OTL logfile created on: 9/16/2012 2:48:04 AM - Run 2 OTL by OldTimer - Version 3.2.61.4 Folder = C:\Users\alex\Desktop Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Romania | Language: ROM | Date Format: dd.MM.yyyy 2.91 Gb Total Physical Memory | 1.97 Gb Available Physical Memory | 67.71% Memory free 5.81 Gb Paging File | 4.89 Gb Available in Paging File | 84.16% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 83.20 Gb Total Space | 18.09 Gb Free Space | 21.74% Space Free | Partition Type: NTFS Drive D: | 202.01 Gb Total Space | 4.71 Gb Free Space | 2.33% Space Free | Partition Type: NTFS Drive E: | 12.68 Gb Total Space | 2.12 Gb Free Space | 16.70% Space Free | Partition Type: NTFS Drive H: | 35.78 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Drive I: | 199.00 Mb Total Space | 166.57 Mb Free Space | 83.71% Space Free | Partition Type: NTFS Computer Name: ALEX-PC | User Name: alex | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012/09/15 12:19:05 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Users\alex\Desktop\OTL.exe PRC - [2011/11/10 12:14:41 | 000,514,048 | ---- | M] () -- C:\Program Files\Mobile Partner\Mobile Partner.exe PRC - [2011/11/10 12:14:41 | 000,218,624 | ---- | M] () -- C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe PRC - [2011/02/25 08:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011/01/12 17:41:42 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe PRC - [2011/01/12 17:41:24 | 002,219,184 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe PRC - [2010/11/20 15:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010/11/16 16:37:38 | 000,264,704 | ---- | M] () -- C:\ProgramData\DatacardService\HWDeviceService.exe PRC - [2010/11/16 16:37:30 | 000,230,912 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe PRC - [2010/03/23 14:53:06 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe PRC - [2010/03/23 14:53:06 | 000,229,458 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\stacsv.exe PRC - [2009/03/02 18:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\AEstSrv.exe PRC - [2008/12/09 14:08:38 | 000,495,616 | ---- | M] (Gadwin Systems, Inc) -- C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe PRC - [2008/11/09 23:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe PRC - [2008/11/02 11:38:58 | 000,167,936 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE PRC - [2007/12/06 22:03:41 | 000,660,768 | ---- | M] (ABBYY (BIT Software)) -- C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe PRC - [2007/02/04 12:02:14 | 000,079,400 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe PRC - [2006/07/25 17:28:16 | 000,200,704 | ---- | M] (National Instruments, Inc.) -- C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe PRC - [2006/07/25 17:28:10 | 000,057,344 | ---- | M] (National Instruments, Inc.) -- C:\Windows\System32\lktsrv.exe PRC - [2006/07/25 17:28:02 | 000,045,056 | ---- | M] (National Instruments, Inc.) -- C:\Windows\System32\lkads.exe PRC - [2006/06/19 14:01:52 | 000,688,190 | ---- | M] (National Instruments, Inc.) -- C:\Windows\System32\lkcitdl.exe PRC - [2006/02/06 16:46:42 | 000,049,152 | ---- | M] (National Instruments Corp.) -- C:\Windows\System32\nisvcloc.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2011/11/10 12:14:45 | 000,777,728 | ---- | M] () -- C:\Program Files\Mobile Partner\SMSUIPlugin.dll MOD - [2011/11/10 12:14:45 | 000,314,368 | ---- | M] () -- C:\Program Files\Mobile Partner\StatusBarMgrPlugin.dll MOD - [2011/11/10 12:14:45 | 000,229,376 | ---- | M] () -- C:\Program Files\Mobile Partner\ToolBarMgrPlugin.dll MOD - [2011/11/10 12:14:45 | 000,185,856 | ---- | M] () -- C:\Program Files\Mobile Partner\XFramePlugin.dll MOD - [2011/11/10 12:14:45 | 000,159,232 | ---- | M] () -- C:\Program Files\Mobile Partner\XCodec.dll MOD - [2011/11/10 12:14:45 | 000,156,672 | ---- | M] () -- C:\Program Files\Mobile Partner\STKSrvPlugin.dll MOD - [2011/11/10 12:14:45 | 000,142,336 | ---- | M] () -- C:\Program Files\Mobile Partner\USSDSrvPlugin.dll MOD - [2011/11/10 12:14:45 | 000,135,168 | ---- | M] () -- C:\Program Files\Mobile Partner\Trace.dll MOD - [2011/11/10 12:14:45 | 000,106,496 | ---- | M] () -- C:\Program Files\Mobile Partner\Win7Support.dll MOD - [2011/11/10 12:14:44 | 009,515,520 | ---- | M] () -- C:\Program Files\Mobile Partner\QtGui4.dll MOD - [2011/11/10 12:14:44 | 002,415,104 | ---- | M] () -- C:\Program Files\Mobile Partner\QtCore4.dll MOD - [2011/11/10 12:14:44 | 001,148,416 | ---- | M] () -- C:\Program Files\Mobile Partner\QtNetwork4.dll MOD - [2011/11/10 12:14:44 | 000,670,720 | ---- | M] () -- C:\Program Files\Mobile Partner\SmsAppPlugin.dll MOD - [2011/11/10 12:14:44 | 000,545,280 | ---- | M] () -- C:\Program Files\Mobile Partner\PluginContainer.dll MOD - [2011/11/10 12:14:44 | 000,379,392 | ---- | M] () -- C:\Program Files\Mobile Partner\Proxy.dll MOD - [2011/11/10 12:14:44 | 000,370,176 | ---- | M] () -- C:\Program Files\Mobile Partner\plugins\imageformats\qtiff4.dll MOD - [2011/11/10 12:14:44 | 000,350,720 | ---- | M] () -- C:\Program Files\Mobile Partner\plugins\imageformats\qmng4.dll MOD - [2011/11/10 12:14:44 | 000,258,560 | ---- | M] () -- C:\Program Files\Mobile Partner\sdk.dll MOD - [2011/11/10 12:14:44 | 000,225,280 | ---- | M] () -- C:\Program Files\Mobile Partner\NetSrvPlugin.dll MOD - [2011/11/10 12:14:44 | 000,217,600 | ---- | M] () -- C:\Program Files\Mobile Partner\SmsSrvPlugin.dll MOD - [2011/11/10 12:14:44 | 000,192,000 | ---- | M] () -- C:\Program Files\Mobile Partner\plugins\imageformats\qjpeg4.dll MOD - [2011/11/10 12:14:44 | 000,133,120 | ---- | M] () -- C:\Program Files\Mobile Partner\OSDialup.dll MOD - [2011/11/10 12:14:44 | 000,131,072 | ---- | M] () -- C:\Program Files\Mobile Partner\OSNDIS.dll MOD - [2011/11/10 12:14:44 | 000,101,376 | ---- | M] () -- C:\Program Files\Mobile Partner\OSAdapt.dll MOD - [2011/11/10 12:14:44 | 000,093,184 | ---- | M] () -- C:\Program Files\Mobile Partner\NotifyServicePlugin.dll MOD - [2011/11/10 12:14:44 | 000,082,944 | ---- | M] () -- C:\Program Files\Mobile Partner\plugins\imageformats\qgif4.dll MOD - [2011/11/10 12:14:44 | 000,081,920 | ---- | M] () -- C:\Program Files\Mobile Partner\plugins\imageformats\qico4.dll MOD - [2011/11/10 12:14:44 | 000,065,536 | ---- | M] () -- C:\Program Files\Mobile Partner\OSPowerMgr.dll MOD - [2011/11/10 12:14:44 | 000,062,976 | ---- | M] () -- C:\Program Files\Mobile Partner\OSCall.dll MOD - [2011/11/10 12:14:43 | 001,101,824 | ---- | M] () -- C:\Program Files\Mobile Partner\NDISAPI.dll MOD - [2011/11/10 12:14:43 | 000,495,104 | ---- | M] () -- C:\Program Files\Mobile Partner\DeviceMgrUIPlugin.dll MOD - [2011/11/10 12:14:43 | 000,449,536 | ---- | M] () -- C:\Program Files\Mobile Partner\NetInfoUIExPlugin.dll MOD - [2011/11/10 12:14:43 | 000,414,720 | ---- | M] () -- C:\Program Files\Mobile Partner\DialupUIPlugin.dll MOD - [2011/11/10 12:14:43 | 000,352,768 | ---- | M] () -- C:\Program Files\Mobile Partner\core.dll MOD - [2011/11/10 12:14:43 | 000,337,408 | ---- | M] () -- C:\Program Files\Mobile Partner\DeviceAppPlugin.dll MOD - [2011/11/10 12:14:43 | 000,331,776 | ---- | M] () -- C:\Program Files\Mobile Partner\NetConnectPlugin.dll MOD - [2011/11/10 12:14:43 | 000,300,544 | ---- | M] () -- C:\Program Files\Mobile Partner\DeviceSrvPlugin.dll MOD - [2011/11/10 12:14:43 | 000,275,456 | ---- | M] () -- C:\Program Files\Mobile Partner\NetInfoSrvPlugin.dll MOD - [2011/11/10 12:14:43 | 000,245,760 | ---- | M] () -- C:\Program Files\Mobile Partner\MenuMgrPlugin.dll MOD - [2011/11/10 12:14:43 | 000,239,104 | ---- | M] () -- C:\Program Files\Mobile Partner\LiveUpdateInterface.dll MOD - [2011/11/10 12:14:43 | 000,211,456 | ---- | M] () -- C:\Program Files\Mobile Partner\DialUpPlugin.dll MOD - [2011/11/10 12:14:43 | 000,179,712 | ---- | M] () -- C:\Program Files\Mobile Partner\NDISPlugin.dll MOD - [2011/11/10 12:14:43 | 000,158,720 | ---- | M] () -- C:\Program Files\Mobile Partner\NetConnectSrvPlugin.dll MOD - [2011/11/10 12:14:43 | 000,157,184 | ---- | M] () -- C:\Program Files\Mobile Partner\DataServicePlugin.dll MOD - [2011/11/10 12:14:43 | 000,117,760 | ---- | M] () -- C:\Program Files\Mobile Partner\LayoutPlugin.dll MOD - [2011/11/10 12:14:43 | 000,043,008 | ---- | M] () -- C:\Program Files\Mobile Partner\libgcc_s_dw2-1.dll MOD - [2011/11/10 12:14:43 | 000,011,362 | ---- | M] () -- C:\Program Files\Mobile Partner\mingwm10.dll MOD - [2011/11/10 12:14:42 | 001,077,248 | ---- | M] () -- C:\Program Files\Mobile Partner\AddrBookPlugin.dll MOD - [2011/11/10 12:14:42 | 000,739,840 | ---- | M] () -- C:\Program Files\Mobile Partner\AddrBookUIPlugin.dll MOD - [2011/11/10 12:14:42 | 000,550,400 | ---- | M] () -- C:\Program Files\Mobile Partner\CallAppPlugin.dll MOD - [2011/11/10 12:14:42 | 000,547,840 | ---- | M] () -- C:\Program Files\Mobile Partner\CallLogSrvPlugin.dll MOD - [2011/11/10 12:14:42 | 000,264,704 | ---- | M] () -- C:\Program Files\Mobile Partner\AddrBookSrvPlugin.dll MOD - [2011/11/10 12:14:42 | 000,238,592 | ---- | M] () -- C:\Program Files\Mobile Partner\AtCodec.dll MOD - [2011/11/10 12:14:42 | 000,218,112 | ---- | M] () -- C:\Program Files\Mobile Partner\Common.dll MOD - [2011/11/10 12:14:42 | 000,175,104 | ---- | M] () -- C:\Program Files\Mobile Partner\CallSrvPlugin.dll MOD - [2011/11/10 12:14:42 | 000,123,392 | ---- | M] () -- C:\Program Files\Mobile Partner\ATR2SMgr.dll MOD - [2011/11/10 12:14:41 | 000,514,048 | ---- | M] () -- C:\Program Files\Mobile Partner\Mobile Partner.exe MOD - [2005/06/05 22:06:54 | 000,125,440 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV - File not found [Auto | Stopped] -- C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE -- (IJPLMSVC) SRV - [2012/09/11 16:47:05 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/08/21 17:55:07 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/03/02 21:43:04 | 008,167,936 | ---- | M] () [Auto | Stopped] -- C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe -- (MySQL) SRV - [2012/01/06 15:57:23 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011/11/10 12:14:41 | 000,218,624 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Mobile Partner\UpdateDog\ouc.exe -- (Mobile Partner. RunOuc) SRV - [2011/03/21 14:21:24 | 000,632,832 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2011/01/12 17:44:02 | 000,033,584 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv) SRV - [2011/01/12 17:41:42 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn) SRV - [2011/01/06 22:41:06 | 004,192,928 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc) SRV - [2010/11/16 16:37:38 | 000,264,704 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\HWDeviceService.exe -- (HWDeviceService.exe) SRV - [2010/07/06 18:03:00 | 000,173,352 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5) SRV - [2010/05/27 21:10:47 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2010/03/23 14:53:06 | 000,229,458 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\stacsv.exe -- (STacSV) SRV - [2009/07/14 04:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/14 04:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009/07/14 04:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009/03/02 18:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\AEstSrv.exe -- (AESTFilters) SRV - [2008/11/09 23:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) SRV - [2007/12/06 22:03:41 | 000,660,768 | ---- | M] (ABBYY (BIT Software)) [Auto | Running] -- C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Professional.9.0) SRV - [2006/07/25 17:28:16 | 000,200,704 | ---- | M] (National Instruments, Inc.) [Auto | Running] -- C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe -- (NIDomainService) SRV - [2006/07/25 17:28:10 | 000,057,344 | ---- | M] (National Instruments, Inc.) [Auto | Running] -- C:\Windows\System32\lktsrv.exe -- (lkTimeSync) SRV - [2006/07/25 17:28:02 | 000,045,056 | ---- | M] (National Instruments, Inc.) [Auto | Running] -- C:\Windows\System32\lkads.exe -- (lkClassAds) SRV - [2006/06/27 19:55:28 | 001,007,616 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe -- (NILM License Manager) SRV - [2006/06/19 14:01:52 | 000,688,190 | ---- | M] (National Instruments, Inc.) [Auto | Running] -- C:\Windows\System32\lkcitdl.exe -- (LkCitadelServer) SRV - [2006/02/06 16:46:42 | 000,049,152 | ---- | M] (National Instruments Corp.) [Auto | Running] -- C:\Windows\System32\nisvcloc.exe -- (niSvcLoc) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\massfilter.sys -- (massfilter) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbfake.sys -- (hwusbfake) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Garena\safedrv.sys -- (GGSAFERDriver) DRV - [2011/11/10 12:14:47 | 000,011,136 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter) DRV - [2011/11/10 12:14:46 | 000,208,896 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet) DRV - [2011/11/10 12:14:46 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev) DRV - [2011/11/10 12:14:46 | 000,072,576 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator) DRV - [2011/11/10 12:14:45 | 000,106,880 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2011/08/17 10:56:32 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2011/08/17 10:56:30 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2011/08/17 10:56:26 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2011/08/17 10:56:22 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2010/12/21 16:04:06 | 000,137,144 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm) DRV - [2010/12/21 16:04:06 | 000,115,008 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv) DRV - [2010/12/21 14:47:38 | 000,095,384 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr) DRV - [2010/12/07 22:49:50 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pfc.sys -- (pfc) DRV - [2010/11/20 15:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010/11/20 15:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010/11/20 15:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010/11/20 13:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010/11/20 13:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2010/11/20 12:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010/11/20 12:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010/11/20 12:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010/04/05 00:01:05 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2010/03/23 14:53:06 | 000,423,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2010/01/13 16:36:40 | 006,755,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32) DRV - [2009/11/28 16:06:10 | 000,087,424 | ---- | M] (Global Wireless Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BMusbmdm.sys -- (BMusbmdm) DRV - [2009/11/28 16:06:10 | 000,087,424 | ---- | M] (Global Wireless Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BMserNmea.sys -- (BMserNmea) DRV - [2009/11/28 16:06:10 | 000,087,424 | ---- | M] (Global Wireless Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BMserDiag.sys -- (BMserDiag) DRV - [2009/07/10 07:44:52 | 000,122,880 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) DRV - [2008/11/02 11:44:10 | 000,056,572 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu) DRV - [2008/08/26 11:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2006/07/27 10:00:00 | 000,004,096 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cvintdrv.sys -- (cvintdrv) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{649F00C4-C01C-47F8-B5BA-7ABA0D5D0DDC}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.ro/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = ro IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = ED 01 AC C0 48 E9 CA 01 [binary data] IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{4ECFADCA-602F-4D4E-B439-A0B90D694C90}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=15158&src=kw&q={searchTerms}&locale=en_EU&apn_ptnrs=UG&apn_dtid=OSJ000&apn_uid=D32CA205-A74D-4C31-93EE-F4D34CE59C46&apn_sauid=D973203F-C07F-452A-A35F-9DA1882D9A70 IE - HKCU\..\SearchScopes\{649F00C4-C01C-47F8-B5BA-7ABA0D5D0DDC}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SUNC_en IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://startsear.ch/?aff=2&src=sp&cf=35624ac1-4222-11e1-9c68-c80aa90935b4&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultengine: "Web Search" FF - prefs.js..browser.search.defaultenginename: "Web Search" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "http://www.google.ro/" FF - prefs.js..extensions.enabledAddons: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.15.1.0 FF - prefs.js..extensions.enabledAddons: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:1.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/11 16:47:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/11 16:47:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011/02/16 22:49:52 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/11 16:47:06 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/11 16:47:02 | 000,000,000 | ---D | M] [2011/03/07 04:13:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\alex\AppData\Roaming\mozilla\Extensions [2012/09/14 17:57:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\alex\AppData\Roaming\mozilla\Firefox\Profiles\2lbpnvcp.default\extensions [2012/08/27 23:32:54 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\alex\AppData\Roaming\mozilla\Firefox\Profiles\2lbpnvcp.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} [2012/09/14 17:57:17 | 000,270,876 | ---- | M] () (No name found) -- C:\Users\alex\AppData\Roaming\mozilla\firefox\profiles\2lbpnvcp.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012/01/19 01:18:10 | 000,000,792 | ---- | M] () -- C:\Users\alex\AppData\Roaming\mozilla\firefox\profiles\2lbpnvcp.default\searchplugins\startsear.xml [2012/09/11 16:47:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012/09/11 16:47:00 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012/09/11 16:47:06 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012/03/23 20:28:31 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2006/01/23 10:32:04 | 000,020,992 | ---- | M] (National Instruments) -- C:\Program Files\mozilla firefox\plugins\NPLV80Win32.dll [2006/06/07 14:40:18 | 000,027,376 | ---- | M] (National Instruments) -- C:\Program Files\mozilla firefox\plugins\NPLV82Win32.dll [2011/10/27 16:45:50 | 000,083,456 | ---- | M] (LiveVDO ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll [2012/08/30 08:13:55 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/06/20 15:20:39 | 000,001,179 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipediaro.xml O1 HOSTS File: ([2012/09/15 22:55:25 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET) O4 - HKLM..\Run: [NSU_agent] C:\Program Files\Nokia\Nokia Software Updater\nsu3ui_agent.exe () O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.) O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKCU..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Download with &Media Finder - C:\Program Files\Media Finder\hook.html File not found O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O13 - gopher Prefix: missing O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/IWONBarInitialSetup1.0.1.1.cab (Reg Error: Key error.) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2CF0E613-B255-4582-9C9B-0DA26C3F3BED}: NameServer = 62.217.213.71 93.122.135.199 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{77454764-4484-466F-99D1-F199B9EDDC77}: NameServer = 93.122.135.199 62.217.213.71 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7B8C7A88-412E-4AA9-8422-684FB5A0755A}: NameServer = 93.122.135.199 62.217.213.71 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{93BA0B9E-63A0-47E0-9D71-C3D6210AF7AE}: DhcpNameServer = 78.96.7.88 95.77.94.88 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9956A425-3A56-4226-9ACF-155AEF7261E6}: NameServer = 62.217.213.71 93.122.135.199 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D23B0FEB-C5E7-4CE6-923C-8E9CF2F31E78}: NameServer = 93.122.135.199 62.217.213.71 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D87CFC61-F503-42B5-A962-A146CDE7E2B9}: NameServer = 93.122.135.199 62.217.213.71 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F34B0681-1EC7-451C-B840-8D3D1163FC10}: NameServer = 93.122.135.199 62.217.213.71 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/11 00:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2010/11/19 08:37:37 | 000,142,336 | R--- | M] () - H:\AutoRun.exe -- [ CDFS ] O32 - AutoRun File - [2008/10/03 20:12:34 | 000,000,045 | R--- | M] () - H:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{00b33f66-4084-11df-8984-c80aa90935b4}\Shell - "" = AutoRun O33 - MountPoints2\{00b33f66-4084-11df-8984-c80aa90935b4}\Shell\AutoRun\command - "" = G:\SETUP.EXE O33 - MountPoints2\{082b8536-0bb7-11e1-b835-1cc1debcd82f}\Shell - "" = AutoRun O33 - MountPoints2\{082b8536-0bb7-11e1-b835-1cc1debcd82f}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- [2010/11/19 08:37:37 | 000,142,336 | R--- | M] () O33 - MountPoints2\{1abd5998-54fd-11df-a85f-c80aa90935b4}\Shell - "" = AutoRun O33 - MountPoints2\{1abd5998-54fd-11df-a85f-c80aa90935b4}\Shell\AutoRun\command - "" = H:\windows\Install.exe O33 - MountPoints2\{242a5373-4206-11e1-9c68-c80aa90935b4}\Shell - "" = AutoRun O33 - MountPoints2\{242a5373-4206-11e1-9c68-c80aa90935b4}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- [2010/11/19 08:37:37 | 000,142,336 | R--- | M] () O33 - MountPoints2\{2ab8af27-0c46-11e1-a46c-1cc1debcd82f}\Shell - "" = AutoRun O33 - MountPoints2\{2ab8af27-0c46-11e1-a46c-1cc1debcd82f}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- [2010/11/19 08:37:37 | 000,142,336 | R--- | M] () O33 - MountPoints2\{2c26111f-aaa8-11df-8697-c80aa90935b4}\Shell - "" = AutoRun O33 - MountPoints2\{2c26111f-aaa8-11df-8697-c80aa90935b4}\Shell\AutoRun\command - "" = J:\AutoRun.exe O33 - MountPoints2\{2e0ab6c0-8a9e-11df-8ab7-c80aa90935b4}\Shell - "" = AutoRun O33 - MountPoints2\{2e0ab6c0-8a9e-11df-8ab7-c80aa90935b4}\Shell\AutoRun\command - "" = J:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{37d46a06-80f3-11df-9e60-c80aa90935b4}\Shell - "" = AutoRun O33 - MountPoints2\{37d46a06-80f3-11df-9e60-c80aa90935b4}\Shell\AutoRun\command - "" = J:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{37d46a8f-80f3-11df-9e60-c80aa90935b4}\Shell - "" = AutoRun O33 - MountPoints2\{37d46a8f-80f3-11df-9e60-c80aa90935b4}\Shell\AutoRun\command - "" = K:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{5458d42d-0b7b-11e1-a4c5-1cc1debcd82f}\Shell - "" = AutoRun O33 - MountPoints2\{5458d42d-0b7b-11e1-a4c5-1cc1debcd82f}\Shell\AutoRun\command - "" = J:\AutoRun.exe O33 - MountPoints2\{5458d44f-0b7b-11e1-a4c5-1cc1debcd82f}\Shell - "" = AutoRun O33 - MountPoints2\{5458d44f-0b7b-11e1-a4c5-1cc1debcd82f}\Shell\AutoRun\command - "" = J:\AutoRun.exe O33 - MountPoints2\{a9b25425-0656-11e1-a4d9-1cc1debcd82f}\Shell - "" = AutoRun O33 - MountPoints2\{a9b25425-0656-11e1-a4d9-1cc1debcd82f}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a O33 - MountPoints2\{e5c384e3-2d7c-11e1-996e-1c7508de7002}\Shell - "" = AutoRun O33 - MountPoints2\{e5c384e3-2d7c-11e1-996e-1c7508de7002}\Shell\AutoRun\command - "" = J:\AutoRun.exe O33 - MountPoints2\{ea73ce3c-adf9-11df-86f4-c80aa90935b4}\Shell - "" = AutoRun O33 - MountPoints2\{ea73ce3c-adf9-11df-86f4-c80aa90935b4}\Shell\AutoRun\command - "" = J:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{ea73ce77-adf9-11df-86f4-c80aa90935b4}\Shell - "" = AutoRun O33 - MountPoints2\{ea73ce77-adf9-11df-86f4-c80aa90935b4}\Shell\AutoRun\command - "" = J:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{ea73ced3-adf9-11df-86f4-c80aa90935b4}\Shell - "" = AutoRun O33 - MountPoints2\{ea73ced3-adf9-11df-86f4-c80aa90935b4}\Shell\AutoRun\command - "" = J:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{f1271da6-c1b4-11e1-967d-c80aa90935b4}\Shell - "" = AutoRun O33 - MountPoints2\{f1271da6-c1b4-11e1-967d-c80aa90935b4}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- [2010/11/19 08:37:37 | 000,142,336 | R--- | M] () O33 - MountPoints2\{f7ef4028-1b8d-11e1-9d53-1cc1debcd82f}\Shell - "" = AutoRun O33 - MountPoints2\{f7ef4028-1b8d-11e1-9d53-1cc1debcd82f}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- [2010/11/19 08:37:37 | 000,142,336 | R--- | M] () O33 - MountPoints2\{ff5833ff-5e96-11df-a3b9-c80aa90935b4}\Shell - "" = AutoRun O33 - MountPoints2\{ff5833ff-5e96-11df-a3b9-c80aa90935b4}\Shell\AutoRun\command - "" = J:\AutoRun.exe O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\SETUP.EXE O33 - MountPoints2\H\Shell - "" = AutoRun O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AutoRun.exe -- [2010/11/19 08:37:37 | 000,142,336 | R--- | M] () O33 - MountPoints2\J\Shell - "" = AutoRun O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\AutoRun.exe O33 - MountPoints2\K\Shell - "" = AutoRun O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012/09/16 02:42:19 | 002,211,928 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\alex\Desktop\tdsskiller.exe [2012/09/15 22:55:15 | 000,000,000 | ---D | C] -- C:\_OTL [2012/09/15 13:24:53 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\alex\Desktop\aswMBR.exe [2012/09/15 12:19:00 | 000,599,552 | ---- | C] (OldTimer Tools) -- C:\Users\alex\Desktop\OTL.exe [2012/09/11 16:46:59 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012/09/09 09:41:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WALKMAN Guide [2012/09/09 09:39:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Corporation [2012/09/09 09:39:35 | 000,000,000 | ---D | C] -- C:\Program Files\Sony [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012/09/16 02:44:42 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/09/16 02:44:42 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/09/16 02:42:48 | 000,624,406 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/09/16 02:42:48 | 000,109,916 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/09/16 02:42:40 | 002,211,928 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\alex\Desktop\tdsskiller.exe [2012/09/16 02:36:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/09/16 02:36:26 | 2339,573,760 | -HS- | M] () -- C:\hiberfil.sys [2012/09/15 23:35:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/09/15 22:55:25 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts [2012/09/15 13:25:11 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\alex\Desktop\aswMBR.exe [2012/09/15 12:19:05 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Users\alex\Desktop\OTL.exe [2012/09/12 00:05:56 | 000,001,994 | ---- | M] () -- C:\Users\alex\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2012/09/10 23:26:44 | 000,001,143 | ---- | M] () -- C:\Users\alex\Application Data\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk [2012/09/10 20:18:27 | 000,000,499 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics [2012/09/09 09:41:36 | 000,002,056 | ---- | M] () -- C:\Users\Public\Desktop\NWZ-B170 WALKMAN Guide.lnk [2012/08/28 13:23:54 | 000,000,724 | ---- | M] () -- C:\Users\alex\Desktop\L2 - Cerius.lnk [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012/09/09 09:41:36 | 000,002,056 | ---- | C] () -- C:\Users\Public\Desktop\NWZ-B170 WALKMAN Guide.lnk [2012/08/28 13:23:54 | 000,000,724 | ---- | C] () -- C:\Users\alex\Desktop\L2 - Cerius.lnk [2012/07/11 23:45:42 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI [2012/06/27 10:38:29 | 000,000,017 | ---- | C] () -- C:\Users\alex\AppData\Local\resmon.resmoncfg [2012/03/23 20:57:17 | 000,000,023 | ---- | C] () -- C:\Windows\ODBCINST.INI [2012/01/15 22:00:38 | 000,000,000 | ---- | C] () -- C:\Users\alex\AppData\Local\{A9A02702-8E34-4A7B-8009-952C93505B40} [2011/12/14 08:26:31 | 000,000,000 | ---- | C] () -- C:\Users\alex\AppData\Local\{26773476-5777-4733-9062-05F1FE558B10} [2011/11/02 18:19:04 | 000,051,270 | ---- | C] () -- C:\Users\alex\AppData\Roaming\room_v3.dat [2011/08/28 19:12:02 | 000,000,377 | ---- | C] () -- C:\Users\alex\AppData\Roaming\data.dat [2011/08/05 06:54:10 | 000,000,000 | ---- | C] () -- C:\Users\alex\AppData\Local\{9460D54A-D55E-4634-84E6-8200C687F42E} [2011/07/18 17:55:01 | 000,000,000 | ---- | C] () -- C:\Users\alex\AppData\Local\{2DA8413C-A911-4967-9DEB-81C847862C12} [2011/06/09 22:06:17 | 000,000,000 | ---- | C] () -- C:\Users\alex\AppData\Local\{A6CCD88E-5570-4355-93B0-046EF6A6CB6A} [2011/06/09 21:02:54 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe [2011/06/09 21:01:08 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011/03/25 16:23:42 | 000,006,144 | ---- | C] () -- C:\Users\alex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/02/11 19:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll [2010/12/29 12:58:15 | 000,032,873 | ---- | C] () -- C:\Windows\scunin.dat [2010/12/02 10:36:05 | 001,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll [2010/08/29 23:40:38 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [color=#E56717]========== LOP Check ==========[/color] [2010/05/13 20:06:12 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\123 Free Solitaire [2010/12/07 22:59:46 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\ACD Systems [2012/03/23 19:51:39 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\Babylon [2010/09/13 11:45:03 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\Canon [2010/10/23 10:00:45 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\DAEMON Tools Lite [2011/08/28 20:41:09 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\EurekaLog [2012/02/05 22:53:35 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\FloodLightGames [2012/03/23 21:01:03 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\MySQL [2012/06/10 23:33:35 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\National Instruments [2011/10/28 23:47:29 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\Nokia [2012/01/16 22:04:24 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\Notepad++ [2011/10/29 13:24:33 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\Nseries [2011/10/28 23:51:14 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\PC Suite [2010/09/10 00:56:07 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\ScanSoft [2012/04/02 00:13:41 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\Sports Interactive [2010/07/25 22:31:12 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\TeamViewer [2012/04/07 18:29:39 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\TigerPlayer [2012/09/07 11:19:46 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\uTorrent [2012/06/28 21:48:48 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:45690DD4 < End of report >