:\ijji\english\u_sf\soldierfront.exe |
"UDP Query User{45159386-4FBB-405D-A447-36C7CFE3F7BF}C:\program files\java\jdk1.6.0_16\jre\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jdk1.6.0_16\jre\bin\java.exe |
"UDP Query User{467E0C24-DAED-44A9-8575-E9BE6BDC7E2E}C:\program files (x86)\java\jdk1.6.0_18\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jdk1.6.0_18\bin\java.exe |
"UDP Query User{5D8C4D82-EE3F-47B1-B792-8D1B8B53E770}C:\users\nemanja\documents\rsandg\rsps\new\cyclicserver - copy\client.exe" = protocol=17 | dir=in | app=c:\users\nemanja\documents\rsandg\rsps\new\cyclicserver - copy\client.exe |
"UDP Query User{6B1100B7-06E2-4429-84E6-9077F6337D60}C:\users\nemanja\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\nemanja\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{6F53F99B-C85E-4F11-8E04-9BDD8EAB4D59}C:\program files (x86)\ea sports\fifa 08\fifa08.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea sports\fifa 08\fifa08.exe |
"UDP Query User{820AB590-2523-43D1-9CA7-1F72526E3600}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
"UDP Query User{A5291309-9021-4085-84C3-3687A8E58C4D}C:\program files (x86)\smart technologies\smart product drivers\smartsnmpagent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\smart technologies\smart product drivers\smartsnmpagent.exe |
"UDP Query User{AA06E483-A432-4778-A7F0-58233DBCF195}C:\program files (x86)\java\jdk1.6.0_18\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jdk1.6.0_18\bin\java.exe |
"UDP Query User{B1E39FA9-7EC1-40E4-97F6-7F86014CFEFD}C:\nexon\combat arms\engine.exe" = protocol=17 | dir=in | app=c:\nexon\combat arms\engine.exe |
"UDP Query User{BB824174-B0CF-48D7-8BF9-AC5130D8D573}C:\users\nemanja\desktop\inis\vbaserver.exe" = protocol=17 | dir=in | app=c:\users\nemanja\desktop\inis\vbaserver.exe |
"UDP Query User{BE895A0E-9846-48EC-9790-1FF90A657B5D}C:\users\nemanja\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\nemanja\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{DDE14EC8-CF7D-416E-ABD3-E6D3911D1873}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
"UDP Query User{E425587B-A59D-4EF8-A2C0-AA99692F29F6}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{EC8770DC-E492-4837-9CC9-91D3AD86BF8B}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe |
"UDP Query User{FB560198-73DA-4EE1-8FB2-C3339A6B821D}C:\program files (x86)\freephoneline\freephoneline.exe" = protocol=17 | dir=in | app=c:\program files (x86)\freephoneline\freephoneline.exe |
"UDP Query User{FC192581-FC27-4D14-8E94-2FF449708175}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416013FF}" = Java™ 6 Update 13 (64-bit)
"{2A8EEE2F-4A9E-43D8-AA07-EC8A316B2DEB}" = Autodesk Revit Architecture 2010 x64
"{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}" = MobileMe Control Panel
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0160160}" = Java™ SE Development Kit 6 Update 16 (64-bit)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{897BE4A7-682B-7375-BBAF-05A44FC2B524}" = ATI Catalyst Install Manager
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{914C25C6-603C-16C9-BE33-8A09E5632350}" = ccc-utility64
"{936596DB-39C5-49D7-AD0C-9BB1BE1AF72C}" = TortoiseSVN 1.6.13.20954 (64 bit)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C98CA38-4C1A-4AC8-B55C-169497C8826B}" = Apple Mobile Device Support
"{9CD0F7D3-B67F-4BF8-8784-D73AD229FF1E}" = iTunes
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security
"7511B29C86C398B4D11A0B0E4176CAD68D1B7057" = Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB (09/02/2009 1.0.0.1)
"Autodesk Revit Architecture 2010 x64" = Autodesk Revit Architecture 2010 x64
"EC3E466026556D3EB760B01C4772277614354E11" = Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB (06/11/2009 1.0.0.0)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{063E409E-3D7C-4A4A-95AB-2F124B9224B3}" = ArcSoft PhotoImpression 6
"{0A2A5039-B37F-489D-B1DC-A5258DF9E697}" = FIFA 08
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{12444FB2-997D-7BB2-0CEB-453E31307929}" = ccc-core-static
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A6D6B28-888F-4512-910E-89FB2E189FEA}" = Vizzed Retro Game Room
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 21
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{2C08D7E7-9EE1-4A08-AFE0-745F02DCD6A4}_is1" = Pokemon Online 1.0.21
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{32A3A4F4-B792-11D6-A78A-00B0D0160180}" = Java™ SE Development Kit 6 Update 18
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{333B0B76-FC96-4C51-9AF6-B6EFA15ACE99}" = SMART Product Drivers
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3F62782D-2798-4540-B493-F6472197900E}" = Microsoft Search Enhancement Pack
"{42AF51C0-4028-46CF-B616-FB1F75286457}" = A.V.A
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51399947-35EF-10B8-FC7F-0D435C701A2D}" = Catalyst Control Center InstallProxy
"{55D9E026-DCB0-46FF-B60A-68B972228CF6}" = Autodesk Design Review 2010
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6B566EFE-DC1D-471F-93DD-84832663F140}" = OVT Scanner X86
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{707790EF-9E51-1548-F90C-57B38065F38C}" = Catalyst Control Center Graphics Previews Vista
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71C2828F-2678-4675-BDEC-895424861262}_is1" = C:\Program Files (x86)\Acer GameZone\GameConsole
"{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1" = Auslogics BoostSpeed
"{739941B6-3C0F-290A-0B76-08C7CEA6F0F3}" = Catalyst Control Center InstallProxy
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{782DDB70-3DF4-4366-00BF-E3767BCD173B}" = FIFA 2004
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7B5999EE-F2DD-4677-675D-51F11C6F6181}" = Catalyst Control Center Graphics Previews Common
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{82705358-3BD6-3CD5-AA9A-B8F058BE3A29}" = Google Talk Plugin
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110082360}" = Alien Shooter
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11408540}" = Magic Match Adventures
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114717227}" = Magic Farm
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = ijji REACTOR
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9EBDAF91-DADA-47CE-94F2-F5B004007934}" = System Requirements Lab
"{A1F2EF0E-1EE5-4F0B-8A31-EE875EBD3F01}" = Mavis Beacon Teaches Typing 15
"{A589DA26-51BD-475D-8C32-E19E34145842}" = Camtasia Studio 6
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{AE096DBF-8878-6943-3858-7EE9D54D70B7}" = CCC Help English
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BEB3AD23-250E-4BD2-BBC9-27D4BB42DE07}" = COMODO System - Cleaner
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D312F154-8455-45C1-A44E-1AED321E6E95}" = NVIDIA 3D Vision Video Player
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDA34038-89BD-4804-B0B8-DC48D5DFB463}" = Catalyst Control Center - Branding
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Acer Assist" = Acer Assist
"Acer Registration" = Acer Registration
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"ATITool" = ATITool Overclocking Utility
"Autodesk Design Review 2010" = Autodesk Design Review 2010
"CanoScan Toolbox 5.0" = Canon CanoScan Toolbox 5.0
"Carbonite Setup Lite" = Carbonite Online Backup Setup
"Cavaj Java Decompiler" = Cavaj Java Decompiler
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"COMODO GeekBuddy" = COMODO GeekBuddy
"conduitEngine" = Conduit Engine
"Free Window Registry Repair" = Free Window Registry Repair
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Notepad++" = Notepad++
"RealPlayer 12.0" = RealPlayer
"SMPlayer" = SMPlayer 0.6.9
"uTorrentBar Toolbar" = uTorrentBar Toolbar
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1344220802-3597430497-1352206752-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Power Loader" = Power Challenge Game Plugin
"Substance look and feel demo" = Substance look and feel demo

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 16/10/2011 1:06:27 AM | Computer Name = Nemanja-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 16/10/2011 11:32:14 AM | Computer Name = Nemanja-PC | Source = WinMgmt | ID = 10
Description =

Error - 16/10/2011 11:32:24 AM | Computer Name = Nemanja-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 16/10/2011 11:32:24 AM | Computer Name = Nemanja-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 16/10/2011 11:32:24 AM | Computer Name = Nemanja-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 16/10/2011 11:54:27 AM | Computer Name = Nemanja-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 16/10/2011 1:29:25 PM | Computer Name = Nemanja-PC | Source = WinMgmt | ID = 10
Description =

Error - 16/10/2011 1:29:40 PM | Computer Name = Nemanja-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 16/10/2011 1:29:40 PM | Computer Name = Nemanja-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 16/10/2011 1:29:40 PM | Computer Name = Nemanja-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

[ OSession Events ]
Error - 02/10/2010 6:33:09 PM | Computer Name = Nemanja-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

Error - 03/04/2011 10:25:17 PM | Computer Name = Nemanja-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 03/04/2011 10:32:10 PM | Computer Name = Nemanja-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 10/04/2011 6:13:20 PM | Computer Name = Nemanja-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 14
seconds with 0 seconds of active time. This session ended with a crash.

Error - 08/05/2011 11:35:38 PM | Computer Name = Nemanja-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 16/10/2011 11:32:20 AM | Computer Name = Nemanja-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 16/10/2011 11:36:00 AM | Computer Name = Nemanja-PC | Source = volsnap | ID = 393236
Description = The shadow copies of volume C: were aborted because of a failed free
space computation.

Error - 16/10/2011 11:37:57 AM | Computer Name = Nemanja-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 16/10/2011 1:28:22 PM | Computer Name = Nemanja-PC | Source = volmgr | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 16/10/2011 1:29:15 PM | Computer Name = Nemanja-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:27:36 AM on 16/10/2011 was unexpected.

Error - 16/10/2011 1:29:10 PM | Computer Name = Nemanja-PC | Source = volmgr | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 16/10/2011 1:29:19 PM | Computer Name = Nemanja-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\drivers\AVRec.sys has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 16/10/2011 1:29:25 PM | Computer Name = Nemanja-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 16/10/2011 1:29:25 PM | Computer Name = Nemanja-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 16/10/2011 1:29:28 PM | Computer Name = Nemanja-PC | Source = Service Control Manager | ID = 7026
Description =


< End of report >

#6 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:10:52 PM

Posted 17 October 2011 - 08:40 AM

Hi,

:step1: Run the Norton Removal Tool
We are going to remove the left-overs from your Norton installation. The Norton Removal Tool uninstalls all Norton 2003 and later products, Norton 360, and Norton SystemWorks 12.0 from your computer. If you plan to continue to use your Norton products again in the future, you should ensure that you have safely stored your product key.

  • Download the Norton Removal tool to your Desktop.
  • Double click the Norton Removal Tool icon.
  • Allow any security warnings and type your administrator password if required.
  • Follow the instructions given.
  • Restart your PC

:step2: We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :OTL
    IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-1344220802-3597430497-1352206752-1000\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
    [2010/10/25 18:03:01 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Users\Nemanja\AppData\Roaming\Mozilla\Firefox\Profiles\fzd1pi09.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
    [2011/08/13 11:54:30 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Nemanja\AppData\Roaming\Mozilla\Firefox\Profiles\fzd1pi09.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
    O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll (Conduit Ltd.)
    O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
    O32 - AutoRun File - [2011/02/04 18:54:50 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
    O32 - AutoRun File - [2007/08/13 18:30:58 | 000,402,696 | R--- | M] (Electronic Arts) - E:\AutoRun.exe -- [ UDF ]
    O32 - AutoRun File - [2007/09/01 16:48:52 | 000,000,000 | R--D | M] - E:\Autorun -- [ UDF ]
    O32 - AutoRun File - [2007/09/01 16:49:28 | 002,285,056 | R--- | M] () - E:\autorun.dat -- [ UDF ]
    O32 - AutoRun File - [2007/09/01 16:43:02 | 000,000,136 | R--- | M] () - E:\autorun.inf -- [ UDF ]
    O33 - MountPoints2\{1d3c505b-b595-11de-84ee-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{1d3c505b-b595-11de-84ee-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2007/08/13 18:30:58 | 000,402,696 | R--- | M] (Electronic Arts)
    @Alternate Data Stream - 793 bytes -> C:\Users\Nemanja\First Aid Receipts.eml:OECustomProperty
    @Alternate Data Stream - 64 bytes -> C:\Users\Nemanja\Desktop\capture-1.avi:TOC.WMV
    @Alternate Data Stream - 197 bytes -> C:\ProgramData\Temp:DFC5A2B2
    @Alternate Data Stream - 151 bytes -> C:\ProgramData\Temp:D1B5B4F1
    @Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:0B174FAE
    @Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:07BF512B
    @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:5D7E5A8F
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
    @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:A42A9F39
    @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:7E95B6FD
    @Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:F3176E45
    @Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:798A3728
    @Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:2B11E0DF
    @Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:793F316E
    @Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:4D066AD2
    @Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:A8ADE5D8
    @Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:4CF61E54
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:DAFD38AE
    
    :files
    C:\Program Files (x86)\ConduitEngine
    C:\Program Files (x86)\uTorrentBar\
    
    :commands
    [CREATERESTOREPOINT]
    [PURITY]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#7 nemjeet

nemjeet
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:52 PM

Posted 18 October 2011 - 07:49 PM

Sorry for my slow reply, I've been busy with school. Here's the report.


========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ deleted successfully.
File C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll not found.
Registry value HKEY_USERS\S-1-5-21-1344220802-3597430497-1352206752-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.
File C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll not found.
Folder C:\Users\Nemanja\AppData\Roaming\Mozilla\Firefox\Profiles\fzd1pi09.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\ not found.
Folder C:\Users\Nemanja\AppData\Roaming\Mozilla\Firefox\Profiles\fzd1pi09.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.
File C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.
File C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll not found.
File not found.
File move failed. E:\AutoRun.exe scheduled to be moved on reboot.
File not found.
File move failed. E:\autorun.dat scheduled to be moved on reboot.
File move failed. E:\autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d3c505b-b595-11de-84ee-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1d3c505b-b595-11de-84ee-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d3c505b-b595-11de-84ee-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1d3c505b-b595-11de-84ee-806e6f6e6963}\ not found.
File move failed. E:\AutoRun.exe scheduled to be moved on reboot.
ADS C:\Users\Nemanja\First Aid Receipts.eml:OECustomProperty deleted successfully.
ADS C:\Users\Nemanja\Desktop\capture-1.avi:TOC.WMV deleted successfully.
ADS C:\ProgramData\Temp:DFC5A2B2 deleted successfully.
ADS C:\ProgramData\Temp:D1B5B4F1 deleted successfully.
ADS C:\ProgramData\Temp:0B174FAE deleted successfully.
ADS C:\ProgramData\Temp:07BF512B deleted successfully.
ADS C:\ProgramData\Temp:5D7E5A8F deleted successfully.
ADS C:\ProgramData\Temp:430C6D84 deleted successfully.
ADS C:\ProgramData\Temp:A42A9F39 deleted successfully.
ADS C:\ProgramData\Temp:7E95B6FD deleted successfully.
ADS C:\ProgramData\Temp:F3176E45 deleted successfully.
ADS C:\ProgramData\Temp:798A3728 deleted successfully.
ADS C:\ProgramData\Temp:2B11E0DF deleted successfully.
ADS C:\ProgramData\Temp:793F316E deleted successfully.
ADS C:\ProgramData\Temp:4D066AD2 deleted successfully.
ADS C:\ProgramData\Temp:A8ADE5D8 deleted successfully.
ADS C:\ProgramData\Temp:4CF61E54 deleted successfully.
ADS C:\ProgramData\Temp:DAFD38AE deleted successfully.
========== FILES ==========
C:\Program Files (x86)\ConduitEngine folder moved successfully.
C:\Program Files (x86)\uTorrentBar folder moved successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.31.0 log created on 10182011_184323

Files\Folders moved on Reboot...
File move failed. E:\AutoRun.exe scheduled to be moved on reboot.
File move failed. E:\autorun.dat scheduled to be moved on reboot.
File move failed. E:\autorun.inf scheduled to be moved on reboot.

Registry entries deleted on Reboot...

#8 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:10:52 PM

Posted 19 October 2011 - 06:20 AM

OK, how are things looking at the moment?

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#9 nemjeet

nemjeet
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:52 PM

Posted 19 October 2011 - 07:21 PM

My computer froze a few hours later randomly, not really any noticeable changes.

#10 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:10:52 PM

Posted 20 October 2011 - 05:43 AM

OK, let's try another tool.

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. If you are prompted to install the Recovery Console, then please do so.

Please include the C:\ComboFix.txt in your next reply for further review.

Note: If you have trouble running ComboFix, then please rename ComboFix.exe to Caseyboy.exe and re-run.

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#11 nemjeet

nemjeet
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:52 PM

Posted 22 October 2011 - 08:54 PM

ComboFix 11-10-21.06 - Nemanja 22/10/2011 19:21:50.1.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.8190.6351 [GMT -6:00]
Running from: c:\users\Nemanja\Desktop\ComboFix.exe
AV: COMODO Antivirus *Disabled/Updated* {7554F4C5-5EC0-2FC6-8192-8DF831DBED51}
FW: COMODO Firewall *Disabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
SP: COMODO Defense+ *Disabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Nemanja\AppData\Roaming\.#
.
.
((((((((((((((((((((((((( Files Created from 2011-09-23 to 2011-10-23 )))))))))))))))))))))))))))))))
.
.
2011-10-23 01:28 . 2011-10-23 01:30 -------- d-----w- c:\users\Nemanja\AppData\Local\temp
2011-10-23 01:28 . 2011-10-23 01:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-19 00:34 . 2011-10-19 00:34 -------- d-----w- C:\_OTL
2011-10-14 02:43 . 2011-10-14 02:43 -------- d-----w- c:\program files\iPod
2011-10-14 02:43 . 2011-10-14 02:43 -------- d-----w- c:\program files\iTunes
2011-10-14 01:19 . 2011-10-14 01:19 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2011-10-14 01:19 . 2011-10-14 01:19 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2011-10-14 01:19 . 2011-10-14 01:19 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2011-10-14 01:19 . 2011-10-14 01:19 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2011-10-14 01:19 . 2011-10-14 01:19 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2011-10-14 01:19 . 2011-10-14 01:19 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2011-10-14 01:19 . 2011-10-14 01:19 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2011-10-14 01:16 . 2011-09-01 05:24 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-10-13 03:58 . 2011-09-06 13:56 2764288 ----a-w- c:\windows\system32\win32k.sys
2011-10-13 03:58 . 2011-08-25 16:20 735744 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-10-13 03:58 . 2011-08-25 16:19 847360 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-13 03:58 . 2011-08-25 16:19 332288 ----a-w- c:\windows\system32\oleacc.dll
2011-10-13 03:58 . 2011-08-25 16:15 555520 ----a-w- c:\windows\SysWow64\UIAutomationCore.dll
2011-10-13 03:58 . 2011-08-25 16:14 563712 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-10-13 03:58 . 2011-08-25 16:14 238080 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-10-13 03:58 . 2011-08-25 13:54 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-10-13 03:58 . 2011-08-25 13:31 4096 ----a-w- c:\windows\SysWow64\oleaccrc.dll
2011-10-13 03:57 . 2011-09-14 10:52 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-10-13 03:57 . 2011-09-14 10:51 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2011-10-13 03:57 . 2011-07-29 16:08 375808 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-13 03:57 . 2011-07-29 16:08 289792 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-13 03:57 . 2011-07-29 16:06 73216 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-10-13 03:57 . 2011-07-29 16:06 100352 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-10-13 03:57 . 2011-07-29 16:01 293376 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-10-13 03:57 . 2011-07-29 16:01 217088 ----a-w- c:\windows\SysWow64\psisrndr.ax
2011-10-13 03:57 . 2011-07-29 16:00 69632 ----a-w- c:\windows\SysWow64\Mpeg2Data.ax
2011-10-13 03:57 . 2011-07-29 16:00 57856 ----a-w- c:\windows\SysWow64\MSDvbNP.ax
2011-10-10 18:58 . 2011-10-10 18:58 -------- d-----w- c:\programdata\Kaspersky Lab
2011-09-24 20:07 . 2011-09-24 20:07 -------- d-----w- c:\users\Nemanja\AppData\Roaming\SUPERAntiSpyware.com
2011-09-24 20:07 . 2011-10-14 23:34 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-09-24 19:46 . 2011-09-24 20:05 -------- d-----w- c:\programdata\Lavasoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-24 20:22 . 2009-10-10 12:05 276913 ----a-w- c:\windows\DUMPad1f.tmp
2011-09-16 01:27 . 2011-09-16 01:27 0 ---ha-w- c:\users\Nemanja\AppData\Local\BIT9FDE.tmp
2011-09-11 03:13 . 2011-06-23 15:15 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-31 23:00 . 2010-06-15 02:02 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-31 05:05 . 2011-08-31 05:05 96104 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 05:05 . 2011-08-31 05:05 85864 ----a-w- c:\windows\system32\dnssd.dll
2011-08-31 05:05 . 2011-08-31 05:05 212840 ----a-w- c:\windows\system32\dnssdX.dll
2011-08-31 05:05 . 2011-08-31 05:05 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-08-31 05:05 . 2011-08-31 05:05 73064 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-08-31 05:05 . 2011-08-31 05:05 178536 ----a-w- c:\windows\SysWow64\dnssdX.dll
2011-08-13 17:54 . 2011-08-13 17:54 0 ----a-w- c:\windows\SysWow64\ConduitEngine.tmp
2011-08-11 20:04 . 2010-06-24 18:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Nemanja\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Nemanja\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Nemanja\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-10 68856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-10-14 5500800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"CarboniteSetupLite"="c:\program files (x86)\Carbonite\CarbonitePreinstaller.exe" [2008-10-03 294544]
"Acer Product Registration"="c:\program files (x86)\Acer\Acer Registration\ACE1.exe" [2007-11-26 3387392]
"Acer Assist Launcher"="c:\program files (x86)\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-04 98304]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"COMODO"="c:\program files\COMODO\COMODO GeekBuddy\CLPSLA.exe" [2011-05-26 213304]
"CPA"="c:\program files\COMODO\COMODO GeekBuddy\VALA.exe" [2011-05-26 184120]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-06 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-10 421736]
.
c:\users\Nemanja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Nemanja\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCTAVSvc]
@=""
.
R0 CFRMD;CFRMD; [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate1ca68d5ade21109;Google Update Service (gupdate1ca68d5ade21109);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-19 133104]
R3 dump_wmimmc;dump_wmimmc;c:\ijji\ENGLISH\AVA\Binaries\GameGuard\dump_wmimmc.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-02-05 1030600]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-19 133104]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-09-23 50424]
R3 OV550I;OVT Scanner;c:\windows\system32\Drivers\ov550ivx.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [x]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [x]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [x]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [x]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [x]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 CLHNService;CLHNService;c:\program files (x86)\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-12-18 75048]
S2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-05-26 161080]
S2 CyberLink Media Server Monitor Service;CyberLink Media Server Monitor Service;c:\program files (x86)\Acer Arcade Deluxe\Acer HomeMedia Connect\Kernel\DMS\CLMSMonitorService.exe [2008-12-24 58664]
S2 CyberLink Media Server Service;CyberLink Media Server Service;c:\program files (x86)\Acer Arcade Deluxe\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-12-24 288120]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-09-23 144632]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [x]
S3 LTXMD_VAC;Litex Media Virtual Audio Cable (WDM);c:\windows\system32\drivers\lmvac.sys [x]
S3 SMARTMouseFilterx64;HID-compliant mouse;c:\windows\system32\DRIVERS\SMARTMouseFilterx64.sys [x]
S3 SMARTVHidMiniVistaAmd64;SMART HID Device;c:\windows\system32\DRIVERS\SMARTVHidMiniVistaAmd64.sys [x]
S3 SMARTVTabletPCx64;SMART Virtual TabletPC;c:\windows\system32\DRIVERS\SMARTVTabletPCx64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-22 c:\windows\Tasks\COMODO System Cleaner Update.job
- c:\program files (x86)\COMODO\COMODO System-Cleaner\UpdateApplications.exe [2010-03-09 21:41]
.
2011-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-19 05:03]
.
2011-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-19 05:03]
.
2011-10-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1344220802-3597430497-1352206752-1000Core.job
- c:\users\Nemanja\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-30 14:27]
.
2011-10-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1344220802-3597430497-1352206752-1000UA.job
- c:\users\Nemanja\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-30 14:27]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 14:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 14:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 14:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 14:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 14:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 14:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 14:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 14:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 14:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Nemanja\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Nemanja\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Nemanja\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-03-10 7212576]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-12-04 186904]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-06-30 9048392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.ca/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&s=1&o=vp64&d=1009&m=aspire_m5800
uInternet Settings,ProxyOverride = *.local
TCP: Interfaces\{351EDCB4-4957-4C6C-8C37-DBF8C82A0B48}: NameServer = 156.154.70.22,156.154.71.22
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{FF6C3CF0-4B15-11D1-ABED-709549C10000} - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
BHO-{FF6C3CF0-4B15-11D1-ABED-709549C10000} - c:\program files (x86)\DAP\DAPIELoader64.dll
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
AddRemove-Adobe Shockwave Player - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE
AddRemove-conduitEngine - c:\program files (x86)\ConduitEngine\ConduitEngineUninstall.exe
AddRemove-uTorrentBar Toolbar - c:\program files (x86)\uTorrentBar\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5c,8b,40,16,51,e6,48,4e,a8,a3,d9,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5c,8b,40,16,51,e6,48,4e,a8,a3,d9,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
**************************************************************************
.
Completion time: 2011-10-22 19:36:20 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-23 01:36
.
Pre-Run: 270,427,906,048 bytes free
Post-Run: 270,549,938,176 bytes free
.
- - End Of File - - 60D7BEF25C44ECC9A8AE663821E52BE5

#12 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:10:52 PM

Posted 23 October 2011 - 10:16 AM

Hi,

That log looks OK.

:step1: Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform (32-bit or 64-bit).
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7-windows-i586.exe to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.

:step2: Update Adobe Reader

Your version of Adobe Reader is out-of-date. Older versions has vulnerabilities which are fixed in later releases. I strongly recommend that you update your version. The latest version can be downloaded from here: http://get.adobe.com/uk/reader/?promoid=BUIGO

:step3: Run a scan with MBAM
Please update and run a full scan with MalwareByte's AntiMalware. Post me the log.

:step4: I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#13 nemjeet

nemjeet
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:52 PM

Posted 23 October 2011 - 08:37 PM

I finished all the steps. ESET onlinescan didn't locate any threats as well as MBAM. It's surprising seeing as my computer has crashed so frequently and some of my accounts have been hacked within the same time period. I'm sure I haven't released any information.


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8006

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

23/10/2011 2:14:44 PM
mbam-log-2011-10-23 (14-14-44).txt

Scan type: Full scan (C:\|)
Objects scanned: 474836
Time elapsed: 56 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

I didn't get an option for text file from ESET because my computer was "clean"

Edited by nemjeet, 23 October 2011 - 08:37 PM.


#14 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:10:52 PM

Posted 24 October 2011 - 05:19 AM

The crashing could be due to a program you've installed malfunctioning. Can you think of when this started and if this related to installing a program? Also, it may be worth uninstalling/reinstalling your AntiVirus product as these are often the source of computer problems.

In addition, the crashing may be a hardware issue. We should check your hard disk for errors:

Run CheckDisk
  • Double-click My Computer, and then right-click the hard disk that has your Windows installation on it.
  • Click Properties, and then click Tools.
  • Under Error-checking, click Check Now (you may need to enter your administrator password). A dialog box that shows the Check disk options is displayed,
  • Select the Scan for and attempt recovery of bad sectors check box, and then click Start.
  • Click Yes to schedule the disk check
  • Restart your PC

As for the email hacking, I can't see any evidence of a keylogger on your PC - but that is not to say there hasn't been one. I would change your password and secret answers on the accounts and see how you get on. Remember, the vulnerability could be from any PC you use to access your accounts (or if someone has seen you typing your passwords).

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#15 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:10:52 PM

Posted 28 October 2011 - 08:17 AM

Hi,

This is a 3 day bump.

Hopefully you're still with us but please be aware that if there is no reply within two days, then this topic will be closed as stale.

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users