Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

svchost.exe trojan in system32\install\


  • This topic is locked This topic is locked

#1
belchev

belchev

    New Member

  • Member
  • Pip
  • 5 posts
Hello,
Everytime Windows is started, a new process "opera.exe" is executed and fill up my CPU. When i kill it, a svchost.exe executes and starts again opera.exe. The file itself (svchost.exe) is located in C:\WINDOWS\system32\install\ and appears for a second only when i kill opera.exe.
I tried to delete O4 - HKLM..\Run: [HKLM] C:\WINDOWS\system32\install\svchost.exe () but everytime when i delete it, it shows again.

Thanks in advance!

Heres a the log from OTL:

OTL logfile created on: 19.10.2011 18:26:20 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Seso\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000402 | Country: Bulgaria | Language: BGR | Date Format: dd.MM.yyyy

2.00 Gb Total Physical Memory | 0.82 Gb Available Physical Memory | 40.93% Memory free
3.85 Gb Paging File | 2.78 Gb Available in Paging File | 72.30% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 14.64 Gb Total Space | 1.28 Gb Free Space | 8.72% Space Free | Partition Type: NTFS
Drive D: | 9.77 Gb Total Space | 0.67 Gb Free Space | 6.82% Space Free | Partition Type: NTFS
Drive E: | 14.65 Gb Total Space | 2.93 Gb Free Space | 20.00% Space Free | Partition Type: NTFS
Drive F: | 150.86 Gb Total Space | 8.19 Gb Free Space | 5.43% Space Free | Partition Type: NTFS

Computer Name: 01-PC | User Name: Seso | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.10.19 18:26:03 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Seso\Desktop\OTL.exe
PRC - [2011.10.17 20:18:23 | 004,615,552 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011.08.12 02:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011.06.29 06:06:36 | 000,947,056 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2010.06.07 16:16:56 | 003,887,480 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Seso\Desktop\processexplorer.exe
PRC - [2010.01.06 18:23:32 | 000,142,648 | ---- | M] (FSPro Labs) -- C:\WINDOWS\system32\fsproflt.exe
PRC - [2009.02.18 20:27:04 | 001,072,288 | ---- | M] (FSPro Labs) -- C:\Program Files\My Lockbox\mylbx.exe
PRC - [2009.02.06 14:23:36 | 000,727,720 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2009.02.06 14:23:12 | 002,021,400 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2008.07.11 20:00:06 | 000,080,392 | ---- | M] () -- C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
PRC - [2008.06.18 13:01:56 | 000,077,824 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SoundMan.exe
PRC - [2008.02.20 05:46:06 | 001,119,624 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\CNAB8SWK.EXE
PRC - [2008.02.20 05:44:24 | 000,181,624 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\CNAP2RPK.EXE
PRC - [2007.09.06 02:48:00 | 000,406,944 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\CNAP2LAK.EXE
PRC - [2004.08.04 15:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2000.12.30 13:39:58 | 000,151,552 | ---- | M] () -- C:\WINDOWS\Datecs\Flex2K.exe


========== Modules (No Company Name) ==========

MOD - [2011.10.19 18:14:07 | 000,063,488 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2011.10.19 18:14:07 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2011.10.19 17:58:06 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2011.10.19 17:58:06 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2011.06.01 00:18:15 | 006,271,136 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011.03.15 02:18:43 | 012,509,184 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\67cfb70213562afe2ca9b9066764af3a\System.Web.ni.dll
MOD - [2011.03.15 02:18:09 | 001,011,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\eee9b48577689e92db5a7b5c5de98d9b\System.Configuration.ni.dll
MOD - [2011.03.15 01:52:05 | 000,027,136 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\c6772fd12a581ad3be49e3f2a80b5622\Accessibility.ni.dll
MOD - [2011.03.15 00:40:49 | 005,771,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\c98cb65a79cfccb44ea727ebe4593ede\System.Xml.ni.dll
MOD - [2011.03.15 00:40:45 | 013,193,216 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3d8c79c45aa674e43f075e2e66b8caf5\System.Windows.Forms.ni.dll
MOD - [2011.03.15 00:40:35 | 001,667,072 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e83aac37b2623f1a24c70979f31dd56\System.Drawing.ni.dll
MOD - [2011.03.15 00:39:19 | 008,265,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\ba0e3a22211ba7343e0116b051f2965a\System.ni.dll
MOD - [2011.03.15 00:37:38 | 011,722,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\32e6f703c114f3a971cbe706586e3655\mscorlib.ni.dll
MOD - [2011.03.14 23:51:26 | 000,299,008 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2010.07.05 00:32:38 | 000,010,752 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dll
MOD - [2009.11.25 01:41:48 | 000,266,240 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3134.39961__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2009.11.25 01:41:48 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3134.39999__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2009.11.25 01:41:47 | 001,691,648 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3134.40006__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2009.11.25 01:41:47 | 000,364,544 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.3134.40169__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll
MOD - [2009.11.25 01:41:47 | 000,204,800 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3134.40009__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2009.11.25 01:41:47 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3134.40160__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2009.11.25 01:41:47 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3134.39983__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2009.11.25 01:41:46 | 000,688,128 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.3134.40143__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.dll
MOD - [2009.11.25 01:41:46 | 000,483,328 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3134.40198__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2009.11.25 01:41:46 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3134.40125__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2009.11.25 01:41:46 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3134.40096__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2009.11.25 01:41:02 | 000,135,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3134.40199__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2009.11.25 01:41:02 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3134.39977__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2009.11.25 01:41:01 | 000,356,352 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3134.40134__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2009.11.25 01:41:01 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.3134.40008__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll
MOD - [2009.11.25 01:41:01 | 000,090,112 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3134.40135__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2009.11.25 01:41:01 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3134.40133__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2009.11.25 01:41:01 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.3134.40007__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll
MOD - [2009.11.25 01:40:59 | 000,471,040 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.3134.40224__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll
MOD - [2009.11.25 01:40:59 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3134.40222__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll
MOD - [2009.11.25 01:40:56 | 000,811,008 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3134.40100__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2009.11.25 01:40:56 | 000,405,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3134.40149__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2009.11.25 01:40:56 | 000,225,280 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3134.40010__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2009.11.25 01:40:56 | 000,118,784 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3134.40119__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2009.11.25 01:40:56 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3134.40099__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2009.11.25 01:40:55 | 000,794,624 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.3134.40162__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll
MOD - [2009.11.25 01:40:55 | 000,585,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3134.40011__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2009.11.25 01:40:55 | 000,438,272 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3134.39985__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2009.11.25 01:40:55 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3134.40017__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2009.11.25 01:40:55 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3134.40118__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2009.11.25 01:40:54 | 000,671,744 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.3134.40127__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.dll
MOD - [2009.11.25 01:40:54 | 000,450,560 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3134.40089__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2009.11.25 01:40:54 | 000,376,832 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3134.40098__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2009.11.25 01:40:54 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3134.40097__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2009.11.25 01:40:54 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3134.40098__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2009.11.25 01:40:54 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3134.40121__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2009.11.25 01:40:54 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3119.30092__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2009.11.25 01:40:54 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3119.30081__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2009.11.25 01:40:54 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3119.30104__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2009.11.25 01:40:53 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3119.30120__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2009.11.25 01:40:52 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3119.30177__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2009.11.25 01:40:51 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3119.30176__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2009.11.25 01:40:51 | 000,006,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2009.11.25 01:40:47 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3119.30063__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2009.11.25 01:40:47 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3119.30065__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2009.11.25 01:40:47 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3119.30117__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2009.11.25 01:40:46 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2009.11.25 01:40:46 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3119.30127__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2009.11.25 01:40:46 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll
MOD - [2009.11.25 01:40:46 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.3119.30171__90ba9c70f846762e\DEM.OS.dll
MOD - [2009.11.25 01:40:46 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2009.11.25 01:40:46 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.3119.30128__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2009.11.25 01:40:45 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3119.30067__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2009.11.25 01:40:45 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3119.30096__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2009.11.25 01:40:45 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3119.30232__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2009.11.25 01:40:45 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3119.30100__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2009.11.25 01:40:45 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3119.30089__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2009.11.25 01:40:45 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3119.30082__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2009.11.25 01:40:45 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2009.11.25 01:40:45 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3119.30094__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2009.11.25 01:40:45 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3119.30139__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2009.11.25 01:40:45 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3119.30129__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2009.11.25 01:40:44 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3119.30148__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2009.11.25 01:40:44 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3119.30169__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2009.11.25 01:40:44 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.3119.30140__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll
MOD - [2009.11.25 01:40:43 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3119.30169__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll
MOD - [2009.11.25 01:40:42 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3119.30145__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2009.11.25 01:40:41 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3119.30149__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2009.11.25 01:40:41 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3119.30118__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2009.11.25 01:40:41 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3119.30141__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2009.11.25 01:40:41 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3119.30130__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2009.11.25 01:40:41 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3119.30146__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2009.11.25 01:40:41 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3119.30130__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2009.11.25 01:40:40 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3119.30144__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2009.11.25 01:40:40 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3119.30144__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2009.11.25 01:40:40 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3119.30148__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2009.11.25 01:40:40 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3119.30122__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2009.11.25 01:40:40 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2009.11.25 01:40:40 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.3119.30119__90ba9c70f846762e\APM.Foundation.dll
MOD - [2009.11.25 01:40:40 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3119.30093__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2009.11.25 01:40:15 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3134.40215__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2009.11.25 01:40:15 | 000,011,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3134.40228__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll
MOD - [2009.11.25 01:40:14 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3134.40186__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2009.11.25 01:40:14 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3119.30085__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2009.11.25 01:40:14 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3119.30121__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2009.11.25 01:40:14 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.3119.30074__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll
MOD - [2009.11.25 01:40:14 | 000,014,848 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
MOD - [2009.11.25 01:40:14 | 000,013,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll
MOD - [2009.11.25 01:40:14 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3134.39948__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2009.11.25 01:40:13 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3134.40183__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2009.11.25 01:40:13 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3119.30076__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2009.11.25 01:40:12 | 000,417,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3134.40175__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2009.11.25 01:40:12 | 000,397,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3134.39992__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2009.11.25 01:40:12 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3134.39953__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2009.11.25 01:40:12 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3134.39951__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2009.11.25 01:40:12 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3119.30123__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2009.11.25 01:40:12 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3119.30121__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2009.11.25 01:40:11 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3119.30113__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2009.11.25 01:40:10 | 000,999,424 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3134.39970__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2009.11.25 01:40:10 | 000,069,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.3134.39952__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2009.11.25 01:40:10 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3119.30101__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2009.11.25 01:40:10 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2009.11.25 01:40:10 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3134.40186__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2009.11.25 01:40:10 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3119.30150__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2009.11.25 01:40:09 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3134.39950__90ba9c70f846762e\APM.Server.dll
MOD - [2009.11.25 01:40:09 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3134.39948__90ba9c70f846762e\AEM.Server.dll
MOD - [2009.11.04 03:14:04 | 000,054,272 | ---- | M] () -- C:\Program Files\Notepad++\NppShell_01.dll
MOD - [2008.07.11 20:00:06 | 000,080,392 | ---- | M] () -- C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
MOD - [2008.06.23 14:58:36 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2007.12.07 15:24:56 | 000,117,256 | ---- | M] () -- C:\Program Files\GIGABYTE\EnergySaver\ycc.dll
MOD - [2004.12.26 21:34:38 | 000,121,344 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2004.08.04 15:00:00 | 001,287,680 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2000.12.30 13:39:58 | 000,151,552 | ---- | M] () -- C:\WINDOWS\Datecs\Flex2K.exe
MOD - [2000.12.13 01:55:40 | 000,028,672 | ---- | M] () -- C:\WINDOWS\system32\newdll.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011.08.12 02:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2010.01.06 18:23:32 | 000,142,648 | ---- | M] (FSPro Labs) [Auto | Running] -- C:\WINDOWS\system32\fsproflt.exe -- (fsproflt)
SRV - [2009.02.06 14:27:06 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009.02.06 14:23:36 | 000,727,720 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2008.07.11 20:00:06 | 000,080,392 | ---- | M] () [Auto | Running] -- C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe -- (GEST Service)
SRV - [2007.11.07 09:58:18 | 003,004,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90)


========== Driver Services (SafeList) ==========

DRV - [2011.10.19 18:11:36 | 000,016,608 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2011.07.22 19:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.13 00:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010.03.11 12:17:14 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV - [2009.12.22 20:28:55 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2009.12.15 22:04:14 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.02.06 14:24:24 | 000,093,336 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2009.02.06 14:23:18 | 000,106,208 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009.02.06 14:19:52 | 000,113,448 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2008.08.01 09:38:20 | 003,266,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008.06.27 06:24:56 | 004,742,656 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008.06.16 10:08:42 | 000,109,184 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008.06.05 19:37:54 | 000,043,792 | ---- | M] (FSPro Labs) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\FSPFltd.sys -- (FSProFilter)
DRV - [2007.09.20 18:03:46 | 000,177,280 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cam1690.sys -- (CAM1690)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.bg/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: [email protected]:1.4.5
FF - prefs.js..extensions.enabledItems: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..network.proxy.type: 2

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Documents and Settings\Seso\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.02.17 04:16:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.01.13 18:22:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011.10.19 14:21:46 | 000,000,000 | ---D | M]

[2009.11.25 03:51:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Seso\Application Data\Mozilla\Extensions
[2011.05.18 13:31:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Seso\Application Data\Mozilla\Firefox\Profiles\i8d00m0p.default\extensions
[2011.02.17 20:16:45 | 000,000,000 | ---D | M] (flashget3 Extension) -- C:\Documents and Settings\Seso\Application Data\Mozilla\Firefox\Profiles\i8d00m0p.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}
[2010.03.13 01:21:42 | 000,000,000 | ---D | M] (FacePAD: Facebook Photo Album Downloader) -- C:\Documents and Settings\Seso\Application Data\Mozilla\Firefox\Profiles\i8d00m0p.default\extensions\[email protected]
[2009.12.09 22:13:42 | 000,000,000 | ---D | M] (Firebug) -- C:\Documents and Settings\Seso\Application Data\Mozilla\Firefox\Profiles\i8d00m0p.default\extensions\[email protected]
[2011.05.04 00:18:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009.11.25 23:40:58 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Seso\Local Settings\Application Data\Google\Chrome\Application\8.0.552.224\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Documents and Settings\Seso\Local Settings\Application Data\Google\Chrome\Application\8.0.552.224\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Seso\Local Settings\Application Data\Google\Chrome\Application\8.0.552.224\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.170.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java™ Platform SE 6 U17 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Seso\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Speed Dial = C:\Documents and Settings\Seso\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dgpdioedihjhncjafcpgbbjdpbbkikmi\2.1_0\

O1 HOSTS File: ([2010.04.08 13:18:43 | 004,827,222 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\alcwzrd.exe (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [CNAP2 Launcher] C:\WINDOWS\system32\spool\drivers\w32x86\3\CNAP2LAK.EXE (CANON INC.)
O4 - HKLM..\Run: [D_V_T] C:\\dvt.exe /S \C:\\d_v_t.reg\ File not found
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [HKLM] C:\WINDOWS\system32\install\svchost.exe ()
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [mylbx] C:\Program Files\My Lockbox\mylbx.exe (FSPro Labs)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe (SAMSUNG ELECTRONICS)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SoundMan.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [Windows Session Manager] C:\WINDOWS\system32\Run\smss.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\FlexType 2K.lnk = C:\WINDOWS\Datecs\Flex2K.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: 使用快车3下载 - C:\Documents and Settings\Seso\Application Data\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: 使用快车3下载全部链接 - C:\Documents and Settings\Seso\Application Data\FlashGetBHO\GetAllUrl.htm ()
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} http://download.micr...helpcontrol.cab (Microsoft Genuine Advantage Self Support Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7D1EE808-7E31-4B91-8273-C62F0DB98943}: NameServer = 78.142.37.193,193.24.240.25
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: TaskMan - (C:\Documents and Settings\Seso\Application Data\uapss.exe) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\WgaLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.11.25 01:27:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{4dbc7225-d9fc-11de-b87d-001fd0930e1f}\Shell\AutoRun\command - "" = I:\pokazemo//samosvima.exe
O33 - MountPoints2\{4dbc7225-d9fc-11de-b87d-001fd0930e1f}\Shell\Explore\command - "" = I:\pokazemo//samosvima.exe
O33 - MountPoints2\{4dbc7225-d9fc-11de-b87d-001fd0930e1f}\Shell\Open\command - "" = I:\pokazemo//samosvima.exe
O33 - MountPoints2\{ce1d4f67-e8fb-11de-b881-001fd0930e1f}\Shell\AutoRun\command - "" = I:\setup.exe
O33 - MountPoints2\{f4bf0662-e9ac-11de-b884-001fd0930e1f}\Shell - "" = AutoRun
O33 - MountPoints2\{f4bf0662-e9ac-11de-b884-001fd0930e1f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f4bf0662-e9ac-11de-b884-001fd0930e1f}\Shell\AutoRun\command - "" = J:\StartCD.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011.10.19 18:25:58 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Seso\Desktop\OTL.exe
[2011.10.19 18:16:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Install
[2011.10.19 18:15:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2011.10.19 18:14:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011.10.19 17:57:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Seso\Application Data\SUPERAntiSpyware.com
[2011.10.19 17:57:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011.10.19 17:57:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011.10.19 17:57:28 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011.10.19 15:21:42 | 003,887,480 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Seso\Desktop\processexplorer.exe
[2011.10.19 15:16:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ESET
[2011.10.19 14:29:34 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Seso\Recent
[2011.10.19 14:23:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Seso\Local Settings\Application Data\ESET
[2011.10.19 14:21:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ESET
[2011.10.19 14:21:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET
[2011.10.19 14:16:08 | 000,000,000 | ---D | C] -- C:\z2w
[2011.10.04 11:44:36 | 000,000,000 | ---D | C] -- C:\My Music
[2011.09.30 14:20:40 | 000,000,000 | ---D | C] -- C:\Program Files\ADLSoft UnCompressor
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[16 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.10.19 18:33:02 | 004,292,767 | -H-- | M] () -- C:\Documents and Settings\Seso\Application Data\cglogs.dat
[2011.10.19 18:26:03 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Seso\Desktop\OTL.exe
[2011.10.19 18:20:20 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011.10.19 18:16:03 | 000,002,284 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.10.19 18:14:24 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011.10.19 18:11:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.10.19 17:57:34 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.10.19 15:15:46 | 000,633,987 | ---- | M] () -- C:\Documents and Settings\Seso\Application Data\data.dat
[2011.10.19 14:16:45 | 000,000,012 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ReminderNextRun
[2011.10.18 16:30:28 | 000,118,272 | ---- | M] () -- C:\Documents and Settings\Seso\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.10.18 02:21:36 | 000,118,234 | ---- | M] () -- C:\Documents and Settings\Seso\Desktop\1 (1).jpg
[2011.10.16 17:10:41 | 000,436,503 | ---- | M] () -- C:\Documents and Settings\Seso\Desktop\maimunki.jpg
[2011.10.12 15:08:11 | 004,563,516 | ---- | M] () -- C:\Documents and Settings\Seso\Desktop\03 - Big Pun - Twinz (Feat. Fat Joe).mp3
[2011.10.12 15:03:50 | 008,273,609 | ---- | M] () -- C:\Documents and Settings\Seso\Desktop\Bat Venci Goodslav Buch And 100 KILA - Kradi Kradi.mp3
[2011.10.12 15:02:25 | 005,938,704 | ---- | M] () -- C:\Documents and Settings\Seso\Desktop\Sarafa i Spens - Az ne sym.mp3
[2011.10.12 11:13:17 | 015,095,220 | ---- | M] () -- C:\Documents and Settings\Seso\Desktop\Matteo Vanti - Frame (Original Mix).mp3
[2011.10.11 20:43:14 | 002,293,760 | ---- | M] () -- C:\Documents and Settings\Seso\My Documents\DatabaseTest.mdf
[2011.10.11 20:43:14 | 000,573,440 | ---- | M] () -- C:\Documents and Settings\Seso\My Documents\DatabaseTest_log.LDF
[2011.10.10 23:28:02 | 000,001,348 | ---- | M] () -- C:\Documents and Settings\Seso\Desktop\chillout.pls
[2011.10.10 19:09:40 | 003,894,575 | ---- | M] () -- C:\Documents and Settings\Seso\Desktop\FABER_DRIVE_-_'When_I'm_With_You'_Video-Song to My Angel and me.mp3
[2011.10.09 14:23:30 | 000,002,257 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011.09.27 02:00:12 | 000,188,897 | ---- | M] () -- C:\Documents and Settings\Seso\Desktop\Snapshot of me 1.png
[2011.09.21 00:41:46 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011.09.20 07:59:31 | 020,801,664 | ---- | M] () -- C:\Documents and Settings\Seso\Desktop\Nic Chagall feat. Jonathan Mendelsohn - This Moment (Prog Mix).mp3
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[16 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.10.19 18:15:56 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011.10.19 17:57:34 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.10.18 02:21:36 | 000,118,234 | ---- | C] () -- C:\Documents and Settings\Seso\Desktop\1 (1).jpg
[2011.10.16 17:10:41 | 000,436,503 | ---- | C] () -- C:\Documents and Settings\Seso\Desktop\maimunki.jpg
[2011.10.12 15:08:11 | 004,563,516 | ---- | C] () -- C:\Documents and Settings\Seso\Desktop\03 - Big Pun - Twinz (Feat. Fat Joe).mp3
[2011.10.12 15:03:50 | 008,273,609 | ---- | C] () -- C:\Documents and Settings\Seso\Desktop\Bat Venci Goodslav Buch And 100 KILA - Kradi Kradi.mp3
[2011.10.12 15:02:25 | 005,938,704 | ---- | C] () -- C:\Documents and Settings\Seso\Desktop\Sarafa i Spens - Az ne sym.mp3
[2011.10.12 11:13:04 | 015,095,220 | ---- | C] () -- C:\Documents and Settings\Seso\Desktop\Matteo Vanti - Frame (Original Mix).mp3
[2011.10.11 20:14:19 | 002,293,760 | ---- | C] () -- C:\Documents and Settings\Seso\My Documents\DatabaseTest.mdf
[2011.10.11 20:14:19 | 000,573,440 | ---- | C] () -- C:\Documents and Settings\Seso\My Documents\DatabaseTest_log.LDF
[2011.10.10 23:28:02 | 000,001,348 | ---- | C] () -- C:\Documents and Settings\Seso\Desktop\chillout.pls
[2011.10.07 14:51:25 | 003,894,575 | ---- | C] () -- C:\Documents and Settings\Seso\Desktop\FABER_DRIVE_-_'When_I'm_With_You'_Video-Song to My Angel and me.mp3
[2011.09.27 02:00:12 | 000,188,897 | ---- | C] () -- C:\Documents and Settings\Seso\Desktop\Snapshot of me 1.png
[2011.09.20 07:59:14 | 020,801,664 | ---- | C] () -- C:\Documents and Settings\Seso\Desktop\Nic Chagall feat. Jonathan Mendelsohn - This Moment (Prog Mix).mp3
[2011.09.19 11:12:21 | 000,007,900 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011.09.17 02:34:10 | 000,633,987 | ---- | C] () -- C:\Documents and Settings\Seso\Application Data\data.dat
[2011.09.07 18:37:51 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011.09.07 18:37:50 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2011.07.22 12:33:08 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ReminderNextRun
[2011.05.17 18:52:04 | 000,001,441 | ---- | C] () -- C:\WINDOWS\NavZapl.INI
[2011.05.10 01:34:20 | 000,059,261 | ---- | C] () -- C:\Documents and Settings\Seso\Application Data\SQLite3.dll
[2011.03.14 23:53:27 | 000,351,080 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011.02.17 04:17:08 | 000,000,204 | ---- | C] () -- C:\WINDOWS\System32\secustat.dat
[2011.02.17 04:16:19 | 000,000,025 | ---- | C] () -- C:\WINDOWS\libem.INI
[2011.02.15 07:02:13 | 000,000,062 | ---- | C] () -- C:\WINDOWS\hw.ini
[2011.02.03 02:13:31 | 000,000,412 | ---- | C] () -- C:\WINDOWS\3gptoavi3.INI
[2011.02.03 01:26:27 | 000,000,067 | ---- | C] () -- C:\WINDOWS\Easy MOV Converter.INI
[2011.02.03 01:15:52 | 000,000,365 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI
[2011.01.09 18:49:15 | 000,001,901 | ---- | C] () -- C:\WINDOWS\panose.bin
[2011.01.09 18:47:43 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2010.11.09 22:43:52 | 000,004,100 | ---- | C] () -- C:\WINDOWS\System32\hdvirffo.dll
[2010.10.27 02:05:13 | 000,000,071 | ---- | C] () -- C:\WINDOWS\EurekaLog.ini
[2010.09.15 13:27:10 | 000,000,736 | ---- | C] () -- C:\WINDOWS\SamsungMaster.INI
[2010.09.15 13:25:47 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\vidccleaner.exe
[2010.09.15 13:22:16 | 000,004,990 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mtbjfghn.xbe
[2010.04.19 02:27:40 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2010.04.19 02:27:40 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2009.12.22 20:58:02 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2009.12.22 15:35:15 | 000,000,065 | ---- | C] () -- C:\WINDOWS\FISHUI.INI
[2009.12.22 15:06:39 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2009.12.22 15:06:39 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2009.12.22 15:06:39 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2009.12.22 15:06:39 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\Ogg.dll
[2009.12.13 19:35:00 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2009.11.26 23:57:19 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.11.25 04:53:23 | 000,118,272 | ---- | C] () -- C:\Documents and Settings\Seso\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.11.25 03:51:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009.11.25 03:39:58 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009.11.25 03:18:47 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009.11.25 03:16:00 | 000,224,816 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009.11.25 02:33:22 | 000,000,520 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.11.25 02:33:18 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\newdll.dll
[2009.11.25 02:26:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2009.11.25 01:57:56 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2009.11.25 01:43:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2009.11.25 01:34:58 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2009.11.25 01:34:51 | 000,887,724 | R--- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2009.11.25 01:34:50 | 003,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2009.11.25 01:34:49 | 003,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2009.11.25 01:34:49 | 000,174,820 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2009.11.25 01:30:06 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009.11.25 01:25:03 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2008.08.06 15:12:46 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\neoqaz2.dll
[2007.10.19 21:55:28 | 000,065,217 | ---- | C] () -- C:\WINDOWS\cam1690a.ini
[2007.10.09 12:39:40 | 000,065,527 | ---- | C] () -- C:\WINDOWS\cam1690b.ini
[2007.10.08 10:12:14 | 000,130,965 | ---- | C] () -- C:\WINDOWS\cam1690.ini
[2007.09.20 18:03:46 | 000,177,280 | ---- | C] () -- C:\WINDOWS\System32\drivers\cam1690.sys
[2007.09.19 21:11:52 | 000,041,472 | ---- | C] () -- C:\WINDOWS\System32\cam1690.dll
[2007.08.29 15:40:38 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\cam1690m.dll
[2007.08.22 00:51:16 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2007.08.21 22:36:12 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2007.03.23 16:34:42 | 001,597,440 | ---- | C] () -- C:\WINDOWS\stic1690.exe
[2006.03.04 14:15:55 | 004,292,700 | -H-- | C] () -- C:\Documents and Settings\Seso\Application Data\cglogs.dat
[2004.08.04 15:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004.08.04 15:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004.08.04 15:00:00 | 000,479,700 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004.08.04 15:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004.08.04 15:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004.08.04 15:00:00 | 000,085,338 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004.08.04 15:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004.08.04 15:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004.08.04 15:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004.08.04 15:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004.08.04 15:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004.08.04 15:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004.08.04 15:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2009.11.25 02:24:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2009.12.15 22:06:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010.04.19 22:02:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Easy CD-DA Extractor
[2011.10.19 14:21:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010.10.14 23:03:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2011.03.15 00:03:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions
[2010.09.24 16:13:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009.11.25 02:26:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seso\Application Data\ACD Systems
[2010.09.10 16:06:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seso\Application Data\Awem
[2011.10.11 20:43:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seso\Application Data\BETONINTELECT
[2011.02.17 04:17:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seso\Application Data\BITS
[2010.09.15 13:22:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seso\Application Data\Carambis
[2011.03.14 02:48:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seso\Application Data\DAEMON Tools
[2011.03.14 02:54:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seso\Application Data\DAEMON Tools Lite
[2011.03.14 02:48:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seso\Application Data\DAEMON Tools Pro
[2009.12.22 15:06:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seso\Application Data\DataCast
[2010.05.25 01:16:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seso\Application Data\DC++
[2010.11.17 15:26:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seso\Application Data\Dev-Cpp
[2011.02.17 04:15:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seso\Application Data\FlashGet
[2011.02.17 04:15:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seso\Application Data\FlashGetBHO
[2011.01.21 22:16:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seso\Application Data\gepixApp
[2011.03.14 22:19:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seso\Application Data\GetRightToGo
[2011.02.17 04:24:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seso\Application Data\GrabPro
[2010.06.01 19:23:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seso\Application Data\GSplit
[2010.10.20 15:59:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seso\Application Data\ICQ
[2010.04.21 00:17:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seso\Application Data\microOLAP
[2010.10.06 20:41:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seso\Application Data\Mp3tag
[2009.12.04 18:56:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seso\Application Data\Notepad++
[2009.11.25 03:14:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seso\Application Data\Opera
[2011.02.17 04:38:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seso\Application Data\Orbit
[2010.10.14 23:01:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seso\Application Data\ParetoLogic
[2011.02.17 04:24:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seso\Application Data\ProgSense
[2010.02.08 16:38:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seso\Application Data\Publish Providers
[2010.02.08 16:47:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seso\Application Data\Sony
[2011.10.16 14:28:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seso\Application Data\TeamViewer
[2011.10.18 17:03:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seso\Application Data\uTorrent

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 8 bytes -> C:\WINDOWS:
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A7AC1352
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:70E897B5
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:268BA8AB

< End of report >

Attached Files

  • Attached File  OTL.Txt   117.06KB   82 downloads

  • 0

Advertisements


#2
belchev

belchev

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
also,
c:\documents and settings\seso\application data\cglogs.dat
c:\documents and settings\seso\local settings\temp\xxx.xxx
are created and i cant delete them either.
  • 0

#3
belchev

belchev

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
REMOVED
(with Kaspersky AVPTool and safe mode scan)
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there do you still require help ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O4 - HKLM..\Run: [HKLM] C:\WINDOWS\system32\install\svchost.exe ()
    O4 - HKLM..\Run: [D_V_T] C:\\dvt.exe /S \C:\\d_v_t.reg\ File not found
    O4 - HKCU..\Run: [Windows Session Manager] C:\WINDOWS\system32\Run\smss.exe File not found
    O20 - HKLM Winlogon: TaskMan - (C:\Documents and Settings\Seso\Application Data\uapss.exe) - File not found
    O33 - MountPoints2\{4dbc7225-d9fc-11de-b87d-001fd0930e1f}\Shell\AutoRun\command - "" = I:\pokazemo//samosvima.exe
    O33 - MountPoints2\{4dbc7225-d9fc-11de-b87d-001fd0930e1f}\Shell\Explore\command - "" = I:\pokazemo//samosvima.exe
    O33 - MountPoints2\{4dbc7225-d9fc-11de-b87d-001fd0930e1f}\Shell\Open\command - "" = I:\pokazemo//samosvima.exe
    [2011.10.19 18:33:02 | 004,292,767 | -H-- | M] () -- C:\Documents and Settings\Seso\Application Data\cglogs.dat
    [2011.02.17 04:17:08 | 000,000,204 | ---- | C] () -- C:\WINDOWS\System32\secustat.dat
    [2009.11.25 03:14:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seso\Application Data\Opera

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#5
belchev

belchev

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
hello again, here are the logs:

OTL logfile created on: 19.10.2011 22:49:32 - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = D:\install\Malware
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000402 | Country: Bulgaria | Language: BGR | Date Format: dd.MM.yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 45.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 14.64 Gb Total Space | 0.69 Gb Free Space | 4.71% Space Free | Partition Type: NTFS
Drive D: | 9.77 Gb Total Space | 0.66 Gb Free Space | 6.80% Space Free | Partition Type: NTFS
Drive E: | 14.65 Gb Total Space | 2.93 Gb Free Space | 20.00% Space Free | Partition Type: NTFS
Drive F: | 150.86 Gb Total Space | 9.27 Gb Free Space | 6.15% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: 01-PC
Current User Name: Seso
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2011.10.19 22:22:15 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Seso\Desktop\aswMBR.exe
PRC - [2011.06.29 06:06:36 | 000,947,056 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2010.07.03 03:17:28 | 000,574,464 | ---- | M] (OldTimer Tools) -- D:\install\Malware\OTL.exe
PRC - [2010.01.06 18:23:32 | 000,142,648 | ---- | M] (FSPro Labs) -- C:\WINDOWS\system32\fsproflt.exe
PRC - [2009.02.18 20:27:04 | 001,072,288 | ---- | M] (FSPro Labs) -- C:\Program Files\My Lockbox\mylbx.exe
PRC - [2009.02.06 14:23:36 | 000,727,720 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2009.02.06 14:23:12 | 002,021,400 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2008.07.11 20:00:06 | 000,080,392 | ---- | M] () -- C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
PRC - [2008.06.18 13:01:56 | 000,077,824 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SoundMan.exe
PRC - [2008.02.20 05:46:06 | 001,119,624 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\CNAB8SWK.EXE
PRC - [2008.02.20 05:44:24 | 000,181,624 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\CNAP2RPK.EXE
PRC - [2007.09.06 02:48:00 | 000,406,944 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\CNAP2LAK.EXE
PRC - [2007.02.10 16:29:54 | 029,178,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2007.02.10 06:29:56 | 000,089,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2004.08.04 15:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2000.12.30 13:39:58 | 000,151,552 | ---- | M] () -- C:\WINDOWS\Datecs\Flex2K.exe


========== Modules (SafeList) ==========

MOD - [2010.07.03 03:17:28 | 000,574,464 | ---- | M] (OldTimer Tools) -- D:\install\Malware\OTL.exe
MOD - [2006.08.25 18:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004.08.04 15:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2000.12.13 01:55:40 | 000,028,672 | ---- | M] () -- C:\WINDOWS\system32\newdll.dll


========== Win32 Services (SafeList) ==========

SRV - [2010.01.06 18:23:32 | 000,142,648 | ---- | M] (FSPro Labs) [Auto | Running] -- C:\WINDOWS\system32\fsproflt.exe -- (fsproflt)
SRV - [2009.02.06 14:27:06 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009.02.06 14:23:36 | 000,727,720 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2008.07.11 20:00:06 | 000,080,392 | ---- | M] () [Auto | Running] -- C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe -- (GEST Service)
SRV - [2007.11.07 09:58:18 | 003,004,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90)
SRV - [2007.02.10 16:29:54 | 029,178,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
SRV - [2007.02.10 16:29:47 | 000,242,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2007.02.10 06:29:56 | 000,089,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2005.10.14 13:50:19 | 000,045,272 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)


========== Driver Services (SafeList) ==========

DRV - [2011.10.19 22:25:41 | 000,016,608 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2010.03.11 12:17:14 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV - [2009.12.22 20:28:55 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2009.12.15 22:04:14 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.02.06 14:24:24 | 000,093,336 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2009.02.06 14:23:18 | 000,106,208 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009.02.06 14:19:52 | 000,113,448 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2008.08.01 09:38:20 | 003,266,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008.06.27 06:24:56 | 004,742,656 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008.06.16 10:08:42 | 000,109,184 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008.06.05 19:37:54 | 000,043,792 | ---- | M] (FSPro Labs) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\FSPFltd.sys -- (FSProFilter)
DRV - [2007.09.20 18:03:46 | 000,177,280 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cam1690.sys -- (CAM1690)
DRV - [2005.01.07 18:07:18 | 000,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.bg/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: [email protected]:1.4.5
FF - prefs.js..extensions.enabledItems: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..network.proxy.type: 2

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.02.17 04:16:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.01.13 18:22:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011.10.19 14:21:46 | 000,000,000 | ---D | M]

[2009.11.25 03:51:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seso\Application Data\Mozilla\Extensions
[2011.05.18 13:31:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seso\Application Data\Mozilla\Firefox\Profiles\i8d00m0p.default\extensions
[2011.02.17 20:16:45 | 000,000,000 | ---D | M] (flashget3 Extension) -- C:\Documents and Settings\Seso\Application Data\Mozilla\Firefox\Profiles\i8d00m0p.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}
[2010.03.13 01:21:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seso\Application Data\Mozilla\Firefox\Profiles\i8d00m0p.default\extensions\[email protected]
[2009.12.09 22:13:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seso\Application Data\Mozilla\Firefox\Profiles\i8d00m0p.default\extensions\[email protected]
[2011.05.04 00:18:41 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010.04.08 13:18:43 | 004,827,222 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\alcwzrd.exe (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [CNAP2 Launcher] C:\WINDOWS\system32\spool\drivers\w32x86\3\CNAP2LAK.EXE (CANON INC.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [mylbx] C:\Program Files\My Lockbox\mylbx.exe (FSPro Labs)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe (SAMSUNG ELECTRONICS)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SoundMan.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\FlexType 2K.lnk = C:\WINDOWS\Datecs\Flex2K.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: 使用快车3下载 - C:\Documents and Settings\Seso\Application Data\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: 使用快车3下载全部链接 - C:\Documents and Settings\Seso\Application Data\FlashGetBHO\GetAllUrl.htm ()
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} http://download.micr...helpcontrol.cab (Microsoft Genuine Advantage Self Support Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: TaskMan - (c:\documents and settings\seso\application data\uapss.exe) - c:\documents and settings\seso\application data\uapss.exe File not found
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.11.25 01:27:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{ce1d4f67-e8fb-11de-b881-001fd0930e1f}\Shell\AutoRun\command - "" = I:\setup.exe -- File not found
O33 - MountPoints2\{f4bf0662-e9ac-11de-b884-001fd0930e1f}\Shell - "" = AutoRun
O33 - MountPoints2\{f4bf0662-e9ac-11de-b884-001fd0930e1f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f4bf0662-e9ac-11de-b884-001fd0930e1f}\Shell\AutoRun\command - "" = J:\StartCD.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2011.10.19 22:29:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011.10.19 22:22:11 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Seso\Desktop\aswMBR.exe
[2011.10.19 21:59:23 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Seso\Recent
[2011.10.19 21:57:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Seso\Local Settings\Application Data\PCHealth
[2011.10.19 20:10:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2011.10.19 20:08:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie7updates
[2011.10.19 20:08:16 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2011.10.19 19:57:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2011.10.19 18:16:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Install
[2011.10.19 18:15:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2011.10.19 15:21:42 | 003,887,480 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Seso\Desktop\processexplorer.exe
[2011.10.19 15:16:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ESET
[2011.10.19 14:23:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Seso\Local Settings\Application Data\ESET
[2011.10.19 14:21:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET
[2011.09.30 14:20:40 | 000,000,000 | ---D | C] -- C:\Program Files\ADLSoft UnCompressor
[2011.09.17 22:24:56 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\Run
[2011.09.14 13:27:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Seso\Desktop\SalarySystem
[2011.09.07 18:37:41 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2011.08.17 22:04:06 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Seso\My Documents\My Videos
[2011.08.11 13:18:18 | 000,116,224 | ---- | C] (Xerox) -- C:\WINDOWS\System32\dllcache\xrxwiadr.dll
[2011.08.11 13:18:15 | 000,023,040 | ---- | C] (Xerox Corporation) -- C:\WINDOWS\System32\dllcache\xrxwbtmp.dll
[2011.08.11 13:17:56 | 000,099,865 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\xlog.exe
[2011.08.11 13:17:53 | 000,016,970 | ---- | C] (US Robotics MCD (Megahertz)) -- C:\WINDOWS\System32\dllcache\xem336n5.sys
[2011.08.11 13:17:38 | 000,154,624 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\wlluc48.sys
[2011.08.11 13:17:29 | 000,794,654 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1801.sys
[2011.08.11 13:17:21 | 000,138,528 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiulnt5.sys
[2011.08.11 13:17:18 | 000,149,376 | ---- | C] (M-Systems) -- C:\WINDOWS\System32\dllcache\tffsport.sys
[2011.08.11 13:17:18 | 000,081,408 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiul50.dll
[2011.08.11 13:17:14 | 000,017,129 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdkcd31.sys
[2011.08.11 13:17:12 | 000,037,961 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdk100b.sys
[2011.08.11 13:17:06 | 000,016,896 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\stcusb.sys
[2011.08.11 13:17:02 | 000,048,736 | ---- | C] (3Com) -- C:\WINDOWS\System32\dllcache\srwlnd5.sys
[2011.08.11 13:16:47 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmusbm.sys
[2011.08.11 13:16:45 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmn50m.sys
[2011.08.11 13:16:34 | 000,077,824 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4m.sys
[2011.08.11 13:16:32 | 000,198,400 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4.dll
[2011.08.11 13:16:30 | 000,061,504 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3dm.sys
[2011.08.11 13:16:28 | 000,179,264 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3d.dll
[2011.08.11 13:16:25 | 000,210,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mvirge.dll
[2011.08.11 13:16:23 | 000,062,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mtrio.dll
[2011.08.11 13:16:21 | 000,041,216 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.sys
[2011.08.11 13:16:19 | 000,182,272 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.dll
[2011.08.11 13:16:16 | 000,166,720 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3m.sys
[2011.08.11 13:16:11 | 000,082,432 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia450.dll
[2011.08.11 13:16:09 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia430.dll
[2011.08.11 13:16:06 | 000,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw450ext.dll
[2011.08.11 13:16:04 | 000,024,576 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw430ext.dll
[2011.08.11 13:16:03 | 000,020,992 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\rtl8139.sys
[2011.08.11 13:16:01 | 000,019,017 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\rtl8029.sys
[2011.08.11 13:15:55 | 000,009,216 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\rsmgrstr.dll
[2011.08.11 13:15:52 | 000,079,104 | ---- | C] (Comtrol Corporation) -- C:\WINDOWS\System32\dllcache\rocket.sys
[2011.08.11 13:15:49 | 000,037,563 | ---- | C] (RadioLAN) -- C:\WINDOWS\System32\dllcache\rlnet5.sys
[2011.08.11 13:15:46 | 000,086,097 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\reslog32.dll
[2011.08.11 13:15:38 | 000,714,762 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdmkxx.sys
[2011.08.11 13:15:36 | 000,899,146 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdkxga.sys
[2011.08.11 13:15:15 | 000,130,942 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlv.sys
[2011.08.11 13:15:13 | 000,112,574 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlp.sys
[2011.08.11 13:15:10 | 000,128,286 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserli.sys
[2011.08.11 13:15:02 | 000,016,128 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\pscr.sys
[2011.08.11 13:14:31 | 000,169,984 | ---- | C] (Cisco Systems) -- C:\WINDOWS\System32\dllcache\pcx500.sys
[2011.08.11 13:14:29 | 000,086,016 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\pctspk.exe
[2011.08.11 13:14:20 | 000,026,153 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pcmlm56.sys
[2011.08.11 13:14:19 | 000,029,502 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\pca200e.sys
[2011.08.11 13:14:17 | 000,030,495 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pc100nds.sys
[2011.08.11 13:13:49 | 000,054,186 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otcsercb.sys
[2011.08.11 13:13:47 | 000,043,689 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otceth5.sys
[2011.08.11 13:13:44 | 000,027,209 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otc06x5.sys
[2011.08.11 13:13:42 | 000,054,528 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\opl3sax.sys
[2011.08.11 13:13:30 | 000,051,552 | ---- | C] (Kensington Technology Group) -- C:\WINDOWS\System32\dllcache\ntgrip.sys
[2011.08.11 13:13:20 | 000,087,040 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm6wdm.sys
[2011.08.11 13:13:18 | 000,126,080 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm5a2wdm.sys
[2011.08.11 13:13:15 | 000,032,840 | ---- | C] (NETGEAR Corporation.) -- C:\WINDOWS\System32\dllcache\ngrpci.sys
[2011.08.11 13:13:13 | 000,132,695 | ---- | C] (802.11b) -- C:\WINDOWS\System32\dllcache\netwlan5.sys
[2011.08.11 13:13:07 | 000,039,264 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.sys
[2011.08.11 13:13:05 | 000,060,480 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.dll
[2011.08.11 13:13:00 | 000,091,488 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3disp.dll
[2011.08.11 13:12:58 | 000,027,936 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3d.sys
[2011.08.11 13:12:56 | 000,033,088 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.sys
[2011.08.11 13:12:54 | 000,059,104 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.dll
[2011.08.11 13:12:52 | 000,013,664 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.sys
[2011.08.11 13:12:50 | 000,035,392 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.dll
[2011.08.11 13:12:44 | 000,075,520 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxport.sys
[2011.08.11 13:12:42 | 000,007,168 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxport.dll
[2011.08.11 13:12:40 | 000,019,968 | ---- | C] (Macronix International Co., Ltd. ) -- C:\WINDOWS\System32\dllcache\mxnic.sys
[2011.08.11 13:12:38 | 000,019,968 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxicfg.dll
[2011.08.11 13:12:36 | 000,021,888 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxcard.sys
[2011.08.11 13:12:33 | 000,103,296 | ---- | C] (Matrox Graphics Inc) -- C:\WINDOWS\System32\dllcache\mtxvideo.sys
[2011.08.11 13:12:04 | 000,017,280 | ---- | C] (American Megatrends Inc.) -- C:\WINDOWS\System32\dllcache\mraid35x.sys
[2011.08.11 13:11:43 | 000,164,586 | ---- | C] (Madge Networks Ltd) -- C:\WINDOWS\System32\dllcache\mdgndis5.sys
[2011.08.11 13:11:28 | 000,797,500 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltsmt.sys
[2011.08.11 13:11:27 | 000,802,683 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\ltsm.sys
[2011.08.11 13:11:26 | 000,420,992 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntt.sys
[2011.08.11 13:11:24 | 000,606,684 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmnt.sys
[2011.08.11 13:11:24 | 000,576,746 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntl.sys
[2011.08.11 13:11:22 | 000,727,786 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ltck000c.sys
[2011.08.11 13:11:17 | 000,070,730 | ---- | C] (Linksys Group, Inc.) -- C:\WINDOWS\System32\dllcache\lne100tx.sys
[2011.08.11 13:11:15 | 000,020,573 | ---- | C] (The Linksts Group ) -- C:\WINDOWS\System32\dllcache\lne100.sys
[2011.08.11 13:11:13 | 000,025,065 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\lmndis3.sys
[2011.08.11 13:11:11 | 000,015,744 | ---- | C] (Litronic Industries) -- C:\WINDOWS\System32\dllcache\lit220p.sys
[2011.08.11 13:11:08 | 000,026,442 | ---- | C] (SMSC) -- C:\WINDOWS\System32\dllcache\lanepic5.sys
[2011.08.11 13:11:06 | 000,019,016 | ---- | C] (Kingston Technology Company ) -- C:\WINDOWS\System32\dllcache\ktc111.sys
[2011.08.11 13:10:48 | 000,023,552 | ---- | C] (MKNet Corporation) -- C:\WINDOWS\System32\dllcache\irmk7.sys
[2011.08.11 13:10:44 | 000,045,632 | ---- | C] (Interphase ® Corporation a Windows ® 2000 DDK Driver Provider) -- C:\WINDOWS\System32\dllcache\ip5515.sys
[2011.08.11 13:10:26 | 000,372,824 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\iconf32.dll
[2011.08.11 13:08:44 | 000,068,608 | ---- | C] (Avisioin) -- C:\WINDOWS\System32\dllcache\hpgt53tk.dll
[2011.08.11 13:08:38 | 000,126,976 | ---- | C] (Hewlett Packard) -- C:\WINDOWS\System32\dllcache\hpgt34tk.dll
[2011.08.11 13:08:19 | 000,028,288 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grserial.sys
[2011.08.11 13:08:17 | 000,082,304 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grclass.sys
[2011.08.11 13:08:16 | 000,017,408 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\gpr400.sys
[2011.08.11 13:08:06 | 000,454,912 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fxusbase.sys
[2011.08.11 13:08:00 | 000,455,296 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fusbbase.sys
[2011.08.11 13:07:58 | 000,455,680 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fus2base.sys
[2011.08.11 13:07:56 | 000,442,240 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpnpbase.sys
[2011.08.11 13:07:54 | 000,441,728 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcmbase.sys
[2011.08.11 13:07:53 | 000,444,416 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcibase.sys
[2011.08.11 13:07:52 | 000,034,173 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\forehe.sys
[2011.08.11 13:07:43 | 000,024,618 | ---- | C] (NETGEAR) -- C:\WINDOWS\System32\dllcache\fa410nd5.sys
[2011.08.11 13:07:40 | 000,011,850 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xj.sys
[2011.08.11 13:07:39 | 000,012,362 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xi.sys
[2011.08.11 13:07:20 | 000,072,192 | ---- | C] (ESS Technology Inc.) -- C:\WINDOWS\System32\dllcache\es1969.sys
[2011.08.11 13:06:42 | 000,334,208 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\ds1wdm.sys
[2011.08.11 13:06:40 | 000,028,062 | ---- | C] (National Semiconductor Coproration) -- C:\WINDOWS\System32\dllcache\dp83820.sys
[2011.08.11 13:06:35 | 000,029,696 | ---- | C] (CNet Technology, Inc. ) -- C:\WINDOWS\System32\dllcache\dm9pci5.sys
[2011.08.11 13:06:34 | 000,026,698 | ---- | C] (D-Link Corporation) -- C:\WINDOWS\System32\dllcache\dlh5xnd5.sys
[2011.08.11 13:06:33 | 000,952,007 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diwan.sys
[2011.08.11 13:06:30 | 000,236,060 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\ditrace.exe
[2011.08.11 13:06:29 | 000,038,985 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvsu.dll
[2011.08.11 13:06:28 | 000,031,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvpp.dll
[2011.08.11 13:06:27 | 000,006,729 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvci.dll
[2011.08.11 13:06:26 | 000,091,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\dimaint.sys
[2011.08.11 13:06:13 | 000,024,649 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650d.sys
[2011.08.11 13:06:12 | 000,024,648 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650.sys
[2011.08.11 13:06:10 | 000,020,928 | ---- | C] (Digital Networks, LLC) -- C:\WINDOWS\System32\dllcache\defpa.sys
[2011.08.11 13:05:55 | 000,048,640 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwrwdm.sys
[2011.08.11 13:05:54 | 000,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcwdm.sys
[2011.08.11 13:05:53 | 000,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcspud.sys
[2011.08.11 13:05:53 | 000,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcosnt5.sys
[2011.08.11 13:05:52 | 000,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbwdm.sys
[2011.08.11 13:05:51 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbmidi.sys
[2011.08.11 13:05:51 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbase.sys
[2011.08.11 13:05:49 | 000,249,856 | ---- | C] (Comtrol® Corporation) -- C:\WINDOWS\System32\dllcache\ctmasetp.dll
[2011.08.11 13:05:45 | 000,216,064 | ---- | C] (COMPAQ Inc.) -- C:\WINDOWS\System32\dllcache\cpscan.dll
[2011.08.11 13:05:44 | 000,060,970 | ---- | C] (Compaq Computer Corp.) -- C:\WINDOWS\System32\dllcache\cpqtrnd5.sys
[2011.08.11 13:05:37 | 000,020,736 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\cmbp0wdm.sys
[2011.08.11 13:05:32 | 000,980,034 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\cicap.sys
[2011.08.11 13:05:28 | 000,049,182 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem56n5.sys
[2011.08.11 13:05:28 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem33n5.sys
[2011.08.11 13:05:28 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem28n5.sys
[2011.08.11 13:05:27 | 000,027,164 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce3n5.sys
[2011.08.11 13:05:26 | 000,021,530 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce2n5.sys
[2011.08.11 13:05:25 | 000,714,698 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cbmdmkxx.sys
[2011.08.11 13:05:25 | 000,046,108 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cben5.sys
[2011.08.11 13:05:24 | 000,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINDOWS\System32\dllcache\cb325.sys
[2011.08.11 13:05:24 | 000,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- C:\WINDOWS\System32\dllcache\cb102.sys
[2011.08.11 13:05:23 | 000,032,256 | ---- | C] (Eicon Technology Corporation) -- C:\WINDOWS\System32\dllcache\diapi2NT.dll
[2011.08.11 13:05:22 | 000,164,923 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diapi2.sys
[2011.08.11 13:05:07 | 000,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
[2011.08.11 13:05:07 | 000,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys
[2011.08.11 13:05:06 | 000,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
[2011.08.11 13:05:06 | 000,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys
[2011.08.11 13:05:05 | 000,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
[2011.08.11 13:05:05 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
[2011.08.11 13:05:05 | 000,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
[2011.08.11 13:05:04 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
[2011.08.11 13:05:03 | 000,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
[2011.08.11 13:05:03 | 000,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
[2011.08.11 13:05:03 | 000,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
[2011.08.11 13:05:02 | 000,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
[2011.08.11 13:05:02 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
[2011.08.11 13:05:01 | 000,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
[2011.08.11 13:05:01 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
[2011.08.11 13:05:01 | 000,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
[2011.08.11 13:05:00 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
[2011.08.11 13:05:00 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
[2011.08.11 13:04:58 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
[2011.08.11 13:04:57 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
[2011.08.11 13:04:56 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
[2011.08.11 13:04:56 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
[2011.08.11 13:04:55 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
[2011.08.11 13:04:55 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
[2011.08.11 13:04:55 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
[2011.08.11 13:04:54 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
[2011.08.11 13:04:32 | 000,077,568 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ati.sys
[2011.08.11 13:04:30 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
[2011.08.11 13:04:25 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
[2011.08.11 13:04:14 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2011.08.11 13:04:13 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
[2011.08.11 13:04:12 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2011.08.11 13:04:12 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2011.08.11 13:04:12 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2011.08.11 13:04:12 | 000,020,160 | ---- | C] (ADMtek Incorporated) -- C:\WINDOWS\System32\dllcache\adm8511.sys
[2011.08.11 13:04:10 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2011.08.11 13:04:09 | 000,297,728 | ---- | C] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\System32\dllcache\ac97sis.sys
[2011.08.11 13:04:08 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2011.08.11 13:04:08 | 000,098,304 | ---- | C] (Aureal Semiconductor) -- C:\WINDOWS\System32\dllcache\a3d.dll
[2011.08.11 13:04:06 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2011.08.11 13:04:06 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2011.08.11 13:04:06 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2011.08.09 20:35:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\WINDOWS
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2011.10.19 22:53:21 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Seso\Desktop\MBR.dat
[2011.10.19 22:43:36 | 000,002,257 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011.10.19 22:27:08 | 000,049,544 | ---- | M] () -- C:\Documents and Settings\Seso\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2011.10.19 22:25:24 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2011.10.19 22:25:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.10.19 22:25:04 | 000,223,224 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.10.19 22:24:27 | 008,912,896 | -H-- | M] () -- C:\Documents and Settings\Seso\NTUSER.DAT
[2011.10.19 22:24:04 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Seso\ntuser.ini
[2011.10.19 22:22:15 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Seso\Desktop\aswMBR.exe
[2011.10.19 21:58:59 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2011.10.19 21:55:16 | 000,575,528 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2011.10.19 21:55:16 | 000,479,700 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.10.19 21:55:16 | 000,085,338 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.10.19 21:24:24 | 000,002,284 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.10.19 18:14:24 | 000,000,843 | ---- | M] () -- C:\WINDOWS\win.ini
[2011.10.19 18:14:24 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2011.10.19 18:14:24 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011.10.19 15:15:46 | 000,633,987 | ---- | M] () -- C:\Documents and Settings\Seso\Application Data\data.dat
[2011.10.19 14:16:45 | 000,000,012 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ReminderNextRun
[2011.10.18 16:30:28 | 000,118,272 | ---- | M] () -- C:\Documents and Settings\Seso\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.10.18 02:25:42 | 009,158,385 | ---- | M] () -- C:\Documents and Settings\Seso\Desktop\2. Sample-IT-Test-1.pptx
[2011.10.18 02:21:36 | 000,118,234 | ---- | M] () -- C:\Documents and Settings\Seso\Desktop\1 (1).jpg
[2011.10.16 17:10:41 | 000,436,503 | ---- | M] () -- C:\Documents and Settings\Seso\Desktop\maimunki.jpg
[2011.10.11 20:43:14 | 002,293,760 | ---- | M] () -- C:\Documents and Settings\Seso\My Documents\DatabaseTest.mdf
[2011.10.11 20:43:14 | 000,573,440 | ---- | M] () -- C:\Documents and Settings\Seso\My Documents\DatabaseTest_log.LDF
[2011.10.10 23:28:02 | 000,001,348 | ---- | M] () -- C:\Documents and Settings\Seso\Desktop\chillout.pls
[2011.09.27 02:00:12 | 000,188,897 | ---- | M] () -- C:\Documents and Settings\Seso\Desktop\Snapshot of me 1.png
[2011.09.21 00:41:46 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011.09.19 11:12:21 | 000,007,900 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011.09.14 14:00:55 | 000,032,933 | ---- | M] () -- C:\Documents and Settings\Seso\Desktop\FKSU-k4-p2.pdf
[2011.09.06 21:39:18 | 000,000,065 | ---- | M] () -- C:\WINDOWS\FISHUI.INI
[2011.08.29 02:49:14 | 000,137,310 | ---- | M] () -- C:\Documents and Settings\Seso\Desktop\Image106.jpg
[2011.08.16 14:53:43 | 000,044,544 | ---- | M] () -- C:\Documents and Settings\Seso\My Documents\00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000.doc
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.10.19 22:53:21 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Seso\Desktop\MBR.dat
[2011.10.18 02:25:38 | 009,158,385 | ---- | C] () -- C:\Documents and Settings\Seso\Desktop\2. Sample-IT-Test-1.pptx
[2011.10.18 02:21:36 | 000,118,234 | ---- | C] () -- C:\Documents and Settings\Seso\Desktop\1 (1).jpg
[2011.10.16 17:10:41 | 000,436,503 | ---- | C] () -- C:\Documents and Settings\Seso\Desktop\maimunki.jpg
[2011.10.11 20:14:19 | 002,293,760 | ---- | C] () -- C:\Documents and Settings\Seso\My Documents\DatabaseTest.mdf
[2011.10.11 20:14:19 | 000,573,440 | ---- | C] () -- C:\Documents and Settings\Seso\My Documents\DatabaseTest_log.LDF
[2011.10.10 23:28:02 | 000,001,348 | ---- | C] () -- C:\Documents and Settings\Seso\Desktop\chillout.pls
[2011.09.27 02:00:12 | 000,188,897 | ---- | C] () -- C:\Documents and Settings\Seso\Desktop\Snapshot of me 1.png
[2011.09.19 11:12:21 | 000,007,900 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011.09.17 02:34:10 | 000,633,987 | ---- | C] () -- C:\Documents and Settings\Seso\Application Data\data.dat
[2011.09.14 14:00:55 | 000,032,933 | ---- | C] () -- C:\Documents and Settings\Seso\Desktop\FKSU-k4-p2.pdf
[2011.09.07 18:37:51 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011.09.07 18:37:50 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2011.08.23 22:32:17 | 004,016,819 | ---- | C] () -- C:\Documents and Settings\Seso\Desktop\Георги Марков - Д - Задочни репортажи за България.pdf
[2011.08.16 14:53:43 | 000,044,544 | ---- | C] () -- C:\Documents and Settings\Seso\My Documents\00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000.doc
[2011.08.11 13:18:12 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxscnui.dll
[2011.08.11 13:18:10 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxftplt.exe
[2011.08.11 13:15:07 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
[2011.08.11 13:15:05 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
[2011.08.11 13:12:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
[2011.08.11 13:08:43 | 000,165,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt53.dll
[2011.08.11 13:08:39 | 000,093,696 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt42.dll
[2011.08.11 13:08:36 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt34.dll
[2011.08.11 13:08:33 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt33.dll
[2011.08.11 13:08:30 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt21.dll
[2011.08.11 13:06:32 | 000,029,768 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divasu.dll
[2011.08.11 13:06:31 | 000,037,962 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaprop.dll
[2011.08.11 13:06:31 | 000,006,216 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaci.dll
[2011.08.11 13:04:49 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2011.08.11 13:04:49 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2011.08.11 13:04:48 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2011.08.11 13:04:47 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2011.08.11 13:04:46 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2011.08.11 13:04:46 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2011.08.11 13:04:46 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2011.08.11 13:04:46 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2011.08.11 13:04:45 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2011.08.11 13:04:38 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2011.07.22 12:33:08 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ReminderNextRun
[2011.05.17 18:52:04 | 000,001,441 | ---- | C] () -- C:\WINDOWS\NavZapl.INI
[2011.02.17 04:16:19 | 000,000,025 | ---- | C] () -- C:\WINDOWS\libem.INI
[2011.02.15 07:02:13 | 000,000,062 | ---- | C] () -- C:\WINDOWS\hw.ini
[2011.02.03 02:13:31 | 000,000,412 | ---- | C] () -- C:\WINDOWS\3gptoavi3.INI
[2011.02.03 01:26:27 | 000,000,067 | ---- | C] () -- C:\WINDOWS\Easy MOV Converter.INI
[2011.02.03 01:15:52 | 000,000,365 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI
[2011.01.09 18:47:43 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2010.11.09 22:43:52 | 000,004,100 | ---- | C] () -- C:\WINDOWS\System32\hdvirffo.dll
[2010.10.27 02:05:13 | 000,000,071 | ---- | C] () -- C:\WINDOWS\EurekaLog.ini
[2010.09.15 13:27:10 | 000,000,736 | ---- | C] () -- C:\WINDOWS\SamsungMaster.INI
[2010.04.19 02:27:40 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2010.04.19 02:27:40 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2009.12.22 15:35:15 | 000,000,065 | ---- | C] () -- C:\WINDOWS\FISHUI.INI
[2009.12.22 15:06:39 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2009.12.22 15:06:39 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2009.12.22 15:06:39 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2009.12.22 15:06:39 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\Ogg.dll
[2009.12.15 21:13:21 | 000,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009.12.13 19:35:00 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2009.11.26 23:57:19 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.11.25 02:33:22 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.11.25 02:33:18 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\newdll.dll
[2009.11.25 02:26:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2008.08.06 15:12:46 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\neoqaz2.dll
[2007.10.19 21:55:28 | 000,065,217 | ---- | C] () -- C:\WINDOWS\cam1690a.ini
[2007.10.09 12:39:40 | 000,065,527 | ---- | C] () -- C:\WINDOWS\cam1690b.ini
[2007.10.08 10:12:14 | 000,130,965 | ---- | C] () -- C:\WINDOWS\cam1690.ini
[2007.09.20 18:03:46 | 000,177,280 | ---- | C] () -- C:\WINDOWS\System32\drivers\cam1690.sys
[2007.09.19 21:11:52 | 000,041,472 | ---- | C] () -- C:\WINDOWS\System32\cam1690.dll
[2007.08.29 15:40:38 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\cam1690m.dll

========== LOP Check ==========

[2009.11.25 02:24:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2009.12.15 22:06:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010.04.19 22:02:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Easy CD-DA Extractor
[2011.10.19 14:21:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010.10.14 23:03:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2011.03.15 00:03:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions
[2010.09.24 16:13:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009.11.25 02:26:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seso\Application Data\ACD Systems
[2010.09.10 16:06:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seso\Application Data\Awem
[2011.10.11 20:43:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seso\Application Data\BETONINTELECT
[2011.02.17 04:17:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seso\Application Data\BITS
[2010.09.15 13:22:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seso\Application Data\Carambis
[2011.03.14 02:48:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seso\Application Data\DAEMON Tools
[2011.03.14 02:54:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seso\Application Data\DAEMON Tools Lite
[2011.03.14 02:48:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seso\Application Data\DAEMON Tools Pro
[2009.12.22 15:06:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seso\Application Data\DataCast
[2010.05.25 01:16:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seso\Application Data\DC++
[2010.11.17 15:26:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seso\Application Data\Dev-Cpp
[2011.02.17 04:15:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seso\Application Data\FlashGet
[2011.02.17 04:15:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seso\Application Data\FlashGetBHO
[2011.01.21 22:16:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seso\Application Data\gepixApp
[2011.02.17 04:24:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seso\Application Data\GrabPro
[2010.06.01 19:23:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seso\Application Data\GSplit
[2010.10.20 15:59:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seso\Application Data\ICQ
[2010.04.21 00:17:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seso\Application Data\microOLAP
[2010.10.06 20:41:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seso\Application Data\Mp3tag
[2009.12.04 18:56:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seso\Application Data\Notepad++
[2011.10.19 22:44:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seso\Application Data\Opera
[2011.02.17 04:38:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seso\Application Data\Orbit
[2010.10.14 23:01:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seso\Application Data\ParetoLogic
[2011.02.17 04:24:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seso\Application Data\ProgSense
[2010.02.08 16:38:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seso\Application Data\Publish Providers
[2010.02.08 16:47:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seso\Application Data\Sony
[2011.10.16 14:28:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seso\Application Data\TeamViewer
[2011.10.19 21:38:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seso\Application Data\uTorrent

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 8 bytes -> C:\WINDOWS:
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A7AC1352
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:70E897B5
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:268BA8AB
< End of report >


============================================================================




aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-10-19 22:27:55
-----------------------------
22:27:55.218 OS Version: Windows 5.1.2600 Service Pack 2
22:27:55.218 Number of processors: 2 586 0x1706
22:27:55.218 ComputerName: 01-PC UserName: Seso
22:27:57.453 Initialize success
22:30:48.234 AVAST engine defs: 11101901
22:34:23.812 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
22:34:23.812 Disk 0 Vendor: Maxtor_6B200P0 BAH41E00 Size: 194479MB BusType: 3
22:34:23.812 Device \Driver\atapi -> MajorFunction 8a5e41f8
22:34:25.828 Disk 0 MBR read successfully
22:34:25.828 Disk 0 MBR scan
22:34:25.875 Disk 0 Windows XP default MBR code
22:34:25.875 Disk 0 scanning sectors +398283480
22:34:25.953 Disk 0 scanning C:\WINDOWS\system32\drivers
22:34:36.640 Service scanning
22:34:37.078 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
22:34:37.671 Modules scanning
22:34:41.125 Disk 0 trace - called modules:
22:34:41.125 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8a5e41f8]<<
22:34:41.140 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a4f6ab8]
22:34:41.140 3 CLASSPNP.SYS[ba0e905b] -> nt!IofCallDriver -> \Device\0000006d[0x8a5a5da0]
22:34:41.156 5 ACPI.sys[b9e66620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8a580d98]
22:34:41.156 \Driver\atapi[0x8a5c3030] -> IRP_MJ_CREATE -> 0x8a5e41f8
22:34:41.625 AVAST engine scan C:\WINDOWS
22:34:46.875 AVAST engine scan C:\WINDOWS\system32
22:36:18.078 AVAST engine scan C:\WINDOWS\system32\drivers
22:36:28.625 AVAST engine scan C:\Documents and Settings\Seso
22:51:30.812 AVAST engine scan C:\Documents and Settings\All Users
22:52:19.218 Scan finished successfully
22:53:21.640 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Seso\Desktop\MBR.dat"
22:53:21.656 The log file has been saved successfully to "C:\Documents and Settings\Seso\Desktop\aswMBR.txt"
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hmm one does not want to go - on completion of this can you let me know what problems remain

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O20 - HKLM Winlogon: TaskMan - (c:\documents and settings\seso\application data\uapss.exe) - c:\documents and settings\seso\application data\uapss.exe File not found

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#7
belchev

belchev

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Think i am clear now :) Thank you man! Btw, how do you consider that exactly those files are infected? Is it experience or you search them somewhere? Thanks again.

OTL logfile created on: 20.10.2011 11:47:00 - Run 2
OTL by OldTimer - Version 3.2.7.0 Folder = D:\install\Malware
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000402 | Country: Bulgaria | Language: BGR | Date Format: dd.MM.yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 43.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.52 Gb Total Space | 5.12 Gb Free Space | 26.24% Space Free | Partition Type: NTFS
Drive D: | 9.76 Gb Total Space | 0.74 Gb Free Space | 7.63% Space Free | Partition Type: NTFS
Drive E: | 14.66 Gb Total Space | 2.94 Gb Free Space | 20.08% Space Free | Partition Type: NTFS
Drive F: | 145.98 Gb Total Space | 13.00 Gb Free Space | 8.90% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: 01-PC
Current User Name: Seso
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2011.06.29 06:06:36 | 000,947,056 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2010.07.03 03:17:28 | 000,574,464 | ---- | M] (OldTimer Tools) -- D:\install\Malware\OTL.exe
PRC - [2010.01.06 18:23:32 | 000,142,648 | ---- | M] (FSPro Labs) -- C:\WINDOWS\system32\fsproflt.exe
PRC - [2009.02.18 20:27:04 | 001,072,288 | ---- | M] (FSPro Labs) -- C:\Program Files\My Lockbox\mylbx.exe
PRC - [2009.02.06 14:23:36 | 000,727,720 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2009.02.06 14:23:12 | 002,021,400 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2008.07.11 20:00:06 | 000,080,392 | ---- | M] () -- C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
PRC - [2008.06.18 13:01:56 | 000,077,824 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SoundMan.exe
PRC - [2008.02.20 05:46:06 | 001,119,624 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\CNAB8SWK.EXE
PRC - [2008.02.20 05:44:24 | 000,181,624 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\CNAP2RPK.EXE
PRC - [2007.12.09 05:46:44 | 000,299,008 | ---- | M] () -- C:\Program Files\PaqTool\amac\amac.exe
PRC - [2007.09.06 02:48:00 | 000,406,944 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\CNAP2LAK.EXE
PRC - [2007.06.13 13:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.02.10 16:29:54 | 029,178,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2007.02.10 06:29:56 | 000,089,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2004.09.16 19:39:38 | 009,744,384 | ---- | M] (ACD Systems Ltd.) -- C:\Program Files\ACD Systems\ACDSee\7.0\ACDSee7.exe
PRC - [2004.08.04 15:00:00 | 000,388,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cmd.exe
PRC - [2004.08.04 15:00:00 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ping.exe
PRC - [2000.12.30 13:39:58 | 000,151,552 | ---- | M] () -- C:\WINDOWS\Datecs\Flex2K.exe


========== Modules (SafeList) ==========

MOD - [2010.07.03 03:17:28 | 000,574,464 | ---- | M] (OldTimer Tools) -- D:\install\Malware\OTL.exe
MOD - [2006.08.25 18:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004.08.04 15:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2000.12.13 01:55:40 | 000,028,672 | ---- | M] () -- C:\WINDOWS\system32\newdll.dll


========== Win32 Services (SafeList) ==========

SRV - [2010.01.06 18:23:32 | 000,142,648 | ---- | M] (FSPro Labs) [Auto | Running] -- C:\WINDOWS\system32\fsproflt.exe -- (fsproflt)
SRV - [2009.02.06 14:27:06 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009.02.06 14:23:36 | 000,727,720 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2008.07.11 20:00:06 | 000,080,392 | ---- | M] () [Auto | Running] -- C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe -- (GEST Service)
SRV - [2007.11.07 09:58:18 | 003,004,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90)
SRV - [2007.02.10 16:29:54 | 029,178,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
SRV - [2007.02.10 16:29:47 | 000,242,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2007.02.10 06:29:56 | 000,089,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2005.10.14 13:50:19 | 000,045,272 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)


========== Driver Services (SafeList) ==========

DRV - [2011.10.20 11:47:06 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011.10.20 11:01:57 | 000,016,608 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2010.03.11 12:17:14 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV - [2009.12.22 20:28:55 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2009.12.15 22:04:14 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.02.06 14:24:24 | 000,093,336 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2009.02.06 14:23:18 | 000,106,208 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009.02.06 14:19:52 | 000,113,448 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2008.08.01 09:38:20 | 003,266,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008.06.27 06:24:56 | 004,742,656 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008.06.16 10:08:42 | 000,109,184 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008.06.05 19:37:54 | 000,043,792 | ---- | M] (FSPro Labs) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\FSPFltd.sys -- (FSProFilter)
DRV - [2007.09.20 18:03:46 | 000,177,280 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cam1690.sys -- (CAM1690)
DRV - [2005.01.07 18:07:18 | 000,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.bg/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: [email protected]:1.4.5
FF - prefs.js..extensions.enabledItems: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..network.proxy.type: 2

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.02.17 04:16:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.01.13 18:22:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011.10.19 14:21:46 | 000,000,000 | ---D | M]

[2009.11.25 03:51:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seso\Application Data\Mozilla\Extensions
[2011.05.18 13:31:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seso\Application Data\Mozilla\Firefox\Profiles\i8d00m0p.default\extensions
[2011.02.17 20:16:45 | 000,000,000 | ---D | M] (flashget3 Extension) -- C:\Documents and Settings\Seso\Application Data\Mozilla\Firefox\Profiles\i8d00m0p.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}
[2010.03.13 01:21:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seso\Application Data\Mozilla\Firefox\Profiles\i8d00m0p.default\extensions\[email protected]
[2009.12.09 22:13:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seso\Application Data\Mozilla\Firefox\Profiles\i8d00m0p.default\extensions\[email protected]
[2011.05.04 00:18:41 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010.04.08 13:18:43 | 004,827,222 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\alcwzrd.exe (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [CNAP2 Launcher] C:\WINDOWS\system32\spool\drivers\w32x86\3\CNAP2LAK.EXE (CANON INC.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [mylbx] C:\Program Files\My Lockbox\mylbx.exe (FSPro Labs)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe (SAMSUNG ELECTRONICS)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SoundMan.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\FlexType 2K.lnk = C:\WINDOWS\Datecs\Flex2K.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: 使用快车3下载 - C:\Documents and Settings\Seso\Application Data\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: 使用快车3下载全部链接 - C:\Documents and Settings\Seso\Application Data\FlashGetBHO\GetAllUrl.htm ()
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} http://download.micr...helpcontrol.cab (Microsoft Genuine Advantage Self Support Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.11.25 01:27:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{ce1d4f67-e8fb-11de-b881-001fd0930e1f}\Shell\AutoRun\command - "" = I:\setup.exe -- File not found
O33 - MountPoints2\{f4bf0662-e9ac-11de-b884-001fd0930e1f}\Shell - "" = AutoRun
O33 - MountPoints2\{f4bf0662-e9ac-11de-b884-001fd0930e1f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f4bf0662-e9ac-11de-b884-001fd0930e1f}\Shell\AutoRun\command - "" = J:\StartCD.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2011.10.20 11:47:06 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011.10.20 11:12:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011.10.20 01:29:10 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Seso\Recent
[2011.10.20 01:21:46 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Seso\PrivacIE
[2011.10.20 01:19:19 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Seso\IETldCache
[2011.10.20 00:59:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2011.10.20 00:56:11 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011.10.19 23:27:27 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.10.19 23:26:59 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Seso\Desktop\mbam-setup-1.51.2.1300.exe
[2011.10.19 22:22:11 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Seso\Desktop\aswMBR.exe
[2011.10.19 21:57:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Seso\Local Settings\Application Data\PCHealth
[2011.10.19 20:10:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2011.10.19 20:08:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie7updates
[2011.10.19 20:08:16 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2011.10.19 19:57:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2011.10.19 18:16:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Install
[2011.10.19 18:15:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2011.10.19 15:21:42 | 003,887,480 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Seso\Desktop\processexplorer.exe
[2011.10.19 15:16:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ESET
[2011.10.19 14:23:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Seso\Local Settings\Application Data\ESET
[2011.10.19 14:21:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET
[2011.09.30 14:20:40 | 000,000,000 | ---D | C] -- C:\Program Files\ADLSoft UnCompressor
[2011.09.17 22:24:56 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\Run
[2011.09.14 13:27:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Seso\Desktop\SalarySystem
[2011.09.07 18:37:41 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2011.08.17 22:04:06 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Seso\My Documents\My Videos
[2011.08.11 13:18:18 | 000,116,224 | ---- | C] (Xerox) -- C:\WINDOWS\System32\dllcache\xrxwiadr.dll
[2011.08.11 13:18:15 | 000,023,040 | ---- | C] (Xerox Corporation) -- C:\WINDOWS\System32\dllcache\xrxwbtmp.dll
[2011.08.11 13:17:56 | 000,099,865 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\xlog.exe
[2011.08.11 13:17:53 | 000,016,970 | ---- | C] (US Robotics MCD (Megahertz)) -- C:\WINDOWS\System32\dllcache\xem336n5.sys
[2011.08.11 13:17:38 | 000,154,624 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\wlluc48.sys
[2011.08.11 13:17:29 | 000,794,654 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1801.sys
[2011.08.11 13:17:21 | 000,138,528 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiulnt5.sys
[2011.08.11 13:17:18 | 000,149,376 | ---- | C] (M-Systems) -- C:\WINDOWS\System32\dllcache\tffsport.sys
[2011.08.11 13:17:18 | 000,081,408 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiul50.dll
[2011.08.11 13:17:14 | 000,017,129 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdkcd31.sys
[2011.08.11 13:17:12 | 000,037,961 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdk100b.sys
[2011.08.11 13:17:06 | 000,016,896 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\stcusb.sys
[2011.08.11 13:17:02 | 000,048,736 | ---- | C] (3Com) -- C:\WINDOWS\System32\dllcache\srwlnd5.sys
[2011.08.11 13:16:47 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmusbm.sys
[2011.08.11 13:16:45 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmn50m.sys
[2011.08.11 13:16:34 | 000,077,824 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4m.sys
[2011.08.11 13:16:32 | 000,198,400 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4.dll
[2011.08.11 13:16:30 | 000,061,504 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3dm.sys
[2011.08.11 13:16:28 | 000,179,264 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3d.dll
[2011.08.11 13:16:25 | 000,210,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mvirge.dll
[2011.08.11 13:16:23 | 000,062,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mtrio.dll
[2011.08.11 13:16:21 | 000,041,216 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.sys
[2011.08.11 13:16:19 | 000,182,272 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.dll
[2011.08.11 13:16:16 | 000,166,720 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3m.sys
[2011.08.11 13:16:11 | 000,082,432 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia450.dll
[2011.08.11 13:16:09 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia430.dll
[2011.08.11 13:16:06 | 000,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw450ext.dll
[2011.08.11 13:16:04 | 000,024,576 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw430ext.dll
[2011.08.11 13:16:03 | 000,020,992 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\rtl8139.sys
[2011.08.11 13:16:01 | 000,019,017 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\rtl8029.sys
[2011.08.11 13:15:55 | 000,009,216 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\rsmgrstr.dll
[2011.08.11 13:15:52 | 000,079,104 | ---- | C] (Comtrol Corporation) -- C:\WINDOWS\System32\dllcache\rocket.sys
[2011.08.11 13:15:49 | 000,037,563 | ---- | C] (RadioLAN) -- C:\WINDOWS\System32\dllcache\rlnet5.sys
[2011.08.11 13:15:46 | 000,086,097 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\reslog32.dll
[2011.08.11 13:15:38 | 000,714,762 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdmkxx.sys
[2011.08.11 13:15:36 | 000,899,146 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdkxga.sys
[2011.08.11 13:15:15 | 000,130,942 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlv.sys
[2011.08.11 13:15:13 | 000,112,574 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlp.sys
[2011.08.11 13:15:10 | 000,128,286 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserli.sys
[2011.08.11 13:15:02 | 000,016,128 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\pscr.sys
[2011.08.11 13:14:31 | 000,169,984 | ---- | C] (Cisco Systems) -- C:\WINDOWS\System32\dllcache\pcx500.sys
[2011.08.11 13:14:29 | 000,086,016 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\pctspk.exe
[2011.08.11 13:14:20 | 000,026,153 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pcmlm56.sys
[2011.08.11 13:14:19 | 000,029,502 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\pca200e.sys
[2011.08.11 13:14:17 | 000,030,495 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pc100nds.sys
[2011.08.11 13:13:49 | 000,054,186 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otcsercb.sys
[2011.08.11 13:13:47 | 000,043,689 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otceth5.sys
[2011.08.11 13:13:44 | 000,027,209 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otc06x5.sys
[2011.08.11 13:13:42 | 000,054,528 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\opl3sax.sys
[2011.08.11 13:13:30 | 000,051,552 | ---- | C] (Kensington Technology Group) -- C:\WINDOWS\System32\dllcache\ntgrip.sys
[2011.08.11 13:13:20 | 000,087,040 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm6wdm.sys
[2011.08.11 13:13:18 | 000,126,080 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm5a2wdm.sys
[2011.08.11 13:13:15 | 000,032,840 | ---- | C] (NETGEAR Corporation.) -- C:\WINDOWS\System32\dllcache\ngrpci.sys
[2011.08.11 13:13:13 | 000,132,695 | ---- | C] (802.11b) -- C:\WINDOWS\System32\dllcache\netwlan5.sys
[2011.08.11 13:13:07 | 000,039,264 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.sys
[2011.08.11 13:13:05 | 000,060,480 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.dll
[2011.08.11 13:13:00 | 000,091,488 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3disp.dll
[2011.08.11 13:12:58 | 000,027,936 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3d.sys
[2011.08.11 13:12:56 | 000,033,088 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.sys
[2011.08.11 13:12:54 | 000,059,104 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.dll
[2011.08.11 13:12:52 | 000,013,664 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.sys
[2011.08.11 13:12:50 | 000,035,392 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.dll
[2011.08.11 13:12:44 | 000,075,520 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxport.sys
[2011.08.11 13:12:42 | 000,007,168 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxport.dll
[2011.08.11 13:12:40 | 000,019,968 | ---- | C] (Macronix International Co., Ltd. ) -- C:\WINDOWS\System32\dllcache\mxnic.sys
[2011.08.11 13:12:38 | 000,019,968 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxicfg.dll
[2011.08.11 13:12:36 | 000,021,888 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxcard.sys
[2011.08.11 13:12:33 | 000,103,296 | ---- | C] (Matrox Graphics Inc) -- C:\WINDOWS\System32\dllcache\mtxvideo.sys
[2011.08.11 13:12:04 | 000,017,280 | ---- | C] (American Megatrends Inc.) -- C:\WINDOWS\System32\dllcache\mraid35x.sys
[2011.08.11 13:11:43 | 000,164,586 | ---- | C] (Madge Networks Ltd) -- C:\WINDOWS\System32\dllcache\mdgndis5.sys
[2011.08.11 13:11:28 | 000,797,500 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltsmt.sys
[2011.08.11 13:11:27 | 000,802,683 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\ltsm.sys
[2011.08.11 13:11:26 | 000,420,992 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntt.sys
[2011.08.11 13:11:24 | 000,606,684 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmnt.sys
[2011.08.11 13:11:24 | 000,576,746 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntl.sys
[2011.08.11 13:11:22 | 000,727,786 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ltck000c.sys
[2011.08.11 13:11:17 | 000,070,730 | ---- | C] (Linksys Group, Inc.) -- C:\WINDOWS\System32\dllcache\lne100tx.sys
[2011.08.11 13:11:15 | 000,020,573 | ---- | C] (The Linksts Group ) -- C:\WINDOWS\System32\dllcache\lne100.sys
[2011.08.11 13:11:13 | 000,025,065 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\lmndis3.sys
[2011.08.11 13:11:11 | 000,015,744 | ---- | C] (Litronic Industries) -- C:\WINDOWS\System32\dllcache\lit220p.sys
[2011.08.11 13:11:08 | 000,026,442 | ---- | C] (SMSC) -- C:\WINDOWS\System32\dllcache\lanepic5.sys
[2011.08.11 13:11:06 | 000,019,016 | ---- | C] (Kingston Technology Company ) -- C:\WINDOWS\System32\dllcache\ktc111.sys
[2011.08.11 13:10:48 | 000,023,552 | ---- | C] (MKNet Corporation) -- C:\WINDOWS\System32\dllcache\irmk7.sys
[2011.08.11 13:10:44 | 000,045,632 | ---- | C] (Interphase ® Corporation a Windows ® 2000 DDK Driver Provider) -- C:\WINDOWS\System32\dllcache\ip5515.sys
[2011.08.11 13:10:26 | 000,372,824 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\iconf32.dll
[2011.08.11 13:08:44 | 000,068,608 | ---- | C] (Avisioin) -- C:\WINDOWS\System32\dllcache\hpgt53tk.dll
[2011.08.11 13:08:38 | 000,126,976 | ---- | C] (Hewlett Packard) -- C:\WINDOWS\System32\dllcache\hpgt34tk.dll
[2011.08.11 13:08:19 | 000,028,288 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grserial.sys
[2011.08.11 13:08:17 | 000,082,304 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grclass.sys
[2011.08.11 13:08:16 | 000,017,408 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\gpr400.sys
[2011.08.11 13:08:06 | 000,454,912 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fxusbase.sys
[2011.08.11 13:08:00 | 000,455,296 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fusbbase.sys
[2011.08.11 13:07:58 | 000,455,680 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fus2base.sys
[2011.08.11 13:07:56 | 000,442,240 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpnpbase.sys
[2011.08.11 13:07:54 | 000,441,728 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcmbase.sys
[2011.08.11 13:07:53 | 000,444,416 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcibase.sys
[2011.08.11 13:07:52 | 000,034,173 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\forehe.sys
[2011.08.11 13:07:43 | 000,024,618 | ---- | C] (NETGEAR) -- C:\WINDOWS\System32\dllcache\fa410nd5.sys
[2011.08.11 13:07:40 | 000,011,850 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xj.sys
[2011.08.11 13:07:39 | 000,012,362 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xi.sys
[2011.08.11 13:07:20 | 000,072,192 | ---- | C] (ESS Technology Inc.) -- C:\WINDOWS\System32\dllcache\es1969.sys
[2011.08.11 13:06:42 | 000,334,208 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\ds1wdm.sys
[2011.08.11 13:06:40 | 000,028,062 | ---- | C] (National Semiconductor Coproration) -- C:\WINDOWS\System32\dllcache\dp83820.sys
[2011.08.11 13:06:35 | 000,029,696 | ---- | C] (CNet Technology, Inc. ) -- C:\WINDOWS\System32\dllcache\dm9pci5.sys
[2011.08.11 13:06:34 | 000,026,698 | ---- | C] (D-Link Corporation) -- C:\WINDOWS\System32\dllcache\dlh5xnd5.sys
[2011.08.11 13:06:33 | 000,952,007 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diwan.sys
[2011.08.11 13:06:30 | 000,236,060 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\ditrace.exe
[2011.08.11 13:06:29 | 000,038,985 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvsu.dll
[2011.08.11 13:06:28 | 000,031,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvpp.dll
[2011.08.11 13:06:27 | 000,006,729 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvci.dll
[2011.08.11 13:06:26 | 000,091,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\dimaint.sys
[2011.08.11 13:06:13 | 000,024,649 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650d.sys
[2011.08.11 13:06:12 | 000,024,648 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650.sys
[2011.08.11 13:06:10 | 000,020,928 | ---- | C] (Digital Networks, LLC) -- C:\WINDOWS\System32\dllcache\defpa.sys
[2011.08.11 13:05:55 | 000,048,640 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwrwdm.sys
[2011.08.11 13:05:54 | 000,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcwdm.sys
[2011.08.11 13:05:53 | 000,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcspud.sys
[2011.08.11 13:05:53 | 000,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcosnt5.sys
[2011.08.11 13:05:52 | 000,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbwdm.sys
[2011.08.11 13:05:51 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbmidi.sys
[2011.08.11 13:05:51 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbase.sys
[2011.08.11 13:05:49 | 000,249,856 | ---- | C] (Comtrol® Corporation) -- C:\WINDOWS\System32\dllcache\ctmasetp.dll
[2011.08.11 13:05:45 | 000,216,064 | ---- | C] (COMPAQ Inc.) -- C:\WINDOWS\System32\dllcache\cpscan.dll
[2011.08.11 13:05:44 | 000,060,970 | ---- | C] (Compaq Computer Corp.) -- C:\WINDOWS\System32\dllcache\cpqtrnd5.sys
[2011.08.11 13:05:37 | 000,020,736 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\cmbp0wdm.sys
[2011.08.11 13:05:32 | 000,980,034 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\cicap.sys
[2011.08.11 13:05:28 | 000,049,182 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem56n5.sys
[2011.08.11 13:05:28 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem33n5.sys
[2011.08.11 13:05:28 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem28n5.sys
[2011.08.11 13:05:27 | 000,027,164 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce3n5.sys
[2011.08.11 13:05:26 | 000,021,530 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce2n5.sys
[2011.08.11 13:05:25 | 000,714,698 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cbmdmkxx.sys
[2011.08.11 13:05:25 | 000,046,108 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cben5.sys
[2011.08.11 13:05:24 | 000,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINDOWS\System32\dllcache\cb325.sys
[2011.08.11 13:05:24 | 000,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- C:\WINDOWS\System32\dllcache\cb102.sys
[2011.08.11 13:05:23 | 000,032,256 | ---- | C] (Eicon Technology Corporation) -- C:\WINDOWS\System32\dllcache\diapi2NT.dll
[2011.08.11 13:05:22 | 000,164,923 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diapi2.sys
[2011.08.11 13:05:07 | 000,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
[2011.08.11 13:05:07 | 000,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys
[2011.08.11 13:05:06 | 000,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
[2011.08.11 13:05:06 | 000,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys
[2011.08.11 13:05:05 | 000,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
[2011.08.11 13:05:05 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
[2011.08.11 13:05:05 | 000,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
[2011.08.11 13:05:04 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
[2011.08.11 13:05:03 | 000,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
[2011.08.11 13:05:03 | 000,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
[2011.08.11 13:05:03 | 000,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
[2011.08.11 13:05:02 | 000,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
[2011.08.11 13:05:02 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
[2011.08.11 13:05:01 | 000,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
[2011.08.11 13:05:01 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
[2011.08.11 13:05:01 | 000,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
[2011.08.11 13:05:00 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
[2011.08.11 13:05:00 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
[2011.08.11 13:04:58 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
[2011.08.11 13:04:57 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
[2011.08.11 13:04:56 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
[2011.08.11 13:04:56 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
[2011.08.11 13:04:55 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
[2011.08.11 13:04:55 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
[2011.08.11 13:04:55 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
[2011.08.11 13:04:54 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
[2011.08.11 13:04:32 | 000,077,568 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ati.sys
[2011.08.11 13:04:30 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
[2011.08.11 13:04:25 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
[2011.08.11 13:04:14 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2011.08.11 13:04:13 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
[2011.08.11 13:04:12 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2011.08.11 13:04:12 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2011.08.11 13:04:12 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2011.08.11 13:04:12 | 000,020,160 | ---- | C] (ADMtek Incorporated) -- C:\WINDOWS\System32\dllcache\adm8511.sys
[2011.08.11 13:04:10 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2011.08.11 13:04:09 | 000,297,728 | ---- | C] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\System32\dllcache\ac97sis.sys
[2011.08.11 13:04:08 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2011.08.11 13:04:08 | 000,098,304 | ---- | C] (Aureal Semiconductor) -- C:\WINDOWS\System32\dllcache\a3d.dll
[2011.08.11 13:04:06 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2011.08.11 13:04:06 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2011.08.11 13:04:06 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2011.08.09 20:35:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\WINDOWS
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2011.10.20 11:47:06 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011.10.20 11:13:28 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011.10.20 11:12:05 | 000,002,257 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011.10.20 11:10:48 | 000,002,306 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.10.20 11:01:54 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2011.10.20 11:01:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.10.20 11:00:31 | 008,912,896 | -H-- | M] () -- C:\Documents and Settings\Seso\NTUSER.DAT
[2011.10.20 11:00:31 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Seso\ntuser.ini
[2011.10.20 01:21:06 | 000,479,200 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.10.20 01:21:06 | 000,085,090 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.10.20 01:21:05 | 000,574,764 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2011.10.20 01:19:30 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Seso\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011.10.20 01:18:53 | 000,223,224 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.10.19 23:27:30 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.10.19 23:27:05 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Seso\Desktop\mbam-setup-1.51.2.1300.exe
[2011.10.19 22:27:08 | 000,049,544 | ---- | M] () -- C:\Documents and Settings\Seso\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2011.10.19 22:22:15 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Seso\Desktop\aswMBR.exe
[2011.10.19 21:58:59 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2011.10.19 18:14:24 | 000,000,843 | ---- | M] () -- C:\WINDOWS\win.ini
[2011.10.19 18:14:24 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2011.10.19 18:14:24 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011.10.19 14:16:45 | 000,000,012 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ReminderNextRun
[2011.10.18 16:30:28 | 000,118,272 | ---- | M] () -- C:\Documents and Settings\Seso\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.10.18 02:25:42 | 009,158,385 | ---- | M] () -- C:\Documents and Settings\Seso\Desktop\2. Sample-IT-Test-1.pptx
[2011.10.18 02:21:36 | 000,118,234 | ---- | M] () -- C:\Documents and Settings\Seso\Desktop\1 (1).jpg
[2011.10.16 17:10:41 | 000,436,503 | ---- | M] () -- C:\Documents and Settings\Seso\Desktop\maimunki.jpg
[2011.10.11 20:43:14 | 002,293,760 | ---- | M] () -- C:\Documents and Settings\Seso\My Documents\DatabaseTest.mdf
[2011.10.11 20:43:14 | 000,573,440 | ---- | M] () -- C:\Documents and Settings\Seso\My Documents\DatabaseTest_log.LDF
[2011.10.10 23:28:02 | 000,001,348 | ---- | M] () -- C:\Documents and Settings\Seso\Desktop\chillout.pls
[2011.09.27 02:00:12 | 000,188,897 | ---- | M] () -- C:\Documents and Settings\Seso\Desktop\Snapshot of me 1.png
[2011.09.21 00:41:46 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011.09.19 11:12:21 | 000,007,900 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011.09.14 14:00:55 | 000,032,933 | ---- | M] () -- C:\Documents and Settings\Seso\Desktop\FKSU-k4-p2.pdf
[2011.09.06 21:39:18 | 000,000,065 | ---- | M] () -- C:\WINDOWS\FISHUI.INI
[2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.08.29 02:49:14 | 000,137,310 | ---- | M] () -- C:\Documents and Settings\Seso\Desktop\Image106.jpg
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.10.20 11:13:20 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011.10.19 23:27:30 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.10.18 02:25:38 | 009,158,385 | ---- | C] () -- C:\Documents and Settings\Seso\Desktop\2. Sample-IT-Test-1.pptx
[2011.10.18 02:21:36 | 000,118,234 | ---- | C] () -- C:\Documents and Settings\Seso\Desktop\1 (1).jpg
[2011.10.16 17:10:41 | 000,436,503 | ---- | C] () -- C:\Documents and Settings\Seso\Desktop\maimunki.jpg
[2011.10.11 20:14:19 | 002,293,760 | ---- | C] () -- C:\Documents and Settings\Seso\My Documents\DatabaseTest.mdf
[2011.10.11 20:14:19 | 000,573,440 | ---- | C] () -- C:\Documents and Settings\Seso\My Documents\DatabaseTest_log.LDF
[2011.10.10 23:28:02 | 000,001,348 | ---- | C] () -- C:\Documents and Settings\Seso\Desktop\chillout.pls
[2011.09.27 02:00:12 | 000,188,897 | ---- | C] () -- C:\Documents and Settings\Seso\Desktop\Snapshot of me 1.png
[2011.09.19 11:12:21 | 000,007,900 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011.09.14 14:00:55 | 000,032,933 | ---- | C] () -- C:\Documents and Settings\Seso\Desktop\FKSU-k4-p2.pdf
[2011.09.07 18:37:51 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011.09.07 18:37:50 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2011.08.23 22:32:17 | 004,016,819 | ---- | C] () -- C:\Documents and Settings\Seso\Desktop\Георги Марков - Д - Задочни репортажи за България.pdf
[2011.08.11 13:18:12 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxscnui.dll
[2011.08.11 13:18:10 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxftplt.exe
[2011.08.11 13:15:07 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
[2011.08.11 13:15:05 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
[2011.08.11 13:12:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
[2011.08.11 13:08:43 | 000,165,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt53.dll
[2011.08.11 13:08:39 | 000,093,696 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt42.dll
[2011.08.11 13:08:36 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt34.dll
[2011.08.11 13:08:33 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt33.dll
[2011.08.11 13:08:30 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt21.dll
[2011.08.11 13:06:32 | 000,029,768 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divasu.dll
[2011.08.11 13:06:31 | 000,037,962 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaprop.dll
[2011.08.11 13:06:31 | 000,006,216 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaci.dll
[2011.08.11 13:04:49 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2011.08.11 13:04:49 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2011.08.11 13:04:48 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2011.08.11 13:04:47 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2011.08.11 13:04:46 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2011.08.11 13:04:46 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2011.08.11 13:04:46 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2011.08.11 13:04:46 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2011.08.11 13:04:45 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2011.08.11 13:04:38 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2011.07.22 12:33:08 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ReminderNextRun
[2011.05.17 18:52:04 | 000,001,441 | ---- | C] () -- C:\WINDOWS\NavZapl.INI
[2011.02.17 04:16:19 | 000,000,025 | ---- | C] () -- C:\WINDOWS\libem.INI
[2011.02.15 07:02:13 | 000,000,062 | ---- | C] () -- C:\WINDOWS\hw.ini
[2011.02.03 02:13:31 | 000,000,412 | ---- | C] () -- C:\WINDOWS\3gptoavi3.INI
[2011.02.03 01:26:27 | 000,000,067 | ---- | C] () -- C:\WINDOWS\Easy MOV Converter.INI
[2011.02.03 01:15:52 | 000,000,365 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI
[2011.01.09 18:47:43 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2010.11.09 22:43:52 | 000,004,100 | ---- | C] () -- C:\WINDOWS\System32\hdvirffo.dll
[2010.10.27 02:05:13 | 000,000,071 | ---- | C] () -- C:\WINDOWS\EurekaLog.ini
[2010.09.15 13:27:10 | 000,000,736 | ---- | C] () -- C:\WINDOWS\SamsungMaster.INI
[2010.04.19 02:27:40 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2010.04.19 02:27:40 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2009.12.22 15:35:15 | 000,000,065 | ---- | C] () -- C:\WINDOWS\FISHUI.INI
[2009.12.22 15:06:39 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2009.12.22 15:06:39 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2009.12.22 15:06:39 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2009.12.22 15:06:39 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\Ogg.dll
[2009.12.15 21:13:21 | 000,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009.12.13 19:35:00 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2009.11.26 23:57:19 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.11.25 02:33:22 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.11.25 02:33:18 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\newdll.dll
[2009.11.25 02:26:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2008.08.06 15:12:46 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\neoqaz2.dll
[2007.10.19 21:55:28 | 000,065,217 | ---- | C] () -- C:\WINDOWS\cam1690a.ini
[2007.10.09 12:39:40 | 000,065,527 | ---- | C] () -- C:\WINDOWS\cam1690b.ini
[2007.10.08 10:12:14 | 000,130,965 | ---- | C] () -- C:\WINDOWS\cam1690.ini
[2007.09.20 18:03:46 | 000,177,280 | ---- | C] () -- C:\WINDOWS\System32\drivers\cam1690.sys
[2007.09.19 21:11:52 | 000,041,472 | ---- | C] () -- C:\WINDOWS\System32\cam1690.dll
[2007.08.29 15:40:38 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\cam1690m.dll

========== LOP Check ==========

[2009.11.25 02:24:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2009.12.15 22:06:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010.04.19 22:02:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Easy CD-DA Extractor
[2011.10.19 14:21:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010.10.14 23:03:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2011.03.15 00:03:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions
[2010.09.24 16:13:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009.11.25 02:26:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seso\Application Data\ACD Systems
[2010.09.10 16:06:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seso\Application Data\Awem
[2011.10.11 20:43:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seso\Application Data\BETONINTELECT
[2011.02.17 04:17:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seso\Application Data\BITS
[2010.09.15 13:22:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seso\Application Data\Carambis
[2011.03.14 02:48:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seso\Application Data\DAEMON Tools
[2011.03.14 02:54:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seso\Application Data\DAEMON Tools Lite
[2011.03.14 02:48:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seso\Application Data\DAEMON Tools Pro
[2009.12.22 15:06:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seso\Application Data\DataCast
[2010.05.25 01:16:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seso\Application Data\DC++
[2010.11.17 15:26:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seso\Application Data\Dev-Cpp
[2011.02.17 04:15:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seso\Application Data\FlashGet
[2011.02.17 04:15:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seso\Application Data\FlashGetBHO
[2011.01.21 22:16:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seso\Application Data\gepixApp
[2011.02.17 04:24:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seso\Application Data\GrabPro
[2010.06.01 19:23:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seso\Application Data\GSplit
[2010.10.20 15:59:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seso\Application Data\ICQ
[2010.04.21 00:17:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seso\Application Data\microOLAP
[2010.10.06 20:41:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seso\Application Data\Mp3tag
[2009.12.04 18:56:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seso\Application Data\Notepad++
[2011.10.19 22:44:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seso\Application Data\Opera
[2011.02.17 04:38:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seso\Application Data\Orbit
[2010.10.14 23:01:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seso\Application Data\ParetoLogic
[2011.02.17 04:24:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seso\Application Data\ProgSense
[2010.02.08 16:38:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seso\Application Data\Publish Providers
[2010.02.08 16:47:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seso\Application Data\Sony
[2011.10.16 14:28:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seso\Application Data\TeamViewer
[2011.10.20 01:24:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seso\Application Data\uTorrent

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 8 bytes -> C:\WINDOWS:
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A7AC1352
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:70E897B5
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:268BA8AB
< End of report >


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7984

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

20.10.2011 17:28:06
mbam-log-2011-10-20 (17-28-06).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|)
Objects scanned: 363723
Time elapsed: 2 hour(s), 13 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Edited by belchev, 20 October 2011 - 10:36 AM.

  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

how do you consider that exactly those files are infected? Is it experience or you search them somewhere?

A bit of both really :)

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems. I would also recommend that you upgrade to SP3

Now the best part of the day ----- Your log now appears clean :)

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image Your Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :yes:
  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP