Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ensuring no more trojans and malware on my PC


  • This topic is locked This topic is locked
35 replies to this topic

#1 Alfik

Alfik

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:22 PM

Posted 11 January 2013 - 07:53 AM

Hello,

My PC got infected by Olmasco.O (detected by ESET smart security)..I followed this topic and all the instructions: http://www.bleepingcomputer.com/forums/topic462024.html

My PC is running now much better but it is still a bit slow...also this windows update cannot be installed (automatic update service says: could not be installed):
Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2742597)

Can you pls help me to ensure that my PC is "clean" now?

thank you.

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,543 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:22 PM

Posted 13 January 2013 - 10:48 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
    • DDS.scr <- not recommended if you use Chrome to download this .scr file. Use the other options.
    • DDS.pif
    • DDS.COM
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.

Wait for further instructions.

#3 Alfik

Alfik
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:22 PM

Posted 13 January 2013 - 04:58 PM

Hello nasdaq,

first, thank you for taking over of my topic..

I would like to add that there is message popping out on blue screen before Windows starts up, it says:
"stera program not found - skipping AUTOCHECK"

Also, I already installed Windows update "KB2742597" manually.
I have ESET SC6 ínstalled on my PC.

Here is DDS log:
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.10.2
Run by Buddy at 22:51:22 on 2013-01-13
Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.1022.318 [GMT 1:00]
.
AV: ESET Smart Security 6.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\DOCUME~1\Buddy\LOCALS~1\Temp\clclean.0001
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www1.euro.dell.com/content/default.aspx?c=ie&l=en&s=gen
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [SetDefaultMIDI] MIDIDef.exe
uRun: [Creative Detector] "c:\program files\creative\mediasource\detector\CTDetect.exe" /R
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SandboxieControl] "c:\program files\sandboxie\SbieCtrl.exe"
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
mRun: [MBMon] Rundll32 CTMBHA.DLL,MBMon
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: Download &Flash Movies - c:\program files\flash2x\flash hunter\save.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBC} - <orphaned>
IE: {5B7027AD-AA6D-40df-8F56-9560F277D2A5} - {E4ABF418-CB30-470C-BFF7-674AC0FC564F} - c:\program files\software602\print2pdf\Print602.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - hxxp://www.creative.com/su/ocx/15026/CTSUEng.cab
DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} - hxxp://download.microsoft.com/download/a/d/e/ade837f3-8e2d-4eca-9e4f-f0fcc750ab87/VirtualEarth3D.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1357915608937
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_03-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_03-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/su/ocx/15028/CTPID.cab
TCP: NameServer = 195.34.133.21 192.168.4.1
TCP: Interfaces\{D9754F8F-6338-4398-B7C8-DA0214490F45} : DHCPNameServer = 195.34.133.21 192.168.4.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: WRNotifier - WRLogonNTF.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\buddy\application data\mozilla\firefox\profiles\qnpimw5m.default\
FF - prefs.js: browser.startup.homepage - www.google.sk
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\documents and settings\buddy\local settings\application data\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
============= SERVICES / DRIVERS ===============
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2012-10-8 121216]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2012-11-26 1329304]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R3 PSched;QoS Packet Scheduler;c:\windows\system32\drivers\psched.sys [2005-8-16 69120]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2012-12-16 157776]
R4 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys --> c:\windows\system32\drivers\avgfwdx.sys [?]
R4 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys --> c:\windows\system32\drivers\avgidsdriverx.sys [?]
R4 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys --> c:\windows\system32\drivers\avgidshx.sys [?]
R4 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys --> c:\windows\system32\drivers\avgidsshimx.sys [?]
R4 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys --> c:\windows\system32\drivers\avgrkx86.sys [?]
R4 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys --> c:\windows\system32\drivers\avgtdix.sys [?]
S2 gupdate1c9b2e5c73b1444;Služba Google Update (gupdate1c9b2e5c73b1444);c:\program files\google\update\GoogleUpdate.exe [2009-4-1 133104]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-1-9 682344]
S2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-1-9 398184]
S3 DKRtWrt;DKRtWrt;c:\windows\system32\drivers\DKRtWrt.sys [2012-6-19 38608]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-1-9 21104]
S3 ntportio;ntportio;\??\c:\docume~1\buddy\locals~1\temp\u\1204835518\ntportio.sys --> c:\docume~1\buddy\locals~1\temp\u\1204835518\ntportio.sys [?]
S3 Samsung UPD Service;Samsung UPD Service;c:\windows\system32\SUPDSvc.exe [2012-3-10 131888]
S3 Tetris;Tetris driver;c:\windows\system32\drivers\tetris.sys --> c:\windows\system32\drivers\Tetris.sys [?]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2009-12-17 99152]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\vboxnetflt.sys --> c:\windows\system32\drivers\VBoxNetFlt.sys [?]
.
=============== File Associations ===============
.
ShellExec: FRONTPG.EXE: edit=c:\progra~1\micros~3\office10\FRONTPG.EXE
ShellExec: Mediahub.exe: open=blank
.
=============== Created Last 30 ================
.
2013-01-13 21:41:02 -------- d-----w- c:\program files\ESET
2013-01-13 20:31:49 328704 ----a-w- c:\windows\IsUn0407.exe
2013-01-13 16:16:35 -------- d-----w- c:\documents and settings\buddy\application data\AVG
2013-01-13 16:01:34 -------- d-----w- c:\documents and settings\all users\application data\AVG
2013-01-13 16:00:27 -------- d-sh--w- c:\documents and settings\all users\application data\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2013-01-13 11:24:20 -------- d-----w- c:\documents and settings\buddy\application data\TuneUp Software
2013-01-13 11:22:20 -------- d-----w- c:\documents and settings\all users\application data\AVG2013
2013-01-13 11:19:46 -------- d-----w- c:\program files\AVG
2013-01-13 11:15:49 -------- d-----w- c:\documents and settings\buddy\local settings\application data\MFAData
2013-01-13 11:15:49 -------- d-----w- c:\documents and settings\buddy\local settings\application data\Avg2013
2013-01-13 11:15:49 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2013-01-11 20:13:06 -------- d-----r- C:\Sandbox
2013-01-11 20:11:29 -------- d-----w- c:\program files\Sandboxie
2013-01-11 18:23:27 -------- d-----w- c:\documents and settings\buddy\application data\Windows Search
2013-01-11 15:00:55 -------- d-----w- c:\windows\system32\GroupPolicy
2013-01-11 14:59:00 29696 ------w- c:\windows\system32\dllcache\mimefilt.dll
2013-01-11 14:58:59 98304 ------w- c:\windows\system32\dllcache\nlhtml.dll
2013-01-11 14:58:59 192000 ------w- c:\windows\system32\dllcache\offfilt.dll
2013-01-11 14:26:26 -------- d-----w- c:\windows\system32\URTTEMP
2013-01-11 14:23:29 866176 ----a-w- c:\program files\mozilla firefox\uninstall\helper.exe
2013-01-11 14:23:29 262704 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2013-01-11 12:39:32 -------- d-----w- c:\documents and settings\buddy\application data\ElevatedDiagnostics
2013-01-10 23:14:34 -------- d-----w- c:\documents and settings\buddy\local settings\application data\PCHealth
2013-01-10 20:39:13 -------- dc-h--w- c:\windows\ie8
2013-01-10 19:53:33 -------- d-----w- c:\documents and settings\buddy\local settings\application data\Sun
2013-01-10 19:50:54 92208 ----a-w- c:\program files\mozilla firefox\smime3.dll
2013-01-10 19:50:54 22064 ----a-w- c:\program files\mozilla firefox\plc4.dll
2013-01-10 19:50:54 21552 ----a-w- c:\program files\mozilla firefox\plds4.dll
2013-01-10 19:50:54 17456 ----a-w- c:\program files\mozilla firefox\plugin-container.exe
2013-01-10 19:50:54 152112 ----a-w- c:\program files\mozilla firefox\softokn3.dll
2013-01-10 19:50:53 96816 ----a-w- c:\program files\mozilla firefox\webapprt-stub.exe
2013-01-10 19:50:53 271920 ----a-w- c:\program files\mozilla firefox\updater.exe
2013-01-10 19:50:53 19504 ----a-w- c:\program files\mozilla firefox\xpcom.dll
2013-01-10 19:50:53 157864 ----a-w- c:\program files\mozilla firefox\webapp-uninstaller.exe
2013-01-10 19:50:53 155696 ----a-w- c:\program files\mozilla firefox\ssl3.dll
2013-01-10 19:50:45 17798192 ----a-w- c:\program files\mozilla firefox\xul.dll
2013-01-10 18:27:42 859072 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-01-10 18:27:42 779704 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-10 18:27:42 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-01-10 18:27:19 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-01-09 21:10:25 -------- d-----w- c:\program files\VS Revo Group
2013-01-09 17:40:15 -------- d-----w- C:\TDSSKiller_Quarantine
2013-01-09 17:32:50 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2013-01-09 17:32:47 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-09 17:32:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
==================== Find3M ====================
.
2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-13 01:25:12 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-06 02:01:39 1371648 ------w- c:\windows\system32\msxml6.dll
2012-11-02 02:02:42 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:17:54 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:17:54 43520 ------w- c:\windows\system32\licmgr10.dll
2012-11-01 12:17:54 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35:34 385024 ------w- c:\windows\system32\html.iec
.
============= FINISH: 22:55:51,70 ===============

#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,543 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:22 PM

Posted 14 January 2013 - 10:06 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

This is for my reference only. I need to check further on this after I have seen the other logs requested below.

Stera problem... check version of operating system ... for Platform: Windows XP SP2

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager]
"BootExecute"=hex(7):61,00,75,00,74,00,6f,00,63,00,68,00,65,00,63,00,6b,00,20,\
00,61,00,75,00,74,00,6f,00,63,00,68,00,6b,00,20,00,2a,00,00,00,00,00

topic:
http://www.malwareremoval.com/forum/viewtopic.php?f=12&t=26262&sid=d6224c3fa1fa6d88d81e6928feabd552&start=30


==================
;
; Instructions: Copy and paste this text IN BOLD into a text editor such as Notepad.
;
; Save this text as smlook.bat. Make sure the "Save as type:" is "All Files (*.*)" and save it to your desktop.

regedit /e C:\smlook.txt "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager"
start notepad C:\smlook.txt



; Double-click on smlook.bat and run it. The Command Prompt will open and close quickly; this is normal. Notepad will open shortly afterwards. Please post the contents of this Notepad file in your next reply.

Delete the smlook.bat and smlook.txt files when done.
===

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Close any open browsers, and all other programs working. Make sure you save your file if working on a document.
  • Do not install any other programs until this if fixed.[/b]
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).

Please post the logs and let me know if the problem persists.

#5 Alfik

Alfik
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:22 PM

Posted 14 January 2013 - 12:23 PM

Hello,

Unfortunately, the problem persists.

Also, there is "new hardware found wizard" opening after Windows starts up (this problem started recently and was present before I followed your instructions - sorry, I forgot to mention it).

Here are the logs:

ComboFix 13-01-14.01 - Buddy . 01. 2013 17:31:16.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.1022.416 [GMT 1:00]
Running from: c:\documents and settings\Buddy\Desktop\ComboFix.exe
AV: ESET Smart Security 6.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\Buddy\LOCALS~1\Temp\clclean.0001.dir.0002\~df394b.tmp
c:\documents and settings\Buddy\Local Settings\temp\clclean.0001.dir.0002\~df394b.tmp
c:\windows\IsUn0407.exe
c:\windows\system32\_000011_.tmp.dll
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-12-14 to 2013-01-14 )))))))))))))))))))))))))))))))
.
.
2013-01-13 21:41 . 2013-01-13 21:41 -------- d-----w- c:\program files\ESET
2013-01-13 21:41 . 2013-01-13 21:41 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2013-01-13 16:16 . 2013-01-13 16:16 -------- d-----w- c:\documents and settings\Buddy\Application Data\AVG
2013-01-13 16:01 . 2013-01-13 16:17 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG
2013-01-13 16:00 . 2013-01-13 16:00 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2013-01-13 11:24 . 2013-01-13 11:24 -------- d-----w- c:\documents and settings\Buddy\Application Data\TuneUp Software
2013-01-13 11:15 . 2013-01-13 20:03 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2013-01-13 11:15 . 2013-01-13 11:15 -------- d-----w- c:\documents and settings\Buddy\Local Settings\Application Data\MFAData
2013-01-12 17:33 . 2013-01-12 17:34 -------- d-----w- c:\documents and settings\Administrator\Application Data\Creative
2013-01-12 17:28 . 2013-01-12 17:28 -------- d-----w- c:\documents and settings\Administrator\Application Data\DivX
2013-01-11 20:13 . 2013-01-11 20:13 -------- d-----r- C:\Sandbox
2013-01-11 20:11 . 2013-01-11 20:11 -------- d-----w- c:\program files\Sandboxie
2013-01-11 18:23 . 2013-01-11 18:23 -------- d-----w- c:\documents and settings\Buddy\Application Data\Windows Search
2013-01-11 15:04 . 2013-01-11 15:07 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2013-01-11 15:00 . 2013-01-11 15:00 -------- d-----w- c:\windows\system32\GroupPolicy
2013-01-11 14:59 . 2008-03-07 17:02 29696 ------w- c:\windows\system32\dllcache\mimefilt.dll
2013-01-11 14:58 . 2008-03-07 17:02 98304 ------w- c:\windows\system32\dllcache\nlhtml.dll
2013-01-11 14:58 . 2008-03-07 17:02 192000 ------w- c:\windows\system32\dllcache\offfilt.dll
2013-01-11 14:23 . 2013-01-05 17:19 866176 ----a-w- c:\program files\Mozilla Firefox\uninstall\helper.exe
2013-01-11 14:23 . 2013-01-05 03:44 262704 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2013-01-11 12:39 . 2013-01-11 12:39 -------- d-----w- c:\documents and settings\Buddy\Application Data\ElevatedDiagnostics
2013-01-10 23:14 . 2013-01-10 23:14 -------- d-----w- c:\documents and settings\Buddy\Local Settings\Application Data\PCHealth
2013-01-10 21:12 . 2013-01-10 21:12 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2013-01-10 21:12 . 2013-01-10 21:12 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2013-01-10 20:39 . 2013-01-10 20:41 -------- dc-h--w- c:\windows\ie8
2013-01-10 19:53 . 2013-01-10 19:53 -------- d-----w- c:\documents and settings\Buddy\Local Settings\Application Data\Sun
2013-01-10 19:50 . 2013-01-05 03:44 152112 ----a-w- c:\program files\Mozilla Firefox\softokn3.dll
2013-01-10 19:50 . 2013-01-05 03:44 92208 ----a-w- c:\program files\Mozilla Firefox\smime3.dll
2013-01-10 19:50 . 2013-01-05 03:44 17456 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2013-01-10 19:50 . 2013-01-05 03:44 21552 ----a-w- c:\program files\Mozilla Firefox\plds4.dll
2013-01-10 19:50 . 2013-01-05 03:44 22064 ----a-w- c:\program files\Mozilla Firefox\plc4.dll
2013-01-10 19:50 . 2013-01-05 03:44 19504 ----a-w- c:\program files\Mozilla Firefox\xpcom.dll
2013-01-10 19:50 . 2013-01-05 03:44 96816 ----a-w- c:\program files\Mozilla Firefox\webapprt-stub.exe
2013-01-10 19:50 . 2013-01-05 03:44 157864 ----a-w- c:\program files\Mozilla Firefox\webapp-uninstaller.exe
2013-01-10 19:50 . 2013-01-05 03:44 271920 ----a-w- c:\program files\Mozilla Firefox\updater.exe
2013-01-10 19:50 . 2013-01-05 03:44 155696 ----a-w- c:\program files\Mozilla Firefox\ssl3.dll
2013-01-10 19:50 . 2013-01-05 03:44 17798192 ----a-w- c:\program files\Mozilla Firefox\xul.dll
2013-01-10 18:27 . 2013-01-10 18:26 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-01-10 18:27 . 2013-01-10 18:26 859072 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-01-10 18:27 . 2013-01-10 18:26 779704 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-10 18:27 . 2013-01-10 18:26 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-01-09 21:10 . 2013-01-09 21:10 -------- d-----w- c:\program files\VS Revo Group
2013-01-09 17:40 . 2013-01-09 17:40 -------- d-----w- C:\TDSSKiller_Quarantine
2013-01-09 17:32 . 2013-01-09 17:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2013-01-09 17:32 . 2013-01-09 17:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-01-09 17:32 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-16 12:23 . 2005-08-16 04:18 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-13 01:25 . 2005-08-16 04:18 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-06 02:01 . 2008-09-22 21:41 1371648 ------w- c:\windows\system32\msxml6.dll
2012-11-02 02:02 . 2005-08-16 04:18 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:17 . 2005-08-16 04:18 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:17 . 2005-08-16 04:18 43520 ------w- c:\windows\system32\licmgr10.dll
2012-11-01 12:17 . 2005-08-16 04:18 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35 . 2005-08-16 04:18 385024 ------w- c:\windows\system32\html.iec
2013-01-05 03:44 . 2013-01-11 14:23 262704 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 24576]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2012-12-16 545552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-09-15 57344]
"MBMon"="CTMBHA.DLL" [2005-05-19 1345520]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 339968]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-11-26 5074384]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck stera
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
"PrintPack dispatcher"="c:\program files\Software602\Print2PDF\PrnPack.exe" /server
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe"
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"MSKDetectorExe"=c:\program files\McAfee\SpamKiller\MSKDetct.exe /uninstall
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"SNPSTD2"=c:\windows\vsnpstd2.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\SUPDSvc.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12540:TCP"= 12540:TCP:torrrent
"11801:TCP"= 11801:TCP:BitComet 11801 TCP
"11801:UDP"= 11801:UDP:BitComet 11801 UDP
"16820:TCP"= 16820:TCP:BitComet 16820 TCP
"16820:UDP"= 16820:UDP:BitComet 16820 UDP
"8829:TCP"= 8829:TCP:BitComet 8829 TCP
"8829:UDP"= 8829:UDP:BitComet 8829 UDP
"24274:TCP"= 24274:TCP:BitComet 24274 TCP
"24274:UDP"= 24274:UDP:BitComet 24274 UDP
"8574:TCP"= 8574:TCP:BitComet 8574 TCP
"8574:UDP"= 8574:UDP:BitComet 8574 UDP
"8790:TCP"= 8790:TCP:BitComet 8790 TCP
"8790:UDP"= 8790:UDP:BitComet 8790 UDP
"8832:TCP"= 8832:TCP:BitComet 8832 TCP
"8832:UDP"= 8832:UDP:BitComet 8832 UDP
"17592:TCP"= 17592:TCP:BitComet 17592 TCP
"17592:UDP"= 17592:UDP:BitComet 17592 UDP
"17265:TCP"= 17265:TCP:BitComet 17265 TCP
"17265:UDP"= 17265:UDP:BitComet 17265 UDP
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8. 4. 2006 19:06 691696]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [8. 10. 2012 8:21 121216]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [26. 11. 2012 13:34 1329304]
S2 gupdate1c9b2e5c73b1444;Služba Google Update (gupdate1c9b2e5c73b1444);c:\program files\Google\Update\GoogleUpdate.exe [1. 4. 2009 17:20 133104]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9. 1. 2013 18:32 682344]
S3 DKRtWrt;DKRtWrt;c:\windows\system32\drivers\DKRtWrt.sys [19. 6. 2012 13:48 38608]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9. 1. 2013 18:32 21104]
S3 ntportio;ntportio;\??\c:\docume~1\Buddy\LOCALS~1\Temp\u\1204835518\ntportio.sys --> c:\docume~1\Buddy\LOCALS~1\Temp\u\1204835518\ntportio.sys [?]
S3 Samsung UPD Service;Samsung UPD Service;c:\windows\system32\SUPDSvc.exe [10. 3. 2012 11:46 131888]
S3 Tetris;Tetris driver;c:\windows\system32\Drivers\Tetris.sys --> c:\windows\system32\Drivers\Tetris.sys [?]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [17. 12. 2009 15:02 99152]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys --> c:\windows\system32\DRIVERS\VBoxNetFlt.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-01 16:20]
.
2013-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-01 16:20]
.
2013-01-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3239930355-4236695605-193725191-1005Core.job
- c:\documents and settings\Buddy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-07-01 19:22]
.
2013-01-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3239930355-4236695605-193725191-1005UA.job
- c:\documents and settings\Buddy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-07-01 19:22]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www1.euro.dell.com/content/default.aspx?c=ie&l=en&s=gen
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Download &Flash Movies - c:\program files\Flash2X\Flash Hunter\save.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 195.34.133.21 192.168.4.1
FF - ProfilePath - c:\documents and settings\Buddy\Application Data\Mozilla\Firefox\Profiles\qnpimw5m.default\
FF - prefs.js: browser.startup.homepage - www.google.sk
FF - prefs.js: network.proxy.type - 4
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-14 17:46
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3239930355-4236695605-193725191-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3239930355-4236695605-193725191-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5A2B390D-3225-9EED-4DBE-C788CA4607D1}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oadohldoccfbbfdnmeefckgoejfhkc"=hex:61,69,66,65,63,66,68,65,65,61,67,69,68,68,
61,70,6b,64,61,63,70,6d,6a,6b,65,63,6f,6b,6a,64,6f,62,67,6a,64,6d,6e,6c,6c,\
"iaomnkkogmfnllcgci"=hex:6a,61,6c,62,66,6c,6b,68,6c,62,68,6b,6b,65,6b,66,65,6d,
65,6e,00,00
"haiopimnkhacadgp"=hex:6b,61,6b,62,61,6c,62,70,6a,61,6a,6d,63,66,65,64,62,6c,
61,70,6e,6c,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(224)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2013-01-14 17:51:07
ComboFix-quarantined-files.txt 2013-01-14 16:51
.
Pre-Run: 21 986 918 400 bytes free
Post-Run: 21 976 760 320 bytes free
.
- - End Of File - - 38D7D26E4D9D1C125F91902FE75B3277










Results of screen317's Security Check version 0.99.57
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
ESET Smart Security 6.0
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Windows Defender Signatures
Malwarebytes Anti-Malware verzia 1.70.0.1100
CCleaner
Java 7 Update 10
Java 2 Runtime Environment, SE v1.4.2_03
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 11.1.102.55
Adobe Reader 8 Adobe Reader out of Date!
Mozilla Firefox (18.0)
````````Process Check: objlist.exe by Laurent````````
ESET NOD32 Antivirus ekrn.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 7%
````````````````````End of Log``````````````````````









# AdwCleaner v2.105 - Logfile created 01/14/2013 at 18:06:57
# Updated 08/01/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Buddy - BUDDYANDSWEETY
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Buddy\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0 (sk)

File : C:\Documents and Settings\Buddy\Application Data\Mozilla\Firefox\Profiles\qnpimw5m.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v24.0.1312.52

File : C:\Documents and Settings\Buddy\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [879 octets] - [14/01/2013 18:06:57]
AdwCleaner[S1].txt - [4235 octets] - [09/01/2013 16:07:30]

########## EOF - C:\AdwCleaner[R1].txt - [998 octets] ##########

#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,543 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:22 PM

Posted 14 January 2013 - 02:23 PM

Also, there is "new hardware found wizard" opening after Windows starts up (this problem started recently and was present before I followed your instructions - sorry, I forgot to mention it).

What hardware did you connect to this computer last?
Is the wizard mentionning any device?
===

Using the Add/Remove Programs applet remove these old version of Java and Flash.
Java 2 Runtime Environment, SE v1.4.2_03
Adobe Flash Player 10 Flash Player
===

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
===


Open notepad and copy/paste the text in the quote box below into it:

Driver::
ntportio
Tetris

ClearJavaCache::



Save this as CFScript.txt on your desktop.

Posted Image

Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
===

I would like to add that there is message popping out on blue screen before Windows starts up, it says:
"stera program not found - skipping AUTOCHECK"


I will need to see the log from this tool to remove this blue screen.
  • Download OTL to your Desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scan box paste this in

    • netsvcs
      %SYSTEMDRIVE%\*.*
      %systemroot%\*. /mp /s
      CREATERESTOREPOINT
      %systemroot%\system32\*.dll /lockedfiles
      %systemroot%\Tasks\*.job /lockedfiles
      %systemroot%\System32\config\*.sav
      %systemroot%\system32\drivers\*.sys /90
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
===

Please post the log.

Let me know what problem persists.

#7 Alfik

Alfik
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:22 PM

Posted 15 January 2013 - 04:41 PM

Hello,

the wizard say "Unknown" hardware. I need to hit "Cancel" twice as the same "wizard window" opens twice. I have not connected any hardware lately.

So far, no improvement, all the problems (slow PC, new hardware Wizard window, blue screen) persist.

Here are the logs:

ComboFix 13-01-14.01 - Buddy . 01. 2013 20:12:18.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.1022.444 [GMT 1:00]
Running from: c:\documents and settings\Buddy\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Buddy\Desktop\CFScript.txt
AV: ESET Smart Security 6.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\Buddy\LOCALS~1\Temp\clclean.0001.dir.0000\~df394b.tmp
c:\documents and settings\Buddy\Local Settings\temp\clclean.0001.dir.0000\~df394b.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_ntportio
-------\Service_Tetris
.
.
((((((((((((((((((((((((( Files Created from 2012-12-15 to 2013-01-15 )))))))))))))))))))))))))))))))
.
.
2013-01-13 21:41 . 2013-01-13 21:41 -------- d-----w- c:\program files\ESET
2013-01-13 21:41 . 2013-01-13 21:41 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2013-01-13 16:16 . 2013-01-13 16:16 -------- d-----w- c:\documents and settings\Buddy\Application Data\AVG
2013-01-13 16:01 . 2013-01-13 16:17 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG
2013-01-13 16:00 . 2013-01-13 16:00 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2013-01-13 11:24 . 2013-01-13 11:24 -------- d-----w- c:\documents and settings\Buddy\Application Data\TuneUp Software
2013-01-13 11:15 . 2013-01-13 20:03 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2013-01-13 11:15 . 2013-01-13 11:15 -------- d-----w- c:\documents and settings\Buddy\Local Settings\Application Data\MFAData
2013-01-12 17:33 . 2013-01-12 17:34 -------- d-----w- c:\documents and settings\Administrator\Application Data\Creative
2013-01-12 17:28 . 2013-01-12 17:28 -------- d-----w- c:\documents and settings\Administrator\Application Data\DivX
2013-01-11 20:13 . 2013-01-11 20:13 -------- d-----r- C:\Sandbox
2013-01-11 20:11 . 2013-01-11 20:11 -------- d-----w- c:\program files\Sandboxie
2013-01-11 18:23 . 2013-01-11 18:23 -------- d-----w- c:\documents and settings\Buddy\Application Data\Windows Search
2013-01-11 15:04 . 2013-01-11 15:07 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2013-01-11 15:00 . 2013-01-11 15:00 -------- d-----w- c:\windows\system32\GroupPolicy
2013-01-11 14:59 . 2008-03-07 17:02 29696 ------w- c:\windows\system32\dllcache\mimefilt.dll
2013-01-11 14:58 . 2008-03-07 17:02 98304 ------w- c:\windows\system32\dllcache\nlhtml.dll
2013-01-11 14:58 . 2008-03-07 17:02 192000 ------w- c:\windows\system32\dllcache\offfilt.dll
2013-01-11 14:23 . 2013-01-05 17:19 866176 ----a-w- c:\program files\Mozilla Firefox\uninstall\helper.exe
2013-01-11 14:23 . 2013-01-05 03:44 262704 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2013-01-11 12:39 . 2013-01-11 12:39 -------- d-----w- c:\documents and settings\Buddy\Application Data\ElevatedDiagnostics
2013-01-10 23:14 . 2013-01-10 23:14 -------- d-----w- c:\documents and settings\Buddy\Local Settings\Application Data\PCHealth
2013-01-10 21:12 . 2013-01-10 21:12 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2013-01-10 21:12 . 2013-01-10 21:12 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2013-01-10 20:39 . 2013-01-10 20:41 -------- dc-h--w- c:\windows\ie8
2013-01-10 19:53 . 2013-01-10 19:53 -------- d-----w- c:\documents and settings\Buddy\Local Settings\Application Data\Sun
2013-01-10 19:50 . 2013-01-05 03:44 152112 ----a-w- c:\program files\Mozilla Firefox\softokn3.dll
2013-01-10 19:50 . 2013-01-05 03:44 92208 ----a-w- c:\program files\Mozilla Firefox\smime3.dll
2013-01-10 19:50 . 2013-01-05 03:44 17456 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2013-01-10 19:50 . 2013-01-05 03:44 21552 ----a-w- c:\program files\Mozilla Firefox\plds4.dll
2013-01-10 19:50 . 2013-01-05 03:44 22064 ----a-w- c:\program files\Mozilla Firefox\plc4.dll
2013-01-10 19:50 . 2013-01-05 03:44 19504 ----a-w- c:\program files\Mozilla Firefox\xpcom.dll
2013-01-10 19:50 . 2013-01-05 03:44 96816 ----a-w- c:\program files\Mozilla Firefox\webapprt-stub.exe
2013-01-10 19:50 . 2013-01-05 03:44 157864 ----a-w- c:\program files\Mozilla Firefox\webapp-uninstaller.exe
2013-01-10 19:50 . 2013-01-05 03:44 271920 ----a-w- c:\program files\Mozilla Firefox\updater.exe
2013-01-10 19:50 . 2013-01-05 03:44 155696 ----a-w- c:\program files\Mozilla Firefox\ssl3.dll
2013-01-10 19:50 . 2013-01-05 03:44 17798192 ----a-w- c:\program files\Mozilla Firefox\xul.dll
2013-01-10 18:27 . 2013-01-10 18:26 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-01-10 18:27 . 2013-01-10 18:26 859072 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-01-10 18:27 . 2013-01-10 18:26 779704 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-10 18:27 . 2013-01-10 18:26 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-01-09 21:10 . 2013-01-09 21:10 -------- d-----w- c:\program files\VS Revo Group
2013-01-09 17:40 . 2013-01-09 17:40 -------- d-----w- C:\TDSSKiller_Quarantine
2013-01-09 17:32 . 2013-01-09 17:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2013-01-09 17:32 . 2013-01-09 17:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-01-09 17:32 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-16 12:23 . 2005-08-16 04:18 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-13 01:25 . 2005-08-16 04:18 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-06 02:01 . 2008-09-22 21:41 1371648 ------w- c:\windows\system32\msxml6.dll
2012-11-02 02:02 . 2005-08-16 04:18 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:17 . 2005-08-16 04:18 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:17 . 2005-08-16 04:18 43520 ------w- c:\windows\system32\licmgr10.dll
2012-11-01 12:17 . 2005-08-16 04:18 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35 . 2005-08-16 04:18 385024 ------w- c:\windows\system32\html.iec
2013-01-05 03:44 . 2013-01-11 14:23 262704 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 24576]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2012-12-16 545552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-09-15 57344]
"MBMon"="CTMBHA.DLL" [2005-05-19 1345520]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 339968]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-11-26 5074384]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck stera
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
"PrintPack dispatcher"="c:\program files\Software602\Print2PDF\PrnPack.exe" /server
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe"
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"MSKDetectorExe"=c:\program files\McAfee\SpamKiller\MSKDetct.exe /uninstall
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"SNPSTD2"=c:\windows\vsnpstd2.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\SUPDSvc.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12540:TCP"= 12540:TCP:torrrent
"11801:TCP"= 11801:TCP:BitComet 11801 TCP
"11801:UDP"= 11801:UDP:BitComet 11801 UDP
"16820:TCP"= 16820:TCP:BitComet 16820 TCP
"16820:UDP"= 16820:UDP:BitComet 16820 UDP
"8829:TCP"= 8829:TCP:BitComet 8829 TCP
"8829:UDP"= 8829:UDP:BitComet 8829 UDP
"24274:TCP"= 24274:TCP:BitComet 24274 TCP
"24274:UDP"= 24274:UDP:BitComet 24274 UDP
"8574:TCP"= 8574:TCP:BitComet 8574 TCP
"8574:UDP"= 8574:UDP:BitComet 8574 UDP
"8790:TCP"= 8790:TCP:BitComet 8790 TCP
"8790:UDP"= 8790:UDP:BitComet 8790 UDP
"8832:TCP"= 8832:TCP:BitComet 8832 TCP
"8832:UDP"= 8832:UDP:BitComet 8832 UDP
"17592:TCP"= 17592:TCP:BitComet 17592 TCP
"17592:UDP"= 17592:UDP:BitComet 17592 UDP
"17265:TCP"= 17265:TCP:BitComet 17265 TCP
"17265:UDP"= 17265:UDP:BitComet 17265 UDP
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8. 4. 2006 19:06 691696]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [8. 10. 2012 8:21 121216]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [26. 11. 2012 13:34 1329304]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9. 1. 2013 18:32 682344]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9. 1. 2013 18:32 21104]
S2 gupdate1c9b2e5c73b1444;Služba Google Update (gupdate1c9b2e5c73b1444);c:\program files\Google\Update\GoogleUpdate.exe [1. 4. 2009 17:20 133104]
S3 DKRtWrt;DKRtWrt;c:\windows\system32\drivers\DKRtWrt.sys [19. 6. 2012 13:48 38608]
S3 Samsung UPD Service;Samsung UPD Service;c:\windows\system32\SUPDSvc.exe [10. 3. 2012 11:46 131888]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [17. 12. 2009 15:02 99152]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys --> c:\windows\system32\DRIVERS\VBoxNetFlt.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-01 16:20]
.
2013-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-01 16:20]
.
2013-01-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3239930355-4236695605-193725191-1005Core.job
- c:\documents and settings\Buddy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-07-01 19:22]
.
2013-01-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3239930355-4236695605-193725191-1005UA.job
- c:\documents and settings\Buddy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-07-01 19:22]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www1.euro.dell.com/content/default.aspx?c=ie&l=en&s=gen
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Download &Flash Movies - c:\program files\Flash2X\Flash Hunter\save.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 195.34.133.21 192.168.4.1
FF - ProfilePath - c:\documents and settings\Buddy\Application Data\Mozilla\Firefox\Profiles\qnpimw5m.default\
FF - prefs.js: browser.startup.homepage - www.google.sk
FF - prefs.js: network.proxy.type - 4
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre7\bin\jusched.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-15 21:40
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3239930355-4236695605-193725191-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3239930355-4236695605-193725191-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5A2B390D-3225-9EED-4DBE-C788CA4607D1}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oadohldoccfbbfdnmeefckgoejfhkc"=hex:61,69,66,65,63,66,68,65,65,61,67,69,68,68,
61,70,6b,64,61,63,70,6d,6a,6b,65,63,6f,6b,6a,64,6f,62,67,6a,64,6d,6e,6c,6c,\
"iaomnkkogmfnllcgci"=hex:6a,61,6c,62,66,6c,6b,68,6c,62,68,6b,6b,65,6b,66,65,6d,
65,6e,00,00
"haiopimnkhacadgp"=hex:6b,61,6b,62,61,6c,62,70,6a,61,6a,6d,63,66,65,64,62,6c,
61,70,6e,6c,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(212)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(276)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\program files\Common Files\Ahead\lib\NeroDigitalExt.dll
c:\program files\Pro Imaging Powertoys\Microsoft RAW Image Thumbnailer and Viewer for Windows XP\CRawViewerExtension.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Sandboxie\SbieSvc.exe
c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\CTsvcCDA.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\system32\Rundll32.exe
c:\docume~1\Buddy\LOCALS~1\Temp\clclean.0001
c:\program files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
.
**************************************************************************
.
Completion time: 2013-01-15 21:47:52 - machine was rebooted
ComboFix-quarantined-files.txt 2013-01-15 20:47
ComboFix2.txt 2013-01-14 16:51
.
Pre-Run: 21 588 246 528 bytes free
Post-Run: 21 522 935 808 bytes free
.
- - End Of File - - 528D248E7E1E412FAE2B506D3244C2EA








OTL logfile created on: 15. 1. 2013 21:54:08 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Buddy\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000041B | Country: Slovakia | Language: SKY | Date Format: d. M. yyyy

1022,07 Mb Total Physical Memory | 414,48 Mb Available Physical Memory | 40,55% Memory free
2,40 Gb Paging File | 1,96 Gb Available in Paging File | 81,74% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144,30 Gb Total Space | 20,08 Gb Free Space | 13,92% Space Free | Partition Type: NTFS
Drive D: | 149,01 Gb Total Space | 3,32 Gb Free Space | 2,23% Space Free | Partition Type: NTFS

Computer Name: BUDDYANDSWEETY | User Name: Buddy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Buddy\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\Buddy\Local Settings\temp\clclean.0001 (Macrovision Europe Ltd.)
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
PRC - C:\Program Files\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\ESET\ESET Smart Security\ekrn.exe (ESET)
PRC - C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe (Creative Labs)
PRC - C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
PRC - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe (Nero AG)
PRC - C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd)


========== Modules (No Company Name) ==========

MOD - C:\Documents and Settings\Buddy\Local Settings\temp\clclean.0001.dir.0000\~df394b.tmp ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\WINDOWS\system32\sbe.dll ()
MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\WINDOWS\system32\spd__l.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\WINDOWS\system32\emfxp.dll ()
MOD - C:\WINDOWS\system32\CTMBHA.DLL ()
MOD - C:\WINDOWS\system32\dsnpstd2.dll ()


========== Services (SafeList) ==========

SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (dlcf_device) -- C:\WINDOWS\system32\dlcfcoms.exe File not found
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SbieSvc) -- C:\Program Files\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (ekrn) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe (ESET)
SRV - (Diskeeper) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)
SRV - (Samsung UPD Service) -- C:\WINDOWS\system32\SUPDSvc.exe (Samsung Electronics CO., LTD.)
SRV - (Creative Labs Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe (Creative Labs)
SRV - (InCDsrv) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe (Nero AG)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (VBoxNetFlt) -- system32\DRIVERS\VBoxNetFlt.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (mbr) -- C:\DOCUME~1\Buddy\LOCALS~1\Temp\mbr.sys File not found
DRV - (lbrtfdc) -- File not found
DRV - (ithsgt) -- system32\DRIVERS\ithsgt.sys File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (aih10366) -- File not found
DRV - (agsac5hj) -- File not found
DRV - (SbieDrv) -- C:\Program Files\Sandboxie\SbieDrv.sys (SANDBOXIE L.T.D)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (epfw) -- C:\WINDOWS\system32\drivers\epfw.sys (ESET)
DRV - (ehdrv) -- C:\WINDOWS\system32\drivers\ehdrv.sys (ESET)
DRV - (epfwtdi) -- C:\WINDOWS\system32\drivers\epfwtdi.sys (ESET)
DRV - (Epfwndis) -- C:\WINDOWS\system32\drivers\epfwndis.sys (ESET)
DRV - (eamon) -- C:\WINDOWS\system32\drivers\eamon.sys (ESET)
DRV - (DKRtWrt) -- C:\WINDOWS\system32\drivers\DKRtWrt.sys (Diskeeper Corporation)
DRV - (VBoxNetAdp) -- C:\WINDOWS\system32\drivers\VBoxNetAdp.sys (Sun Microsystems, Inc.)
DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys ()
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()
DRV - (dtscsi) -- C:\WINDOWS\system32\drivers\dtscsi.sys (DT Soft Ltd.)
DRV - (s716unic) -- C:\WINDOWS\system32\drivers\s716unic.sys (MCCI Corporation)
DRV - (s716obex) -- C:\WINDOWS\system32\drivers\s716obex.sys (MCCI Corporation)
DRV - (s716nd5) -- C:\WINDOWS\system32\drivers\s716nd5.sys (MCCI Corporation)
DRV - (s716mdm) -- C:\WINDOWS\system32\drivers\s716mdm.sys (MCCI Corporation)
DRV - (s716mgmt) -- C:\WINDOWS\system32\drivers\s716mgmt.sys (MCCI Corporation)
DRV - (s716mdfl) -- C:\WINDOWS\system32\drivers\s716mdfl.sys (MCCI Corporation)
DRV - (s716bus) -- C:\WINDOWS\system32\drivers\s716bus.sys (MCCI Corporation)
DRV - (lilsgt) -- C:\WINDOWS\system32\drivers\lilsgt.sys ()
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (SSKBFD) -- C:\WINDOWS\system32\drivers\sskbfd.sys (Webroot Software Inc (www.webroot.com))
DRV - (monfilt) -- C:\WINDOWS\system32\drivers\monfilt.sys (Creative Technology Ltd.)
DRV - (sfvfs02) -- C:\WINDOWS\system32\drivers\sfvfs02.sys (Protection Technology)
DRV - (InCDrec) -- C:\WINDOWS\System32\drivers\InCDrec.sys (Nero AG)
DRV - (InCDfs) -- C:\WINDOWS\system32\drivers\InCDfs.sys (Nero AG)
DRV - (InCDPass) -- C:\WINDOWS\system32\drivers\InCDPass.sys (Nero AG)
DRV - (incdrm) -- C:\WINDOWS\system32\drivers\InCDRm.sys (Nero AG)
DRV - (sfsync02) -- C:\WINDOWS\system32\drivers\sfsync02.sys (Protection Technology)
DRV - (sfdrv01) -- C:\WINDOWS\system32\drivers\sfdrv01.sys (Protection Technology)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (CTUSFSYN) -- C:\WINDOWS\system32\drivers\CTUSFSYN.SYS (Creative Technology Ltd.)
DRV - (sfhlp02) -- C:\WINDOWS\system32\drivers\sfhlp02.sys (Protection Technology)
DRV - (sigfilt) -- C:\WINDOWS\system32\drivers\sigfilt.sys (Creative Technology Ltd.)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\CTSFM2K.SYS (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\CTOSS2K.SYS (Creative Technology Ltd.)
DRV - (PfModNT) -- C:\WINDOWS\system32\drivers\PFMODNT.SYS (Creative Technology Ltd.)
DRV - (IntelC53) -- C:\WINDOWS\system32\drivers\IntelC53.sys (Intel Corporation)
DRV - (snpstd2) -- C:\WINDOWS\system32\drivers\snpstd2.sys ()
DRV - (IntelC52) -- C:\WINDOWS\system32\drivers\IntelC52.sys (Intel Corporation)
DRV - (IntelC51) -- C:\WINDOWS\system32\drivers\IntelC51.sys (Intel Corporation)
DRV - (mohfilt) -- C:\WINDOWS\system32\drivers\mohfilt.sys (Intel Corporation)
DRV - (tandpl) -- C:\WINDOWS\system32\drivers\tandpl.sys ()
DRV - (enodpl) -- C:\WINDOWS\system32\drivers\enodpl.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {04230BFC-9E0A-43C0-95F8-1086CE52830B}
IE - HKCU\..\SearchScopes\{04230BFC-9E0A-43C0-95F8-1086CE52830B}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{E52BE12D-A44A-4f51-9DC1-34F37A488CC7}: "URL" = http://search.videodownload-toolbar.com/search?p=Q&ts=ne&w={searchTerms}&csrc=search-field
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.sk"
FF - prefs.js..extensions.enabledAddons: en-GB%40dictionaries.addons.mozilla.org:1.19.1
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.13
FF - prefs.js..extensions.enabledAddons: %7Be3f6c2cc-d8db-498c-af6c-499fb211db97%7D:1.12.9.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..network.proxy.type: 4
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=2.0: C:\Program Files\Virtual Earth 3D\ [2007.11.28 22:06:44 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Buddy\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Buddy\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.01.11 15:23:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.01.15 19:15:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013.01.13 22:41:08 | 000,000,000 | ---D | M]

[2009.03.31 20:31:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Buddy\Application Data\Mozilla\Extensions
[2013.01.13 10:12:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Buddy\Application Data\Mozilla\Firefox\Profiles\qnpimw5m.default\extensions
[2013.01.10 19:33:08 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Buddy\Application Data\Mozilla\Firefox\Profiles\qnpimw5m.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.10.10 19:08:59 | 000,000,000 | ---D | M] (Page Speed) -- C:\Documents and Settings\Buddy\Application Data\Mozilla\Firefox\Profiles\qnpimw5m.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2011.04.25 16:52:01 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Documents and Settings\Buddy\Application Data\Mozilla\Firefox\Profiles\qnpimw5m.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2013.01.11 21:30:46 | 002,151,598 | ---- | M] () (No name found) -- C:\Documents and Settings\Buddy\Application Data\Mozilla\Firefox\Profiles\qnpimw5m.default\extensions\firebug@software.joehewitt.com.xpi
[2008.06.30 17:46:45 | 000,001,108 | ---- | M] () -- C:\Documents and Settings\Buddy\Application Data\Mozilla\Firefox\Profiles\qnpimw5m.default\searchplugins\wikipedia-en.xml
[2013.01.11 15:23:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013.01.05 04:44:54 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.02.21 11:22:32 | 000,712,704 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2007.05.02 17:36:38 | 000,114,688 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll
[2013.01.05 18:19:10 | 000,001,583 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\atlas-sk.xml
[2013.01.05 18:19:10 | 000,001,380 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\azet-sk.xml
[2013.01.05 18:19:10 | 000,001,479 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\dunaj-sk.xml
[2013.01.05 18:19:10 | 000,001,473 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slovnik-sk.xml
[2013.01.05 18:19:10 | 000,001,104 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-sk.xml
[2013.01.05 18:19:10 | 000,000,830 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\zoznam-sk.xml

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage:
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Buddy\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Buddy\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Buddy\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.180.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java™ Platform SE 6 U18 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: BitCometAgent (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Buddy\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle Broadcaster Plugin (Enabled) = C:\Program Files\Veetle\VLCBroadcast\npvbp.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\Buddy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: H\u013Eada\u0165 v Google = C:\Documents and Settings\Buddy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Gmail = C:\Documents and Settings\Buddy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013.01.15 21:40:26 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [MBMon] C:\WINDOWS\System32\CTMBHA.DLL ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKCU..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKCU..\Run: [SetDefaultMIDI] C:\WINDOWS\MIDIDEF.EXE (Creative Technology Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download &Flash Movies - C:\Program Files\Flash2X\Flash Hunter\save.htm File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Print2PDF - {5B7027AD-AA6D-40df-8F56-9560F277D2A5} - C:\Program Files\Software602\Print2PDF\Print602.dll (Software602 a.s.)
O9 - Extra 'Tools' menuitem : Print2PDF - {5B7027AD-AA6D-40df-8F56-9560F277D2A5} - C:\Program Files\Software602\Print2PDF\Print602.dll (Software602 a.s.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} http://www.creative.com/su/ocx/15026/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} http://download.microsoft.com/download/a/d/e/ade837f3-8e2d-4eca-9e4f-f0fcc750ab87/VirtualEarth3D.cab (SentinelVE3D Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1357915608937 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl/jinstall-170-windows-i586.cab (Java Plug-in 1.7.0_10)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-170-windows-i586.cab (Java Plug-in 1.7.0_10)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://www.creative.com/su/ocx/15028/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.34.133.21 192.168.4.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D9754F8F-6338-4398-B7C8-DA0214490F45}: DhcpNameServer = 195.34.133.21 192.168.4.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\WRNotifier: DllName - (WRLogonNTF.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.08.16 05:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (autocheck stera)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013.01.15 21:50:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Buddy\Desktop\OTL.exe
[2013.01.14 17:28:04 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013.01.14 17:28:04 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013.01.14 17:28:04 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013.01.14 17:28:04 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013.01.14 17:27:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.01.14 17:23:19 | 005,022,074 | R--- | C] (Swearware) -- C:\Documents and Settings\Buddy\Desktop\ComboFix.exe
[2013.01.13 22:41:02 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013.01.13 22:41:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ESET
[2013.01.13 22:41:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET
[2013.01.13 17:16:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Buddy\Application Data\AVG
[2013.01.13 17:01:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG
[2013.01.13 17:00:27 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
[2013.01.13 12:24:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Buddy\Application Data\TuneUp Software
[2013.01.13 12:15:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Buddy\Local Settings\Application Data\MFAData
[2013.01.13 12:15:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2013.01.11 21:13:06 | 000,000,000 | R--D | C] -- C:\Sandbox
[2013.01.11 21:11:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sandboxie
[2013.01.11 21:11:29 | 000,000,000 | ---D | C] -- C:\Program Files\Sandboxie
[2013.01.11 19:23:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Buddy\Application Data\Windows Search
[2013.01.11 16:04:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2013.01.11 16:00:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2013.01.11 15:59:00 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mimefilt.dll
[2013.01.11 15:58:59 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\offfilt.dll
[2013.01.11 15:58:59 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nlhtml.dll
[2013.01.11 13:39:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Buddy\Application Data\ElevatedDiagnostics
[2013.01.11 13:38:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2013.01.11 13:37:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2013.01.11 00:14:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Buddy\Local Settings\Application Data\PCHealth
[2013.01.10 21:39:13 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2013.01.10 20:53:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Buddy\Local Settings\Application Data\Sun
[2013.01.10 19:30:23 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Buddy\Recent
[2013.01.10 19:27:42 | 000,859,072 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2013.01.10 19:27:42 | 000,779,704 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2013.01.10 19:27:42 | 000,260,528 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013.01.10 19:27:42 | 000,143,872 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013.01.10 19:27:19 | 000,093,640 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013.01.10 19:27:18 | 000,174,000 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013.01.10 19:27:18 | 000,173,992 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013.01.09 22:10:25 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2013.01.09 22:10:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Buddy\Start Menu\Programs\Revo Uninstaller
[2013.01.09 18:40:15 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013.01.09 18:32:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.01.09 18:32:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013.01.09 18:32:47 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013.01.09 18:32:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013.01.15 21:50:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Buddy\Desktop\OTL.exe
[2013.01.15 21:40:26 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013.01.15 21:40:09 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.01.15 21:40:09 | 000,000,920 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.15 21:39:02 | 000,000,588 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2013.01.15 21:39:02 | 000,000,588 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2013.01.15 21:27:03 | 000,000,924 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.15 21:27:00 | 000,001,016 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3239930355-4236695605-193725191-1005UA.job
[2013.01.15 20:32:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.01.15 19:15:30 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
[2013.01.14 21:50:05 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2013.01.14 18:06:42 | 000,554,087 | ---- | M] () -- C:\Documents and Settings\Buddy\Desktop\adwcleaner.exe
[2013.01.14 18:03:44 | 000,881,914 | ---- | M] () -- C:\Documents and Settings\Buddy\Desktop\SecurityCheck.exe
[2013.01.14 17:23:57 | 005,022,074 | R--- | M] (Swearware) -- C:\Documents and Settings\Buddy\Desktop\ComboFix.exe
[2013.01.13 20:53:30 | 000,000,964 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3239930355-4236695605-193725191-1005Core.job
[2013.01.13 19:36:43 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Buddy\Application Data\Microsoft\Internet Explorer\Quick Launch\Show desktop.scf
[2013.01.13 14:34:19 | 000,002,302 | ---- | M] () -- C:\Documents and Settings\Buddy\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013.01.13 14:34:18 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Buddy\Desktop\Google Chrome.lnk
[2013.01.13 11:19:24 | 000,001,322 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini
[2013.01.13 10:21:54 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\Buddy\Desktop\HiJackThis.lnk
[2013.01.11 21:38:40 | 000,442,948 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.01.11 21:38:40 | 000,072,214 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013.01.11 21:11:30 | 000,000,754 | ---- | M] () -- C:\Documents and Settings\Buddy\Desktop\Pieskovisko Webový prehliadač.lnk
[2013.01.11 21:11:30 | 000,000,754 | ---- | M] () -- C:\Documents and Settings\Buddy\Application Data\Microsoft\Internet Explorer\Quick Launch\Pieskovisko Webový prehliadač.lnk
[2013.01.11 15:23:36 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Buddy\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013.01.11 15:23:36 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2013.01.10 23:31:04 | 000,624,408 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.01.10 19:26:34 | 000,093,640 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013.01.10 19:26:23 | 000,260,528 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013.01.10 19:26:23 | 000,174,000 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013.01.10 19:26:22 | 000,173,992 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013.01.10 19:26:22 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013.01.10 19:26:21 | 000,859,072 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2013.01.10 19:26:20 | 000,779,704 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2013.01.09 22:10:25 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\Buddy\Desktop\Revo Uninstaller.lnk
[2013.01.09 20:57:19 | 000,152,064 | ---- | M] () -- C:\Documents and Settings\Buddy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.01.09 18:32:51 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.01.15 19:15:30 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
[2013.01.15 19:15:30 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
[2013.01.14 18:06:41 | 000,554,087 | ---- | C] () -- C:\Documents and Settings\Buddy\Desktop\adwcleaner.exe
[2013.01.14 18:03:42 | 000,881,914 | ---- | C] () -- C:\Documents and Settings\Buddy\Desktop\SecurityCheck.exe
[2013.01.14 17:28:04 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013.01.14 17:28:04 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013.01.14 17:28:04 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013.01.14 17:28:04 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013.01.14 17:28:04 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013.01.13 19:36:43 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Buddy\Application Data\Microsoft\Internet Explorer\Quick Launch\Show desktop.scf
[2013.01.11 21:12:14 | 000,000,754 | ---- | C] () -- C:\Documents and Settings\Buddy\Desktop\Pieskovisko Webový prehliadač.lnk
[2013.01.11 21:12:14 | 000,000,754 | ---- | C] () -- C:\Documents and Settings\Buddy\Application Data\Microsoft\Internet Explorer\Quick Launch\Pieskovisko Webový prehliadač.lnk
[2013.01.11 21:12:11 | 000,001,322 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2013.01.11 15:58:12 | 000,225,262 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msimain.sdb
[2013.01.11 15:23:36 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2013.01.09 22:10:25 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\Buddy\Desktop\Revo Uninstaller.lnk
[2013.01.09 18:32:51 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.12.14 21:07:53 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.12.14 20:17:49 | 000,297,153 | ---- | C] () -- C:\Documents and Settings\Buddy\Local Settings\Application Data\census.cache
[2012.12.14 20:17:35 | 000,237,681 | ---- | C] () -- C:\Documents and Settings\Buddy\Local Settings\Application Data\ars.cache
[2012.12.14 17:33:56 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Buddy\Local Settings\Application Data\housecall.guid.cache
[2012.03.10 11:46:32 | 000,259,888 | ---- | C] () -- C:\WINDOWS\SUPDRun.exe
[2012.03.10 11:46:31 | 000,283,136 | ---- | C] () -- C:\WINDOWS\System32\DscPnt.dll
[2012.03.10 11:46:31 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\spd__l.dll
[2012.03.10 11:46:30 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\spd__ci.exe
[2012.02.21 19:05:00 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.12.18 21:58:38 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Buddy\Local Settings\Application Data\WebpageIcons.db
[2011.12.18 18:41:28 | 000,035,202 | ---- | C] () -- C:\WINDOWS\System32\epfwdata.bin
[2011.12.18 16:32:19 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Buddy\Local Settings\Application Data\{4515464B-162D-40A5-8A08-43A382DEB73F}
[2011.11.27 20:18:28 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2011.11.27 20:18:21 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011.11.27 20:18:21 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011.11.27 20:18:10 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011.10.28 18:42:53 | 000,000,416 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk
[2011.07.27 19:54:39 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ReminderNextRun
[2011.01.13 22:04:18 | 000,007,968 | ---- | C] () -- C:\Documents and Settings\Buddy\.recently-used.xbel
[2010.03.06 18:33:59 | 000,003,598 | ---- | C] () -- C:\Documents and Settings\Buddy\.ganttproject
[2006.11.14 22:42:17 | 000,000,173 | ---- | C] () -- C:\Documents and Settings\Buddy\default.pls
[2006.05.19 19:47:02 | 000,002,917 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006.05.15 20:40:30 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Buddy\.gtk-bookmarks
[2006.03.04 13:55:08 | 000,003,072 | ---- | C] () -- C:\Documents and Settings\Buddy\Application Data\dvd.bmk
[2006.03.02 23:54:57 | 000,152,064 | ---- | C] () -- C:\Documents and Settings\Buddy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006.03.02 22:03:00 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Buddy\Local Settings\Application Data\fusioncache.dat

========== ZeroAccess Check ==========

[2005.08.16 05:39:16 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 01:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 13:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 01:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013.01.13 17:17:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG
[2008.02.28 18:22:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2011.12.18 18:12:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009.11.06 23:04:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2012.06.19 13:48:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation
[2013.01.13 22:41:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010.03.06 12:27:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\KaDonk
[2013.01.13 21:03:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011.10.09 19:05:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2008.07.15 20:38:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Teleca
[2009.01.31 20:11:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft
[2010.02.02 21:16:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
[2013.01.13 17:00:27 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
[2006.05.27 00:07:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buddy\Application Data\.BitTornado
[2008.10.28 18:38:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buddy\Application Data\Acoustica
[2013.01.13 17:16:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buddy\Application Data\AVG
[2008.11.02 21:07:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buddy\Application Data\BitTorrent
[2012.06.15 21:00:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buddy\Application Data\DAEMON Tools Lite
[2008.01.31 22:37:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buddy\Application Data\DAEMON Tools Pro
[2013.01.11 13:39:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buddy\Application Data\ElevatedDiagnostics
[2011.12.15 21:19:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buddy\Application Data\ESET
[2012.06.15 21:00:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buddy\Application Data\FileZilla
[2009.06.19 18:31:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buddy\Application Data\GetGo Software
[2011.01.13 22:03:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buddy\Application Data\gtk-2.0
[2006.08.12 15:16:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buddy\Application Data\gtopala
[2010.03.06 12:27:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buddy\Application Data\KaDonk
[2006.07.09 10:22:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buddy\Application Data\last.fm
[2006.03.02 22:41:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buddy\Application Data\Leadertech
[2009.06.19 18:39:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buddy\Application Data\Moyea
[2010.03.06 12:36:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buddy\Application Data\OpenProj
[2006.08.16 20:04:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buddy\Application Data\Opera
[2009.06.19 18:49:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buddy\Application Data\Orbit
[2008.05.18 15:16:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buddy\Application Data\PPMate
[2009.06.06 14:28:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buddy\Application Data\ppStream
[2006.03.05 22:26:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buddy\Application Data\RadLight LLC
[2007.12.15 18:24:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buddy\Application Data\Registry Cleaner
[2008.04.08 21:29:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buddy\Application Data\SmartDraw
[2008.04.29 19:51:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buddy\Application Data\Software602
[2010.09.04 20:05:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buddy\Application Data\Taito Legends
[2010.09.04 20:06:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buddy\Application Data\Taito Legends 2
[2008.07.15 20:48:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buddy\Application Data\Teleca
[2006.03.02 23:02:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buddy\Application Data\Template
[2010.04.11 20:20:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buddy\Application Data\TigerPlayer
[2012.12.14 21:53:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buddy\Application Data\TrojanHunter
[2013.01.13 12:24:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buddy\Application Data\TuneUp Software
[2006.08.16 19:14:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buddy\Application Data\uTorrent
[2013.01.11 19:23:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buddy\Application Data\Windows Search
[2011.12.18 22:38:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buddy\Application Data\xgccxd1zi3yfaxocr33dtmioku1uzoa12
[2011.12.15 16:59:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buddy\Application Data\xtryoxast2qqxyoefbehieglwftxhzeh2

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2011.12.18 18:07:23 | 000,219,292 | ---- | M] () -- C:\aaw7boot.log
[2009.11.27 15:29:58 | 000,000,000 | ---- | M] () -- C:\acc_speed.txt
[2013.01.14 18:07:06 | 000,001,066 | ---- | M] () -- C:\AdwCleaner[R1].txt
[2013.01.09 16:07:43 | 000,004,235 | ---- | M] () -- C:\AdwCleaner[S1].txt
[2005.08.16 05:43:04 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2006.08.13 13:26:14 | 000,000,209 | ---- | M] () -- C:\Boot.bak
[2012.06.19 15:28:32 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2009.03.29 21:33:38 | 000,000,000 | ---- | M] () -- C:\checkfw.log
[2004.08.03 22:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2013.01.15 21:47:55 | 000,016,160 | ---- | M] () -- C:\ComboFix.txt
[2005.08.16 05:43:04 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2006.02.27 21:45:02 | 000,005,522 | RH-- | M] () -- C:\dell.sdr
[2012.12.14 21:03:41 | 000,000,000 | -HS- | M] () -- C:\DkHyperbootSync
[2012.06.19 15:04:56 | 000,466,508 | ---- | M] () -- C:\dlcf.log
[2007.01.31 22:47:40 | 000,019,792 | ---- | M] () -- C:\GF_Excpt.txt
[2010.12.20 15:49:34 | 000,115,224 | ---- | M] () -- C:\img2-001.raw
[2006.03.11 17:38:31 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2005.08.16 05:43:04 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2005.08.16 05:43:04 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004.08.10 06:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008.09.23 18:36:40 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2013.01.15 20:32:15 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
[2013.01.14 17:22:09 | 000,396,288 | ---- | M] () -- C:\smlook.txt
[2006.10.19 22:03:56 | 000,028,927 | -H-- | M] () -- C:\treeinfo.wc

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2005.08.16 05:27:08 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2005.08.16 05:27:08 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2005.08.16 05:27:08 | 000,876,544 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys

< End of report >



OTL Extras logfile created on: 15. 1. 2013 21:54:08 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Buddy\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000041B | Country: Slovakia | Language: SKY | Date Format: d. M. yyyy

1022,07 Mb Total Physical Memory | 414,48 Mb Available Physical Memory | 40,55% Memory free
2,40 Gb Paging File | 1,96 Gb Available in Paging File | 81,74% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144,30 Gb Total Space | 20,08 Gb Free Space | 13,92% Space Free | Partition Type: NTFS
Drive D: | 149,01 Gb Total Space | 3,32 Gb Free Space | 2,23% Space Free | Partition Type: NTFS

Computer Name: BUDDYANDSWEETY | User Name: Buddy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"12540:TCP" = 12540:TCP:*:Enabled:torrrent
"11801:TCP" = 11801:TCP:*:Enabled:BitComet 11801 TCP
"11801:UDP" = 11801:UDP:*:Enabled:BitComet 11801 UDP
"16820:TCP" = 16820:TCP:*:Enabled:BitComet 16820 TCP
"16820:UDP" = 16820:UDP:*:Enabled:BitComet 16820 UDP
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"8829:TCP" = 8829:TCP:*:Enabled:BitComet 8829 TCP
"8829:UDP" = 8829:UDP:*:Enabled:BitComet 8829 UDP
"24274:TCP" = 24274:TCP:*:Enabled:BitComet 24274 TCP
"24274:UDP" = 24274:UDP:*:Enabled:BitComet 24274 UDP
"8574:TCP" = 8574:TCP:*:Enabled:BitComet 8574 TCP
"8574:UDP" = 8574:UDP:*:Enabled:BitComet 8574 UDP
"8790:TCP" = 8790:TCP:*:Enabled:BitComet 8790 TCP
"8790:UDP" = 8790:UDP:*:Enabled:BitComet 8790 UDP
"8832:TCP" = 8832:TCP:*:Enabled:BitComet 8832 TCP
"8832:UDP" = 8832:UDP:*:Enabled:BitComet 8832 UDP
"17592:TCP" = 17592:TCP:*:Enabled:BitComet 17592 TCP
"17592:UDP" = 17592:UDP:*:Enabled:BitComet 17592 UDP
"17265:TCP" = 17265:TCP:*:Enabled:BitComet 17265 TCP
"17265:UDP" = 17265:UDP:*:Enabled:BitComet 17265 UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\WINDOWS\system32\SUPDSvc.exe" = C:\WINDOWS\system32\SUPDSvc.exe:*:Enabled:Samsung UPD Service -- (Samsung Electronics CO., LTD.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{2E5A5B57-57FC-4C79-A239-9DB280ADEC2A}" = Microsoft RAW Image Thumbnailer and Viewer for Windows XP Version 1.0 (Build 50)
"{2F173C40-563E-11D4-89C5-0010ADDAAC33}" = EA.com Matchup
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4781569D-5404-1F26-4B2B-6DF444441031}" = Nero 7 Premium
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A5A427F-BA39-4BF0-9A47-9999FBE60C9F}" = Visual C++ Runtime for Dragon NaturallySpeaking
"{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}" = Sound Blaster Audigy ADVANCED MB
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{5CC68528-24FF-4DF8-91C9-AF540F98505A}" = Sony Ericsson Drivers
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{76C830AF-67D9-4608-9D7D-6F263657EB05}" = Print2PDF
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}" = Intel® PROSet for Wired Connections
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F5E7D9E-49C4-4BEF-BEC1-040E54D65F54}" = ESET Smart Security
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9AB97F52-512B-43EF-AAEC-4825C17B32ED}" = EA.com Update
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1029-7B44-AB0000000001}" = Adobe Reader XI - Czech
"{B192E1BB-98A4-4369-9271-96117A57F546}" = Sony Ericsson PC Suite
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C01408FC-117C-44B7-8B0C-17794E526A01}" = Disc2Phone
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}" = Sony Ericsson Device Data
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{D6BF6477-8369-489F-8DE6-3731F4B88560}" = Sony Ericsson PC Suite
"{D76D1828-BBA0-4BD9-8181-5ACC617DC5F2}" = Virtual Earth 3D (Beta)
"{DED32793-CB1D-4B1E-8788-90E3E1D8BC61}" = Diskeeper 2011
"{E031338C-839D-4EDD-9537-99B653C39D81}" = Autodesk MapGuide® Viewer ActiveX Control Release 6.5
"{EADAA6F7-991F-4CE9-B5CE-FCF3D81F7C7D}" = USB PC Camera (SN9C103)
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2006
"AC3ACM" = AC-3 ACM Codec
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ATI Display Driver" = ATI Display Driver
"CCleaner" = CCleaner
"DVD Shrink_is1" = DVD Shrink 3.2
"EAX Unified" = EAX Unified
"Elecard MPEG-2 Decoder&Streaming Plug-in for WMP 3.4.61129" = Elecard MPEG-2 Decoder&Streaming Plug-in for WMP
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"FileZilla Client" = FileZilla Client 3.3.5.1
"GanttProject" = GanttProject
"GOM Player" = GOM Player
"Hamachi" = Hamachi 1.0.1.4
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"IETester" = IETester v0.4.7 (remove only)
"Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.9.8 BETA
"Last.fm Player_is1" = Last.fm Player 1.1.4
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Mafia Game" = Mafia Game
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware verzia 1.70.0.1100
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 18.0 (x86 sk)" = Mozilla Firefox 18.0 (x86 sk)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"MV2Player" = MV2Player (remove only)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Picasa 3" = Picasa 3
"PROSet" = Intel® PRO Network Connections Drivers
"PSPad editor_is1" = PSPad editor
"Revo Uninstaller" = Revo Uninstaller 1.94
"Samsung Universal Print Driver" = Samsung Universal Print Driver
"Sandboxie" = Sandboxie 3.76 (32-bit)
"Shutdown Xpert" = Shutdown Xpert
"Sound Blaster Audigy ADVANCED MB Product Registration" = Sound Blaster Audigy ADVANCED MB Product Registration
"Totalcmd" = Total Commander (Remove or Repair)
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.10
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{DFFE2B1F-07E0-45A9-8801-CD8514CAA876}" = Prince of Persia T2T
"f031ef6ac137efc5" = Dell Driver Download Manager
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 13. 1. 2013 6:30:51 | Computer Name = BUDDYANDSWEETY | Source = MsiInstaller | ID = 10005
Description = SA_Error1709: StandardAction(0xC00706AD): Produkt: AVG 2013 -- Error
27055. CA_Error27055: SetupActionManager_init(0xE001D032): Inštalácia zlyhala.

Error - 13. 1. 2013 6:31:17 | Computer Name = BUDDYANDSWEETY | Source = MsiInstaller | ID = 10005
Description = SA_Error1709: StandardAction(0xC00706AD): Produkt: AVG 2013 -- Error
27055. CA_Error27055: SetupActionManager_init(0xE001D032): Inštalácia zlyhala.

Error - 13. 1. 2013 6:31:29 | Computer Name = BUDDYANDSWEETY | Source = MsiInstaller | ID = 10005
Description = SA_Error1709: StandardAction(0xC00706AD): Produkt: AVG 2013 -- Error
27055. CA_Error27055: SetupActionManager_init(0xE001D032): Inštalácia zlyhala.

Error - 13. 1. 2013 6:32:58 | Computer Name = BUDDYANDSWEETY | Source = MsiInstaller | ID = 10005
Description = SA_Error1709: StandardAction(0xC00706AD): Produkt: AVG 2013 -- Error
27055. CA_Error27055: SetupActionManager_init(0xE001D032): Inštalácia zlyhala.

Error - 13. 1. 2013 6:33:18 | Computer Name = BUDDYANDSWEETY | Source = MsiInstaller | ID = 10005
Description = SA_Error1709: StandardAction(0xC00706AD): Produkt: AVG 2013 -- Error
27055. CA_Error27055: SetupActionManager_init(0xE001D032): Inštalácia zlyhala.

Error - 13. 1. 2013 6:38:47 | Computer Name = BUDDYANDSWEETY | Source = MsiInstaller | ID = 10005
Description = SA_Error1709: StandardAction(0xC00706AD): Produkt: AVG 2013 -- Error
27055. CA_Error27055: SetupActionManager_init(0xE001D032): Inštalácia zlyhala.

Error - 13. 1. 2013 6:42:26 | Computer Name = BUDDYANDSWEETY | Source = MsiInstaller | ID = 10005
Description = SA_Error1709: StandardAction(0xC00706AD): Produkt: AVG 2013 -- Error
27055. CA_Error27055: SetupActionManager_init(0xE001D032): Inštalácia zlyhala.

Error - 13. 1. 2013 7:16:08 | Computer Name = BUDDYANDSWEETY | Source = MsiInstaller | ID = 10005
Description = SA_Error1709: StandardAction(0xC00706AD): Produkt: AVG 2013 -- Error
27055. CA_Error27055: SetupActionManager_init(0xE001003D): Inštalácia zlyhala.

Error - 13. 1. 2013 7:19:00 | Computer Name = BUDDYANDSWEETY | Source = MsiInstaller | ID = 11704
Description = SA_Error1709: StandardAction(0xC00706AD): Produkt: AVG 2013 -- Chyba
1704. SA_Error1704: StandardAction(0xC00706A8): Inštalácia produktu AVG 2013 je
momentálne pozastavená. Pred pokračovaním musíte zrušiť zmeny urobené pred touto
inštaláciou. Chcete zrušiť tieto zmeny?

Error - 14. 1. 2013 12:27:25 | Computer Name = BUDDYANDSWEETY | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 0.0.0.0, faulting module
iexplore.exe, version 0.0.0.0, fault address 0x0008d1c0.

[ System Events ]
Error - 9. 1. 2013 13:12:32 | Computer Name = BUDDYANDSWEETY | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\D.

Error - 9. 1. 2013 13:12:32 | Computer Name = BUDDYANDSWEETY | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\D.

Error - 9. 1. 2013 13:12:32 | Computer Name = BUDDYANDSWEETY | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\D.

Error - 9. 1. 2013 13:12:32 | Computer Name = BUDDYANDSWEETY | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\D.

Error - 9. 1. 2013 13:12:32 | Computer Name = BUDDYANDSWEETY | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\D.

Error - 9. 1. 2013 13:12:32 | Computer Name = BUDDYANDSWEETY | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\D.

Error - 9. 1. 2013 13:12:32 | Computer Name = BUDDYANDSWEETY | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\D.

Error - 9. 1. 2013 13:12:32 | Computer Name = BUDDYANDSWEETY | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\D.

Error - 9. 1. 2013 13:12:32 | Computer Name = BUDDYANDSWEETY | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\D.

Error - 9. 1. 2013 13:12:32 | Computer Name = BUDDYANDSWEETY | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\D.


< End of report >

#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,543 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:22 PM

Posted 16 January 2013 - 10:40 AM

Do you still have SpySweeper installed on this computer?

O20 - Winlogon\Notify\WRNotifier: DllName - (WRLogonNTF.dll) - File not found
SpySweeper v 4.5 by Webroot

DRV - (SSKBFD) -- C:\WINDOWS\system32\drivers\sskbfd.sys (Webroot Software Inc (www.webroot.com))


If not please add the following lines in blue after the last line in the quoted box below.
These line should go just after: O34 - HKLM BootExecute: (autocheck stera)


DRV - (SSKBFD) -- C:\WINDOWS\system32\drivers\sskbfd.sys (Webroot Software Inc (www.webroot.com))
O20 - Winlogon\Notify\WRNotifier: DllName - (WRLogonNTF.dll) - File not found



Run OTL - Double-click OTL.exe Posted Image to start it.

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    DRV - (WDICA) -- File not found
    DRV - (VBoxNetFlt) -- system32\DRIVERS\VBoxNetFlt.sys File not found
    DRV - (PDRFRAME) -- File not found
    DRV - (PDRELI) -- File not found
    DRV - (PDFRAME) -- File not found
    DRV - (PDCOMP) -- File not found
    DRV - (PCIDump) -- File not found
    DRV - (mbr) -- C:\DOCUME~1\Buddy\LOCALS~1\Temp\mbr.sys File not found
    DRV - (lbrtfdc) -- File not found
    DRV - (ithsgt) -- system32\DRIVERS\ithsgt.sys File not found
    DRV - (Changer) -- File not found
    DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
    DRV - (aih10366) -- File not found
    DRV - (agsac5hj) -- File not found
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
    O20 - Winlogon\Notify\WRNotifier: DllName - (WRLogonNTF.dll) - File not found
    O34 - HKLM BootExecute: (autocheck stera)

    :Commands
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

====

If still no improvement or some issues are still happening please run these tools.

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

#9 Alfik

Alfik
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:22 PM

Posted 17 January 2013 - 03:24 PM

Hello,

Unfortunately, the problems still persist.

I ran OTL fix like instructed but it got stuck when processing this line "DRV - (Changer) -- File not found" and OTL was not responding - I had to end task through Task Manager. So, I ran it again and then it got stuck when processing this line "O34 - HKLM BootExecute: (autocheck stera)" and OTL was not responding - I had to end task through Task Manager. So, I restarted the PC and tried again with the same result. I cannot provide the log of OTL.

Here are the logs of TDSSKiller and aswMBR:

20:21:16.0718 0376 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
20:21:16.0812 0376 ============================================================
20:21:16.0812 0376 Current date / time: 2013/01/17 20:21:16.0812
20:21:16.0812 0376 SystemInfo:
20:21:16.0812 0376
20:21:16.0812 0376 OS Version: 5.1.2600 ServicePack: 3.0
20:21:16.0812 0376 Product type: Workstation
20:21:16.0812 0376 ComputerName: BUDDYANDSWEETY
20:21:16.0812 0376 UserName: Buddy
20:21:16.0812 0376 Windows directory: C:\WINDOWS
20:21:16.0812 0376 System windows directory: C:\WINDOWS
20:21:16.0812 0376 Processor architecture: Intel x86
20:21:16.0812 0376 Number of processors: 2
20:21:16.0812 0376 Page size: 0x1000
20:21:16.0812 0376 Boot type: Normal boot
20:21:16.0812 0376 ============================================================
20:21:18.0531 0376 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:21:18.0531 0376 Drive \Device\Harddisk1\DR1 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:21:18.0578 0376 ============================================================
20:21:18.0578 0376 \Device\Harddisk0\DR0:
20:21:18.0578 0376 MBR partitions:
20:21:18.0578 0376 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1F608, BlocksNum 0x12098F55
20:21:18.0578 0376 \Device\Harddisk1\DR1:
20:21:18.0578 0376 MBR partitions:
20:21:18.0578 0376 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A050BD
20:21:18.0578 0376 ============================================================
20:21:18.0625 0376 C: <-> \Device\Harddisk0\DR0\Partition1
20:21:18.0625 0376 D: <-> \Device\Harddisk1\DR1\Partition1
20:21:18.0625 0376 ============================================================
20:21:18.0625 0376 Initialize success
20:21:18.0625 0376 ============================================================
20:22:43.0171 1580 ============================================================
20:22:43.0171 1580 Scan started
20:22:43.0171 1580 Mode: Manual;
20:22:43.0171 1580 ============================================================
20:22:43.0625 1580 ================ Scan system memory ========================
20:22:43.0640 1580 System memory - ok
20:22:43.0640 1580 ================ Scan services =============================
20:22:43.0984 1580 Abiosdsk - ok
20:22:44.0015 1580 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
20:22:44.0031 1580 abp480n5 - ok
20:22:44.0125 1580 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:22:44.0187 1580 ACPI - ok
20:22:44.0203 1580 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
20:22:44.0218 1580 ACPIEC - ok
20:22:44.0281 1580 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
20:22:44.0312 1580 adpu160m - ok
20:22:44.0406 1580 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
20:22:44.0453 1580 aec - ok
20:22:44.0546 1580 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
20:22:44.0593 1580 AFD - ok
20:22:44.0625 1580 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
20:22:44.0640 1580 agp440 - ok
20:22:44.0656 1580 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
20:22:44.0671 1580 agpCPQ - ok
20:22:44.0687 1580 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
20:22:44.0703 1580 Aha154x - ok
20:22:44.0734 1580 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
20:22:44.0750 1580 aic78u2 - ok
20:22:44.0781 1580 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
20:22:44.0796 1580 aic78xx - ok
20:22:44.0859 1580 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
20:22:44.0859 1580 Alerter - ok
20:22:44.0890 1580 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
20:22:44.0890 1580 ALG - ok
20:22:44.0906 1580 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
20:22:44.0906 1580 AliIde - ok
20:22:44.0937 1580 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
20:22:44.0953 1580 alim1541 - ok
20:22:44.0968 1580 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
20:22:44.0984 1580 amdagp - ok
20:22:45.0000 1580 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
20:22:45.0015 1580 amsint - ok
20:22:45.0109 1580 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
20:22:45.0171 1580 AppMgmt - ok
20:22:45.0187 1580 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
20:22:45.0203 1580 asc - ok
20:22:45.0218 1580 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
20:22:45.0218 1580 asc3350p - ok
20:22:45.0234 1580 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
20:22:45.0250 1580 asc3550 - ok
20:22:45.0406 1580 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
20:22:45.0500 1580 aspnet_state - ok
20:22:45.0546 1580 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:22:45.0546 1580 AsyncMac - ok
20:22:45.0593 1580 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
20:22:45.0593 1580 atapi - ok
20:22:45.0609 1580 Atdisk - ok
20:22:45.0843 1580 [ ECA673779ECD27D674953D692FE070F6 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
20:22:45.0843 1580 Ati HotKey Poller - ok
20:22:46.0078 1580 [ 1428C586BB318E1404575834E428ADDD ] ATI Smart C:\WINDOWS\system32\ati2sgag.exe
20:22:46.0078 1580 ATI Smart - ok
20:22:47.0250 1580 [ 15B2FE76E2ECEB98C49ED52311A6F26F ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
20:22:48.0359 1580 ati2mtag - ok
20:22:48.0515 1580 [ 3C4B9850A2631C2263507400D029057B ] atksgt C:\WINDOWS\system32\DRIVERS\atksgt.sys
20:22:48.0515 1580 atksgt - ok
20:22:48.0546 1580 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:22:48.0562 1580 Atmarpc - ok
20:22:48.0640 1580 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
20:22:48.0640 1580 AudioSrv - ok
20:22:48.0671 1580 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
20:22:48.0671 1580 audstub - ok
20:22:48.0703 1580 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
20:22:48.0703 1580 Beep - ok
20:22:48.0890 1580 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
20:22:49.0015 1580 BITS - ok
20:22:49.0078 1580 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
20:22:49.0093 1580 Browser - ok
20:22:49.0125 1580 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
20:22:49.0125 1580 cbidf - ok
20:22:49.0140 1580 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
20:22:49.0140 1580 cbidf2k - ok
20:22:49.0203 1580 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
20:22:49.0203 1580 CCDECODE - ok
20:22:49.0218 1580 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
20:22:49.0218 1580 cd20xrnt - ok
20:22:49.0234 1580 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
20:22:49.0250 1580 Cdaudio - ok
20:22:49.0281 1580 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
20:22:49.0312 1580 Cdfs - ok
20:22:49.0343 1580 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:22:49.0359 1580 Cdrom - ok
20:22:49.0406 1580 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
20:22:49.0406 1580 CiSvc - ok
20:22:49.0468 1580 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
20:22:49.0484 1580 ClipSrv - ok
20:22:49.0546 1580 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:22:49.0687 1580 clr_optimization_v2.0.50727_32 - ok
20:22:49.0718 1580 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
20:22:49.0718 1580 CmdIde - ok
20:22:49.0734 1580 COMSysApp - ok
20:22:49.0750 1580 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
20:22:49.0750 1580 Cpqarray - ok
20:22:49.0843 1580 [ 7DB5E3F44D797BD38B8E336CCC2E49D5 ] Creative Labs Licensing Service C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
20:22:49.0843 1580 Creative Labs Licensing Service - ok
20:22:49.0906 1580 [ 3C8B6609712F4FF78E521F6DCFC4032B ] Creative Service for CDROM Access C:\WINDOWS\system32\CTsvcCDA.exe
20:22:49.0906 1580 Creative Service for CDROM Access - ok
20:22:49.0968 1580 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
20:22:50.0000 1580 CryptSvc - ok
20:22:50.0093 1580 [ 8DB84DE3AAB34A8B4C2F644EFF41CD76 ] ctsfm2k C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
20:22:50.0093 1580 ctsfm2k - ok
20:22:50.0171 1580 [ 4EE8822ADB764EDD28CE44E808097995 ] CTUSFSYN C:\WINDOWS\system32\drivers\ctusfsyn.sys
20:22:50.0218 1580 CTUSFSYN - ok
20:22:50.0312 1580 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
20:22:50.0359 1580 dac2w2k - ok
20:22:50.0390 1580 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
20:22:50.0390 1580 dac960nt - ok
20:22:50.0562 1580 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
20:22:50.0578 1580 DcomLaunch - ok
20:22:50.0656 1580 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
20:22:50.0671 1580 Dhcp - ok
20:22:50.0734 1580 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
20:22:50.0750 1580 Disk - ok
20:22:51.0531 1580 [ 0B080464AA2EA3FCC7747B41988D6B92 ] Diskeeper C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
20:22:51.0546 1580 Diskeeper - ok
20:22:51.0609 1580 [ 23285D9144C76BEE6FEF8E4B8D2FD3C4 ] DKRtWrt C:\WINDOWS\system32\DRIVERS\DKRtWrt.sys
20:22:51.0625 1580 DKRtWrt - ok
20:22:51.0625 1580 dlcf_device - ok
20:22:51.0625 1580 dmadmin - ok
20:22:51.0937 1580 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
20:22:52.0203 1580 dmboot - ok
20:22:52.0265 1580 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
20:22:52.0312 1580 dmio - ok
20:22:52.0343 1580 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
20:22:52.0343 1580 dmload - ok
20:22:52.0406 1580 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
20:22:52.0406 1580 dmserver - ok
20:22:52.0437 1580 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
20:22:52.0453 1580 DMusic - ok
20:22:52.0515 1580 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
20:22:52.0531 1580 Dnscache - ok
20:22:52.0625 1580 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
20:22:52.0656 1580 Dot3svc - ok
20:22:52.0687 1580 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
20:22:52.0687 1580 dpti2o - ok
20:22:52.0734 1580 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
20:22:52.0734 1580 drmkaud - ok
20:22:52.0859 1580 [ 6461E57BB51A848AAE26F52427B7CF9E ] dtscsi C:\WINDOWS\System32\Drivers\dtscsi.sys
20:22:52.0921 1580 dtscsi - ok
20:22:53.0031 1580 [ D57A8FC800B501AC05B10D00F66D127A ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
20:22:53.0093 1580 E100B - ok
20:22:53.0171 1580 [ 63A53BB2A85DD22A5E8D6C5CB6273043 ] eamon C:\WINDOWS\system32\DRIVERS\eamon.sys
20:22:53.0218 1580 eamon - ok
20:22:53.0281 1580 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
20:22:53.0296 1580 EapHost - ok
20:22:53.0343 1580 [ 4F72DD48A2ED63A57C1210228A472020 ] ehdrv C:\WINDOWS\system32\DRIVERS\ehdrv.sys
20:22:53.0375 1580 ehdrv - ok
20:22:53.0531 1580 [ 5D1347AA5AE6E2F77D7F4F8372D95AC9 ] ehRecvr C:\WINDOWS\eHome\ehRecvr.exe
20:22:53.0531 1580 ehRecvr - ok
20:22:53.0562 1580 [ A53243709439AC2A4C216B817F8D7411 ] ehSched C:\WINDOWS\eHome\ehSched.exe
20:22:53.0562 1580 ehSched - ok
20:22:54.0203 1580 [ E95AB781773870BD68ABE1AE1B57A8AC ] ekrn C:\Program Files\ESET\ESET Smart Security\ekrn.exe
20:22:54.0218 1580 ekrn - ok
20:22:54.0265 1580 [ B4556F3D468C8DCB0B259D9D866CD4C4 ] enodpl C:\WINDOWS\system32\drivers\enodpl.sys
20:22:54.0281 1580 enodpl - ok
20:22:54.0343 1580 [ 0C0C50813FC59C145B604B1DCCFFB377 ] epfw C:\WINDOWS\system32\DRIVERS\epfw.sys
20:22:54.0343 1580 epfw - ok
20:22:54.0375 1580 [ C1A8B6E44DCF250DB6BCCA7B460B9B6B ] Epfwndis C:\WINDOWS\system32\DRIVERS\Epfwndis.sys
20:22:54.0390 1580 Epfwndis - ok
20:22:54.0437 1580 [ 7859F3E4AA8B9708D05F0DFBB3080721 ] epfwtdi C:\WINDOWS\system32\DRIVERS\epfwtdi.sys
20:22:54.0453 1580 epfwtdi - ok
20:22:54.0515 1580 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
20:22:54.0515 1580 ERSvc - ok
20:22:54.0593 1580 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
20:22:54.0625 1580 Eventlog - ok
20:22:54.0734 1580 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
20:22:54.0734 1580 EventSystem - ok
20:22:54.0812 1580 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
20:22:54.0843 1580 Fastfat - ok
20:22:54.0937 1580 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
20:22:54.0984 1580 FastUserSwitchingCompatibility - ok
20:22:55.0125 1580 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
20:22:55.0125 1580 Fax - ok
20:22:55.0140 1580 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
20:22:55.0156 1580 Fdc - ok
20:22:55.0218 1580 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
20:22:55.0234 1580 Fips - ok
20:22:55.0250 1580 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
20:22:55.0250 1580 Flpydisk - ok
20:22:55.0343 1580 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
20:22:55.0390 1580 FltMgr - ok
20:22:55.0515 1580 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:22:55.0531 1580 FontCache3.0.0.0 - ok
20:22:55.0546 1580 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:22:55.0546 1580 Fs_Rec - ok
20:22:55.0625 1580 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:22:55.0656 1580 Ftdisk - ok
20:22:55.0718 1580 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:22:55.0734 1580 Gpc - ok
20:22:55.0921 1580 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1c9b2e5c73b1444 C:\Program Files\Google\Update\GoogleUpdate.exe
20:22:55.0921 1580 gupdate1c9b2e5c73b1444 - ok
20:22:55.0984 1580 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
20:22:55.0984 1580 gupdatem - ok
20:22:56.0078 1580 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
20:22:56.0125 1580 gusvc - ok
20:22:56.0171 1580 [ C3A3E439BFAF7342B97B47051DAF2229 ] hamachi C:\WINDOWS\system32\DRIVERS\hamachi.sys
20:22:56.0187 1580 hamachi - ok
20:22:56.0250 1580 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:22:56.0296 1580 HDAudBus - ok
20:22:56.0375 1580 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:22:56.0390 1580 helpsvc - ok
20:22:56.0390 1580 HidServ - ok
20:22:56.0406 1580 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:22:56.0406 1580 HidUsb - ok
20:22:56.0468 1580 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
20:22:56.0500 1580 hkmsvc - ok
20:22:56.0515 1580 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
20:22:56.0515 1580 hpn - ok
20:22:56.0640 1580 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
20:22:56.0718 1580 HTTP - ok
20:22:56.0781 1580 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
20:22:56.0781 1580 HTTPFilter - ok
20:22:56.0796 1580 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
20:22:56.0812 1580 i2omgmt - ok
20:22:56.0828 1580 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
20:22:56.0843 1580 i2omp - ok
20:22:56.0875 1580 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:22:56.0890 1580 i8042prt - ok
20:22:57.0031 1580 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
20:22:57.0062 1580 IDriverT - ok
20:22:57.0453 1580 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:22:57.0750 1580 idsvc - ok
20:22:57.0812 1580 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
20:22:57.0828 1580 Imapi - ok
20:22:57.0921 1580 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
20:22:57.0968 1580 ImapiService - ok
20:22:58.0046 1580 [ 36B4CA92EC607BBE685AAB6E5009D32C ] InCDfs C:\WINDOWS\system32\drivers\InCDFs.sys
20:22:58.0093 1580 InCDfs - ok
20:22:58.0156 1580 [ 9848DF3A6DC54ECA38B794C902828BA6 ] InCDPass C:\WINDOWS\system32\drivers\InCDPass.sys
20:22:58.0156 1580 InCDPass - ok
20:22:58.0171 1580 [ 128DDBE20D295E351A9E9F4D15FB28A2 ] InCDrec C:\WINDOWS\system32\drivers\InCDrec.sys
20:22:58.0187 1580 InCDrec - ok
20:22:58.0203 1580 [ 07E2FA63E83FC0E915AE6C09BFF69302 ] incdrm C:\WINDOWS\system32\drivers\InCDRm.sys
20:22:58.0218 1580 incdrm - ok
20:22:58.0468 1580 [ 22578B9E3C5A1DAB0432C06FEB90F483 ] InCDsrv C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
20:22:58.0484 1580 InCDsrv - ok
20:22:58.0500 1580 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
20:22:58.0515 1580 ini910u - ok
20:22:58.0953 1580 [ 7509C548400F4C9E0211E3F6E66ABBE6 ] IntelC51 C:\WINDOWS\system32\DRIVERS\IntelC51.sys
20:22:59.0343 1580 IntelC51 - ok
20:22:59.0562 1580 [ 9584FFDD41D37F2C239681D0DAC2513E ] IntelC52 C:\WINDOWS\system32\DRIVERS\IntelC52.sys
20:22:59.0765 1580 IntelC52 - ok
20:22:59.0796 1580 [ CF0B937710CEC6EF39416EDECD803CBB ] IntelC53 C:\WINDOWS\system32\DRIVERS\IntelC53.sys
20:22:59.0828 1580 IntelC53 - ok
20:22:59.0843 1580 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
20:22:59.0843 1580 IntelIde - ok
20:22:59.0906 1580 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:22:59.0921 1580 intelppm - ok
20:22:59.0953 1580 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
20:22:59.0953 1580 Ip6Fw - ok
20:23:00.0000 1580 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:23:00.0000 1580 IpFilterDriver - ok
20:23:00.0015 1580 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:23:00.0015 1580 IpInIp - ok
20:23:00.0109 1580 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:23:00.0156 1580 IpNat - ok
20:23:00.0234 1580 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:23:00.0250 1580 IPSec - ok
20:23:00.0281 1580 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
20:23:00.0281 1580 IRENUM - ok
20:23:00.0312 1580 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:23:00.0312 1580 isapnp - ok
20:23:00.0609 1580 [ 6F9AE59017FAE7E111265394967E846E ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
20:23:00.0609 1580 JavaQuickStarterService - ok
20:23:00.0625 1580 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:23:00.0640 1580 Kbdclass - ok
20:23:00.0687 1580 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
20:23:00.0687 1580 kbdhid - ok
20:23:00.0765 1580 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
20:23:00.0781 1580 kmixer - ok
20:23:00.0843 1580 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
20:23:00.0875 1580 KSecDD - ok
20:23:00.0953 1580 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
20:23:00.0984 1580 lanmanserver - ok
20:23:01.0093 1580 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
20:23:01.0140 1580 lanmanworkstation - ok
20:23:01.0187 1580 [ 16767EA492B5D140E1DE3679A65EAE74 ] lilsgt C:\WINDOWS\system32\DRIVERS\lilsgt.sys
20:23:01.0203 1580 lilsgt - ok
20:23:01.0281 1580 [ 4127E8B6DDB4090E815C1F8852C277D3 ] lirsgt C:\WINDOWS\system32\DRIVERS\lirsgt.sys
20:23:01.0281 1580 lirsgt - ok
20:23:01.0296 1580 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
20:23:01.0296 1580 LmHosts - ok
20:23:01.0359 1580 [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
20:23:01.0359 1580 MBAMProtector - ok
20:23:01.0593 1580 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
20:23:01.0593 1580 MBAMScheduler - ok
20:23:01.0843 1580 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
20:23:01.0843 1580 MBAMService - ok
20:23:01.0906 1580 [ DF0A511F38F16016BF658FCA0090CB87 ] McrdSvc C:\WINDOWS\ehome\mcrdsvc.exe
20:23:01.0906 1580 McrdSvc - ok
20:23:02.0156 1580 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
20:23:02.0156 1580 MDM - ok
20:23:02.0234 1580 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
20:23:02.0250 1580 Messenger - ok
20:23:02.0296 1580 [ B7521F69C0A9B29D356157229376FB21 ] MHN C:\WINDOWS\System32\mhn.dll
20:23:02.0328 1580 MHN - ok
20:23:02.0343 1580 [ 7F2F1D2815A6449D346FCCCBC569FBD6 ] MHNDRV C:\WINDOWS\system32\DRIVERS\mhndrv.sys
20:23:02.0343 1580 MHNDRV - ok
20:23:02.0359 1580 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
20:23:02.0359 1580 mnmdd - ok
20:23:02.0421 1580 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
20:23:02.0437 1580 mnmsrvc - ok
20:23:02.0500 1580 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
20:23:02.0500 1580 Modem - ok
20:23:02.0515 1580 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
20:23:02.0531 1580 MODEMCSA - ok
20:23:02.0546 1580 [ 59B8B11FF70728EEC60E72131C58B716 ] mohfilt C:\WINDOWS\system32\DRIVERS\mohfilt.sys
20:23:02.0562 1580 mohfilt - ok
20:23:03.0093 1580 [ 9FA7207D1B1ADEAD88AE8EED9CDBBAA5 ] monfilt C:\WINDOWS\system32\drivers\monfilt.sys
20:23:03.0562 1580 monfilt - ok
20:23:03.0593 1580 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:23:03.0593 1580 Mouclass - ok
20:23:03.0609 1580 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:23:03.0625 1580 mouhid - ok
20:23:03.0640 1580 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
20:23:03.0656 1580 MountMgr - ok
20:23:03.0734 1580 [ 730A519505621DF46BCBF9CDAC9FB6AD ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
20:23:03.0765 1580 MozillaMaintenance - ok
20:23:03.0781 1580 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
20:23:03.0796 1580 mraid35x - ok
20:23:03.0859 1580 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:23:03.0921 1580 MRxDAV - ok
20:23:04.0109 1580 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:23:04.0265 1580 MRxSmb - ok
20:23:04.0312 1580 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
20:23:04.0328 1580 MSDTC - ok
20:23:04.0343 1580 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
20:23:04.0343 1580 Msfs - ok
20:23:04.0359 1580 MSIServer - ok
20:23:04.0406 1580 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:23:04.0421 1580 MSKSSRV - ok
20:23:04.0437 1580 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:23:04.0437 1580 MSPCLOCK - ok
20:23:04.0453 1580 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
20:23:04.0453 1580 MSPQM - ok
20:23:04.0515 1580 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:23:04.0515 1580 mssmbios - ok
20:23:04.0546 1580 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
20:23:04.0546 1580 MSTEE - ok
20:23:04.0625 1580 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
20:23:04.0656 1580 Mup - ok
20:23:04.0734 1580 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
20:23:04.0765 1580 NABTSFEC - ok
20:23:04.0906 1580 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
20:23:04.0984 1580 napagent - ok
20:23:05.0109 1580 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
20:23:05.0187 1580 NDIS - ok
20:23:05.0218 1580 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
20:23:05.0234 1580 NdisIP - ok
20:23:05.0281 1580 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:23:05.0281 1580 NdisTapi - ok
20:23:05.0343 1580 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:23:05.0343 1580 Ndisuio - ok
20:23:05.0421 1580 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:23:05.0437 1580 NdisWan - ok
20:23:05.0500 1580 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
20:23:05.0515 1580 NDProxy - ok
20:23:05.0546 1580 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
20:23:05.0562 1580 NetBIOS - ok
20:23:05.0625 1580 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
20:23:05.0671 1580 NetBT - ok
20:23:05.0734 1580 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
20:23:05.0765 1580 NetDDE - ok
20:23:05.0796 1580 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
20:23:05.0812 1580 NetDDEdsdm - ok
20:23:05.0859 1580 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
20:23:05.0859 1580 Netlogon - ok
20:23:05.0968 1580 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
20:23:05.0968 1580 Netman - ok
20:23:06.0093 1580 [ 9DA26B773BD04B867A8E9F427CD048FC ] NetSvc C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
20:23:06.0156 1580 NetSvc - ok
20:23:06.0250 1580 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:23:06.0296 1580 NetTcpPortSharing - ok
20:23:06.0390 1580 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
20:23:06.0390 1580 Nla - ok
20:23:06.0421 1580 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
20:23:06.0437 1580 Npfs - ok
20:23:06.0640 1580 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
20:23:06.0812 1580 Ntfs - ok
20:23:06.0828 1580 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
20:23:06.0828 1580 NtLmSsp - ok
20:23:07.0015 1580 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
20:23:07.0171 1580 NtmsSvc - ok
20:23:07.0187 1580 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
20:23:07.0187 1580 Null - ok
20:23:07.0812 1580 [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
20:23:08.0437 1580 nv - ok
20:23:08.0468 1580 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:23:08.0484 1580 NwlnkFlt - ok
20:23:08.0500 1580 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:23:08.0515 1580 NwlnkFwd - ok
20:23:08.0562 1580 [ 103A9B117A7D9903111955CDAFE65AC6 ] ossrv C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
20:23:08.0562 1580 ossrv - ok
20:23:08.0640 1580 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
20:23:08.0656 1580 Parport - ok
20:23:08.0687 1580 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
20:23:08.0687 1580 PartMgr - ok
20:23:08.0718 1580 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
20:23:08.0734 1580 ParVdm - ok
20:23:08.0765 1580 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
20:23:08.0781 1580 PCI - ok
20:23:08.0812 1580 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
20:23:08.0812 1580 PCIIde - ok
20:23:08.0890 1580 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
20:23:08.0937 1580 Pcmcia - ok
20:23:08.0953 1580 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
20:23:08.0968 1580 perc2 - ok
20:23:08.0984 1580 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
20:23:08.0984 1580 perc2hib - ok
20:23:09.0046 1580 [ D9ED17AC15720096A9F92FF4EA587B09 ] PfModNT C:\WINDOWS\system32\drivers\PfModNT.sys
20:23:09.0046 1580 PfModNT - ok
20:23:09.0109 1580 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
20:23:09.0125 1580 PlugPlay - ok
20:23:09.0140 1580 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
20:23:09.0140 1580 PolicyAgent - ok
20:23:09.0203 1580 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:23:09.0218 1580 PptpMiniport - ok
20:23:09.0234 1580 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
20:23:09.0234 1580 ProtectedStorage - ok
20:23:09.0265 1580 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
20:23:09.0296 1580 PSched - ok
20:23:09.0312 1580 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:23:09.0328 1580 Ptilink - ok
20:23:09.0359 1580 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
20:23:09.0375 1580 ql1080 - ok
20:23:09.0390 1580 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
20:23:09.0406 1580 Ql10wnt - ok
20:23:09.0437 1580 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
20:23:09.0453 1580 ql12160 - ok
20:23:09.0468 1580 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
20:23:09.0484 1580 ql1240 - ok
20:23:09.0515 1580 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
20:23:09.0531 1580 ql1280 - ok
20:23:09.0546 1580 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:23:09.0546 1580 RasAcd - ok
20:23:09.0625 1580 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
20:23:09.0656 1580 RasAuto - ok
20:23:09.0687 1580 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:23:09.0703 1580 Rasl2tp - ok
20:23:09.0812 1580 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
20:23:09.0812 1580 RasMan - ok
20:23:09.0843 1580 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:23:09.0859 1580 RasPppoe - ok
20:23:09.0875 1580 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
20:23:09.0890 1580 Raspti - ok
20:23:09.0953 1580 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:23:10.0000 1580 Rdbss - ok
20:23:10.0031 1580 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:23:10.0031 1580 RDPCDD - ok
20:23:10.0156 1580 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:23:10.0234 1580 rdpdr - ok
20:23:10.0328 1580 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
20:23:10.0375 1580 RDPWD - ok
20:23:10.0453 1580 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
20:23:10.0500 1580 RDSessMgr - ok
20:23:10.0546 1580 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
20:23:10.0562 1580 redbook - ok
20:23:10.0625 1580 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
20:23:10.0640 1580 RemoteAccess - ok
20:23:10.0703 1580 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
20:23:10.0734 1580 RemoteRegistry - ok
20:23:10.0765 1580 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
20:23:10.0796 1580 RpcLocator - ok
20:23:10.0937 1580 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
20:23:10.0937 1580 RpcSs - ok
20:23:11.0000 1580 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
20:23:11.0046 1580 RSVP - ok
20:23:11.0140 1580 [ D7A84EF8F953A2D704580E4E73E00011 ] s716bus C:\WINDOWS\system32\DRIVERS\s716bus.sys
20:23:11.0156 1580 s716bus - ok
20:23:11.0187 1580 [ C5B509CDEEB733EFAFADC2D93BC77712 ] s716mdfl C:\WINDOWS\system32\DRIVERS\s716mdfl.sys
20:23:11.0187 1580 s716mdfl - ok
20:23:11.0250 1580 [ DC3DEC64860878540B374DC7D15D921F ] s716mdm C:\WINDOWS\system32\DRIVERS\s716mdm.sys
20:23:11.0281 1580 s716mdm - ok
20:23:11.0312 1580 [ 047FD555D897333AD9F61B1D4CC7C114 ] s716mgmt C:\WINDOWS\system32\DRIVERS\s716mgmt.sys
20:23:11.0343 1580 s716mgmt - ok
20:23:11.0375 1580 [ 2858193E91EEF964E41B6A032E1E4418 ] s716nd5 C:\WINDOWS\system32\DRIVERS\s716nd5.sys
20:23:11.0390 1580 s716nd5 - ok
20:23:11.0437 1580 [ CC6C212585891614CC2059BA48D27A86 ] s716obex C:\WINDOWS\system32\DRIVERS\s716obex.sys
20:23:11.0468 1580 s716obex - ok
20:23:11.0500 1580 [ AAAEEBA9FA0ECB0DE6BBA59F955CDEFB ] s716unic C:\WINDOWS\system32\DRIVERS\s716unic.sys
20:23:11.0531 1580 s716unic - ok
20:23:11.0562 1580 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
20:23:11.0562 1580 SamSs - ok
20:23:11.0656 1580 [ BD26A150DC292913E48EE2B950372DFD ] Samsung UPD Service C:\WINDOWS\system32\SUPDSvc.exe
20:23:11.0703 1580 Samsung UPD Service - ok
20:23:11.0828 1580 [ CA57D847403633D0D97114071B59C2B2 ] SbieDrv C:\Program Files\Sandboxie\SbieDrv.sys
20:23:11.0843 1580 SbieDrv - ok
20:23:11.0921 1580 [ 5CC11034A2E22DFF623BC922090AEBAB ] SbieSvc C:\Program Files\Sandboxie\SbieSvc.exe
20:23:11.0921 1580 SbieSvc - ok
20:23:12.0000 1580 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
20:23:12.0046 1580 SCardSvr - ok
20:23:12.0187 1580 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
20:23:12.0250 1580 Schedule - ok
20:23:12.0281 1580 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:23:12.0296 1580 Secdrv - ok
20:23:12.0343 1580 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
20:23:12.0343 1580 seclogon - ok
20:23:12.0421 1580 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
20:23:12.0421 1580 SENS - ok
20:23:12.0453 1580 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
20:23:12.0453 1580 serenum - ok
20:23:12.0515 1580 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
20:23:12.0531 1580 Serial - ok
20:23:12.0593 1580 [ 4C0D673281178CB496011A2E28571FC8 ] sfdrv01 C:\WINDOWS\system32\drivers\sfdrv01.sys
20:23:12.0625 1580 sfdrv01 - ok
20:23:12.0671 1580 [ 15BE2B5E4DC5B8623CF167720682ABC9 ] sfhlp02 C:\WINDOWS\system32\drivers\sfhlp02.sys
20:23:12.0671 1580 sfhlp02 - ok
20:23:12.0734 1580 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
20:23:12.0734 1580 Sfloppy - ok
20:23:12.0796 1580 [ EFEBBC1D13FDB77A6AF4EDDFC7232EDF ] sfsync02 C:\WINDOWS\system32\drivers\sfsync02.sys
20:23:12.0796 1580 sfsync02 - ok
20:23:12.0875 1580 [ 9EF50060CC7E6953BAB83F2A42CCC421 ] sfvfs02 C:\WINDOWS\system32\drivers\sfvfs02.sys
20:23:12.0921 1580 sfvfs02 - ok
20:23:13.0125 1580 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
20:23:13.0250 1580 SharedAccess - ok
20:23:13.0328 1580 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
20:23:13.0328 1580 ShellHWDetection - ok
20:23:14.0000 1580 [ 6BD3976B881888AC9A0ED3EB94E7FD38 ] sigfilt C:\WINDOWS\system32\drivers\sigfilt.sys
20:23:14.0578 1580 sigfilt - ok
20:23:14.0578 1580 Simbad - ok
20:23:14.0671 1580 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
20:23:14.0703 1580 sisagp - ok
20:23:14.0718 1580 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
20:23:14.0718 1580 SLIP - ok
20:23:14.0906 1580 [ 6DB1737F710860C1685BFACE72798535 ] snpstd2 C:\WINDOWS\system32\DRIVERS\snpstd2.sys
20:23:15.0000 1580 snpstd2 - ok
20:23:15.0046 1580 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
20:23:15.0078 1580 Sparrow - ok
20:23:15.0109 1580 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
20:23:15.0156 1580 splitter - ok
20:23:15.0265 1580 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
20:23:15.0281 1580 Spooler - ok
20:23:15.0593 1580 [ CDDDEC541BC3C96F91ECB48759673505 ] sptd C:\WINDOWS\system32\Drivers\sptd.sys
20:23:15.0593 1580 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: CDDDEC541BC3C96F91ECB48759673505
20:23:15.0593 1580 sptd ( LockedFile.Multi.Generic ) - warning
20:23:15.0593 1580 sptd - detected LockedFile.Multi.Generic (1)
20:23:15.0671 1580 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
20:23:15.0687 1580 sr - ok
20:23:15.0796 1580 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
20:23:15.0843 1580 srservice - ok
20:23:16.0000 1580 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
20:23:16.0218 1580 Srv - ok
20:23:16.0296 1580 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
20:23:16.0312 1580 SSDPSRV - ok
20:23:16.0375 1580 [ 2B38DA14E1BAD3E4227CFCFAEB505239 ] SSKBFD C:\WINDOWS\system32\Drivers\sskbfd.sys
20:23:16.0390 1580 SSKBFD - ok
20:23:16.0515 1580 [ B95480C92C4C9C311BE47B8A1AD73770 ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
20:23:16.0578 1580 STHDA - ok
20:23:16.0796 1580 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
20:23:16.0921 1580 stisvc - ok
20:23:16.0937 1580 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
20:23:16.0953 1580 streamip - ok
20:23:17.0015 1580 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
20:23:17.0031 1580 swenum - ok
20:23:17.0062 1580 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
20:23:17.0140 1580 swmidi - ok
20:23:17.0156 1580 SwPrv - ok
20:23:17.0187 1580 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
20:23:17.0203 1580 symc810 - ok
20:23:17.0234 1580 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
20:23:17.0234 1580 symc8xx - ok
20:23:17.0265 1580 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
20:23:17.0281 1580 sym_hi - ok
20:23:17.0296 1580 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
20:23:17.0312 1580 sym_u3 - ok
20:23:17.0343 1580 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
20:23:17.0359 1580 sysaudio - ok
20:23:17.0453 1580 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
20:23:17.0484 1580 SysmonLog - ok
20:23:17.0515 1580 [ 126D7B3B4C7B724491C604060E1F4E14 ] tandpl C:\WINDOWS\system32\drivers\tandpl.sys
20:23:17.0515 1580 tandpl - ok
20:23:17.0625 1580 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
20:23:17.0687 1580 TapiSrv - ok
20:23:17.0843 1580 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:23:18.0062 1580 Tcpip - ok
20:23:18.0312 1580 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
20:23:18.0343 1580 TDPIPE - ok
20:23:18.0453 1580 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
20:23:18.0515 1580 TDTCP - ok
20:23:18.0546 1580 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
20:23:18.0546 1580 TermDD - ok
20:23:18.0765 1580 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
20:23:18.0765 1580 TermService - ok
20:23:18.0828 1580 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
20:23:18.0828 1580 Themes - ok
20:23:18.0906 1580 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
20:23:18.0937 1580 TlntSvr - ok
20:23:18.0968 1580 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
20:23:18.0968 1580 TosIde - ok
20:23:19.0062 1580 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
20:23:19.0093 1580 TrkWks - ok
20:23:19.0171 1580 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
20:23:19.0203 1580 Udfs - ok
20:23:19.0234 1580 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
20:23:19.0250 1580 ultra - ok
20:23:19.0468 1580 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
20:23:19.0687 1580 Update - ok
20:23:19.0906 1580 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
20:23:20.0062 1580 upnphost - ok
20:23:20.0125 1580 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
20:23:20.0140 1580 UPS - ok
20:23:20.0296 1580 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
20:23:20.0328 1580 usbaudio - ok
20:23:20.0468 1580 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:23:20.0500 1580 usbccgp - ok
20:23:20.0562 1580 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:23:20.0609 1580 usbehci - ok
20:23:20.0640 1580 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:23:20.0687 1580 usbhub - ok
20:23:20.0781 1580 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:23:20.0812 1580 usbprint - ok
20:23:20.0859 1580 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:23:20.0890 1580 USBSTOR - ok
20:23:20.0984 1580 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:23:21.0015 1580 usbuhci - ok
20:23:22.0406 1580 [ 87F80943992BDA64BC2208F3CCD0D38A ] VBoxNetAdp C:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys
20:23:22.0500 1580 VBoxNetAdp - ok
20:23:22.0578 1580 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
20:23:22.0593 1580 VgaSave - ok
20:23:22.0718 1580 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
20:23:22.0781 1580 viaagp - ok
20:23:22.0875 1580 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
20:23:22.0906 1580 ViaIde - ok
20:23:22.0953 1580 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
20:23:22.0984 1580 VolSnap - ok
20:23:23.0390 1580 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
20:23:23.0609 1580 VSS - ok
20:23:23.0734 1580 [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time C:\WINDOWS\system32\w32time.dll
20:23:23.0828 1580 w32time - ok
20:23:23.0875 1580 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:23:23.0921 1580 Wanarp - ok
20:23:24.0015 1580 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
20:23:24.0093 1580 wdmaud - ok
20:23:24.0234 1580 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
20:23:24.0312 1580 WebClient - ok
20:23:24.0656 1580 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
20:23:24.0765 1580 winmgmt - ok
20:23:24.0875 1580 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
20:23:24.0921 1580 WmdmPmSN - ok
20:23:25.0468 1580 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
20:23:25.0468 1580 Wmi - ok
20:23:25.0593 1580 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
20:23:25.0671 1580 WmiApSrv - ok
20:23:26.0296 1580 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
20:23:26.0953 1580 WMPNetworkSvc - ok
20:23:27.0015 1580 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
20:23:27.0031 1580 WS2IFSL - ok
20:23:27.0156 1580 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
20:23:27.0218 1580 wscsvc - ok
20:23:27.0312 1580 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
20:23:27.0343 1580 WSTCODEC - ok
20:23:27.0468 1580 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
20:23:27.0468 1580 wuauserv - ok
20:23:27.0578 1580 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:23:27.0671 1580 WudfPf - ok
20:23:27.0750 1580 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:23:27.0890 1580 WudfRd - ok
20:23:27.0937 1580 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
20:23:27.0984 1580 WudfSvc - ok
20:23:28.0593 1580 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
20:23:28.0593 1580 WZCSVC - ok
20:23:28.0703 1580 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
20:23:28.0781 1580 xmlprov - ok
20:23:28.0859 1580 ================ Scan global ===============================
20:23:29.0000 1580 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
20:23:29.0625 1580 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
20:23:30.0000 1580 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
20:23:30.0078 1580 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
20:23:30.0109 1580 [Global] - ok
20:23:30.0109 1580 ================ Scan MBR ==================================
20:23:30.0125 1580 [ 5CB90281D1A59B251F6603134774EEC3 ] \Device\Harddisk0\DR0
20:23:36.0781 1580 \Device\Harddisk0\DR0 - ok
20:23:36.0781 1580 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
20:23:36.0781 1580 \Device\Harddisk1\DR1 - ok
20:23:36.0796 1580 ================ Scan VBR ==================================
20:23:36.0796 1580 [ B946273116C2F5EDB0852AB7DE66C375 ] \Device\Harddisk0\DR0\Partition1
20:23:36.0812 1580 \Device\Harddisk0\DR0\Partition1 - ok
20:23:36.0812 1580 [ 57001AA34A01B15D4A56DC513B9EAC77 ] \Device\Harddisk1\DR1\Partition1
20:23:36.0812 1580 \Device\Harddisk1\DR1\Partition1 - ok
20:23:36.0812 1580 ============================================================
20:23:36.0812 1580 Scan finished
20:23:36.0812 1580 ============================================================
20:23:36.0843 2652 Detected object count: 1
20:23:36.0843 2652 Actual detected object count: 1
20:23:43.0703 2652 sptd ( LockedFile.Multi.Generic ) - skipped by user
20:23:43.0703 2652 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
20:26:46.0140 2148 Deinitialize success




aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-01-17 20:33:05
-----------------------------
20:33:05.031 OS Version: Windows 5.1.2600 Service Pack 3
20:33:05.031 Number of processors: 2 586 0x403
20:33:05.031 ComputerName: BUDDYANDSWEETY UserName: Buddy
20:33:08.843 Initialize success
20:34:57.453 AVAST engine defs: 13011700
20:35:48.796 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-f
20:35:48.796 Disk 0 Vendor: WDC_WD1600JS-75NCB1 10.02E01 Size: 152587MB BusType: 3
20:35:48.796 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T1L0-17
20:35:48.796 Disk 1 Vendor: WDC_WD1600JS-75NCB1 10.02E01 Size: 152587MB BusType: 3
20:35:48.812 Disk 0 MBR read successfully
20:35:48.812 Disk 0 MBR scan
20:35:48.890 Disk 0 unknown MBR code
20:35:48.890 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 62 MB offset 63
20:35:48.921 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 147761 MB offset 128520
20:35:48.953 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 4753 MB offset 302760990
20:35:48.953 Disk 0 scanning sectors +312496380
20:35:49.031 Disk 0 scanning C:\WINDOWS\system32\drivers
20:36:26.671 Service scanning
20:37:05.671 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
20:37:13.484 Modules scanning
20:37:36.718 Disk 0 trace - called modules:
20:37:36.734 ntkrnlpa.exe CLASSPNP.SYS disk.sys sfsync02.sys hal.dll atapi.sys spuv.sys >>UNKNOWN [0x87385938]<<
20:37:36.734 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87343ab8]
20:37:36.734 3 CLASSPNP.SYS[f7522fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-f[0x8734db00]
20:37:36.734 \Driver\atapi[0x8733c808] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> sfsync02.sys[0xf74f38b4]
20:37:39.781 AVAST engine scan C:\WINDOWS
20:37:55.578 AVAST engine scan C:\WINDOWS\system32
20:48:08.093 AVAST engine scan C:\WINDOWS\system32\drivers
20:48:56.218 AVAST engine scan C:\Documents and Settings\Buddy
20:57:16.250 AVAST engine scan C:\Documents and Settings\All Users
21:13:59.156 Scan finished successfully
21:14:39.968 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Buddy\Desktop\MBR.dat"
21:14:40.062 The log file has been saved successfully to "C:\Documents and Settings\Buddy\Desktop\aswMBR.txt"

Attached Files

  • Attached File  MBR.zip   579bytes   1 downloads


#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,543 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:22 PM

Posted 18 January 2013 - 01:11 PM

Some sort of Rootkit infection is present.

Please download RogueKiller© by Tigzy from one of the links below and save it to your desktop.

Link 1 Bleepingcomputer
Link 2 RogueKiller (par Tigzy)

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

#11 Alfik

Alfik
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:22 PM

Posted 18 January 2013 - 04:59 PM

Hello,

I actually noticed that blue screen with "stera program" is not popping out anymore but Windows is starting kind of weird anyway (it takes long and at the very beginning of PC startup there is LCD monitor blinking if different colors and its function of Auto Adjusting is trying to get correct settings.

anyway, here is the log of RK:
RogueKiller V8.4.3 [Jan 10 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Buddy [Admin rights]
Mode : Scan -- Date : 01/18/2013 22:48:02

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] clclean.0001 -- C:\Documents and Settings\Buddy\Local Settings\temp\clclean.0001 -> KILLED [TermProc]

¤¤¤ Registry Entries : 1 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
_INLINE_ : NtRequestPort -> HOOKED (Unknown @ 0xF7B43CA0)
_INLINE_ : NtRequestWaitReplyPort -> HOOKED (Unknown @ 0xF7B43D40)
_INLINE_ : NtTraceEvent -> HOOKED (Unknown @ 0xF7B43C00)

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD1600JS-75NCB1 +++++
--- User ---
[MBR] c97bfe637bfe37ebbb1e3212e5ac2fb5
[BSP] 3efdd157322bc54deb4f0f8435ac64f6 : Dell MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 62 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 128520 | Size: 147761 Mo
2 - [XXXXXX] UNKNOWN (0xdb) [VISIBLE] Offset (sectors): 302760990 | Size: 4753 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD1600JS-75NCB1 +++++
--- User ---
[MBR] 0e19a94679c8a1cb0634baba3b7656b0
[BSP] abfc3abf055fbccce55e8b4123c286f6 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152586 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_01182013_02d2248.txt >>
RKreport[1]_S_01182013_02d2248.txt

#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,543 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:22 PM

Posted 19 January 2013 - 09:19 AM

PC startup there is LCD monitor blinking if different colors and its function of Auto Adjusting is trying to get correct settings.


Google this string LCD monitor blinking if different colors
It looks like some Monitor, graphics card or a cable problem.

Can you please look at the properties of this file and let me know who the manufacturer is.

C:\Windows\System32\Drivers\spuv.sys

Any other information may help identify the need for this file.

#13 Alfik

Alfik
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:22 PM

Posted 22 January 2013 - 04:13 PM

Hello,

actually, I cannot find that file: spuv.sys in the mentioned folder..I also ran "search" tool and nothing was found. It looks like the file is not in PC at all.

#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,543 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:22 PM

Posted 23 January 2013 - 09:07 AM

The file may be hidden.


Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the Hidden files and folders heading select Show hidden files and folders.
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.
*/*

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2


If your operating system is 64 bit download this tool:
SystemLook_x64.exe
  • Double-click SystemLook.exe to run it.
  • Copy and paste the content of the following bold text into the main textfield:


    :filefind
    spuv.sys

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

#15 Alfik

Alfik
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:22 PM

Posted 24 January 2013 - 02:57 PM

hello,

I actually ran OTL again but this time I had not put the "stera" row in (on this one OTL got stuck) and OTL finished the fixing completely and I paste the log of following scan below. I also ran the searching tool you suggested (log below) and changed "folder options" but spuv.sys has not been found.


SystemLook 30.07.11 by jpshortstuff
Log created at 20:01 on 24/01/2013 by Buddy
Administrator - Elevation successful

========== filefind ==========

Searching for "spuv.sys"
No files found.

-= EOF =-



OTL logfile created on: 24. 1. 2013 20:18:29 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Buddy\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000041B | Country: Slovakia | Language: SKY | Date Format: d. M. yyyy

1022,07 Mb Total Physical Memory | 83,01 Mb Available Physical Memory | 8,12% Memory free
2,40 Gb Paging File | 1,63 Gb Available in Paging File | 67,95% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144,30 Gb Total Space | 19,61 Gb Free Space | 13,59% Space Free | Partition Type: NTFS
Drive D: | 149,01 Gb Total Space | 3,32 Gb Free Space | 2,23% Space Free | Partition Type: NTFS

Computer Name: BUDDYANDSWEETY | User Name: Buddy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Buddy\Local Settings\temp\clclean.0001 (Macrovision Europe Ltd.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\Buddy\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
PRC - C:\Program Files\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\ESET\ESET Smart Security\ekrn.exe (ESET)
PRC - C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe (Creative Labs)
PRC - C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
PRC - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe (Nero AG)
PRC - C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd)


========== Modules (No Company Name) ==========

MOD - C:\Documents and Settings\Buddy\Local Settings\temp\clclean.0001.dir.0000\~df394b.tmp ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\WINDOWS\system32\sbe.dll ()
MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\WINDOWS\system32\spd__l.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\WINDOWS\system32\emfxp.dll ()
MOD - C:\WINDOWS\system32\CTMBHA.DLL ()
MOD - C:\WINDOWS\system32\dsnpstd2.dll ()


========== Services (SafeList) ==========

SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (dlcf_device) -- C:\WINDOWS\system32\dlcfcoms.exe File not found
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (SbieSvc) -- C:\Program Files\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (ekrn) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe (ESET)
SRV - (Diskeeper) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)
SRV - (Samsung UPD Service) -- C:\WINDOWS\system32\SUPDSvc.exe (Samsung Electronics CO., LTD.)
SRV - (Creative Labs Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe (Creative Labs)
SRV - (InCDsrv) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe (Nero AG)


========== Driver Services (SafeList) ==========

DRV - (as2ck8ko) -- File not found
DRV - (aaz9a366) -- File not found
DRV - (SbieDrv) -- C:\Program Files\Sandboxie\SbieDrv.sys (SANDBOXIE L.T.D)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (epfw) -- C:\WINDOWS\system32\drivers\epfw.sys (ESET)
DRV - (ehdrv) -- C:\WINDOWS\system32\drivers\ehdrv.sys (ESET)
DRV - (epfwtdi) -- C:\WINDOWS\system32\drivers\epfwtdi.sys (ESET)
DRV - (Epfwndis) -- C:\WINDOWS\system32\drivers\epfwndis.sys (ESET)
DRV - (eamon) -- C:\WINDOWS\system32\drivers\eamon.sys (ESET)
DRV - (DKRtWrt) -- C:\WINDOWS\system32\drivers\DKRtWrt.sys (Diskeeper Corporation)
DRV - (VBoxNetAdp) -- C:\WINDOWS\system32\drivers\VBoxNetAdp.sys (Sun Microsystems, Inc.)
DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys ()
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()
DRV - (dtscsi) -- C:\WINDOWS\system32\drivers\dtscsi.sys (DT Soft Ltd.)
DRV - (s716unic) -- C:\WINDOWS\system32\drivers\s716unic.sys (MCCI Corporation)
DRV - (s716obex) -- C:\WINDOWS\system32\drivers\s716obex.sys (MCCI Corporation)
DRV - (s716nd5) -- C:\WINDOWS\system32\drivers\s716nd5.sys (MCCI Corporation)
DRV - (s716mdm) -- C:\WINDOWS\system32\drivers\s716mdm.sys (MCCI Corporation)
DRV - (s716mgmt) -- C:\WINDOWS\system32\drivers\s716mgmt.sys (MCCI Corporation)
DRV - (s716mdfl) -- C:\WINDOWS\system32\drivers\s716mdfl.sys (MCCI Corporation)
DRV - (s716bus) -- C:\WINDOWS\system32\drivers\s716bus.sys (MCCI Corporation)
DRV - (lilsgt) -- C:\WINDOWS\system32\drivers\lilsgt.sys ()
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (monfilt) -- C:\WINDOWS\system32\drivers\monfilt.sys (Creative Technology Ltd.)
DRV - (sfvfs02) -- C:\WINDOWS\system32\drivers\sfvfs02.sys (Protection Technology)
DRV - (InCDrec) -- C:\WINDOWS\System32\drivers\InCDrec.sys (Nero AG)
DRV - (InCDfs) -- C:\WINDOWS\system32\drivers\InCDfs.sys (Nero AG)
DRV - (InCDPass) -- C:\WINDOWS\system32\drivers\InCDPass.sys (Nero AG)
DRV - (incdrm) -- C:\WINDOWS\system32\drivers\InCDRm.sys (Nero AG)
DRV - (sfsync02) -- C:\WINDOWS\system32\drivers\sfsync02.sys (Protection Technology)
DRV - (sfdrv01) -- C:\WINDOWS\system32\drivers\sfdrv01.sys (Protection Technology)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (CTUSFSYN) -- C:\WINDOWS\system32\drivers\CTUSFSYN.SYS (Creative Technology Ltd.)
DRV - (sfhlp02) -- C:\WINDOWS\system32\drivers\sfhlp02.sys (Protection Technology)
DRV - (sigfilt) -- C:\WINDOWS\system32\drivers\sigfilt.sys (Creative Technology Ltd.)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\CTSFM2K.SYS (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\CTOSS2K.SYS (Creative Technology Ltd.)
DRV - (PfModNT) -- C:\WINDOWS\system32\drivers\PFMODNT.SYS (Creative Technology Ltd.)
DRV - (IntelC53) -- C:\WINDOWS\system32\drivers\IntelC53.sys (Intel Corporation)
DRV - (snpstd2) -- C:\WINDOWS\system32\drivers\snpstd2.sys ()
DRV - (IntelC52) -- C:\WINDOWS\system32\drivers\IntelC52.sys (Intel Corporation)
DRV - (IntelC51) -- C:\WINDOWS\system32\drivers\IntelC51.sys (Intel Corporation)
DRV - (mohfilt) -- C:\WINDOWS\system32\drivers\mohfilt.sys (Intel Corporation)
DRV - (tandpl) -- C:\WINDOWS\system32\drivers\tandpl.sys ()
DRV - (enodpl) -- C:\WINDOWS\system32\drivers\enodpl.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {04230BFC-9E0A-43C0-95F8-1086CE52830B}
IE - HKCU\..\SearchScopes\{04230BFC-9E0A-43C0-95F8-1086CE52830B}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{E52BE12D-A44A-4f51-9DC1-34F37A488CC7}: "URL" = http://search.videodownload-toolbar.com/search?p=Q&ts=ne&w={searchTerms}&csrc=search-field
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.sk"
FF - prefs.js..extensions.enabledAddons: en-GB%40dictionaries.addons.mozilla.org:1.19.1
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.13
FF - prefs.js..extensions.enabledAddons: %7Be3f6c2cc-d8db-498c-af6c-499fb211db97%7D:1.12.9.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..network.proxy.type: 4
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=2.0: C:\Program Files\Virtual Earth 3D\ [2007.11.28 22:06:44 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Buddy\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Buddy\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.01.18 23:03:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.01.18 23:02:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013.01.13 22:41:08 | 000,000,000 | ---D | M]

[2009.03.31 20:31:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Buddy\Application Data\Mozilla\Extensions
[2013.01.13 10:12:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Buddy\Application Data\Mozilla\Firefox\Profiles\qnpimw5m.default\extensions
[2013.01.10 19:33:08 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Buddy\Application Data\Mozilla\Firefox\Profiles\qnpimw5m.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.10.10 19:08:59 | 000,000,000 | ---D | M] (Page Speed) -- C:\Documents and Settings\Buddy\Application Data\Mozilla\Firefox\Profiles\qnpimw5m.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2011.04.25 16:52:01 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Documents and Settings\Buddy\Application Data\Mozilla\Firefox\Profiles\qnpimw5m.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2013.01.11 21:30:46 | 002,151,598 | ---- | M] () (No name found) -- C:\Documents and Settings\Buddy\Application Data\Mozilla\Firefox\Profiles\qnpimw5m.default\extensions\firebug@software.joehewitt.com.xpi
[2008.06.30 17:46:45 | 000,001,108 | ---- | M] () -- C:\Documents and Settings\Buddy\Application Data\Mozilla\Firefox\Profiles\qnpimw5m.default\searchplugins\wikipedia-en.xml
[2013.01.18 23:02:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013.01.18 23:03:12 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.02.21 11:22:32 | 000,712,704 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2007.05.02 17:36:38 | 000,114,688 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll
[2013.01.05 18:19:10 | 000,001,583 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\atlas-sk.xml
[2013.01.05 18:19:10 | 000,001,380 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\azet-sk.xml
[2013.01.05 18:19:10 | 000,001,479 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\dunaj-sk.xml
[2013.01.05 18:19:10 | 000,001,473 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slovnik-sk.xml
[2013.01.05 18:19:10 | 000,001,104 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-sk.xml
[2013.01.05 18:19:10 | 000,000,830 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\zoznam-sk.xml

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage:
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Buddy\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Buddy\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Buddy\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.180.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java™ Platform SE 6 U18 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: BitCometAgent (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Buddy\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle Broadcaster Plugin (Enabled) = C:\Program Files\Veetle\VLCBroadcast\npvbp.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\Buddy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: H\u013Eada\u0165 v Google = C:\Documents and Settings\Buddy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Gmail = C:\Documents and Settings\Buddy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013.01.15 21:40:26 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [MBMon] C:\WINDOWS\System32\CTMBHA.DLL ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKCU..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKCU..\Run: [SetDefaultMIDI] C:\WINDOWS\MIDIDEF.EXE (Creative Technology Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download &Flash Movies - C:\Program Files\Flash2X\Flash Hunter\save.htm File not found
O9 - Extra Button: Print2PDF - {5B7027AD-AA6D-40df-8F56-9560F277D2A5} - C:\Program Files\Software602\Print2PDF\Print602.dll (Software602 a.s.)
O9 - Extra 'Tools' menuitem : Print2PDF - {5B7027AD-AA6D-40df-8F56-9560F277D2A5} - C:\Program Files\Software602\Print2PDF\Print602.dll (Software602 a.s.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} http://www.creative.com/su/ocx/15026/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} http://download.microsoft.com/download/a/d/e/ade837f3-8e2d-4eca-9e4f-f0fcc750ab87/VirtualEarth3D.cab (SentinelVE3D Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1357915608937 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl/jinstall-170-windows-i586.cab (Java Plug-in 1.7.0_10)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-170-windows-i586.cab (Java Plug-in 1.7.0_10)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://www.creative.com/su/ocx/15028/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.34.133.21 192.168.4.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D9754F8F-6338-4398-B7C8-DA0214490F45}: DhcpNameServer = 195.34.133.21 192.168.4.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.08.16 05:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013.01.22 22:06:05 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013.01.18 23:02:12 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.01.18 22:46:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Buddy\Desktop\RK_Quarantine
[2013.01.17 20:28:11 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Buddy\Desktop\aswMBR.exe
[2013.01.17 19:41:41 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.01.15 21:50:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Buddy\Desktop\OTL.exe
[2013.01.14 17:28:04 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013.01.14 17:28:04 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013.01.14 17:28:04 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013.01.14 17:28:04 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013.01.14 17:27:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.01.14 17:23:19 | 005,022,074 | R--- | C] (Swearware) -- C:\Documents and Settings\Buddy\Desktop\ComboFix.exe
[2013.01.13 22:41:02 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013.01.13 22:41:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ESET
[2013.01.13 22:41:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET
[2013.01.13 17:16:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Buddy\Application Data\AVG
[2013.01.13 17:01:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG
[2013.01.13 17:00:27 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
[2013.01.13 12:24:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Buddy\Application Data\TuneUp Software
[2013.01.13 12:15:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Buddy\Local Settings\Application Data\MFAData
[2013.01.13 12:15:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2013.01.11 21:13:06 | 000,000,000 | R--D | C] -- C:\Sandbox
[2013.01.11 21:11:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sandboxie
[2013.01.11 21:11:29 | 000,000,000 | ---D | C] -- C:\Program Files\Sandboxie
[2013.01.11 19:23:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Buddy\Application Data\Windows Search
[2013.01.11 16:04:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2013.01.11 16:00:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2013.01.11 15:59:00 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mimefilt.dll
[2013.01.11 15:58:59 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\offfilt.dll
[2013.01.11 15:58:59 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nlhtml.dll
[2013.01.11 13:39:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Buddy\Application Data\ElevatedDiagnostics
[2013.01.11 13:38:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2013.01.11 13:37:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2013.01.11 00:14:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Buddy\Local Settings\Application Data\PCHealth
[2013.01.10 21:39:13 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2013.01.10 20:53:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Buddy\Local Settings\Application Data\Sun
[2013.01.10 19:30:23 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Buddy\Recent
[2013.01.10 19:27:42 | 000,859,072 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2013.01.10 19:27:42 | 000,779,704 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2013.01.10 19:27:42 | 000,260,528 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013.01.10 19:27:42 | 000,143,872 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013.01.10 19:27:19 | 000,093,640 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013.01.10 19:27:18 | 000,174,000 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013.01.10 19:27:18 | 000,173,992 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013.01.09 22:10:25 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2013.01.09 22:10:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Buddy\Start Menu\Programs\Revo Uninstaller
[2013.01.09 18:40:15 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013.01.09 18:32:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.01.09 18:32:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013.01.09 18:32:47 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013.01.09 18:32:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013.01.24 20:40:39 | 000,001,016 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3239930355-4236695605-193725191-1005UA.job
[2013.01.24 20:39:21 | 000,002,302 | ---- | M] () -- C:\Documents and Settings\Buddy\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013.01.24 20:39:19 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Buddy\Desktop\Google Chrome.lnk
[2013.01.24 20:27:11 | 000,000,924 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.24 20:01:25 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Buddy\Desktop\SystemLook.exe
[2013.01.24 19:55:54 | 000,001,322 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini
[2013.01.24 19:49:15 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.01.24 19:47:49 | 000,000,920 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.24 19:46:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.01.18 22:44:38 | 000,764,416 | ---- | M] () -- C:\Documents and Settings\Buddy\Desktop\RogueKiller.exe
[2013.01.17 21:15:23 | 000,000,579 | ---- | M] () -- C:\Documents and Settings\Buddy\Desktop\MBR.zip
[2013.01.17 21:14:39 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Buddy\Desktop\MBR.dat
[2013.01.17 20:29:07 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Buddy\Desktop\aswMBR.exe
[2013.01.17 20:21:04 | 002,195,061 | ---- | M] () -- C:\Documents and Settings\Buddy\Desktop\tdsskiller.zip
[2013.01.15 21:50:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Buddy\Desktop\OTL.exe
[2013.01.15 21:40:26 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013.01.15 21:39:02 | 000,000,588 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2013.01.15 21:39:02 | 000,000,588 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2013.01.15 19:15:30 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
[2013.01.14 21:50:05 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2013.01.14 18:06:42 | 000,554,087 | ---- | M] () -- C:\Documents and Settings\Buddy\Desktop\adwcleaner.exe
[2013.01.14 18:03:44 | 000,881,914 | ---- | M] () -- C:\Documents and Settings\Buddy\Desktop\SecurityCheck.exe
[2013.01.14 17:23:57 | 005,022,074 | R--- | M] (Swearware) -- C:\Documents and Settings\Buddy\Desktop\ComboFix.exe
[2013.01.13 20:53:30 | 000,000,964 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3239930355-4236695605-193725191-1005Core.job
[2013.01.13 19:36:43 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Buddy\Application Data\Microsoft\Internet Explorer\Quick Launch\Show desktop.scf
[2013.01.13 10:21:54 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\Buddy\Desktop\HiJackThis.lnk
[2013.01.11 21:38:40 | 000,442,948 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.01.11 21:38:40 | 000,072,214 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013.01.11 21:11:30 | 000,000,754 | ---- | M] () -- C:\Documents and Settings\Buddy\Desktop\Pieskovisko Webový prehliadač.lnk
[2013.01.11 21:11:30 | 000,000,754 | ---- | M] () -- C:\Documents and Settings\Buddy\Application Data\Microsoft\Internet Explorer\Quick Launch\Pieskovisko Webový prehliadač.lnk
[2013.01.11 15:23:36 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Buddy\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013.01.11 15:23:36 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2013.01.10 23:31:04 | 000,624,408 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.01.10 19:26:34 | 000,093,640 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013.01.10 19:26:23 | 000,260,528 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013.01.10 19:26:23 | 000,174,000 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013.01.10 19:26:22 | 000,173,992 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013.01.10 19:26:22 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013.01.10 19:26:21 | 000,859,072 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2013.01.10 19:26:20 | 000,779,704 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2013.01.09 22:10:25 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\Buddy\Desktop\Revo Uninstaller.lnk
[2013.01.09 20:57:19 | 000,152,064 | ---- | M] () -- C:\Documents and Settings\Buddy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.01.09 18:32:51 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013.01.06 06:34:35 | 006,009,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.01.24 20:01:22 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Buddy\Desktop\SystemLook.exe
[2013.01.18 22:44:35 | 000,764,416 | ---- | C] () -- C:\Documents and Settings\Buddy\Desktop\RogueKiller.exe
[2013.01.17 21:15:23 | 000,000,579 | ---- | C] () -- C:\Documents and Settings\Buddy\Desktop\MBR.zip
[2013.01.17 21:14:39 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Buddy\Desktop\MBR.dat
[2013.01.17 20:21:01 | 002,195,061 | ---- | C] () -- C:\Documents and Settings\Buddy\Desktop\tdsskiller.zip
[2013.01.15 19:15:30 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
[2013.01.15 19:15:30 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
[2013.01.14 18:06:41 | 000,554,087 | ---- | C] () -- C:\Documents and Settings\Buddy\Desktop\adwcleaner.exe
[2013.01.14 18:03:42 | 000,881,914 | ---- | C] () -- C:\Documents and Settings\Buddy\Desktop\SecurityCheck.exe
[2013.01.14 17:28:04 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013.01.14 17:28:04 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013.01.14 17:28:04 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013.01.14 17:28:04 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013.01.14 17:28:04 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013.01.13 19:36:43 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Buddy\Application Data\Microsoft\Internet Explorer\Quick Launch\Show desktop.scf
[2013.01.11 21:12:14 | 000,000,754 | ---- | C] () -- C:\Documents and Settings\Buddy\Desktop\Pieskovisko Webový prehliadač.lnk
[2013.01.11 21:12:14 | 000,000,754 | ---- | C] () -- C:\Documents and Settings\Buddy\Application Data\Microsoft\Internet Explorer\Quick Launch\Pieskovisko Webový prehliadač.lnk
[2013.01.11 21:12:11 | 000,001,322 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2013.01.11 15:58:12 | 000,225,262 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msimain.sdb
[2013.01.11 15:23:36 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2013.01.09 22:10:25 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\Buddy\Desktop\Revo Uninstaller.lnk
[2013.01.09 18:32:51 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.12.14 21:07:53 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.12.14 20:17:49 | 000,297,153 | ---- | C] () -- C:\Documents and Settings\Buddy\Local Settings\Application Data\census.cache
[2012.12.14 20:17:35 | 000,237,681 | ---- | C] () -- C:\Documents and Settings\Buddy\Local Settings\Application Data\ars.cache
[2012.12.14 17:33:56 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Buddy\Local Settings\Application Data\housecall.guid.cache
[2012.03.10 11:46:32 | 000,259,888 | ---- | C] () -- C:\WINDOWS\SUPDRun.exe
[2012.03.10 11:46:31 | 000,283,136 | ---- | C] () -- C:\WINDOWS\System32\DscPnt.dll
[2012.03.10 11:46:31 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\spd__l.dll
[2012.03.10 11:46:30 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\spd__ci.exe
[2012.02.21 19:05:00 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.12.18 21:58:38 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Buddy\Local Settings\Application Data\WebpageIcons.db
[2011.12.18 18:41:28 | 000,035,202 | ---- | C] () -- C:\WINDOWS\System32\epfwdata.bin
[2011.12.18 16:32:19 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Buddy\Local Settings\Application Data\{4515464B-162D-40A5-8A08-43A382DEB73F}
[2011.11.27 20:18:28 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2011.11.27 20:18:21 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011.11.27 20:18:21 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011.11.27 20:18:10 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011.10.28 18:42:53 | 000,000,416 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk
[2011.07.27 19:54:39 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ReminderNextRun
[2011.01.13 22:04:18 | 000,007,968 | ---- | C] () -- C:\Documents and Settings\Buddy\.recently-used.xbel
[2010.03.06 18:33:59 | 000,003,598 | ---- | C] () -- C:\Documents and Settings\Buddy\.ganttproject
[2006.11.14 22:42:17 | 000,000,173 | ---- | C] () -- C:\Documents and Settings\Buddy\default.pls
[2006.05.19 19:47:02 | 000,002,917 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006.05.15 20:40:30 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Buddy\.gtk-bookmarks
[2006.03.04 13:55:08 | 000,003,072 | ---- | C] () -- C:\Documents and Settings\Buddy\Application Data\dvd.bmk
[2006.03.02 23:54:57 | 000,152,064 | ---- | C] () -- C:\Documents and Settings\Buddy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006.03.02 22:03:00 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Buddy\Local Settings\Application Data\fusioncache.dat

========== ZeroAccess Check ==========

[2005.08.16 05:39:16 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 01:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 13:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 01:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013.01.13 17:17:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG
[2008.02.28 18:22:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2011.12.18 18:12:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009.11.06 23:04:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2012.06.19 13:48:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation
[2013.01.13 22:41:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010.03.06 12:27:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\KaDonk
[2013.01.13 21:03:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011.10.09 19:05:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2008.07.15 20:38:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Teleca
[2009.01.31 20:11:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft
[2010.02.02 21:16:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
[2013.01.13 17:00:27 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
[2006.05.27 00:07:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buddy\Application Data\.BitTornado
[2008.10.28 18:38:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buddy\Application Data\Acoustica
[2013.01.13 17:16:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buddy\Application Data\AVG
[2008.11.02 21:07:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buddy\Application Data\BitTorrent
[2012.06.15 21:00:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buddy\Application Data\DAEMON Tools Lite
[2008.01.31 22:37:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buddy\Application Data\DAEMON Tools Pro
[2013.01.11 13:39:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buddy\Application Data\ElevatedDiagnostics
[2011.12.15 21:19:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buddy\Application Data\ESET
[2012.06.15 21:00:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buddy\Application Data\FileZilla
[2009.06.19 18:31:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buddy\Application Data\GetGo Software
[2011.01.13 22:03:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buddy\Application Data\gtk-2.0
[2006.08.12 15:16:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buddy\Application Data\gtopala
[2010.03.06 12:27:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buddy\Application Data\KaDonk
[2006.07.09 10:22:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buddy\Application Data\last.fm
[2006.03.02 22:41:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buddy\Application Data\Leadertech
[2009.06.19 18:39:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buddy\Application Data\Moyea
[2010.03.06 12:36:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buddy\Application Data\OpenProj
[2006.08.16 20:04:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buddy\Application Data\Opera
[2009.06.19 18:49:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buddy\Application Data\Orbit
[2008.05.18 15:16:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buddy\Application Data\PPMate
[2009.06.06 14:28:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buddy\Application Data\ppStream
[2006.03.05 22:26:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buddy\Application Data\RadLight LLC
[2007.12.15 18:24:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buddy\Application Data\Registry Cleaner
[2008.04.08 21:29:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buddy\Application Data\SmartDraw
[2008.04.29 19:51:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buddy\Application Data\Software602
[2010.09.04 20:05:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buddy\Application Data\Taito Legends
[2010.09.04 20:06:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buddy\Application Data\Taito Legends 2
[2008.07.15 20:48:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buddy\Application Data\Teleca
[2006.03.02 23:02:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buddy\Application Data\Template
[2010.04.11 20:20:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buddy\Application Data\TigerPlayer
[2012.12.14 21:53:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buddy\Application Data\TrojanHunter
[2013.01.13 12:24:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buddy\Application Data\TuneUp Software
[2006.08.16 19:14:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buddy\Application Data\uTorrent
[2013.01.11 19:23:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buddy\Application Data\Windows Search
[2011.12.18 22:38:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buddy\Application Data\xgccxd1zi3yfaxocr33dtmioku1uzoa12
[2011.12.15 16:59:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buddy\Application Data\xtryoxast2qqxyoefbehieglwftxhzeh2

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2011.12.18 18:07:23 | 000,219,292 | ---- | M] () -- C:\aaw7boot.log
[2009.11.27 15:29:58 | 000,000,000 | ---- | M] () -- C:\acc_speed.txt
[2013.01.14 18:07:06 | 000,001,066 | ---- | M] () -- C:\AdwCleaner[R1].txt
[2013.01.09 16:07:43 | 000,004,235 | ---- | M] () -- C:\AdwCleaner[S1].txt
[2005.08.16 05:43:04 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2006.08.13 13:26:14 | 000,000,209 | ---- | M] () -- C:\Boot.bak
[2012.06.19 15:28:32 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2009.03.29 21:33:38 | 000,000,000 | ---- | M] () -- C:\checkfw.log
[2004.08.03 22:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2013.01.15 21:47:55 | 000,016,160 | ---- | M] () -- C:\ComboFix.txt
[2005.08.16 05:43:04 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2006.02.27 21:45:02 | 000,005,522 | RH-- | M] () -- C:\dell.sdr
[2012.12.14 21:03:41 | 000,000,000 | -HS- | M] () -- C:\DkHyperbootSync
[2012.06.19 15:04:56 | 000,466,508 | ---- | M] () -- C:\dlcf.log
[2007.01.31 22:47:40 | 000,019,792 | ---- | M] () -- C:\GF_Excpt.txt
[2010.12.20 15:49:34 | 000,115,224 | ---- | M] () -- C:\img2-001.raw
[2006.03.11 17:38:31 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2005.08.16 05:43:04 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2005.08.16 05:43:04 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004.08.10 06:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008.09.23 18:36:40 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2013.01.24 19:45:56 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
[2013.01.14 17:22:09 | 000,396,288 | ---- | M] () -- C:\smlook.txt
[2013.01.17 20:26:46 | 000,105,850 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_17.01.2013_20.21.16_log.txt
[2006.10.19 22:03:56 | 000,028,927 | -H-- | M] () -- C:\treeinfo.wc

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2005.08.16 05:27:08 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2005.08.16 05:27:08 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2005.08.16 05:27:08 | 000,876,544 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys

< End of report >




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users