Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BSOD showing often


  • This topic is locked This topic is locked
37 replies to this topic

#1 kinde

kinde

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:33 AM

Posted 26 April 2012 - 04:37 PM

I 'm getting BSOD at different situations,while CPU usage is HIGH or LOW,or after I turn on PC,or after few hours...
Please help it's killing me :/

I have tried lot of things and tests but it didn't helped me...
I have cleaned my inside of CPU,changed thermal paste,reformat system but useless.

To view list of tests that I have done click here:

http://www.bleepingcomputer.com/forums/topic451310.html/page__pid__2679600#entry2679600

I have done test with DDS and here is LOG:


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31
Run by Kinde at 22:11:39 on 2012-04-26
Microsoft Windows XP Professional 5.1.2600.3.1250.385.1033.18.2046.1267 [GMT 2:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Razer\Lachesis\razerhid.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Razer\Lachesis\OSD.exe
C:\Program Files\Razer\Lachesis\razertra.exe
C:\Program Files\Razer\Lachesis\razerofa.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Documents and Settings\Kinde\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kinde\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kinde\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kinde\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kinde\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kinde\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\NOTEPAD.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Lachesis] c:\program files\razer\lachesis\razerhid.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {2DAD3559-2923-4935-AD49-B673D2539944} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 77.77.192.10 77.78.192.10 94.140.66.194
TCP: Interfaces\{6FEAAF2A-CE1D-4E1F-AE1F-E9739BA074E8} : NameServer = 77.77.192.10,77.78.192.10
TCP: Interfaces\{A4A3E006-7DE7-464B-ADE8-367CF6B79DF3} : DhcpNameServer = 77.77.192.10 77.78.192.10 94.140.66.194
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\kinde\application data\mozilla\firefox\profiles\9kg0sbhd.default\
FF - prefs.js: browser.startup.homepage - www.google.ba
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\kinde\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\kinde\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\kinde\local settings\application data\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\photodex presenter\npPxPlay.dll
FF - plugin: c:\program files\verimatrix\viewright web\npViewRight.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_233.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-4-26 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-4-26 337880]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-4-26 20696]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-4-26 44768]
R3 LachesisFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [2012-3-23 12032]
S0 nisvwb;nisvwb;c:\windows\system32\drivers\cggvnpng.sys --> c:\windows\system32\drivers\cggvnpng.sys [?]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-4-25 22344]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2011-12-19 104752]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\drivers\vboxnetflt.sys --> c:\windows\system32\drivers\VBoxNetFlt.sys [?]
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-2 253088]
S4 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-4-25 654408]
S4 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-3-23 2348352]
S4 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\wpffontcache_v0400.exe --> c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [?]
.
=============== Created Last 30 ================
.
2012-04-26 17:08:55 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-04-26 17:08:18 41184 ----a-w- c:\windows\avastSS.scr
2012-04-26 17:08:01 -------- d-----w- c:\program files\AVAST Software
2012-04-26 17:08:01 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2012-04-26 13:41:24 -------- d-----w- C:\gmer
2012-04-25 11:35:56 -------- d-----w- c:\documents and settings\kinde\application data\Malwarebytes
2012-04-25 11:35:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-25 11:35:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-25 11:35:46 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-04-24 19:07:57 -------- d-----w- c:\program files\Geeks3D
2012-04-24 19:05:41 -------- d-----w- C:\ldiag
2012-04-24 18:57:35 -------- d-----w- c:\windows\Downloaded Installations
2012-04-24 17:15:06 -------- d-----w- c:\program files\Western Digital Corporation
2012-04-24 17:01:52 -------- d-----w- c:\documents and settings\kinde\application data\FreeStone Group
2012-04-24 17:01:46 -------- d-----w- c:\program files\Video Card Stability Test
2012-04-24 15:13:10 53693 ----a-w- c:\windows\UNDPX2A.sys
2012-04-24 15:13:10 15429 ----a-w- c:\windows\system32\drivers\Sacm2A.sys
2012-04-24 15:13:10 135168 ----a-w- c:\windows\UNDPX2A.exe
2012-04-24 15:08:02 20240 ----a-w- c:\windows\system32\drivers\L8042Kbd.sys
2012-04-24 15:06:30 5504 -c--a-w- c:\windows\system32\dllcache\intelide.sys
2012-04-24 15:06:30 5504 ----a-w- c:\windows\system32\drivers\intelide.sys
2012-04-23 14:01:57 -------- d-----w- c:\documents and settings\kinde\application data\ts3overlay
2012-04-23 13:54:05 -------- d-----w- c:\documents and settings\kinde\local settings\application data\PokItUploadHistory
2012-04-22 21:05:46 -------- d-----w- c:\program files\root Application
2012-04-22 21:05:12 -------- d-----w- C:\dezender
2012-04-21 12:58:30 172032 ----a-w- c:\windows\system32\igfxres.dll
2012-04-21 12:58:02 -------- d-----w- c:\windows\Performance
2012-04-21 12:57:56 -------- d-----w- c:\documents and settings\kinde\local settings\application data\Microsoft Corporation
2012-04-21 12:57:41 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2012-04-21 12:53:40 -------- d-sh--w- c:\documents and settings\kinde\PrivacIE
2012-04-21 12:36:13 -------- d-----w- c:\program files\SpeedFan
2012-04-17 17:00:49 -------- d-----w- C:\games
2012-04-17 13:58:01 -------- d-----w- c:\program files\TNod User & Password Finder
2012-04-16 16:03:52 -------- d-----w- c:\program files\coolpro2
2012-04-14 23:50:06 -------- d-----w- c:\documents and settings\kinde\application data\Verimatrix
2012-04-14 23:50:03 -------- d-----w- c:\program files\Verimatrix
2012-04-14 23:49:59 -------- d-----w- c:\documents and settings\all users\application data\Verimatrix
2012-04-14 14:25:08 90112 ----a-w- c:\windows\unvise32.exe
2012-04-14 14:25:02 -------- d-----w- c:\program files\Magic Bullet Looks Vegas
2012-04-14 14:25:02 -------- d-----w- c:\program files\LooksBuilder
2012-04-14 14:13:34 -------- d-----w- c:\documents and settings\kinde\local settings\application data\Sony
2012-04-14 14:12:57 -------- d-----w- c:\program files\Sony
2012-04-14 13:41:03 -------- d-----w- c:\program files\common files\Adobe Systems Shared
2012-04-14 13:39:50 20016 ------w- c:\windows\system32\drivers\pxhelp20.sys
2012-04-14 00:05:37 -------- d-----w- c:\documents and settings\kinde\application data\TightVNC
2012-04-14 00:05:24 -------- d-----w- c:\program files\TightVNC
2012-04-13 23:16:22 -------- d-----w- c:\program files\common files\esellerate
2012-04-13 23:16:22 -------- d-----w- c:\documents and settings\all users\application data\Xycod
2012-04-13 23:15:45 -------- d-----w- c:\windows\XSxS
2012-04-13 16:37:30 -------- d-----w- c:\documents and settings\all users\application data\regid.1986-12.com.adobe
2012-04-11 17:07:58 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
2012-04-11 17:07:58 -------- d-----w- c:\program files\Microsoft Help Viewer
2012-04-10 21:09:14 -------- d-----w- c:\program files\SHOUTcast
2012-04-08 16:07:41 -------- d-s---w- c:\program files\HLSW
2012-04-08 16:07:41 -------- d-----w- c:\documents and settings\kinde\application data\HLSW
2012-04-05 16:41:53 -------- d-----w- c:\documents and settings\kinde\AlwaysOnPC
2012-04-02 17:37:39 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-02 13:57:14 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2012-04-02 13:49:49 -------- d-----w- c:\windows\SHELLNEW
2012-04-02 13:49:35 -------- d-----w- c:\documents and settings\kinde\local settings\application data\Microsoft Help
2012-04-02 13:04:06 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2012-04-02 13:04:06 21504 ----a-w- c:\windows\system32\hidserv.dll
2012-04-02 13:03:56 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2012-04-02 13:03:56 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2012-03-30 17:56:55 -------- d-----w- c:\documents and settings\kinde\application data\PhotoScape
2012-03-30 17:56:42 -------- d-----w- c:\program files\PhotoScape
2012-03-28 20:46:11 -------- d-----w- c:\program files\nLite
2012-03-28 20:27:18 -------- d-----w- c:\program files\CScreenie
2012-03-28 18:36:32 -------- d-----w- c:\documents and settings\kinde\application data\FreeHideIP
2012-03-28 18:36:32 -------- d-----w- c:\documents and settings\all users\application data\FreeHideIP
2012-03-28 17:50:31 330600 ----a-w- c:\windows\system32\HMIPCore.dll
2012-03-28 17:50:26 -------- d-----w- c:\program files\Hide My IP
2012-03-28 13:15:25 -------- d-----w- c:\documents and settings\kinde\application data\TeamViewer
2012-03-28 13:15:21 -------- d-----w- c:\program files\TeamViewer
2012-03-28 11:44:42 -------- d-----w- c:\program files\Photodex Presenter
2012-03-28 11:43:55 -------- d-----w- c:\program files\Photodex
2012-03-28 11:43:27 -------- d-----w- c:\documents and settings\kinde\application data\Photodex
2012-03-28 11:43:26 -------- d-----w- c:\documents and settings\all users\application data\Photodex
2012-03-27 21:10:49 -------- d-----w- c:\documents and settings\kinde\local settings\application data\PokIt
2012-03-27 21:10:42 -------- d-----w- c:\program files\PokIt
.
==================== Find3M ====================
.
2012-04-25 12:09:06 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-10 07:37:58 294404 ----a-w- c:\windows\system32\nvdrsdb1.bin
2012-04-10 07:37:58 1 ----a-w- c:\windows\system32\nvdrssel.bin
2012-04-10 07:32:53 294404 ----a-w- c:\windows\system32\nvdrsdb0.bin
2012-04-08 22:40:36 79360 ----a-w- c:\windows\system32\ff_vfw.dll
2012-03-25 18:10:47 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-03-25 18:10:47 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-29 23:58:00 881984 ----a-w- c:\windows\system32\nvgenco32.dll
2012-02-29 23:58:00 65536 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-29 23:58:00 5918720 ----a-w- c:\windows\system32\nvcuda.dll
2012-02-29 23:58:00 4309760 ----a-w- c:\windows\system32\nv4_disp.dll
2012-02-29 23:58:00 2522944 ----a-w- c:\windows\system32\nvcuvid.dll
2012-02-29 23:58:00 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-02-29 23:58:00 2291712 ----a-w- c:\windows\system32\nvapi.dll
2012-02-29 23:58:00 18624512 ----a-w- c:\windows\system32\nvoglnt.dll
2012-02-29 23:58:00 17534976 ----a-w- c:\windows\system32\nvcompiler.dll
2012-02-29 23:58:00 13417632 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2012-02-29 23:58:00 1000256 ----a-w- c:\windows\system32\nvdispco32.dll
2012-02-29 20:30:31 54272 ----a-w- c:\windows\system32\nvwddi.dll
2012-02-29 20:30:24 15494464 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-29 20:30:24 143680 ----a-w- c:\windows\system32\nvcolor.exe
2012-02-29 20:30:23 164160 ----a-w- c:\windows\system32\nvsvc32.exe
2012-02-29 20:30:23 108352 ----a-w- c:\windows\system32\nvmctray.dll
.
============= FINISH: 22:13:56,65 ===============


here is log from DEFOGER:


defogger_disable by jpshortstuff (23.02.10.1)
Log created at 22:05 on 26/04/2012 (Kinde)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

What else i should do?
Thanks all for help it's urgent...
Attached File  attach.zip   2.6KB   0 downloads


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:33 AM

Posted 02 May 2012 - 04:40 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/451558 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 kinde

kinde
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:33 AM

Posted 07 May 2012 - 03:08 PM

here are logs from testings ( in attachments )

and SS from temp of my machine

http://pokit.org/get/img/bd5e38b5f058efd5b701266de0ad98d7.png

Attached File  dds.scrLOG.txt   37.99KB   1 downloads

Attached File  gmer.txt   221.51KB   1 downloads

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:33 AM

Posted 07 May 2012 - 06:57 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

----------------------------------------------

Please run aswMBR

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Posted Image
m0le is a proud member of UNITE

#5 kinde

kinde
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:33 AM

Posted 08 May 2012 - 08:17 AM

here I am.

Here is log from awsMBR



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-08 15:01:12
-----------------------------
15:01:12.437 OS Version: Windows 5.1.2600 Service Pack 3
15:01:12.437 Number of processors: 2 586 0xF0D
15:01:12.437 ComputerName: KINDE-EDEDBB325 UserName: Kinde
15:01:13.500 Initialize success
15:01:13.593 AVAST engine defs: 12050800
15:01:16.984 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
15:01:17.000 Disk 0 Vendor: WDC_WD2500AAKS-00VSA0 01.01B01 Size: 238475MB BusType: 3
15:01:17.015 Disk 0 MBR read successfully
15:01:17.015 Disk 0 MBR scan
15:01:17.015 Disk 0 Windows XP default MBR code
15:01:17.015 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 200004 MB offset 63
15:01:17.015 Disk 0 Partition - 00 0F Extended LBA 38460 MB offset 409609305
15:01:17.046 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 38460 MB offset 409609368
15:01:17.046 Disk 0 scanning sectors +488376000
15:01:17.125 Disk 0 scanning C:\WINDOWS\system32\drivers
15:01:21.796 Service scanning
15:01:31.500 Modules scanning
15:01:36.609 Disk 0 trace - called modules:
15:01:36.609
15:01:37.093 AVAST engine scan C:\WINDOWS
15:01:41.109 AVAST engine scan C:\WINDOWS\system32
15:01:56.359 File: C:\WINDOWS\system32\hkcmd.exe **INFECTED** Win32:Malware-gen
15:03:17.093 AVAST engine scan C:\WINDOWS\system32\drivers
15:03:29.890 AVAST engine scan C:\Documents and Settings\Kinde
15:14:45.093 AVAST engine scan C:\Documents and Settings\All Users
15:15:30.078 Scan finished successfully
15:16:06.203 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Kinde\Desktop\MBR.dat"
15:16:06.203 The log file has been saved successfully to "C:\Documents and Settings\Kinde\Desktop\aswMBR.txt"

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:33 AM

Posted 08 May 2012 - 04:57 PM

Please run Combofix next

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications including Firewalls, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image
m0le is a proud member of UNITE

#7 kinde

kinde
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:33 AM

Posted 09 May 2012 - 10:21 AM

here is log...

ComboFix 12-05-09.01 - Kinde 09.05.2012 17:15:40.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.385.1033.18.2046.1376 [GMT 2:00]
Running from: c:\documents and settings\Kinde\Desktop\comfix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Kinde\Application Data\chrtmp
c:\documents and settings\Kinde\Application Data\mIRC\logs\status.log
C:\Documents
c:\program files\TNod User & Password Finder\TNODUP.exe
c:\windows\XSxS
.
.
((((((((((((((((((((((((( Files Created from 2012-04-09 to 2012-05-09 )))))))))))))))))))))))))))))))
.
.
2012-05-09 11:19 . 2012-05-09 11:19 -------- d-----w- c:\program files\KONAMI
2012-05-09 11:19 . 2012-05-09 11:19 -------- d-----w- c:\documents and settings\All Users\Application Data\KONAMI
2012-05-09 10:44 . 2012-05-09 10:44 -------- d--h--r- c:\documents and settings\Kinde\Application Data\SecuROM
2012-05-08 15:10 . 2012-05-08 15:10 -------- d-----w- c:\program files\BitTorrent
2012-05-08 15:08 . 2012-05-08 15:38 -------- d-----w- c:\documents and settings\Kinde\Application Data\BitTorrent
2012-05-07 19:46 . 2011-09-21 08:25 21992 ----a-w- c:\windows\system32\drivers\cpuz135_x32.sys
2012-05-07 19:46 . 2012-05-07 19:46 -------- d-----w- c:\program files\CPUID
2012-05-07 13:35 . 2012-05-07 13:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Razer
2012-05-07 13:35 . 2007-08-08 07:51 249856 ----a-w- c:\windows\system32\Lachesis.cpl
2012-05-07 13:34 . 2012-05-07 13:34 -------- d-----w- c:\documents and settings\Kinde\Application Data\InstallShield
2012-05-06 19:48 . 2012-05-06 19:48 -------- d-----w- c:\documents and settings\Kinde\Application Data\FileZilla
2012-05-06 19:48 . 2012-05-06 19:48 -------- d-----w- c:\program files\FileZilla FTP Client
2012-05-06 13:40 . 2012-05-06 13:40 -------- d-----w- c:\program files\1ClickDownload
2012-05-03 16:27 . 2012-05-03 16:28 -------- d-----w- c:\program files\PhotoZoomPro
2012-05-03 16:17 . 2012-05-03 16:17 -------- d-----w- c:\program files\Oracle
2012-04-26 17:08 . 2012-03-06 23:03 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-04-26 17:08 . 2012-03-06 23:01 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-04-26 17:08 . 2012-03-06 23:02 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-04-26 17:08 . 2012-03-06 23:03 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-04-26 17:08 . 2012-03-06 23:01 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-04-26 17:08 . 2012-03-06 23:01 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-04-26 17:08 . 2012-03-06 23:01 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-04-26 17:08 . 2012-03-06 22:58 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-04-26 17:08 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-04-26 17:08 . 2012-03-06 23:15 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-04-26 17:08 . 2012-04-26 17:08 -------- d-----w- c:\program files\AVAST Software
2012-04-26 17:08 . 2012-04-26 17:08 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2012-04-26 13:41 . 2012-04-26 13:41 -------- d-----w- C:\gmer
2012-04-25 11:35 . 2012-04-25 11:35 -------- d-----w- c:\documents and settings\Kinde\Application Data\Malwarebytes
2012-04-25 11:35 . 2012-04-25 11:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-25 11:35 . 2012-04-25 11:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-04-25 11:35 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-24 19:07 . 2012-04-24 19:07 -------- d-----w- c:\program files\Geeks3D
2012-04-24 19:05 . 2012-04-24 19:05 -------- d-----w- C:\ldiag
2012-04-24 18:57 . 2012-04-24 18:57 -------- d-----w- c:\windows\Downloaded Installations
2012-04-24 18:57 . 2012-04-24 18:57 -------- d-----w- c:\program files\Common Files\Adobe AIR
2012-04-24 17:15 . 2012-04-24 17:15 -------- d-----w- c:\program files\Western Digital Corporation
2012-04-24 17:01 . 2012-04-24 17:01 -------- d-----w- c:\documents and settings\Kinde\Application Data\FreeStone Group
2012-04-24 17:01 . 2012-04-24 17:01 -------- d-----w- c:\program files\Video Card Stability Test
2012-04-24 15:13 . 2004-06-11 09:34 53693 ----a-w- c:\windows\UNDPX2A.sys
2012-04-24 15:13 . 2004-06-11 09:31 135168 ----a-w- c:\windows\UNDPX2A.exe
2012-04-24 15:13 . 2004-06-10 18:42 15429 ----a-w- c:\windows\system32\drivers\Sacm2A.sys
2012-04-24 15:08 . 2009-06-17 16:55 20240 ----a-w- c:\windows\system32\drivers\L8042Kbd.sys
2012-04-24 15:06 . 2008-04-13 20:10 5504 -c--a-w- c:\windows\system32\dllcache\intelide.sys
2012-04-24 15:06 . 2008-04-13 20:10 5504 ----a-w- c:\windows\system32\drivers\intelide.sys
2012-04-23 14:01 . 2012-04-23 14:02 -------- d-----w- c:\documents and settings\Kinde\Application Data\ts3overlay
2012-04-23 13:54 . 2012-04-23 13:54 -------- d-----w- c:\documents and settings\Kinde\Local Settings\Application Data\PokItUploadHistory
2012-04-22 21:05 . 2012-04-22 21:26 -------- d-----w- C:\dezender
2012-04-21 12:58 . 2007-01-13 07:45 172032 ----a-w- c:\windows\system32\igfxres.dll
2012-04-21 12:58 . 2012-04-21 12:58 -------- d-----w- c:\windows\Performance
2012-04-21 12:57 . 2012-04-21 12:57 -------- d-----w- c:\documents and settings\Kinde\Local Settings\Application Data\Microsoft Corporation
2012-04-21 12:57 . 2012-04-21 12:57 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2012-04-21 12:53 . 2012-04-21 12:53 -------- d-sh--w- c:\documents and settings\Kinde\PrivacIE
2012-04-21 12:36 . 2012-05-09 10:36 -------- d-----w- c:\program files\SpeedFan
2012-04-17 17:00 . 2012-04-17 17:00 -------- d-----w- C:\games
2012-04-17 13:58 . 2012-05-09 15:18 -------- d-----w- c:\program files\TNod User & Password Finder
2012-04-16 16:05 . 2012-04-16 16:05 -------- d-----w- c:\documents and settings\Kinde\Application Data\Syntrillium
2012-04-16 16:03 . 2012-04-16 16:06 -------- d-----w- c:\program files\coolpro2
2012-04-14 23:50 . 2012-04-14 23:50 -------- d-----w- c:\documents and settings\Kinde\Application Data\Verimatrix
2012-04-14 23:50 . 2012-04-14 23:50 -------- d-----w- c:\program files\Verimatrix
2012-04-14 23:49 . 2012-04-14 23:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Verimatrix
2012-04-14 14:25 . 2004-03-29 14:23 90112 ----a-w- c:\windows\unvise32.exe
2012-04-14 14:25 . 2012-04-14 16:05 -------- d-----w- c:\program files\LooksBuilder
2012-04-14 14:25 . 2012-04-14 14:25 -------- d-----w- c:\program files\Magic Bullet Looks Vegas
2012-04-14 14:15 . 2012-04-14 14:15 -------- d-----w- c:\documents and settings\Kinde\Application Data\Publish Providers
2012-04-14 14:13 . 2012-04-14 14:13 -------- d-----w- c:\documents and settings\Kinde\Local Settings\Application Data\Sony
2012-04-14 14:12 . 2012-04-14 14:12 -------- d-----w- c:\program files\Sony
2012-04-14 14:12 . 2012-04-14 14:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony
2012-04-14 14:11 . 2012-04-14 14:11 -------- d-----w- c:\documents and settings\Kinde\Application Data\Sony
2012-04-14 13:41 . 2012-04-14 13:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Adobe Systems
2012-04-14 13:41 . 2012-04-14 13:41 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2012-04-14 13:39 . 2012-04-14 13:39 20016 ------w- c:\windows\system32\drivers\pxhelp20.sys
2012-04-14 00:05 . 2012-04-14 00:05 -------- d-----w- c:\documents and settings\Kinde\Application Data\TightVNC
2012-04-14 00:05 . 2012-04-14 00:05 -------- d-----w- c:\program files\TightVNC
2012-04-13 23:16 . 2012-04-13 23:16 -------- d-----w- c:\program files\Common Files\esellerate
2012-04-13 23:16 . 2012-04-13 23:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Xycod
2012-04-13 16:37 . 2012-04-13 16:37 -------- d-----w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe
2012-04-11 17:07 . 2012-04-11 17:25 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
2012-04-11 17:07 . 2012-04-11 17:07 -------- d-----w- c:\program files\Microsoft Help Viewer
2012-04-10 18:41 . 2012-04-10 18:41 -------- d-----w- c:\program files\Putty
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-25 12:09 . 2012-04-02 17:37 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-25 12:09 . 2012-03-23 12:16 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-08 22:40 . 2012-03-22 23:14 79360 ----a-w- c:\windows\system32\ff_vfw.dll
2012-03-25 18:10 . 2012-03-25 18:10 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-03-25 18:10 . 2012-03-25 18:10 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-29 23:58 . 2012-03-23 12:09 881984 ----a-w- c:\windows\system32\nvgenco32.dll
2012-02-29 23:58 . 2012-03-23 12:09 65536 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-29 23:58 . 2012-03-23 12:09 2522944 ----a-w- c:\windows\system32\nvcuvid.dll
2012-02-29 23:58 . 2012-03-23 12:09 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-02-29 23:58 . 2012-03-23 12:09 1000256 ----a-w- c:\windows\system32\nvdispco32.dll
2012-02-29 23:58 . 2012-03-23 12:09 17534976 ----a-w- c:\windows\system32\nvcompiler.dll
2012-02-29 23:58 . 2012-03-23 12:01 5918720 ----a-w- c:\windows\system32\nvcuda.dll
2012-02-29 23:58 . 2012-03-23 12:01 4309760 ----a-w- c:\windows\system32\nv4_disp.dll
2012-02-29 23:58 . 2012-03-23 12:01 2291712 ----a-w- c:\windows\system32\nvapi.dll
2012-02-29 23:58 . 2012-03-23 12:01 13417632 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2012-02-29 23:58 . 2012-03-23 12:01 18624512 ----a-w- c:\windows\system32\nvoglnt.dll
2012-02-29 21:15 . 2012-03-23 12:10 335872 ----a-w- c:\windows\system32\nvrshe.dll
2012-02-29 21:15 . 2012-03-23 12:10 274432 ----a-w- c:\windows\system32\nvrsja.dll
2012-02-29 21:15 . 2012-03-23 12:10 274432 ----a-w- c:\windows\system32\nvrsesm.dll
2012-02-29 21:15 . 2012-03-23 12:10 258048 ----a-w- c:\windows\system32\nvrspl.dll
2012-02-29 21:15 . 2012-03-23 12:10 253952 ----a-w- c:\windows\system32\nvrssv.dll
2012-02-29 21:15 . 2012-03-23 12:10 249856 ----a-w- c:\windows\system32\nvrseng.dll
2012-02-29 21:15 . 2012-03-23 12:10 249856 ----a-w- c:\windows\system32\nvrscs.dll
2012-02-29 21:15 . 2012-03-23 12:10 282624 ----a-w- c:\windows\system32\nvrsit.dll
2012-02-29 21:15 . 2012-03-23 12:10 270336 ----a-w- c:\windows\system32\nvrsptb.dll
2012-02-29 21:15 . 2012-03-23 12:10 258048 ----a-w- c:\windows\system32\nvrssk.dll
2012-02-29 21:15 . 2012-03-23 12:10 278528 ----a-w- c:\windows\system32\nvrsde.dll
2012-02-29 21:15 . 2012-03-23 12:10 274432 ----a-w- c:\windows\system32\nvrspt.dll
2012-02-29 21:15 . 2012-03-23 12:10 262144 ----a-w- c:\windows\system32\nvrshu.dll
2012-02-29 21:15 . 2012-03-23 12:10 266240 ----a-w- c:\windows\system32\nvrsko.dll
2012-02-29 21:15 . 2012-03-23 12:10 274432 ----a-w- c:\windows\system32\nvrsnl.dll
2012-02-29 21:15 . 2012-03-23 12:10 258048 ----a-w- c:\windows\system32\nvrstr.dll
2012-02-29 21:15 . 2012-03-23 12:10 253952 ----a-w- c:\windows\system32\nvrsth.dll
2012-02-29 21:15 . 2012-03-23 12:10 253952 ----a-w- c:\windows\system32\nvrsno.dll
2012-02-29 21:15 . 2012-03-23 12:10 335872 ----a-w- c:\windows\system32\nvrsar.dll
2012-02-29 21:15 . 2012-03-23 12:10 282624 ----a-w- c:\windows\system32\nvrses.dll
2012-02-29 21:15 . 2012-03-23 12:10 286720 ----a-w- c:\windows\system32\nvrsfr.dll
2012-02-29 21:15 . 2012-03-23 12:10 270336 ----a-w- c:\windows\system32\nvrsru.dll
2012-02-29 21:15 . 2012-03-23 12:10 229376 ----a-w- c:\windows\system32\nvrszhc.dll
2012-02-29 21:15 . 2012-03-23 12:10 282624 ----a-w- c:\windows\system32\nvrsel.dll
2012-02-29 21:15 . 2012-03-23 12:10 126976 ----a-w- c:\windows\system32\nvrszht.dll
2012-02-29 21:15 . 2012-03-23 12:10 249856 ----a-w- c:\windows\system32\nvrsfi.dll
2012-02-29 21:15 . 2012-03-23 12:10 253952 ----a-w- c:\windows\system32\nvrsda.dll
2012-02-29 21:15 . 2012-03-23 12:10 258048 ----a-w- c:\windows\system32\nvrssl.dll
2012-02-29 20:30 . 2012-03-23 12:01 54272 ----a-w- c:\windows\system32\nvwddi.dll
2012-02-29 20:30 . 2012-03-23 12:10 143680 ----a-w- c:\windows\system32\nvcolor.exe
2012-02-29 20:30 . 2012-03-23 12:01 15494464 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-29 20:30 . 2012-03-23 12:01 164160 ----a-w- c:\windows\system32\nvsvc32.exe
2012-02-29 20:30 . 2012-03-23 12:01 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-03-13 04:39 . 2012-03-28 12:18 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\steam.exe" [2012-03-23 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"Lachesis"="c:\program files\Razer\Lachesis\razerhid.exe" [2007-09-12 172032]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-09-02 25626408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2009-03-08 128512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2012-03-23 12:24 1242448 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"idsvc"=3 (0x3)
"wscsvc"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"wuauserv"=2 (0x2)
"HideMyIpSRV"=3 (0x3)
"nvUpdatusService"=2 (0x2)
"ose"=3 (0x3)
"NVSvc"=2 (0x2)
"AdobeFlashPlayerUpdateSvc"=3 (0x3)
"SharedAccess"=2 (0x2)
"SCardSvr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"RSVP"=3 (0x3)
"Spooler"=2 (0x2)
"Nla"=3 (0x3)
"mnmsrvc"=3 (0x3)
"Netlogon"=3 (0x3)
"odserv"=3 (0x3)
"BITS"=3 (0x3)
"aspnet_state"=3 (0x3)
"WPFFontCache_v0400"=3 (0x3)
"Adobe LM Service"=3 (0x3)
"ScsiAccess"=2 (0x2)
"Alerter"=2 (0x2)
"MBAMService"=2 (0x2)
"Steam Client Service"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Steam\\steamapps\\kinnde\\counter-strike\\hl.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [4/26/2012 7:08 PM 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [4/26/2012 7:08 PM 337880]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [3/25/2012 6:33 PM 158512]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [3/25/2012 6:32 PM 91440]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/26/2012 7:08 PM 20696]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [5/7/2012 9:46 PM 21992]
R3 LachesisFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [3/23/2012 2:27 PM 12032]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\drivers\VBoxNetFlt.sys [12/19/2011 2:11 PM 116016]
S0 nisvwb;nisvwb;c:\windows\system32\drivers\cggvnpng.sys --> c:\windows\system32\drivers\cggvnpng.sys [?]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/25/2012 1:35 PM 22344]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [12/19/2011 2:12 PM 104752]
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/2/2012 7:37 PM 253088]
S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/25/2012 1:35 PM 654408]
S4 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [3/23/2012 2:11 PM 2348352]
S4 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe --> c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [?]
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 12:09]
.
2012-05-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-2139871995-1801674531-1003Core.job
- c:\documents and settings\Kinde\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-03-23 12:20]
.
2012-05-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-2139871995-1801674531-1003UA.job
- c:\documents and settings\Kinde\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-03-23 12:20]
.
2012-05-09 c:\windows\Tasks\User_Feed_Synchronization-{5BCFD273-95D9-413F-84D8-3AC98EFD3F69}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 77.77.192.10 77.78.192.10 94.140.66.194
FF - ProfilePath - c:\documents and settings\Kinde\Application Data\Mozilla\Firefox\Profiles\9kg0sbhd.default\
FF - prefs.js: browser.startup.homepage - www.google.ba
FF - prefs.js: network.proxy.http - 77.77.193.1
FF - prefs.js: network.proxy.type - 1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-09 17:19
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-05-09 17:20:31
ComboFix-quarantined-files.txt 2012-05-09 15:20
.
Pre-Run: 124.946.993.152 bytes free
Post-Run: 124.928.606.208 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptOut
.
- - End Of File - - 33735EF03F29344C7A85AC3205FF2237

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:33 AM

Posted 09 May 2012 - 05:37 PM

Please run SystemLook, we need to find a replacement for the infected file

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    hkcmd.exe
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
Posted Image
m0le is a proud member of UNITE

#9 kinde

kinde
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:33 AM

Posted 10 May 2012 - 11:55 AM

hello my dear friend.and thanks for helping me.

here is log:


SystemLook 30.07.11 by jpshortstuff
Log created at 18:53 on 10/05/2012 by Kinde
Administrator - Elevation successful

========== filefind ==========

Searching for "hkcmd.exe"
C:\SWTOOLS\DRIVERS\Video\q2vdo25us13\Graphics\hkcmd.exe --a---- 163840 bytes [07:47 13/01/2007] [07:47 13/01/2007] DDE4A991F26179573D2CFA7A093F56FA
C:\WINDOWS\system32\hkcmd.exe --a---- 163840 bytes [12:52 21/04/2012] [07:47 13/01/2007] DDE4A991F26179573D2CFA7A093F56FA
C:\WINDOWS\system32\DRVSTORE\igxp32_757949EFDD70357EE37252D828ACA09CDF5C75B7\hkcmd.exe --a--c- 163840 bytes [12:52 21/04/2012] [07:47 13/01/2007] DDE4A991F26179573D2CFA7A093F56FA

-= EOF =-

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:33 AM

Posted 10 May 2012 - 06:11 PM

You're welcome for the help :)

We're still feeling around in the dark at this point and the file we're targeting may not be all the problems we have. However, we need to replace the file and check our progress and to do that without problems we have to do a slightly tricky move.

We need to replace the infected file in the Recovery Environment


First we need to copy a clean file to replace the infected one.

Please do this:
  • Click on the Start button, then click on Run...

  • In the empty "Open:" box provided, type cmd and press Enter This will launch a Command Prompt window (looks like DOS).

  • Copy the entire blue text below to the clipboard by highlighting all of it and pressing Ctrl+C (or after highlighting, right-click and select Copy).

    copy C:\SWTOOLS\DRIVERS\Video\q2vdo25us13\Graphics\hkcmd.exe C:\ /y

  • In the Command Prompt window, paste the copied text by right-clicking and selecting Paste.

  • Press Enter. When successfully, you should get this message within the Command Prompt: "1 file(s) copied"
  • Exit the Command Prompt window.
Now we need to boot into the Recovery Environment:

Reboot your computer. Combofix should have installed the recovery console so this should already be available.

Follow the instructions here to start it

Next

Type cd system32 and press Enter.
Type ren hkcmd.exe hkcmd.vir and press Enter.
Then type copy C:\hkcmd.exe hkcmd.exe and press Enter.
Now type exit and press Enter to reboot your computer into normal mode.


Please run aswMBR again and post the log.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#11 kinde

kinde
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:33 AM

Posted 11 May 2012 - 07:49 AM

I have just followed steps that You have instructed to me...

Here is LOG from aswMBR:


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-11 14:37:25
-----------------------------
14:37:25.937 OS Version: Windows 5.1.2600 Service Pack 3
14:37:25.937 Number of processors: 2 586 0xF0D
14:37:25.937 ComputerName: KINDE-EDEDBB325 UserName: Kinde
14:37:28.515 Initialize success
14:37:28.656 AVAST engine defs: 12051100
14:37:29.906 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
14:37:29.906 Disk 0 Vendor: WDC_WD2500AAKS-00VSA0 01.01B01 Size: 238475MB BusType: 3
14:37:29.921 Disk 0 MBR read successfully
14:37:29.921 Disk 0 MBR scan
14:37:30.031 Disk 0 Windows XP default MBR code
14:37:30.031 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 200004 MB offset 63
14:37:30.046 Disk 0 Partition - 00 0F Extended LBA 38460 MB offset 409609305
14:37:30.078 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 38460 MB offset 409609368
14:37:30.109 Disk 0 scanning sectors +488376000
14:37:30.218 Disk 0 scanning C:\WINDOWS\system32\drivers
14:37:49.234 Service scanning
14:38:09.734 Modules scanning
14:38:16.890 Disk 0 trace - called modules:
14:38:16.906 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS
14:38:16.906 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89d93ab8]
14:38:16.906 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000065[0x89e08f18]
14:38:16.906 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x89df5d98]
14:38:17.515 AVAST engine scan C:\WINDOWS
14:38:21.750 AVAST engine scan C:\WINDOWS\system32
14:38:44.859 File: C:\WINDOWS\system32\hkcmd.exe **INFECTED** Win32:Malware-gen
14:38:44.906 File: C:\WINDOWS\system32\hkcmd.vir **INFECTED** Win32:Malware-gen
14:40:10.156 AVAST engine scan C:\WINDOWS\system32\drivers
14:40:19.687 AVAST engine scan C:\Documents and Settings\Kinde
14:48:22.296 AVAST engine scan C:\Documents and Settings\All Users
14:48:58.703 Scan finished successfully
14:49:28.406 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Kinde\Desktop\MBR.dat"
14:49:28.406 The log file has been saved successfully to "C:\Documents and Settings\Kinde\Desktop\aswMBR.txt"


Thanks 4 helping :)

Edited by kinde, 11 May 2012 - 07:50 AM.


#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:33 AM

Posted 11 May 2012 - 05:24 PM

You're welcome for the help, kinde :thumbup2:

Now this I just don't believe. According to the aswMBR log both the file and the replacement file are infected.

Please scan the file with Jotti, as shown.

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Go to Jotti

When the jotti page has finished loading, click the Browse button and navigate to the following file and click Submit.

C:\WINDOWS\system32\hkcmd.exe

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at VirusTotal
Posted Image
m0le is a proud member of UNITE

#13 kinde

kinde
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:33 AM

Posted 13 May 2012 - 07:28 AM

here are results of Jotti

http://virusscan.jotti.org/en/scanresult/19ecf191ff10b90a8403bfb9bf62de812c591db1/5750cdec357f431e40c1d5e0826b3f4fa2699f1a

And here is log from VirusTotal:

https://www.virustotal.com/file/f7a54b2a69b57a4e674678e74dca36d345c45560d3ca948eadd95f65f38033a4/analysis/

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:33 AM

Posted 13 May 2012 - 03:47 PM

Okay, so that's a false positive.

Let's try a different scanner and look for something else. Though, I'll be honest, this looks more hardware now.

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Please copy the following into the Custom Scans box at the bottom

    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    /md5stop
    
  • Now click the Run Scan button on the toolbar.
  • Let it run until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it

Post the log in the next reply.

Edited by m0le, 13 May 2012 - 03:48 PM.

Posted Image
m0le is a proud member of UNITE

#15 kinde

kinde
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:33 AM

Posted 13 May 2012 - 05:14 PM

Thanks again for helping me,and here is log:


OTL logfile created on: 14.5.2012 0:04:26 - Run 1
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Documents and Settings\Kinde\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000041A | Country: Croatia | Language: HRV | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,49 Gb Available Physical Memory | 74,71% Memory free
3,85 Gb Paging File | 3,47 Gb Available in Paging File | 90,30% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 195,32 Gb Total Space | 115,42 Gb Free Space | 59,09% Space Free | Partition Type: NTFS
Drive D: | 37,56 Gb Total Space | 23,81 Gb Free Space | 63,38% Space Free | Partition Type: NTFS

Computer Name: KINDE-EDEDBB325 | User Name: Kinde | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Kinde\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Razer\Lachesis\razerhid.exe ()
PRC - C:\Program Files\Razer\Lachesis\razertra.exe ()
PRC - C:\Program Files\Razer\Lachesis\OSD.exe (razercfg MFC Application)
PRC - C:\Program Files\Razer\Lachesis\razerofa.exe (Razer Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\AVAST Software\Avast\defs\12051301\algo.dll ()
MOD - C:\Program Files\Steam\bin\libcef.dll ()
MOD - C:\Program Files\Steam\bin\avcodec-53.dll ()
MOD - C:\Program Files\Steam\bin\chromehtml.dll ()
MOD - C:\Program Files\Steam\bin\avformat-53.dll ()
MOD - C:\Program Files\Steam\bin\avutil-51.dll ()
MOD - C:\Program Files\NVIDIA Corporation\nview\nvShell.dll ()
MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Program Files\Razer\Lachesis\razerhid.exe ()
MOD - C:\Program Files\Razer\Lachesis\razertra.exe ()


========== Win32 Services (SafeList) ==========

SRV - (WPFFontCache_v0400) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe File not found
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (ScsiAccess) -- C:\Program Files\Photodex\ProShow Producer\scsiaccess.exe ()
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (nisvwb) -- System32\drivers\cggvnpng.sys File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\Kinde\LOCALS~1\Temp\catchme.sys File not found
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (AswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (VBoxNetAdp) -- C:\WINDOWS\system32\drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV - (VBoxDrv) -- C:\WINDOWS\system32\drivers\VBoxDrv.sys (Oracle Corporation)
DRV - (VBoxNetFlt) -- C:\WINDOWS\system32\drivers\VBoxNetFlt.sys (Oracle Corporation)
DRV - (VBoxUSBMon) -- C:\WINDOWS\system32\drivers\VBoxUSBMon.sys (Oracle Corporation)
DRV - (cpuz135) -- C:\WINDOWS\system32\drivers\cpuz135_x32.sys (CPUID)
DRV - (speedfan) -- C:\WINDOWS\system32\speedfan.sys (Almico Software)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (L8042Kbd) -- C:\WINDOWS\system32\drivers\L8042Kbd.sys (Logitech, Inc.)
DRV - (LachesisFltr) -- C:\WINDOWS\system32\drivers\Lachesis.sys (Razer (Asia-Pacific) Pte Ltd)
DRV - (SenFiltService) -- C:\WINDOWS\system32\drivers\senfilt.sys (Analog Devices, Inc.)
DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\HdAudio.sys (Windows ® Server 2003 DDK provider)
DRV - (USBCM) -- C:\WINDOWS\system32\drivers\Sacm2A.sys ( )
DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys ()


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.ba"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3
FF - prefs.js..network.proxy.http: "77.77.193.1"
FF - prefs.js..network.proxy.type: 1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@photodex.com/PhotodexPresenter: C:\Program Files\Photodex Presenter\npPxPlay.dll ( )
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@verimatrix.com/ViewRightWeb: C:\Program Files\Verimatrix\ViewRight Web\\npViewRight.dll ()
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Kinde\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Kinde\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Kinde\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Kinde\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@verimatrix.com/ViewRightWeb: C:\Program Files\Verimatrix\ViewRight Web\\npViewRight.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2012.03.23 01:44:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2012.03.25 20:10:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.04.26 19:08:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.28 14:18:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.02 16:00:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2012.03.23 13:58:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kinde\Application Data\Mozilla\Extensions
[2012.03.23 13:58:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kinde\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2012.05.13 15:14:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kinde\Application Data\Mozilla\Firefox\Profiles\9kg0sbhd.default\extensions
[2012.05.13 15:14:04 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Kinde\Application Data\Mozilla\Firefox\Profiles\9kg0sbhd.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012.03.28 14:18:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.03.28 14:18:19 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012.03.28 14:19:08 | 001,331,409 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\KINDE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9KG0SBHD.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
[2012.03.28 20:36:42 | 000,004,548 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\KINDE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9KG0SBHD.DEFAULT\EXTENSIONS\SUPPORT@FREE-HIDEIP.COM.XPI
[2012.04.02 17:03:12 | 000,031,748 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\KINDE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9KG0SBHD.DEFAULT\EXTENSIONS\WEBMASTER@KEEP-TUBE.COM.XPI
[2012.03.25 20:10:48 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012.03.13 06:39:39 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.03.25 20:10:48 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2006.10.26 20:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2008.09.10 21:56:44 | 000,144,960 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2008.09.10 21:37:54 | 000,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2012.03.13 06:38:32 | 000,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2012.03.13 06:38:32 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.03.13 06:38:32 | 000,001,131 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2012.03.13 06:38:32 | 000,002,364 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2012.03.13 06:38:32 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012.03.13 06:38:32 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2012.03.13 06:38:32 | 000,001,096 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Kinde\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Kinde\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Kinde\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.160.1 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java™ Platform SE 6 U16 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Kinde\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\Kinde\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google pretra\u017Eivanje = C:\Documents and Settings\Kinde\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: YouTube mp3 = C:\Documents and Settings\Kinde\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dkonfbfckdamohdkmechhhnnoblpbena\1.0_0\
CHR - Extension: avast! WebRep = C:\Documents and Settings\Kinde\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: Gmail = C:\Documents and Settings\Kinde\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012.05.09 17:19:09 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Lachesis] C:\Program Files\Razer\Lachesis\razerhid.exe ()
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsHistory = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} http://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect.cab (IASRunner Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 77.77.192.10 77.78.192.10 94.140.66.194
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6FEAAF2A-CE1D-4E1F-AE1F-E9739BA074E8}: DhcpNameServer = 77.77.192.10 77.78.192.10 94.140.66.194
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Kinde\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kinde\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.03.23 01:11:23 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012.05.13 23:55:43 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kinde\Desktop\OTL.exe
[2012.05.11 14:24:55 | 000,163,840 | ---- | C] (Intel Corporation) -- C:\hkcmd.exe
[2012.05.10 19:10:59 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012.05.09 19:24:11 | 000,000,000 | ---D | C] -- C:\Program Files\Accessdiver
[2012.05.09 19:23:59 | 002,103,406 | ---- | C] (Jean Fages ) -- C:\Documents and Settings\Kinde\Desktop\ad4.281.installer.exe
[2012.05.09 17:20:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012.05.09 17:13:30 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012.05.09 17:11:53 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012.05.09 17:11:53 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012.05.09 17:11:53 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012.05.09 17:11:53 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012.05.09 17:11:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012.05.09 17:11:29 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.05.09 17:06:06 | 004,488,685 | R--- | C] (Swearware) -- C:\Documents and Settings\Kinde\Desktop\comfix.exe
[2012.05.09 13:35:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kinde\My Documents\KONAMI
[2012.05.09 13:31:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\KONAMI
[2012.05.09 13:19:10 | 000,000,000 | ---D | C] -- C:\Program Files\KONAMI
[2012.05.09 13:19:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\KONAMI
[2012.05.09 12:54:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kinde\Desktop\gns-pe11
[2012.05.09 12:44:34 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Kinde\Application Data\SecuROM
[2012.05.08 17:10:48 | 000,000,000 | ---D | C] -- C:\Program Files\BitTorrent
[2012.05.08 17:08:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kinde\Application Data\BitTorrent
[2012.05.08 15:20:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kinde\Desktop\rinput131
[2012.05.08 15:00:16 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Kinde\Desktop\aswMBR.exe
[2012.05.07 21:46:08 | 000,021,992 | ---- | C] (CPUID) -- C:\WINDOWS\System32\drivers\cpuz135_x32.sys
[2012.05.07 21:46:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CPUID
[2012.05.07 21:46:07 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID
[2012.05.07 21:01:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kinde\My Documents\nibit
[2012.05.07 15:35:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Razer
[2012.05.07 15:35:14 | 000,249,856 | ---- | C] (Razer Inc.) -- C:\WINDOWS\System32\Lachesis.cpl
[2012.05.07 15:34:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kinde\Application Data\InstallShield
[2012.05.06 21:48:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kinde\Application Data\FileZilla
[2012.05.06 21:48:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FileZilla FTP Client
[2012.05.06 21:48:17 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client
[2012.05.06 15:40:18 | 000,000,000 | ---D | C] -- C:\Program Files\1ClickDownload
[2012.05.04 17:29:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kinde\Desktop\Geog
[2012.05.03 18:28:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kinde\Start Menu\Programs\Photo Zoom Pro
[2012.05.03 18:27:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Photo Zoom Pro
[2012.05.03 18:27:58 | 000,000,000 | ---D | C] -- C:\Program Files\PhotoZoomPro
[2012.05.03 18:17:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Oracle VM VirtualBox
[2012.05.03 18:17:38 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012.05.01 01:58:44 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Kinde\Recent
[2012.04.26 22:11:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Kinde\Start Menu\Programs\Administrative Tools
[2012.04.26 21:38:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kinde\Desktop\tdsskiller
[2012.04.26 19:08:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2012.04.26 19:08:58 | 000,337,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012.04.26 19:08:58 | 000,020,696 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012.04.26 19:08:56 | 000,035,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012.04.26 19:08:55 | 000,612,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012.04.26 19:08:55 | 000,053,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012.04.26 19:08:53 | 000,095,704 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012.04.26 19:08:53 | 000,089,048 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012.04.26 19:08:52 | 000,024,920 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012.04.26 19:08:18 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012.04.26 19:08:16 | 000,201,352 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012.04.26 19:08:01 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012.04.26 19:08:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012.04.26 15:41:24 | 000,000,000 | ---D | C] -- C:\gmer
[2012.04.25 13:35:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kinde\Application Data\Malwarebytes
[2012.04.25 13:35:46 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.04.25 13:35:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.04.25 13:35:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.04.25 13:35:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012.04.24 21:07:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Geeks3D
[2012.04.24 21:07:57 | 000,000,000 | ---D | C] -- C:\Program Files\Geeks3D
[2012.04.24 21:05:41 | 000,000,000 | ---D | C] -- C:\ldiag
[2012.04.24 20:57:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2012.04.24 20:57:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2012.04.24 19:15:06 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital Corporation
[2012.04.24 19:15:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Western Digital Corporation
[2012.04.24 19:01:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kinde\Application Data\FreeStone Group
[2012.04.24 19:01:46 | 000,000,000 | ---D | C] -- C:\Program Files\Video Card Stability Test
[2012.04.24 19:01:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kinde\Start Menu\Programs\Video Card Stability Test
[2012.04.24 18:55:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2012.04.24 17:08:02 | 000,020,240 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\drivers\L8042Kbd.sys
[2012.04.24 17:06:30 | 000,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\intelide.sys
[2012.04.23 17:06:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kinde\Desktop\slike za projekat
[2012.04.23 16:01:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kinde\Application Data\ts3overlay
[2012.04.23 15:54:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kinde\Local Settings\Application Data\PokItUploadHistory
[2012.04.22 23:05:12 | 000,000,000 | ---D | C] -- C:\dezender
[2012.04.21 14:58:30 | 000,172,032 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxres.dll
[2012.04.21 14:58:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\Performance
[2012.04.21 14:57:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kinde\Local Settings\Application Data\Microsoft Corporation
[2012.04.21 14:57:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
[2012.04.21 14:53:40 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Kinde\PrivacIE
[2012.04.21 14:52:11 | 003,293,184 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxress.dll
[2012.04.21 14:52:11 | 002,482,688 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igxpdx32.dll
[2012.04.21 14:52:11 | 002,383,872 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\ig4icd32.dll
[2012.04.21 14:52:11 | 001,563,776 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igxpdv32.dll
[2012.04.21 14:52:11 | 001,437,696 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\ig4dev32.dll
[2012.04.21 14:52:11 | 000,528,384 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxcfg.exe
[2012.04.21 14:52:11 | 000,200,704 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxpph.dll
[2012.04.21 14:52:11 | 000,192,512 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrell.lrc
[2012.04.21 14:52:11 | 000,192,512 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrdeu.lrc
[2012.04.21 14:52:11 | 000,188,416 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrnld.lrc
[2012.04.21 14:52:11 | 000,188,416 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrita.lrc
[2012.04.21 14:52:11 | 000,188,416 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxresp.lrc
[2012.04.21 14:52:11 | 000,184,320 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrfra.lrc
[2012.04.21 14:52:11 | 000,180,224 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrrus.lrc
[2012.04.21 14:52:11 | 000,180,224 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrptg.lrc
[2012.04.21 14:52:11 | 000,180,224 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrptb.lrc
[2012.04.21 14:52:11 | 000,180,224 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrhun.lrc
[2012.04.21 14:52:11 | 000,176,128 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrsky.lrc
[2012.04.21 14:52:11 | 000,176,128 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrplk.lrc
[2012.04.21 14:52:11 | 000,176,128 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrfin.lrc
[2012.04.21 14:52:11 | 000,176,128 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrcsy.lrc
[2012.04.21 14:52:11 | 000,172,032 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrtrk.lrc
[2012.04.21 14:52:11 | 000,172,032 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrsve.lrc
[2012.04.21 14:52:11 | 000,172,032 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrslv.lrc
[2012.04.21 14:52:11 | 000,172,032 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrnor.lrc
[2012.04.21 14:52:11 | 000,172,032 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrenu.lrc
[2012.04.21 14:52:11 | 000,172,032 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrdan.lrc
[2012.04.21 14:52:11 | 000,163,840 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxzoom.exe
[2012.04.21 14:52:11 | 000,163,840 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrtha.lrc
[2012.04.21 14:52:11 | 000,163,840 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\hkcmd.vir
[2012.04.21 14:52:11 | 000,159,744 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrara.lrc
[2012.04.21 14:52:11 | 000,155,648 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrheb.lrc
[2012.04.21 14:52:11 | 000,149,504 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igxpgd32.dll
[2012.04.21 14:52:11 | 000,135,168 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxdo.dll
[2012.04.21 14:52:11 | 000,131,072 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrjpn.lrc
[2012.04.21 14:52:11 | 000,126,976 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrkor.lrc
[2012.04.21 14:52:11 | 000,122,880 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxcpl.cpl
[2012.04.21 14:52:11 | 000,110,592 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrcht.lrc
[2012.04.21 14:52:11 | 000,110,592 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrchs.lrc
[2012.04.21 14:52:11 | 000,102,400 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\hccutils.dll
[2012.04.21 14:52:11 | 000,057,344 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igxprd32.dll
[2012.04.21 14:52:11 | 000,046,080 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxsrvc.dll
[2012.04.21 14:52:11 | 000,024,576 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxexps.dll
[2012.04.21 14:52:09 | 000,389,120 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\igxpun.exe
[2012.04.21 14:52:09 | 000,319,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\difxapi.dll
[2012.04.21 14:52:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Lang
[2012.04.21 14:36:13 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedFan
[2012.04.21 14:36:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kinde\Start Menu\Programs\SpeedFan
[2012.04.20 20:07:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ffdshow
[2012.04.17 19:00:49 | 000,000,000 | ---D | C] -- C:\games
[2012.04.17 15:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TNod User & Password Finder
[2012.04.17 15:58:01 | 000,000,000 | ---D | C] -- C:\Program Files\TNod User & Password Finder
[2012.04.16 18:05:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kinde\Application Data\Syntrillium
[2012.04.16 18:05:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Cool Edit Pro 2.1
[2012.04.16 18:03:52 | 000,000,000 | ---D | C] -- C:\Program Files\coolpro2
[2012.04.15 01:50:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kinde\Application Data\Verimatrix
[2012.04.15 01:50:03 | 000,000,000 | ---D | C] -- C:\Program Files\Verimatrix
[2012.04.15 01:49:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Verimatrix
[2012.04.14 16:25:08 | 000,090,112 | ---- | C] (MindVision Software) -- C:\WINDOWS\unvise32.exe
[2012.04.14 16:25:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Magic Bullet Looks Vegas
[2012.04.14 16:25:02 | 000,000,000 | ---D | C] -- C:\Program Files\Magic Bullet Looks Vegas
[2012.04.14 16:25:02 | 000,000,000 | ---D | C] -- C:\Program Files\LooksBuilder
[2012.04.14 16:15:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kinde\Application Data\Publish Providers
[2012.04.14 16:13:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kinde\Local Settings\Application Data\Sony
[2012.04.14 16:13:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sony
[2012.04.14 16:12:57 | 000,000,000 | ---D | C] -- C:\Program Files\Sony
[2012.04.14 16:12:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sony
[2012.04.14 16:11:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kinde\Application Data\Sony
[2012.04.14 15:51:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kinde\My Documents\Adobe
[2012.04.14 15:42:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Adobe PDF
[2012.04.14 15:42:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe
[2012.04.14 15:41:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe Systems
[2012.04.14 15:41:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe Systems Shared
[2012.04.14 15:39:50 | 000,417,792 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxdrv.dll
[2012.04.14 15:39:50 | 000,372,736 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\px.dll
[2012.04.14 15:39:50 | 000,339,968 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxwave.dll
[2012.04.14 15:39:50 | 000,172,032 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxmas.dll
[2012.04.14 15:39:50 | 000,028,672 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\vxblock.dll
[2012.04.14 02:05:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kinde\Application Data\TightVNC
[2012.04.14 02:05:24 | 000,000,000 | ---D | C] -- C:\Program Files\TightVNC
[2012.04.14 02:05:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TightVNC
[2012.04.14 01:16:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Xycod
[2012.04.14 01:16:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\esellerate

========== Files - Modified Within 30 Days ==========

[2012.05.14 00:03:27 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\Kinde\Local Settings\Application Data\PUTTY.RND
[2012.05.14 00:02:57 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\Kinde\Application Data\winscp.rnd
[2012.05.14 00:00:27 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{5BCFD273-95D9-413F-84D8-3AC98EFD3F69}.job
[2012.05.13 23:55:44 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kinde\Desktop\OTL.exe
[2012.05.13 23:44:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.05.13 23:30:03 | 000,001,028 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-2139871995-1801674531-1003UA.job
[2012.05.13 22:30:00 | 000,000,976 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-2139871995-1801674531-1003Core.job
[2012.05.13 20:39:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.05.11 14:49:28 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Kinde\Desktop\MBR.dat
[2012.05.09 20:19:51 | 000,431,524 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.05.09 20:19:51 | 000,067,134 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.05.09 20:04:16 | 000,294,612 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012.05.09 20:04:16 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012.05.09 19:24:12 | 000,001,568 | ---- | M] () -- C:\Documents and Settings\Kinde\Desktop\AccessDiver.lnk
[2012.05.09 19:24:03 | 002,103,406 | ---- | M] (Jean Fages ) -- C:\Documents and Settings\Kinde\Desktop\ad4.281.installer.exe
[2012.05.09 17:19:09 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012.05.09 17:13:35 | 000,000,328 | RHS- | M] () -- C:\boot.ini
[2012.05.09 17:06:23 | 004,488,685 | R--- | M] (Swearware) -- C:\Documents and Settings\Kinde\Desktop\comfix.exe
[2012.05.08 17:44:32 | 000,272,576 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.05.08 17:41:25 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012.05.08 15:24:26 | 000,294,612 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012.05.08 15:00:32 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Kinde\Desktop\aswMBR.exe
[2012.05.07 22:11:57 | 000,000,212 | ---- | M] () -- C:\Boot.bak
[2012.05.07 21:46:08 | 000,000,778 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CPUID HWMonitor.lnk
[2012.05.05 11:30:13 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Kinde\Desktop\Google Chrome.lnk
[2012.05.05 11:30:13 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\Kinde\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012.05.03 22:57:47 | 000,004,608 | ---- | M] () -- C:\Documents and Settings\Kinde\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.05.03 22:47:24 | 077,088,995 | ---- | M] () -- C:\Documents and Settings\Kinde\My Documents\A&E.pxc
[2012.05.03 18:55:43 | 001,620,299 | ---- | M] () -- C:\Documents and Settings\Kinde\My Documents\A&E.psh
[2012.05.03 18:27:48 | 000,000,005 | ---- | M] () -- C:\WINDOWS\ppAppDrive.ini
[2012.05.03 18:27:33 | 000,000,005 | ---- | M] () -- C:\Fade.ini
[2012.05.03 18:17:48 | 000,000,843 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Oracle VM VirtualBox.lnk
[2012.05.03 15:27:24 | 000,001,606 | ---- | M] () -- C:\Documents and Settings\Kinde\Desktop\CS 1.6 FULL v42.lnk
[2012.05.02 23:58:50 | 000,000,213 | ---- | M] () -- C:\Documents and Settings\Kinde\Desktop\Team Fortress 2.url
[2012.05.02 23:34:32 | 000,000,208 | ---- | M] () -- C:\Documents and Settings\Kinde\Desktop\CSPromod BETA 1.08.url
[2012.04.27 23:37:39 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\Kinde\Application Data\PUTTY.RND
[2012.04.26 22:15:26 | 000,002,665 | ---- | M] () -- C:\Documents and Settings\Kinde\My Documents\attach.zip
[2012.04.26 22:05:48 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Kinde\defogger_reenable
[2012.04.26 21:47:36 | 000,000,949 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Data Lifeguard Diagnostic for Windows.lnk
[2012.04.26 19:08:59 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012.04.26 18:19:15 | 000,160,411 | ---- | M] () -- C:\Documents and Settings\Kinde\My Documents\ts3_clientui-win32-1334913258-2012-04-26 18_19_15.265625.dmp
[2012.04.25 14:09:06 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012.04.25 14:09:06 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012.04.25 13:35:46 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.04.25 13:23:06 | 000,244,237 | ---- | M] () -- C:\Documents and Settings\Kinde\My Documents\Thank You for Your Purchase - Domain Registration, Website Design & Web Hosting at Register.pdf
[2012.04.25 13:06:42 | 000,869,194 | ---- | M] () -- C:\Documents and Settings\Kinde\Desktop\SecurityCheck.exe
[2012.04.24 21:08:02 | 000,000,942 | ---- | M] () -- C:\Documents and Settings\Kinde\Desktop\FurMark.lnk
[2012.04.24 19:19:56 | 000,006,304 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.04.24 19:01:47 | 000,001,912 | ---- | M] () -- C:\Documents and Settings\Kinde\Desktop\Video Card Stability Test.lnk
[2012.04.22 22:23:23 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.04.22 12:43:59 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012.04.21 18:04:35 | 001,620,299 | ---- | M] () -- C:\Documents and Settings\Kinde\My Documents\A&E.bak
[2012.04.21 17:59:22 | 001,321,905 | ---- | M] () -- C:\Documents and Settings\Kinde\My Documents\A&E.b01
[2012.04.21 17:24:02 | 000,305,152 | ---- | M] () -- C:\Documents and Settings\Kinde\My Documents\windiag.iso
[2012.04.21 14:57:41 | 000,001,862 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Windows 7 Upgrade Advisor.lnk
[2012.04.21 14:36:13 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Kinde\Desktop\SpeedFan.lnk
[2012.04.21 14:36:13 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\initdebug.nfo
[2012.04.20 19:51:03 | 001,273,057 | ---- | M] () -- C:\Documents and Settings\Kinde\My Documents\A&E.b02
[2012.04.20 19:47:50 | 001,273,001 | ---- | M] () -- C:\Documents and Settings\Kinde\My Documents\A&E.b03
[2012.04.20 19:46:21 | 001,273,001 | ---- | M] () -- C:\Documents and Settings\Kinde\My Documents\A&E.b04
[2012.04.17 23:09:11 | 000,002,651 | ---- | M] () -- C:\Documents and Settings\Kinde\My Documents\server.cfg
[2012.04.17 21:46:37 | 000,001,517 | ---- | M] () -- C:\Documents and Settings\Kinde\My Documents\live.cfg
[2012.04.17 21:08:29 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Kinde\My Documents\listip.cfg
[2012.04.17 21:08:16 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Kinde\My Documents\banned.cfg
[2012.04.17 15:58:02 | 000,001,583 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Update NOD32 license.lnk
[2012.04.16 19:59:01 | 001,272,846 | ---- | M] () -- C:\Documents and Settings\Kinde\My Documents\A&E.b05
[2012.04.16 19:56:18 | 001,272,840 | ---- | M] () -- C:\Documents and Settings\Kinde\My Documents\A&E.b06
[2012.04.16 19:55:11 | 001,272,830 | ---- | M] () -- C:\Documents and Settings\Kinde\My Documents\A&E.b07
[2012.04.16 19:54:09 | 001,272,833 | ---- | M] () -- C:\Documents and Settings\Kinde\My Documents\A&E.b08
[2012.04.16 19:52:16 | 001,272,809 | ---- | M] () -- C:\Documents and Settings\Kinde\My Documents\A&E.b09
[2012.04.16 18:05:26 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Cool Edit Pro 2.1.lnk
[2012.04.15 21:26:06 | 000,000,632 | ---- | M] () -- C:\Documents and Settings\Kinde\My Documents\knife.cfg
[2012.04.15 21:25:52 | 000,000,838 | ---- | M] () -- C:\Documents and Settings\Kinde\My Documents\smoke.cfg
[2012.04.15 17:46:28 | 000,000,269 | ---- | M] () -- C:\Documents and Settings\Kinde\My Documents\sqillachi.ini
[2012.04.15 17:12:55 | 000,001,113 | ---- | M] () -- C:\Documents and Settings\Kinde\My Documents\advertisements.ini
[2012.04.15 12:30:23 | 000,000,416 | ---- | M] () -- C:\Documents and Settings\Kinde\My Documents\spider.sav
[2012.04.14 15:39:23 | 000,417,792 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\pxdrv.dll
[2012.04.14 15:39:23 | 000,372,736 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\px.dll
[2012.04.14 15:39:23 | 000,339,968 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\pxwave.dll
[2012.04.14 15:39:23 | 000,172,032 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\pxmas.dll
[2012.04.14 15:39:23 | 000,053,248 | ---- | M] () -- C:\WINDOWS\System32\pxhpinst.exe
[2012.04.14 15:39:23 | 000,028,672 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\vxblock.dll

========== Files Created - No Company Name ==========

[2012.05.09 19:24:12 | 000,001,574 | ---- | C] () -- C:\Documents and Settings\Kinde\Start Menu\Programs\AccessDiver.lnk
[2012.05.09 19:24:12 | 000,001,568 | ---- | C] () -- C:\Documents and Settings\Kinde\Desktop\AccessDiver.lnk
[2012.05.09 17:13:35 | 000,000,212 | ---- | C] () -- C:\Boot.bak
[2012.05.09 17:13:31 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012.05.09 17:11:53 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012.05.09 17:11:53 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012.05.09 17:11:53 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012.05.09 17:11:53 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012.05.09 17:11:53 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012.05.09 13:15:46 | 015,233,024 | ---- | C] () -- C:\Documents and Settings\Kinde\Desktop\dt05_g.img
[2012.05.07 21:46:08 | 000,000,778 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CPUID HWMonitor.lnk
[2012.05.03 18:27:48 | 000,000,005 | ---- | C] () -- C:\WINDOWS\ppAppDrive.ini
[2012.05.03 18:27:06 | 000,000,005 | ---- | C] () -- C:\Fade.ini
[2012.05.03 18:17:48 | 000,000,843 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Oracle VM VirtualBox.lnk
[2012.05.02 23:58:50 | 000,000,213 | ---- | C] () -- C:\Documents and Settings\Kinde\Desktop\Team Fortress 2.url
[2012.05.02 23:34:32 | 000,000,208 | ---- | C] () -- C:\Documents and Settings\Kinde\Desktop\CSPromod BETA 1.08.url
[2012.04.27 23:37:39 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Kinde\Application Data\PUTTY.RND
[2012.04.26 22:15:26 | 000,002,665 | ---- | C] () -- C:\Documents and Settings\Kinde\My Documents\attach.zip
[2012.04.26 22:05:48 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Kinde\defogger_reenable
[2012.04.26 19:08:59 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012.04.26 18:19:15 | 000,160,411 | ---- | C] () -- C:\Documents and Settings\Kinde\My Documents\ts3_clientui-win32-1334913258-2012-04-26 18_19_15.265625.dmp
[2012.04.25 14:01:51 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Kinde\Desktop\MBR.dat
[2012.04.25 13:35:46 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.04.25 13:23:06 | 000,244,237 | ---- | C] () -- C:\Documents and Settings\Kinde\My Documents\Thank You for Your Purchase - Domain Registration, Website Design & Web Hosting at Register.pdf
[2012.04.25 13:06:41 | 000,869,194 | ---- | C] () -- C:\Documents and Settings\Kinde\Desktop\SecurityCheck.exe
[2012.04.24 21:08:02 | 000,000,942 | ---- | C] () -- C:\Documents and Settings\Kinde\Desktop\FurMark.lnk
[2012.04.24 19:15:06 | 000,000,949 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Data Lifeguard Diagnostic for Windows.lnk
[2012.04.24 19:01:47 | 000,001,912 | ---- | C] () -- C:\Documents and Settings\Kinde\Desktop\Video Card Stability Test.lnk
[2012.04.24 17:13:10 | 000,135,168 | ---- | C] () -- C:\WINDOWS\UNDPX2A.exe
[2012.04.24 17:13:10 | 000,053,693 | ---- | C] () -- C:\WINDOWS\UNDPX2A.sys
[2012.04.24 17:13:10 | 000,015,429 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\Sacm2A.sys
[2012.04.21 17:24:01 | 000,305,152 | ---- | C] () -- C:\Documents and Settings\Kinde\My Documents\windiag.iso
[2012.04.21 14:57:41 | 000,001,868 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk
[2012.04.21 14:57:41 | 000,001,862 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Windows 7 Upgrade Advisor.lnk
[2012.04.21 14:54:16 | 000,000,422 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{5BCFD273-95D9-413F-84D8-3AC98EFD3F69}.job
[2012.04.21 14:52:11 | 000,650,608 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2012.04.21 14:52:11 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4764.dll
[2012.04.21 14:52:11 | 000,024,784 | ---- | C] () -- C:\WINDOWS\System32\igxpxs32.vp
[2012.04.21 14:52:11 | 000,002,096 | ---- | C] () -- C:\WINDOWS\System32\igxpxk32.vp
[2012.04.21 14:52:09 | 000,121,232 | ---- | C] () -- C:\WINDOWS\System32\IScrNBR.bmp
[2012.04.21 14:52:09 | 000,121,232 | ---- | C] () -- C:\WINDOWS\System32\IScrNB.bmp
[2012.04.21 14:36:13 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\Kinde\Desktop\SpeedFan.lnk
[2012.04.21 14:36:11 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\initdebug.nfo
[2012.04.20 20:36:23 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Kinde\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.04.17 23:09:33 | 000,002,651 | ---- | C] () -- C:\Documents and Settings\Kinde\My Documents\server.cfg
[2012.04.17 21:08:48 | 000,001,517 | ---- | C] () -- C:\Documents and Settings\Kinde\My Documents\live.cfg
[2012.04.17 21:08:21 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Kinde\My Documents\listip.cfg
[2012.04.17 21:08:16 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Kinde\My Documents\banned.cfg
[2012.04.17 19:07:32 | 000,001,606 | ---- | C] () -- C:\Documents and Settings\Kinde\Desktop\CS 1.6 FULL v42.lnk
[2012.04.17 15:58:02 | 000,001,583 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Update NOD32 license.lnk
[2012.04.16 18:05:26 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Cool Edit Pro 2.1.lnk
[2012.04.15 21:26:06 | 000,000,632 | ---- | C] () -- C:\Documents and Settings\Kinde\My Documents\knife.cfg
[2012.04.15 21:25:52 | 000,000,838 | ---- | C] () -- C:\Documents and Settings\Kinde\My Documents\smoke.cfg
[2012.04.15 17:46:28 | 000,000,269 | ---- | C] () -- C:\Documents and Settings\Kinde\My Documents\sqillachi.ini
[2012.04.14 17:05:08 | 077,088,995 | ---- | C] () -- C:\Documents and Settings\Kinde\My Documents\A&E.pxc
[2012.04.14 17:05:08 | 001,620,299 | ---- | C] () -- C:\Documents and Settings\Kinde\My Documents\A&E.psh
[2012.04.14 17:05:08 | 001,620,299 | ---- | C] () -- C:\Documents and Settings\Kinde\My Documents\A&E.bak
[2012.04.14 17:05:08 | 001,321,905 | ---- | C] () -- C:\Documents and Settings\Kinde\My Documents\A&E.b01
[2012.04.14 17:05:08 | 001,273,057 | ---- | C] () -- C:\Documents and Settings\Kinde\My Documents\A&E.b02
[2012.04.14 17:05:08 | 001,273,001 | ---- | C] () -- C:\Documents and Settings\Kinde\My Documents\A&E.b04
[2012.04.14 17:05:08 | 001,273,001 | ---- | C] () -- C:\Documents and Settings\Kinde\My Documents\A&E.b03
[2012.04.14 17:05:08 | 001,272,846 | ---- | C] () -- C:\Documents and Settings\Kinde\My Documents\A&E.b05
[2012.04.14 17:05:08 | 001,272,840 | ---- | C] () -- C:\Documents and Settings\Kinde\My Documents\A&E.b06
[2012.04.14 17:05:08 | 001,272,833 | ---- | C] () -- C:\Documents and Settings\Kinde\My Documents\A&E.b08
[2012.04.14 17:05:08 | 001,272,830 | ---- | C] () -- C:\Documents and Settings\Kinde\My Documents\A&E.b07
[2012.04.14 17:05:08 | 001,272,809 | ---- | C] () -- C:\Documents and Settings\Kinde\My Documents\A&E.b09
[2012.04.14 15:42:31 | 000,001,726 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Bridge.lnk
[2012.04.14 15:41:00 | 000,001,932 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Premiere Pro 2.0.lnk
[2012.04.14 15:39:50 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\pxhpinst.exe
[2012.04.14 01:16:22 | 000,001,636 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\PWS 3 32.lnk
[2012.04.13 18:40:23 | 000,056,840 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012.03.23 15:45:06 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Kinde\Local Settings\Application Data\PUTTY.RND
[2012.03.23 15:24:00 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Kinde\Application Data\winscp.rnd
[2012.03.23 14:09:57 | 000,294,612 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012.03.23 14:09:57 | 000,294,612 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012.03.23 14:09:57 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012.03.23 14:09:20 | 002,784,050 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2012.03.23 14:05:21 | 000,006,304 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.03.23 14:01:04 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2012.03.23 13:58:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2012.03.23 02:03:33 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012.03.23 02:02:31 | 000,272,576 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.03.23 01:43:54 | 000,223,192 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012.03.23 01:18:16 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012.03.23 01:16:01 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2012.03.23 01:14:13 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2012.03.23 01:14:10 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2012.03.23 01:14:10 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2012.03.23 01:14:09 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2012.03.23 01:14:07 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2012.03.23 01:08:50 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

========== LOP Check ==========

[2012.04.26 19:08:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012.03.23 14:06:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2012.03.28 20:36:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeHideIP
[2012.05.09 13:19:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\KONAMI
[2012.03.28 13:44:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Photodex
[2012.05.07 15:35:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Razer
[2012.04.13 18:37:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2012.04.14 16:12:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2012.04.15 01:49:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Verimatrix
[2012.04.14 01:16:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Xycod
[2012.05.08 17:38:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kinde\Application Data\BitTorrent
[2012.05.14 00:02:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kinde\Application Data\FileZilla
[2012.03.28 20:36:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kinde\Application Data\FreeHideIP
[2012.04.24 19:01:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kinde\Application Data\FreeStone Group
[2012.05.13 19:49:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kinde\Application Data\HLSW
[2012.03.28 13:44:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kinde\Application Data\Netscape
[2012.03.23 14:49:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kinde\Application Data\Notepad++
[2012.03.28 13:43:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kinde\Application Data\Photodex
[2012.03.30 20:23:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kinde\Application Data\PhotoScape
[2012.04.14 16:15:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kinde\Application Data\Publish Providers
[2012.04.14 16:11:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kinde\Application Data\Sony
[2012.03.28 15:20:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kinde\Application Data\TeamViewer
[2012.04.14 02:05:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kinde\Application Data\TightVNC
[2012.04.23 16:02:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kinde\Application Data\ts3overlay
[2012.05.08 17:04:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kinde\Application Data\uTorrent
[2012.04.15 01:50:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kinde\Application Data\Verimatrix
[2012.03.26 09:43:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kinde\Application Data\YaTQA
[2012.05.14 00:00:27 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{5BCFD273-95D9-413F-84D8-3AC98EFD3F69}.job

========== Purity Check ==========



========== Custom Scans ==========

< MD5 for: AGP440.SYS >
[2004.08.04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\Documents and Settings\Kinde\My Documents\modified XP\I386\sp2.cab:AGP440.sys
[2009.06.11 20:02:30 | 017,778,292 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2004.08.04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\Documents and Settings\Kinde\My Documents\modified XP\I386\sp2.cab:atapi.sys
[2009.06.11 20:02:30 | 017,778,292 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.13 22:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008.04.13 22:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008.04.13 22:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008.04.13 22:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008.04.14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008.04.14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008.04.14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008.04.14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008.04.14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008.04.14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008.04.14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008.04.14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008.04.14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< End of report >


And here is log from Extras.txt
Attached File  Extras.Txt   39.92KB   0 downloads

Edited by kinde, 13 May 2012 - 05:15 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users