Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Problem with windows services and programs

Started by rastikxp , Jan 19 2012 09:21 AM

Please log in to reply

#1
rastikxp

Posted 19 January 2012 - 09:21 AM

Member

Member
14 posts

I have problem using some programs. Windows media player do not run, windows firewall can not start (when I do not have kaspersky installed), and I miss service windows firewall. In Microsoft forum I found scf /snannow by command line. It repaired something, but not all (cannot repair everything).
I used kaspersky, malwarebytes, superantispyware portable, but nothing found. Thanks for help.

OTL logfile created on: 19. 1. 2012 16:11:52 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Rastik\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000041b | Country: Slovenská republika | Language: SKY | Date Format: d. M. yyyy

3,94 Gb Total Physical Memory | 2,53 Gb Available Physical Memory | 64,31% Memory free
7,87 Gb Paging File | 6,36 Gb Available in Paging File | 80,87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 899,88 Gb Free Space | 96,61% Space Free | Partition Type: NTFS

Computer Name: RASTIK-PC | User Name: Rastik | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/19 16:05:56 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Rastik\Desktop\OTL.exe
PRC - [2011/04/24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
PRC - [2010/11/05 22:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/02/05 07:38:52 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/02/05 07:38:48 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

========== Modules (No Company Name) ==========

MOD - [2011/04/24 23:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtgui4.dll
MOD - [2011/04/24 23:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtsql4.dll
MOD - [2011/04/24 23:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtscript4.dll
MOD - [2011/04/24 23:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtnetwork4.dll
MOD - [2011/04/24 23:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtcore4.dll
MOD - [2011/04/24 23:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtdeclarative4.dll
MOD - [2011/04/20 19:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/09/21 11:18:12 | 000,091,136 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Preton\PretonSaver\PretonClientService.exe -- (PretonClientService)
SRV:64bit: - [2010/11/24 13:39:24 | 000,953,632 | ---- | M] (Broadcom Corporation.) [Disabled | Stopped] -- C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2010/09/22 00:05:24 | 000,165,032 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel® PROSet Monitoring Service)
SRV:64bit: - [2010/03/03 05:12:12 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/04/24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP)
SRV - [2011/04/22 13:21:10 | 000,092,592 | ---- | M] (TomTom) [Disabled | Stopped] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/11/05 22:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/05 07:38:52 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2010/02/05 07:38:48 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/05/31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/01/17 13:20:38 | 000,615,728 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/09/02 04:01:56 | 000,251,648 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmc412.sys -- (VMC412)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/10 18:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2011/03/04 13:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2011/03/04 13:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2010/11/21 04:24:52 | 000,840,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\blackbox.dll -- (BlackBox)
DRV:64bit: - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 04:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/20 14:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010/11/20 12:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010/11/09 13:56:12 | 000,049,752 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SBREDrv.sys -- (SBRE)
DRV:64bit: - [2010/11/05 22:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/09/29 12:02:30 | 000,314,544 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress) Intel®
DRV:64bit: - [2010/03/17 05:01:58 | 000,075,776 | ---- | M] (VIA Technologies, Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viacr64.sys -- (VIACRX64)
DRV:64bit: - [2010/03/03 05:23:10 | 006,402,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/03/03 04:07:32 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/02/09 02:14:02 | 000,056,400 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EloMTUsb.sys -- (EloMTUsb)
DRV:64bit: - [2010/01/28 15:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/11/30 08:56:00 | 000,053,800 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2009/11/05 19:21:56 | 002,838,008 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/11/02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009/09/17 05:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2000/01/01 01:00:00 | 000,348,712 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)
DRV:64bit: - [2000/01/01 01:00:00 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2000/01/01 01:00:00 | 000,138,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2000/01/01 01:00:00 | 000,114,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2000/01/01 01:00:00 | 000,106,536 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2000/01/01 01:00:00 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2000/01/01 01:00:00 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV - [2010/11/21 04:25:10 | 000,743,424 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWow64\blackbox.dll -- (BlackBox)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,start page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search bar = http://search.msn.com/spbasic.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,start page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sk
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B4 68 49 CD 3D 69 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.7.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.2

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected] [2012/01/17 13:36:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected] [2012/01/17 13:36:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected] [2012/01/17 13:36:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/19 10:23:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/19 10:23:16 | 000,000,000 | ---D | M]

[2011/12/03 20:22:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rastik\AppData\Roaming\Mozilla\Extensions
[2011/12/03 20:22:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rastik\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/01/17 08:46:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rastik\AppData\Roaming\Mozilla\Firefox\Profiles\35jlybnw.profil\extensions
[2011/11/09 12:54:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/12/03 20:22:18 | 000,000,000 | ---D | M] (Map status indicator) -- C:\PROGRAM FILES (X86)\TOMTOM HOME 2\XUL\EXTENSIONS\[email protected]
[2011/12/22 15:47:10 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/09/09 07:49:55 | 000,001,583 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\atlas-sk.xml
[2011/09/09 07:49:55 | 000,001,380 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\azet-sk.xml
[2011/09/09 07:49:55 | 000,001,479 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\dunaj-sk.xml
[2011/09/09 07:49:55 | 000,001,473 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\slovnik-sk.xml
[2011/09/09 07:49:55 | 000,001,104 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-sk.xml
[2011/09/09 07:49:55 | 000,000,830 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\zoznam-sk.xml

O1 HOSTS File: ([2012/01/19 09:46:20 | 000,000,021 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O3:64bit: - HKLM\..\Toolbar: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Přidat do Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8 - Extra context menu item: Přidat do Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O9:64bit: - Extra Button: &Virtuální klávesnice - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: K&ontrola adres URL - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtuální klávesnice - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: K&ontrola adres URL - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.2.0)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.2.0)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_02)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{44EFF854-9584-4C6B-90D1-A6FE8892C211}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss - No CLSID value found
O18 - Protocol\Handler\mso-offdap - No CLSID value found
O18 - Protocol\Handler\mso-offdap11 - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/01/10 11:00:10 | 000,000,000 | R--D | M] - C:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/19 16:05:56 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Rastik\Desktop\OTL.exe
[2012/01/19 12:55:14 | 000,000,000 | ---D | C] -- C:\Users\Rastik\Desktop\prípad. štúdie marketing
[2012/01/19 12:25:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/01/19 10:25:15 | 000,000,000 | ---D | C] -- C:\Users\Rastik\AppData\Local\VS Revo Group
[2012/01/18 19:08:30 | 000,000,000 | ---D | C] -- C:\Users\Rastik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/01/18 19:08:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/01/17 13:21:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2012
[2012/01/17 13:20:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/01/17 13:20:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2012/01/17 13:20:38 | 000,615,728 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2012/01/17 11:40:35 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/01/17 11:38:41 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/01/17 09:39:02 | 000,000,000 | ---D | C] -- C:\Users\Rastik\AppData\Roaming\FixIt
[2012/01/16 18:51:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited
[2012/01/16 18:51:47 | 000,000,000 | ---D | C] -- C:\Users\Rastik\AppData\Roaming\Canneverbe Limited
[2012/01/16 18:46:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CDBurnerXP
[2012/01/16 18:40:54 | 000,000,000 | ---D | C] -- C:\Users\Rastik\VirtualBox VMs
[2012/01/15 11:25:38 | 000,000,000 | ---D | C] -- C:\Users\Rastik\AppData\Local\Apple Computer
[2012/01/10 11:00:10 | 000,000,000 | R--D | C] -- C:\Autorun.inf
[2012/01/07 17:44:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader 5.1
[2012/01/07 17:44:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foxit Software
[2012/01/06 10:30:29 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2012/01/04 15:17:13 | 000,000,000 | ---D | C] -- C:\Users\Rastik\Documents\iMacros
[2012/01/02 12:32:53 | 000,000,000 | R--D | C] -- C:\Users\Rastik\Virtual Machines
[2012/01/02 11:20:27 | 000,000,000 | ---D | C] -- C:\Users\Rastik\AppData\Local\Google
[2011/12/31 07:59:44 | 000,000,000 | ---D | C] -- C:\Users\Rastik\Documents\ForceField Shared Files
[2011/12/25 09:22:52 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/12/25 09:20:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2011/12/24 10:25:12 | 000,000,000 | ---D | C] -- C:\Users\Rastik\AppData\Roaming\Malwarebytes
[2011/12/24 10:25:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/24 10:25:01 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/12/24 10:25:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/12/24 10:25:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/24 08:55:21 | 000,000,000 | ---D | C] -- C:\Users\Rastik\AppData\Roaming\Tific
[2011/12/22 23:12:17 | 000,000,000 | ---D | C] -- C:\Windows\Microsoft Antimalware
[2011/12/22 23:11:42 | 000,000,000 | ---D | C] -- C:\Windows\Windows Defender Offline
[2011/12/22 22:42:34 | 000,000,000 | ---D | C] -- C:\Windows\Standalone System Sweeper
[2011/12/22 11:51:30 | 000,000,000 | ---D | C] -- C:\Users\Rastik\AppData\Local\CrashDumps

========== Files - Modified Within 30 Days ==========

[2012/01/19 16:05:56 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Rastik\Desktop\OTL.exe
[2012/01/19 15:57:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/19 11:56:03 | 000,007,605 | ---- | M] () -- C:\Users\Rastik\AppData\Local\resmon.resmoncfg
[2012/01/19 09:57:22 | 000,028,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/19 09:57:22 | 000,028,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/19 09:50:06 | 3169,701,888 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/19 09:46:20 | 000,000,021 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/01/18 12:56:10 | 001,500,213 | ---- | M] () -- C:\Users\Rastik\Documents\IMG.jpg
[2012/01/18 10:40:03 | 001,408,332 | ---- | M] () -- C:\Users\Rastik\Documents\úrad práce potvrdenie.jpg
[2012/01/17 13:36:48 | 000,152,233 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat
[2012/01/17 13:36:48 | 000,107,177 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat
[2012/01/17 13:20:38 | 000,615,728 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2012/01/17 13:08:36 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/01/17 11:55:18 | 000,000,000 | ---- | M] () -- C:\Windows\wcx_ftp.ini
[2012/01/17 11:42:21 | 000,707,653 | ---- | M] () -- C:\Users\Rastik\Desktop\Desktop.rar
[2012/01/17 09:29:56 | 002,079,302 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/17 09:29:56 | 001,503,510 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/17 09:29:56 | 000,005,342 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/01/16 19:02:11 | 000,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml
[2012/01/16 19:02:11 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2012/01/10 11:00:47 | 000,005,152 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/02 11:14:04 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/12/28 16:28:32 | 002,097,152 | ---- | M] () -- C:\Users\Rastik\ntuser.bak

========== Files Created - No Company Name ==========

[2012/01/18 12:53:47 | 001,500,213 | ---- | C] () -- C:\Users\Rastik\Documents\IMG.jpg
[2012/01/18 10:40:02 | 001,408,332 | ---- | C] () -- C:\Users\Rastik\Documents\úrad práce potvrdenie.jpg
[2012/01/17 13:21:32 | 000,152,233 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat
[2012/01/17 13:21:32 | 000,107,177 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat
[2012/01/17 11:55:18 | 000,000,000 | ---- | C] () -- C:\Windows\wcx_ftp.ini
[2012/01/17 11:15:00 | 000,707,653 | ---- | C] () -- C:\Users\Rastik\Desktop\Desktop.rar
[2012/01/16 19:02:07 | 000,001,908 | ---- | C] () -- C:\Windows\diagwrn.xml
[2012/01/16 19:02:07 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml
[2012/01/16 18:46:28 | 000,001,859 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
[2012/01/14 20:25:57 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\ztvunrar36.dll
[2012/01/14 20:25:57 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\UNRAR3.dll
[2012/01/14 20:25:57 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\ztvunace26.dll
[2012/01/14 20:25:57 | 000,075,264 | ---- | C] () -- C:\Windows\SysWow64\unacev2.dll
[2012/01/11 17:05:39 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/12/04 11:15:30 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\SBRC.dat
[2011/11/06 14:33:34 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\setup_xp.ini
[2011/10/30 09:18:34 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2011/09/27 09:57:43 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011/09/23 11:55:25 | 000,007,605 | ---- | C] () -- C:\Users\Rastik\AppData\Local\resmon.resmoncfg
[2011/09/23 09:11:59 | 000,017,408 | ---- | C] () -- C:\Users\Rastik\AppData\Local\WebpageIcons.db
[2011/09/15 14:15:31 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2011/09/09 08:03:03 | 000,005,342 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/09/02 09:03:00 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/09/02 07:55:25 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/05/12 17:03:12 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2010/03/29 11:44:14 | 000,001,105 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2012/01/16 18:51:47 | 000,000,000 | ---D | M] -- C:\Users\Rastik\AppData\Roaming\Canneverbe Limited
[2011/09/15 11:12:38 | 000,000,000 | ---D | M] -- C:\Users\Rastik\AppData\Roaming\Canon
[2012/01/17 09:39:02 | 000,000,000 | ---D | M] -- C:\Users\Rastik\AppData\Roaming\FixIt
[2011/12/03 17:37:45 | 000,000,000 | ---D | M] -- C:\Users\Rastik\AppData\Roaming\Foxit Software
[2012/01/02 13:04:22 | 000,000,000 | ---D | M] -- C:\Users\Rastik\AppData\Roaming\GHISLER
[2011/09/27 09:45:35 | 000,000,000 | ---D | M] -- C:\Users\Rastik\AppData\Roaming\InstallPad
[2011/09/23 10:02:50 | 000,000,000 | ---D | M] -- C:\Users\Rastik\AppData\Roaming\TeamViewer
[2011/12/24 08:55:21 | 000,000,000 | ---D | M] -- C:\Users\Rastik\AppData\Roaming\Tific
[2011/12/03 20:22:31 | 000,000,000 | ---D | M] -- C:\Users\Rastik\AppData\Roaming\TomTom
[2012/01/17 09:25:01 | 000,032,516 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

OTL Extras logfile created on: 19. 1. 2012 16:11:52 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Rastik\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000041b | Country: Slovenská republika | Language: SKY | Date Format: d. M. yyyy

3,94 Gb Total Physical Memory | 2,53 Gb Available Physical Memory | 64,31% Memory free
7,87 Gb Paging File | 6,36 Gb Available in Paging File | 80,87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 899,88 Gb Free Space | 96,61% Space Free | Partition Type: NTFS

Computer Name: RASTIK-PC | User Name: Rastik | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2413" = CanoScan LiDE 100 Scanner Driver
"{1DFE39AA-330A-306E-3F61-4E898B1BDECD}" = ccc-utility64
"{26A24AE4-039D-4CA4-87B4-2F86417002FF}" = Java™ 7 Update 2 (64-bit)
"{377672F0-6B8A-467D-8DDC-79338BCCD531}" = 64 Bit HP CIO Components Installer
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = Lenovo Bluetooth with Enhanced Data Rate Software
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Centrum zariadení Windows Mobile
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C9B6B1F-0A8E-402A-A60C-110BBB38D67E}" = Intel® Network Connections 15.7.176.0
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-041B-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Slovak) 2007
"{AB1CF8F1-C0B8-4EDD-B5B1-E6B19B6CBCA4}" = PretonSaver Home Edition
"{C8F18691-56DB-DD1F-03D7-DFFFF2F261F7}" = ATI Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"7341A1B43E7FE58942EB1E820A17C18305DFBCE6" = Windows Driver Package - Broadcom Bluetooth (01/19/2010 6.2.0.1417)
"85CE3A3657FAE5FD305B143E90E6FC89BA53001C" = Windows Driver Package - Broadcom (BTHUSB) Bluetooth (02/25/2010 6.2.0.9419)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"Elo TouchSystems" = Elo TouchSystems
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"PROSetDX" = Intel® Network Connections 15.7.176.0
"Recuva" = Recuva
"WinRAR archiver" = WinRAR 4.10 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{011F4E64-FB6C-5D62-BEF9-7A32AB682190}" = CCC Help Italian
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{08C04F27-8554-3AAE-3A74-20C6387A57FF}" = CCC Help Russian
"{1C647A5A-976E-EEBE-4B3E-1F401A2CD368}" = CCC Help Turkish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217002FF}" = Java™ 7 Update 2
"{28ABE740-47F3-441B-9437-852F6A64EFF8}" = Lenovo_Wireless_Driver
"{35CD7559-DFD6-E87D-AEA3-706D68E08C31}" = Catalyst Control Center Core Implementation
"{3937896F-C68B-AB77-24B9-E0CB0620BECA}" = CCC Help Spanish
"{39975670-3873-0F21-D39D-492389BCBA53}" = CCC Help Chinese Standard
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{55260F40-A919-DF2C-95E5-D169EFF0B81F}" = CCC Help French
"{560994F5-4FED-FE19-9E0F-B388B8477CF0}" = CCC Help Norwegian
"{5DF5854F-7C44-F124-A4C3-839B4A059B97}" = Catalyst Control Center Graphics Previews Vista
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{68AEA6F8-7A64-E950-61E8-926585C0E518}" = CCC Help Hungarian
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{715B50D6-8C41-B982-976E-10DA52EB9D77}" = CCC Help Swedish
"{71B7840D-BB4D-409C-87A2-9EFD10BC0C3D}" = VC90_CRT_x64
"{71E6F798-2D30-7ACF-34C7-F39C5B8FB721}" = Catalyst Control Center Graphics Previews Common
"{740C9243-9B70-2979-525C-FF6D48B64716}" = Catalyst Control Center Graphics Full Existing
"{771B4E56-7D1D-52D7-1992-E9FB6B4BCB9E}" = Catalyst Control Center Graphics Light
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F534800-2742-3298-30B4-A383B986A676}" = Catalyst Control Center Localization All
"{88E0C630-BF23-3471-9B00-41E1E9165F4A}" = ccc-core-static
"{8991E763-21F5-4DEA-A938-5D9D77DCB488}" = Broadcom 802.11 Wireless Driver
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0016-041B-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Slovak) 2007
"{90120000-0016-041B-0000-0000000FF1CE}_HOMESTUDENTR_{4754EB3B-ED3D-4095-A2FD-684A3058A4FF}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-041B-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Slovak) 2007
"{90120000-0018-041B-0000-0000000FF1CE}_HOMESTUDENTR_{4754EB3B-ED3D-4095-A2FD-684A3058A4FF}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-041B-0000-0000000FF1CE}" = Microsoft Office Word MUI (Slovak) 2007
"{90120000-001B-041B-0000-0000000FF1CE}_HOMESTUDENTR_{4754EB3B-ED3D-4095-A2FD-684A3058A4FF}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}_HOMESTUDENTR_{0B7A4B67-2A38-42B1-9857-662FAB361E08}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040E-0000-0000000FF1CE}" = Microsoft Office Proof (Hungarian) 2007
"{90120000-001F-040E-0000-0000000FF1CE}_HOMESTUDENTR_{0AD4BB83-13B4-4C9D-9BAC-7F64E0B2D5D7}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-001F-041B-0000-0000000FF1CE}_HOMESTUDENTR_{FDF9A959-241A-4662-A8DE-7DED9C22D160}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-041B-1000-0000000FF1CE}_HOMESTUDENTR_{8382BA92-20E3-47B6-971B-F673F0492D4E}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-041B-0000-0000000FF1CE}" = Microsoft Office Proofing (Slovak) 2007
"{90120000-006E-041B-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Slovak) 2007
"{90120000-006E-041B-0000-0000000FF1CE}_HOMESTUDENTR_{8382BA92-20E3-47B6-971B-F673F0492D4E}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-041B-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Slovak) 2007
"{90120000-00A1-041B-0000-0000000FF1CE}_HOMESTUDENTR_{4754EB3B-ED3D-4095-A2FD-684A3058A4FF}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90663E4A-78CF-6F7C-81ED-86D330166A31}" = CCC Help German
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{991D2134-E7E3-B574-5F67-7150C35625F1}" = CCC Help Korean
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D906786-2581-96EB-0547-390CD1DD3265}" = CCC Help Finnish
"{A8A6871F-AF05-ED75-894F-D74848808D39}" = CCC Help Polish
"{AC795EF5-DB2C-457E-B6A8-92C061ACB2A5}" = Catalyst Control Center - Branding
"{B272BF76-FBD0-6FF7-50C6-431CF3F7F499}" = CCC Help Danish
"{BB792D10-9D6E-38F0-43F0-29CC7A57B7AA}" = CCC Help Japanese
"{C00A4D42-499C-2C99-F43E-027DCF47E70B}" = CCC Help Dutch
"{C4561DD3-80D8-17FF-A530-351A8A8A6EFA}" = CCC Help Portuguese
"{C4FD9875-A432-C9C5-6719-ECA327E98FD4}" = CCC Help Czech
"{C547AAE7-D006-A843-0A78-E4CAB53B32D0}" = Catalyst Control Center Graphics Full New
"{C5DE68EC-594E-2D78-7819-35287852E337}" = CCC Help Greek
"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
"{D4EAF396-080F-666E-1B95-37CA3EB52244}" = CCC Help Chinese Traditional
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel® Turbo Boost Technology Driver
"{E0AFCF6D-9FE3-3168-A228-04B7B551A976}" = CCC Help Thai
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F18AA46C-FFDD-8E2D-5859-5C0D26C5DBC7}" = CCC Help English
"7-Zip" = 7-Zip 9.21beta
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"FileHippo.com" = FileHippo.com Update Checker
"Foxit Reader_is1" = Foxit Reader 5.1
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware verzia 1.60.0.1800
"Mozilla Firefox 9.0.1 (x86 sk)" = Mozilla Firefox 9.0.1 (x86 sk)
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"NTREGOPT_is1" = NTREGOPT 1.1j
"TomTom HOME" = TomTom HOME 2.8.2.2264
"Totalcmd" = Total Commander (Remove or Repair)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 19. 1. 2012 5:32:13 | Computer Name = Rastik-PC | Source = MsiInstaller | ID = 11721
Description =

Error - 19. 1. 2012 5:48:33 | Computer Name = Rastik-PC | Source = Application Error | ID = 1000
Description = Názov chybovej aplikácie: avp.exe, verzia: 12.0.0.374, časová značka:
0x4db46f59 Názov chybového modulu: ntdll.dll, verzia: 6.1.7601.17725, časová značka:
0x4ec49b90 Kód výnimky: 0xc0000005 Odstup chyby: 0x0002e3be Identifikácia chybného
procesu: 0xd74 Čas spustenia chybnej aplikácie: 0x01ccd68b51e24680 Cesta chybnej
aplikácie: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
Cesta
chybného modulu: C:\Windows\SysWOW64\ntdll.dll Identifikácia hlásenia: bfc20fbf-4282-11e1-a10c-00262d4e6f9d

Error - 19. 1. 2012 6:40:57 | Computer Name = Rastik-PC | Source = Application Error | ID = 1000
Description = Názov chybovej aplikácie: fsbl.exe, verzia: 2.2.1092.0, časová značka:
0x48a543e2 Názov chybového modulu: unknown, verzia: 0.0.0.0, časová značka: 0x00000000
Kód
výnimky: 0xc0000096 Odstup chyby: 0x000d0000 Identifikácia chybného procesu: 0x428
Čas
spustenia chybnej aplikácie: 0x01ccd696cc2a2275 Cesta chybnej aplikácie: C:\Users\Rastik\Desktop\fsbl.exe
Cesta
chybného modulu: unknown Identifikácia hlásenia: 11873f58-428a-11e1-a10c-00262d4e6f9d

Error - 19. 1. 2012 6:40:57 | Computer Name = Rastik-PC | Source = Application Error | ID = 1005
Description = Systém Windows nemôže získať prístup k súboru kvôli jednej z nasledujúcich
príčin: existuje problém so sieťovým pripojením, diskom, na ktorom je súbor uložený,
alebo ovládačmi pamäťových zariadení inštalovanými v tomto počítači; alebo chýba
disk. Systém Windows kvôli tejto chybe zavrel program F-Secure BlackLight. Program:
F-Secure BlackLight Súbor: Hodnota chyby sa uvádza v sekcii Ďalšie údaje. Akcia používateľa
1.
Otvorte znova súbor. Táto situácia môže byť dočasným problémom, ktorý sa vyrieši
sám pri ďalšom spustení programu. 2. Ak sa k súboru naďalej nedá získať prístup a
-
je v sieti, váš správca siete by mal overiť, či sa nevyskytol problém so sieťou
a či sa server dá kontaktovať. - je na vymeniteľnom disku, napríklad na diskete alebo
disku CD-ROM, overte či je disk úplne vložený v počítači. 3. Skontrolujte a opravte
systém súborov spustením programu CHKDSK. Ak chcete spustiť program CHKDSK, kliknite
na tlačidlo Štart, kliknite na položku Spustiť, zadajte CMD a potom kliknite na
tlačidlo OK. V príkazovom riadku zadajte príkaz CHKDSK /F a potom stlačte kláves
ENTER. 4. Ak problém pretrváva, obnovte súbor zo záložnej kópie. 5. Zistite, či sa
dajú otvoriť iné súbory na tom istom disku. Ak nie, disk môže byť poškodený. Ak
ide o pevný disk, požiadajte o pomoc svojho správcu systému alebo dodávateľa počítačového
hardvéru. Ďalšie údaje Chybová hodnota: 00000000 Typ disku: 0

Error - 19. 1. 2012 6:41:15 | Computer Name = Rastik-PC | Source = Application Error | ID = 1000
Description = Názov chybovej aplikácie: fsbl.exe, verzia: 2.2.1092.0, časová značka:
0x48a543e2 Názov chybového modulu: unknown, verzia: 0.0.0.0, časová značka: 0x00000000
Kód
výnimky: 0xc0000096 Odstup chyby: 0x000d0000 Identifikácia chybného procesu: 0x132c
Čas
spustenia chybnej aplikácie: 0x01ccd696da158e6f Cesta chybnej aplikácie: C:\Users\Rastik\Desktop\fsbl.exe
Cesta
chybného modulu: unknown Identifikácia hlásenia: 1c3189b2-428a-11e1-a10c-00262d4e6f9d

Error - 19. 1. 2012 6:41:15 | Computer Name = Rastik-PC | Source = Application Error | ID = 1005
Description = Systém Windows nemôže získať prístup k súboru kvôli jednej z nasledujúcich
príčin: existuje problém so sieťovým pripojením, diskom, na ktorom je súbor uložený,
alebo ovládačmi pamäťových zariadení inštalovanými v tomto počítači; alebo chýba
disk. Systém Windows kvôli tejto chybe zavrel program F-Secure BlackLight. Program:
F-Secure BlackLight Súbor: Hodnota chyby sa uvádza v sekcii Ďalšie údaje. Akcia používateľa
1.
Otvorte znova súbor. Táto situácia môže byť dočasným problémom, ktorý sa vyrieši
sám pri ďalšom spustení programu. 2. Ak sa k súboru naďalej nedá získať prístup a
-
je v sieti, váš správca siete by mal overiť, či sa nevyskytol problém so sieťou
a či sa server dá kontaktovať. - je na vymeniteľnom disku, napríklad na diskete alebo
disku CD-ROM, overte či je disk úplne vložený v počítači. 3. Skontrolujte a opravte
systém súborov spustením programu CHKDSK. Ak chcete spustiť program CHKDSK, kliknite
na tlačidlo Štart, kliknite na položku Spustiť, zadajte CMD a potom kliknite na
tlačidlo OK. V príkazovom riadku zadajte príkaz CHKDSK /F a potom stlačte kláves
ENTER. 4. Ak problém pretrváva, obnovte súbor zo záložnej kópie. 5. Zistite, či sa
dajú otvoriť iné súbory na tom istom disku. Ak nie, disk môže byť poškodený. Ak
ide o pevný disk, požiadajte o pomoc svojho správcu systému alebo dodávateľa počítačového
hardvéru. Ďalšie údaje Chybová hodnota: 00000000 Typ disku: 0

Error - 19. 1. 2012 7:24:39 | Computer Name = Rastik-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Služba Cryptographic Services zlyhala pri spracovávaní volania OnIdentity()
v objekte System Writer. Details: TraverseDir : Unable to FindFirstFile. System Error:
Prístup
je odmietnutý. .

Error - 19. 1. 2012 7:24:40 | Computer Name = Rastik-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Služba Cryptographic Services zlyhala pri spracovávaní volania OnIdentity()
v objekte System Writer. Details: TraverseDir : Unable to FindFirstFile. System Error:
Prístup
je odmietnutý. .

Error - 19. 1. 2012 7:24:57 | Computer Name = Rastik-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Služba Cryptographic Services zlyhala pri spracovávaní volania OnIdentity()
v objekte System Writer. Details: TraverseDir : Unable to FindFirstFile. System Error:
Prístup
je odmietnutý. .

Error - 19. 1. 2012 7:24:57 | Computer Name = Rastik-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Služba Cryptographic Services zlyhala pri spracovávaní volania OnIdentity()
v objekte System Writer. Details: TraverseDir : Unable to FindFirstFile. System Error:
Prístup
je odmietnutý. .

[ OSession Events ]
Error - 3. 11. 2011 9:57:32 | Computer Name = Rastik-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 140
seconds with 60 seconds of active time. This session ended with a crash.

Error - 16. 11. 2011 8:00:19 | Computer Name = Rastik-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 76
seconds with 60 seconds of active time. This session ended with a crash.

Error - 12. 12. 2011 8:37:44 | Computer Name = Rastik-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 12
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 6. 12. 2011 6:46:17 | Computer Name = Rastik-PC | Source = Service Control Manager | ID = 7034
Description = Služba Machine Debug Manager sa neočakávane ukončila. Služba sa týmto
spôsobom ukončila už 1-krát.

Error - 6. 12. 2011 6:46:17 | Computer Name = Rastik-PC | Source = Service Control Manager | ID = 7031
Description = Služba Print Spooler sa neočakávane ukončila. Služba sa týmto spôsobom
ukončila už 1 krát. O 60000 ms bude vykonaná nasledujúca opravná akcia: Reštartovať
službu.

Error - 6. 12. 2011 6:46:17 | Computer Name = Rastik-PC | Source = Service Control Manager | ID = 7034
Description = Služba TomTomHOMEService sa neočakávane ukončila. Služba sa týmto
spôsobom ukončila už 1-krát.

Error - 6. 12. 2011 6:46:17 | Computer Name = Rastik-PC | Source = Service Control Manager | ID = 7034
Description = Služba Intel® Rapid Storage Technology sa neočakávane ukončila.
Služba sa týmto spôsobom ukončila už 1-krát.

Error - 6. 12. 2011 6:46:17 | Computer Name = Rastik-PC | Source = Service Control Manager | ID = 7034
Description = Služba Intel® Management & Security Application User Notification
Service sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1-krát.

Error - 6. 12. 2011 6:46:17 | Computer Name = Rastik-PC | Source = Service Control Manager | ID = 7031
Description = Služba Windows Modules Installer sa neočakávane ukončila. Služba sa
týmto spôsobom ukončila už 1 krát. O 120000 ms bude vykonaná nasledujúca opravná
akcia: Reštartovať službu.

Error - 6. 12. 2011 6:46:17 | Computer Name = Rastik-PC | Source = Service Control Manager | ID = 7031
Description = Služba Software Protection sa neočakávane ukončila. Služba sa týmto
spôsobom ukončila už 1 krát. O 120000 ms bude vykonaná nasledujúca opravná akcia:
Reštartovať službu.

Error - 6. 12. 2011 7:46:41 | Computer Name = Rastik-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10003
Description = Modul WLAN Extensibility Module sa neočakávane zastavil. Cesta k modulu:
C:\Windows\System32\bcmihvsrv64.dll

Error - 6. 12. 2011 7:46:47 | Computer Name = Rastik-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10003
Description = Modul WLAN Extensibility Module sa neočakávane zastavil. Cesta k modulu:
C:\Windows\System32\bcmihvsrv64.dll

Error - 6. 12. 2011 7:46:47 | Computer Name = Rastik-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10003
Description = Modul WLAN Extensibility Module sa neočakávane zastavil. Cesta k modulu:
C:\Windows\System32\bcmihvsrv64.dll

< End of report >

#2
Gammo

Posted 23 January 2012 - 07:32 AM

Member 2k

Malware Removal
2,299 posts

Hello and welcome to Geekstogo!

We apologize for the delay in responding to your request for help.
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

If you haven't done so yet, please go to Malware and Spyware Cleaning Guide and follow the steps instructed there. If you have already done this, we still need a new log to see what has changed since you originally posted your problem.

We need to create an OTL Report
Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Check the box that says Scan All Users.
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

#3
rastikxp

Posted 23 January 2012 - 09:53 AM

Member

Topic Starter
Member
14 posts

OTL logfile created on: 23. 1. 2012 16:47:02 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Rastik\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000041b | Country: Slovenská republika | Language: SKY | Date Format: d. M. yyyy

3,94 Gb Total Physical Memory | 2,78 Gb Available Physical Memory | 70,63% Memory free
7,87 Gb Paging File | 6,53 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 902,69 Gb Free Space | 96,92% Space Free | Partition Type: NTFS

Computer Name: RASTIK-PC | User Name: Rastik | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/23 16:44:05 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Rastik\Desktop\OTL.exe
PRC - [2011/04/24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
PRC - [2010/11/05 22:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/02/05 07:38:52 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/02/05 07:38:48 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

========== Modules (No Company Name) ==========

MOD - [2011/04/24 23:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtgui4.dll
MOD - [2011/04/24 23:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtsql4.dll
MOD - [2011/04/24 23:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtscript4.dll
MOD - [2011/04/24 23:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtnetwork4.dll
MOD - [2011/04/24 23:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtcore4.dll
MOD - [2011/04/24 23:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtdeclarative4.dll
MOD - [2011/04/20 19:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/09/21 11:18:12 | 000,091,136 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Preton\PretonSaver\PretonClientService.exe -- (PretonClientService)
SRV:64bit: - [2010/11/24 13:39:24 | 000,953,632 | ---- | M] (Broadcom Corporation.) [Disabled | Stopped] -- C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2010/09/22 00:05:24 | 000,165,032 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel® PROSet Monitoring Service)
SRV:64bit: - [2010/03/03 05:12:12 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/04/24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP)
SRV - [2011/04/22 13:21:10 | 000,092,592 | ---- | M] (TomTom) [Disabled | Stopped] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/11/05 22:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/05 07:38:52 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2010/02/05 07:38:48 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/05/31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/01/17 13:20:38 | 000,615,728 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/09/02 04:01:56 | 000,251,648 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmc412.sys -- (VMC412)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/10 18:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2011/03/04 13:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2011/03/04 13:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2010/11/21 04:24:52 | 000,840,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\blackbox.dll -- (BlackBox)
DRV:64bit: - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 04:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/20 14:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010/11/20 12:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010/11/09 13:56:12 | 000,049,752 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SBREDrv.sys -- (SBRE)
DRV:64bit: - [2010/11/05 22:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/09/29 12:02:30 | 000,314,544 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress) Intel®
DRV:64bit: - [2010/03/17 05:01:58 | 000,075,776 | ---- | M] (VIA Technologies, Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viacr64.sys -- (VIACRX64)
DRV:64bit: - [2010/03/03 05:23:10 | 006,402,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/03/03 04:07:32 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/02/09 02:14:02 | 000,056,400 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EloMTUsb.sys -- (EloMTUsb)
DRV:64bit: - [2010/01/28 15:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/11/30 08:56:00 | 000,053,800 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2009/11/05 19:21:56 | 002,838,008 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/11/02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009/09/17 05:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2000/01/01 01:00:00 | 000,348,712 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)
DRV:64bit: - [2000/01/01 01:00:00 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2000/01/01 01:00:00 | 000,138,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2000/01/01 01:00:00 | 000,114,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2000/01/01 01:00:00 | 000,106,536 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2000/01/01 01:00:00 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2000/01/01 01:00:00 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV - [2010/11/21 04:25:10 | 000,743,424 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWow64\blackbox.dll -- (BlackBox)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,start page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search bar = http://search.msn.com/spbasic.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3802007806-828674693-3736632429-1000\SOFTWARE\Microsoft\Internet Explorer\Main,start page = about:blank
IE - HKU\S-1-5-21-3802007806-828674693-3736632429-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sk
IE - HKU\S-1-5-21-3802007806-828674693-3736632429-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B4 68 49 CD 3D 69 CC 01 [binary data]
IE - HKU\S-1-5-21-3802007806-828674693-3736632429-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.7.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.2

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected] [2012/01/17 13:36:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected] [2012/01/17 13:36:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected] [2012/01/17 13:36:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/19 10:23:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/19 10:23:16 | 000,000,000 | ---D | M]

[2011/12/03 20:22:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rastik\AppData\Roaming\Mozilla\Extensions
[2011/12/03 20:22:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rastik\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/01/20 10:57:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rastik\AppData\Roaming\Mozilla\Firefox\Profiles\35jlybnw.profil\extensions
[2012/01/20 10:57:15 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Users\Rastik\AppData\Roaming\Mozilla\Firefox\Profiles\35jlybnw.profil\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011/11/09 12:54:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/12/03 20:22:18 | 000,000,000 | ---D | M] (Map status indicator) -- C:\PROGRAM FILES (X86)\TOMTOM HOME 2\XUL\EXTENSIONS\[email protected]
[2011/12/22 15:47:10 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/09/09 07:49:55 | 000,001,583 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\atlas-sk.xml
[2011/09/09 07:49:55 | 000,001,380 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\azet-sk.xml
[2011/09/09 07:49:55 | 000,001,479 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\dunaj-sk.xml
[2011/09/09 07:49:55 | 000,001,473 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\slovnik-sk.xml
[2011/09/09 07:49:55 | 000,001,104 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-sk.xml
[2011/09/09 07:49:55 | 000,000,830 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\zoznam-sk.xml

O1 HOSTS File: ([2012/01/20 17:58:13 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O3:64bit: - HKLM\..\Toolbar: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O3 - HKU\S-1-5-21-3802007806-828674693-3736632429-1000\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3802007806-828674693-3736632429-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3802007806-828674693-3736632429-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-21-3802007806-828674693-3736632429-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3
O7 - HKU\S-1-5-21-3802007806-828674693-3736632429-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Přidat do Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8 - Extra context menu item: Přidat do Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O9:64bit: - Extra Button: &Virtuální klávesnice - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: K&ontrola adres URL - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtuální klávesnice - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: K&ontrola adres URL - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.2.0)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.2.0)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_02)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{44EFF854-9584-4C6B-90D1-A6FE8892C211}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss - No CLSID value found
O18 - Protocol\Handler\mso-offdap - No CLSID value found
O18 - Protocol\Handler\mso-offdap11 - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/01/10 11:00:10 | 000,000,000 | R--D | M] - C:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/23 16:44:09 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Rastik\Desktop\OTL.exe
[2012/01/21 15:41:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
[2012/01/21 15:41:25 | 000,000,000 | ---D | C] -- C:\Users\Rastik\AppData\Local\Comodo
[2012/01/21 15:41:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Comodo
[2012/01/20 18:00:26 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/01/20 17:58:19 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/01/20 10:57:24 | 000,000,000 | ---D | C] -- C:\Users\Rastik\AppData\Roaming\QuickScan
[2012/01/19 12:25:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/01/19 10:25:15 | 000,000,000 | ---D | C] -- C:\Users\Rastik\AppData\Local\VS Revo Group
[2012/01/18 19:08:30 | 000,000,000 | ---D | C] -- C:\Users\Rastik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/01/18 19:08:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/01/17 13:21:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2012
[2012/01/17 13:20:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/01/17 13:20:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2012/01/17 13:20:38 | 000,615,728 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2012/01/17 09:39:02 | 000,000,000 | ---D | C] -- C:\Users\Rastik\AppData\Roaming\FixIt
[2012/01/16 18:51:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited
[2012/01/16 18:51:47 | 000,000,000 | ---D | C] -- C:\Users\Rastik\AppData\Roaming\Canneverbe Limited
[2012/01/16 18:46:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CDBurnerXP
[2012/01/16 18:40:54 | 000,000,000 | ---D | C] -- C:\Users\Rastik\VirtualBox VMs
[2012/01/15 11:25:38 | 000,000,000 | ---D | C] -- C:\Users\Rastik\AppData\Local\Apple Computer
[2012/01/10 11:00:10 | 000,000,000 | R--D | C] -- C:\Autorun.inf
[2012/01/07 17:44:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader 5.1
[2012/01/07 17:44:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foxit Software
[2012/01/06 10:30:29 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2012/01/04 15:17:13 | 000,000,000 | ---D | C] -- C:\Users\Rastik\Documents\iMacros
[2012/01/02 12:32:53 | 000,000,000 | R--D | C] -- C:\Users\Rastik\Virtual Machines
[2012/01/02 11:20:27 | 000,000,000 | ---D | C] -- C:\Users\Rastik\AppData\Local\Google
[2011/12/31 07:59:44 | 000,000,000 | ---D | C] -- C:\Users\Rastik\Documents\ForceField Shared Files
[2011/12/25 09:22:52 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/12/25 09:20:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java

========== Files - Modified Within 30 Days ==========

[2012/01/23 16:45:20 | 000,028,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/23 16:45:20 | 000,028,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/23 16:44:05 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Rastik\Desktop\OTL.exe
[2012/01/23 16:38:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/23 16:37:56 | 3169,701,888 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/20 17:58:13 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/01/19 11:56:03 | 000,007,605 | ---- | M] () -- C:\Users\Rastik\AppData\Local\resmon.resmoncfg
[2012/01/18 12:56:10 | 001,500,213 | ---- | M] () -- C:\Users\Rastik\Documents\IMG.jpg
[2012/01/18 10:40:03 | 001,408,332 | ---- | M] () -- C:\Users\Rastik\Documents\úrad práce potvrdenie.jpg
[2012/01/17 13:36:48 | 000,152,233 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat
[2012/01/17 13:36:48 | 000,107,177 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat
[2012/01/17 13:20:38 | 000,615,728 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2012/01/17 13:08:36 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/01/17 11:55:18 | 000,000,000 | ---- | M] () -- C:\Windows\wcx_ftp.ini
[2012/01/17 11:42:21 | 000,707,653 | ---- | M] () -- C:\Users\Rastik\Desktop\Desktop.rar
[2012/01/17 09:29:56 | 002,079,302 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/17 09:29:56 | 001,503,510 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/17 09:29:56 | 000,005,342 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/01/16 19:02:11 | 000,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml
[2012/01/16 19:02:11 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2012/01/10 11:00:47 | 000,005,152 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/02 11:14:04 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/12/28 16:28:32 | 002,097,152 | ---- | M] () -- C:\Users\Rastik\ntuser.bak

========== Files Created - No Company Name ==========

[2012/01/18 12:53:47 | 001,500,213 | ---- | C] () -- C:\Users\Rastik\Documents\IMG.jpg
[2012/01/18 10:40:02 | 001,408,332 | ---- | C] () -- C:\Users\Rastik\Documents\úrad práce potvrdenie.jpg
[2012/01/17 13:21:32 | 000,152,233 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat
[2012/01/17 13:21:32 | 000,107,177 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat
[2012/01/17 11:55:18 | 000,000,000 | ---- | C] () -- C:\Windows\wcx_ftp.ini
[2012/01/17 11:15:00 | 000,707,653 | ---- | C] () -- C:\Users\Rastik\Desktop\Desktop.rar
[2012/01/16 19:02:07 | 000,001,908 | ---- | C] () -- C:\Windows\diagwrn.xml
[2012/01/16 19:02:07 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml
[2012/01/16 18:46:28 | 000,001,859 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
[2012/01/14 20:25:57 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\ztvunrar36.dll
[2012/01/14 20:25:57 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\UNRAR3.dll
[2012/01/14 20:25:57 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\ztvunace26.dll
[2012/01/14 20:25:57 | 000,075,264 | ---- | C] () -- C:\Windows\SysWow64\unacev2.dll
[2011/12/04 11:15:30 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\SBRC.dat
[2011/11/06 14:33:34 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\setup_xp.ini
[2011/10/30 09:18:34 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2011/09/27 09:57:43 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011/09/23 11:55:25 | 000,007,605 | ---- | C] () -- C:\Users\Rastik\AppData\Local\resmon.resmoncfg
[2011/09/23 09:11:59 | 000,017,408 | ---- | C] () -- C:\Users\Rastik\AppData\Local\WebpageIcons.db
[2011/09/15 14:15:31 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2011/09/09 08:03:03 | 000,005,342 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/09/02 09:03:00 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/09/02 07:55:25 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/05/12 17:03:12 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2010/03/29 11:44:14 | 000,001,105 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2012/01/16 18:51:47 | 000,000,000 | ---D | M] -- C:\Users\Rastik\AppData\Roaming\Canneverbe Limited
[2011/09/15 11:12:38 | 000,000,000 | ---D | M] -- C:\Users\Rastik\AppData\Roaming\Canon
[2012/01/17 09:39:02 | 000,000,000 | ---D | M] -- C:\Users\Rastik\AppData\Roaming\FixIt
[2011/12/03 17:37:45 | 000,000,000 | ---D | M] -- C:\Users\Rastik\AppData\Roaming\Foxit Software
[2012/01/02 13:04:22 | 000,000,000 | ---D | M] -- C:\Users\Rastik\AppData\Roaming\GHISLER
[2011/09/27 09:45:35 | 000,000,000 | ---D | M] -- C:\Users\Rastik\AppData\Roaming\InstallPad
[2012/01/21 10:51:59 | 000,000,000 | ---D | M] -- C:\Users\Rastik\AppData\Roaming\QuickScan
[2011/09/23 10:02:50 | 000,000,000 | ---D | M] -- C:\Users\Rastik\AppData\Roaming\TeamViewer
[2011/12/24 08:55:21 | 000,000,000 | ---D | M] -- C:\Users\Rastik\AppData\Roaming\Tific
[2011/12/03 20:22:31 | 000,000,000 | ---D | M] -- C:\Users\Rastik\AppData\Roaming\TomTom
[2012/01/17 09:25:01 | 000,032,516 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

#4
rastikxp

Posted 23 January 2012 - 09:54 AM

Member

Topic Starter
Member
14 posts

OTL Extras logfile created on: 23. 1. 2012 16:47:02 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Rastik\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000041b | Country: Slovenská republika | Language: SKY | Date Format: d. M. yyyy

3,94 Gb Total Physical Memory | 2,78 Gb Available Physical Memory | 70,63% Memory free
7,87 Gb Paging File | 6,53 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 902,69 Gb Free Space | 96,92% Space Free | Partition Type: NTFS

Computer Name: RASTIK-PC | User Name: Rastik | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-3802007806-828674693-3736632429-1000\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2413" = CanoScan LiDE 100 Scanner Driver
"{1DFE39AA-330A-306E-3F61-4E898B1BDECD}" = ccc-utility64
"{26A24AE4-039D-4CA4-87B4-2F86417002FF}" = Java™ 7 Update 2 (64-bit)
"{377672F0-6B8A-467D-8DDC-79338BCCD531}" = 64 Bit HP CIO Components Installer
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = Lenovo Bluetooth with Enhanced Data Rate Software
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Centrum zariadení Windows Mobile
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C9B6B1F-0A8E-402A-A60C-110BBB38D67E}" = Intel® Network Connections 15.7.176.0
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-041B-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Slovak) 2007
"{AB1CF8F1-C0B8-4EDD-B5B1-E6B19B6CBCA4}" = PretonSaver Home Edition
"{C8F18691-56DB-DD1F-03D7-DFFFF2F261F7}" = ATI Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"7341A1B43E7FE58942EB1E820A17C18305DFBCE6" = Windows Driver Package - Broadcom Bluetooth (01/19/2010 6.2.0.1417)
"85CE3A3657FAE5FD305B143E90E6FC89BA53001C" = Windows Driver Package - Broadcom (BTHUSB) Bluetooth (02/25/2010 6.2.0.9419)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"Elo TouchSystems" = Elo TouchSystems
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"PROSetDX" = Intel® Network Connections 15.7.176.0
"Recuva" = Recuva
"WinRAR archiver" = WinRAR 4.10 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{011F4E64-FB6C-5D62-BEF9-7A32AB682190}" = CCC Help Italian
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{08C04F27-8554-3AAE-3A74-20C6387A57FF}" = CCC Help Russian
"{1C647A5A-976E-EEBE-4B3E-1F401A2CD368}" = CCC Help Turkish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217002FF}" = Java™ 7 Update 2
"{28ABE740-47F3-441B-9437-852F6A64EFF8}" = Lenovo_Wireless_Driver
"{35CD7559-DFD6-E87D-AEA3-706D68E08C31}" = Catalyst Control Center Core Implementation
"{3937896F-C68B-AB77-24B9-E0CB0620BECA}" = CCC Help Spanish
"{39975670-3873-0F21-D39D-492389BCBA53}" = CCC Help Chinese Standard
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{55260F40-A919-DF2C-95E5-D169EFF0B81F}" = CCC Help French
"{560994F5-4FED-FE19-9E0F-B388B8477CF0}" = CCC Help Norwegian
"{5DF5854F-7C44-F124-A4C3-839B4A059B97}" = Catalyst Control Center Graphics Previews Vista
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{68AEA6F8-7A64-E950-61E8-926585C0E518}" = CCC Help Hungarian
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{715B50D6-8C41-B982-976E-10DA52EB9D77}" = CCC Help Swedish
"{71B7840D-BB4D-409C-87A2-9EFD10BC0C3D}" = VC90_CRT_x64
"{71E6F798-2D30-7ACF-34C7-F39C5B8FB721}" = Catalyst Control Center Graphics Previews Common
"{740C9243-9B70-2979-525C-FF6D48B64716}" = Catalyst Control Center Graphics Full Existing
"{771B4E56-7D1D-52D7-1992-E9FB6B4BCB9E}" = Catalyst Control Center Graphics Light
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F534800-2742-3298-30B4-A383B986A676}" = Catalyst Control Center Localization All
"{88E0C630-BF23-3471-9B00-41E1E9165F4A}" = ccc-core-static
"{8991E763-21F5-4DEA-A938-5D9D77DCB488}" = Broadcom 802.11 Wireless Driver
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0016-041B-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Slovak) 2007
"{90120000-0016-041B-0000-0000000FF1CE}_HOMESTUDENTR_{4754EB3B-ED3D-4095-A2FD-684A3058A4FF}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-041B-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Slovak) 2007
"{90120000-0018-041B-0000-0000000FF1CE}_HOMESTUDENTR_{4754EB3B-ED3D-4095-A2FD-684A3058A4FF}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-041B-0000-0000000FF1CE}" = Microsoft Office Word MUI (Slovak) 2007
"{90120000-001B-041B-0000-0000000FF1CE}_HOMESTUDENTR_{4754EB3B-ED3D-4095-A2FD-684A3058A4FF}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}_HOMESTUDENTR_{0B7A4B67-2A38-42B1-9857-662FAB361E08}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040E-0000-0000000FF1CE}" = Microsoft Office Proof (Hungarian) 2007
"{90120000-001F-040E-0000-0000000FF1CE}_HOMESTUDENTR_{0AD4BB83-13B4-4C9D-9BAC-7F64E0B2D5D7}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-001F-041B-0000-0000000FF1CE}_HOMESTUDENTR_{FDF9A959-241A-4662-A8DE-7DED9C22D160}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-041B-1000-0000000FF1CE}_HOMESTUDENTR_{8382BA92-20E3-47B6-971B-F673F0492D4E}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-041B-0000-0000000FF1CE}" = Microsoft Office Proofing (Slovak) 2007
"{90120000-006E-041B-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Slovak) 2007
"{90120000-006E-041B-0000-0000000FF1CE}_HOMESTUDENTR_{8382BA92-20E3-47B6-971B-F673F0492D4E}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-041B-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Slovak) 2007
"{90120000-00A1-041B-0000-0000000FF1CE}_HOMESTUDENTR_{4754EB3B-ED3D-4095-A2FD-684A3058A4FF}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90663E4A-78CF-6F7C-81ED-86D330166A31}" = CCC Help German
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{991D2134-E7E3-B574-5F67-7150C35625F1}" = CCC Help Korean
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D906786-2581-96EB-0547-390CD1DD3265}" = CCC Help Finnish
"{A8A6871F-AF05-ED75-894F-D74848808D39}" = CCC Help Polish
"{AC795EF5-DB2C-457E-B6A8-92C061ACB2A5}" = Catalyst Control Center - Branding
"{B272BF76-FBD0-6FF7-50C6-431CF3F7F499}" = CCC Help Danish
"{BB792D10-9D6E-38F0-43F0-29CC7A57B7AA}" = CCC Help Japanese
"{C00A4D42-499C-2C99-F43E-027DCF47E70B}" = CCC Help Dutch
"{C4561DD3-80D8-17FF-A530-351A8A8A6EFA}" = CCC Help Portuguese
"{C4FD9875-A432-C9C5-6719-ECA327E98FD4}" = CCC Help Czech
"{C547AAE7-D006-A843-0A78-E4CAB53B32D0}" = Catalyst Control Center Graphics Full New
"{C5DE68EC-594E-2D78-7819-35287852E337}" = CCC Help Greek
"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
"{D4EAF396-080F-666E-1B95-37CA3EB52244}" = CCC Help Chinese Traditional
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel® Turbo Boost Technology Driver
"{E0AFCF6D-9FE3-3168-A228-04B7B551A976}" = CCC Help Thai
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F18AA46C-FFDD-8E2D-5859-5C0D26C5DBC7}" = CCC Help English
"7-Zip" = 7-Zip 9.21beta
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"FileHippo.com" = FileHippo.com Update Checker
"Foxit Reader_is1" = Foxit Reader 5.1
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware verzia 1.60.0.1800
"Mozilla Firefox 9.0.1 (x86 sk)" = Mozilla Firefox 9.0.1 (x86 sk)
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"NTREGOPT_is1" = NTREGOPT 1.1j
"TomTom HOME" = TomTom HOME 2.8.2.2264
"Totalcmd" = Total Commander (Remove or Repair)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 21. 1. 2012 10:26:38 | Computer Name = Rastik-PC | Source = WinMgmt | ID = 10
Description =

Error - 21. 1. 2012 10:44:33 | Computer Name = Rastik-PC | Source = Application Error | ID = 1000
Description = Názov chybovej aplikácie: dragon.exe, verzia: 16.2.1.0, časová značka:
0x4f0d59db Názov chybového modulu: ole32.dll, verzia: 6.1.7601.17514, časová značka:
0x4ce7b96f Kód výnimky: 0xc0000005 Odstup chyby: 0x0003bc21 Identifikácia chybného
procesu: 0xd7c Čas spustenia chybnej aplikácie: 0x01ccd84acad5d4e1 Cesta chybnej
aplikácie: C:\Program Files (x86)\Comodo\Dragon\dragon.exe Cesta chybného modulu:
C:\Windows\syswow64\ole32.dll Identifikácia hlásenia: 6e053868-443e-11e1-8466-00262d4e6f9d

Error - 21. 1. 2012 10:44:56 | Computer Name = Rastik-PC | Source = Application Error | ID = 1000
Description = Názov chybovej aplikácie: dragon.exe, verzia: 16.2.1.0, časová značka:
0x4f0d59db Názov chybového modulu: ole32.dll, verzia: 6.1.7601.17514, časová značka:
0x4ce7b96f Kód výnimky: 0xc0000005 Odstup chyby: 0x0003bc21 Identifikácia chybného
procesu: 0x358 Čas spustenia chybnej aplikácie: 0x01ccd84b323eeac2 Cesta chybnej
aplikácie: C:\Program Files (x86)\Comodo\Dragon\dragon.exe Cesta chybného modulu:
C:\Windows\syswow64\ole32.dll Identifikácia hlásenia: 7bff501b-443e-11e1-8466-00262d4e6f9d

Error - 21. 1. 2012 10:47:04 | Computer Name = Rastik-PC | Source = Application Error | ID = 1000
Description = Názov chybovej aplikácie: dragon.exe, verzia: 16.2.1.0, časová značka:
0x4f0d59db Názov chybového modulu: ole32.dll, verzia: 6.1.7601.17514, časová značka:
0x4ce7b96f Kód výnimky: 0xc0000005 Odstup chyby: 0x0003bc21 Identifikácia chybného
procesu: 0xe48 Čas spustenia chybnej aplikácie: 0x01ccd84b62e8d8e7 Cesta chybnej
aplikácie: C:\Program Files (x86)\Comodo\Dragon\dragon.exe Cesta chybného modulu:
C:\Windows\syswow64\ole32.dll Identifikácia hlásenia: c8056c9c-443e-11e1-8466-00262d4e6f9d

Error - 22. 1. 2012 8:01:12 | Computer Name = Rastik-PC | Source = WinMgmt | ID = 10
Description =

Error - 22. 1. 2012 8:23:27 | Computer Name = Rastik-PC | Source = Application Error | ID = 1000
Description = Názov chybovej aplikácie: dragon.exe, verzia: 16.2.1.0, časová značka:
0x4f0d59db Názov chybového modulu: ole32.dll, verzia: 6.1.7601.17514, časová značka:
0x4ce7b96f Kód výnimky: 0xc0000005 Odstup chyby: 0x0003bc21 Identifikácia chybného
procesu: 0x1088 Čas spustenia chybnej aplikácie: 0x01ccd8fd5b36ddd0 Cesta chybnej
aplikácie: C:\Program Files (x86)\Comodo\Dragon\dragon.exe Cesta chybného modulu:
C:\Windows\syswow64\ole32.dll Identifikácia hlásenia: e2b4d233-44f3-11e1-846f-00262d4e6f9d

Error - 22. 1. 2012 8:23:30 | Computer Name = Rastik-PC | Source = Application Error | ID = 1000
Description = Názov chybovej aplikácie: dragon.exe, verzia: 16.2.1.0, časová značka:
0x4f0d59db Názov chybového modulu: NPSWF32.dll, verzia: 11.1.102.55, časová značka:
0x4eaf86ce Kód výnimky: 0xc0000005 Odstup chyby: 0x00198824 Identifikácia chybného
procesu: 0x1138 Čas spustenia chybnej aplikácie: 0x01ccd8fd614e8c44 Cesta chybnej
aplikácie: C:\Program Files (x86)\Comodo\Dragon\dragon.exe Cesta chybného modulu:
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll Identifikácia hlásenia: e468a315-44f3-11e1-846f-00262d4e6f9d

Error - 23. 1. 2012 11:39:48 | Computer Name = Rastik-PC | Source = WinMgmt | ID = 10
Description =

Error - 23. 1. 2012 11:42:11 | Computer Name = Rastik-PC | Source = Application Error | ID = 1000
Description = Názov chybovej aplikácie: dragon.exe, verzia: 16.2.1.0, časová značka:
0x4f0d59db Názov chybového modulu: ole32.dll, verzia: 6.1.7601.17514, časová značka:
0x4ce7b96f Kód výnimky: 0xc0000005 Odstup chyby: 0x0003bc21 Identifikácia chybného
procesu: 0x110c Čas spustenia chybnej aplikácie: 0x01ccd9e51537ea90 Cesta chybnej
aplikácie: C:\Program Files (x86)\Comodo\Dragon\dragon.exe Cesta chybného modulu:
C:\Windows\syswow64\ole32.dll Identifikácia hlásenia: cff61d0f-45d8-11e1-ab63-00262d4e6f9d

Error - 23. 1. 2012 11:46:06 | Computer Name = Rastik-PC | Source = Application Error | ID = 1000
Description = Názov chybovej aplikácie: dragon.exe, verzia: 16.2.1.0, časová značka:
0x4f0d59db Názov chybového modulu: ole32.dll, verzia: 6.1.7601.17514, časová značka:
0x4ce7b96f Kód výnimky: 0xc0000005 Odstup chyby: 0x0003bc21 Identifikácia chybného
procesu: 0xa34 Čas spustenia chybnej aplikácie: 0x01ccd9e5a3383d5c Cesta chybnej
aplikácie: C:\Program Files (x86)\Comodo\Dragon\dragon.exe Cesta chybného modulu:
C:\Windows\syswow64\ole32.dll Identifikácia hlásenia: 5c0431b4-45d9-11e1-ab63-00262d4e6f9d

[ OSession Events ]
Error - 3. 11. 2011 9:57:32 | Computer Name = Rastik-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 140
seconds with 60 seconds of active time. This session ended with a crash.

Error - 16. 11. 2011 8:00:19 | Computer Name = Rastik-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 76
seconds with 60 seconds of active time. This session ended with a crash.

Error - 12. 12. 2011 8:37:44 | Computer Name = Rastik-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 12
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 6. 12. 2011 6:46:17 | Computer Name = Rastik-PC | Source = Service Control Manager | ID = 7034
Description = Služba Machine Debug Manager sa neočakávane ukončila. Služba sa týmto
spôsobom ukončila už 1-krát.

Error - 6. 12. 2011 6:46:17 | Computer Name = Rastik-PC | Source = Service Control Manager | ID = 7031
Description = Služba Print Spooler sa neočakávane ukončila. Služba sa týmto spôsobom
ukončila už 1 krát. O 60000 ms bude vykonaná nasledujúca opravná akcia: Reštartovať
službu.

Error - 6. 12. 2011 6:46:17 | Computer Name = Rastik-PC | Source = Service Control Manager | ID = 7034
Description = Služba TomTomHOMEService sa neočakávane ukončila. Služba sa týmto
spôsobom ukončila už 1-krát.

Error - 6. 12. 2011 6:46:17 | Computer Name = Rastik-PC | Source = Service Control Manager | ID = 7034
Description = Služba Intel® Rapid Storage Technology sa neočakávane ukončila.
Služba sa týmto spôsobom ukončila už 1-krát.

Error - 6. 12. 2011 6:46:17 | Computer Name = Rastik-PC | Source = Service Control Manager | ID = 7034
Description = Služba Intel® Management & Security Application User Notification
Service sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1-krát.

Error - 6. 12. 2011 6:46:17 | Computer Name = Rastik-PC | Source = Service Control Manager | ID = 7031
Description = Služba Windows Modules Installer sa neočakávane ukončila. Služba sa
týmto spôsobom ukončila už 1 krát. O 120000 ms bude vykonaná nasledujúca opravná
akcia: Reštartovať službu.

Error - 6. 12. 2011 6:46:17 | Computer Name = Rastik-PC | Source = Service Control Manager | ID = 7031
Description = Služba Software Protection sa neočakávane ukončila. Služba sa týmto
spôsobom ukončila už 1 krát. O 120000 ms bude vykonaná nasledujúca opravná akcia:
Reštartovať službu.

Error - 6. 12. 2011 7:46:41 | Computer Name = Rastik-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10003
Description = Modul WLAN Extensibility Module sa neočakávane zastavil. Cesta k modulu:
C:\Windows\System32\bcmihvsrv64.dll

Error - 6. 12. 2011 7:46:47 | Computer Name = Rastik-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10003
Description = Modul WLAN Extensibility Module sa neočakávane zastavil. Cesta k modulu:
C:\Windows\System32\bcmihvsrv64.dll

Error - 6. 12. 2011 7:46:47 | Computer Name = Rastik-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10003
Description = Modul WLAN Extensibility Module sa neočakávane zastavil. Cesta k modulu:
C:\Windows\System32\bcmihvsrv64.dll

< End of report >

#5
Gammo

Posted 23 January 2012 - 01:54 PM

Member 2k

Malware Removal
2,299 posts

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks
When finished, it shall produce a log for you.
Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it

If you're asked whether you want to download the latest Avast virus definitions, choose "Yes".

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image

Please download Farbar Service Scanner and run it on the computer with the issue.

Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

#6
rastikxp

Posted 24 January 2012 - 01:05 PM

Member

Topic Starter
Member
14 posts

Hi, here are the logs. Thanks for helping me.

ComboFix 12-01-23.02 - Rastik . 01. 2012 19:47:33.24.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.4030.2926 [GMT 1:00]
Running from: c:\users\Rastik\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-12-24 to 2012-01-24 )))))))))))))))))))))))))))))))
.
.
2012-01-24 18:50 . 2012-01-24 18:50 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-01-24 18:50 . 2012-01-24 18:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-21 14:41 . 2012-01-21 14:41 -------- d-----w- c:\users\Rastik\AppData\Local\Comodo
2012-01-21 11:43 . 2010-11-21 03:24 705024 ----a-w- c:\windows\SysWow64\BFE.DLL
2012-01-20 09:57 . 2012-01-23 17:43 -------- d-----w- c:\users\Rastik\AppData\Roaming\QuickScan
2012-01-19 11:25 . 2012-01-19 11:25 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-01-19 09:25 . 2012-01-19 09:25 -------- d-----w- c:\users\Rastik\AppData\Local\VS Revo Group
2012-01-17 12:20 . 2012-01-24 18:51 -------- d-----w- c:\programdata\Kaspersky Lab
2012-01-17 12:20 . 2012-01-17 12:20 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2012-01-17 08:39 . 2012-01-17 08:39 -------- d-----w- c:\users\Rastik\AppData\Roaming\FixIt
2012-01-16 17:51 . 2012-01-16 17:51 -------- d-----w- c:\programdata\Canneverbe Limited
2012-01-16 17:51 . 2012-01-16 17:51 -------- d-----w- c:\users\Rastik\AppData\Roaming\Canneverbe Limited
2012-01-16 17:46 . 2012-01-16 17:46 -------- d-----w- c:\program files (x86)\CDBurnerXP
2012-01-16 17:40 . 2012-01-16 19:09 -------- d-----w- c:\users\Rastik\VirtualBox VMs
2012-01-16 17:39 . 2011-08-15 13:32 224048 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2012-01-16 17:39 . 2011-08-15 13:32 128816 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2012-01-15 10:25 . 2012-01-15 10:25 -------- d-----w- c:\users\Rastik\AppData\Local\Apple Computer
2012-01-14 19:25 . 2006-06-19 11:01 69632 ----a-w- c:\windows\SysWow64\ztvcabinet.dll
2012-01-14 19:25 . 2006-05-25 13:52 162304 ----a-w- c:\windows\SysWow64\ztvunrar36.dll
2012-01-14 19:25 . 2005-08-25 23:50 77312 ----a-w- c:\windows\SysWow64\ztvunace26.dll
2012-01-14 19:25 . 2003-02-02 18:06 153088 ----a-w- c:\windows\SysWow64\UNRAR3.dll
2012-01-14 19:25 . 2002-03-05 23:00 75264 ----a-w- c:\windows\SysWow64\unacev2.dll
2012-01-07 16:44 . 2012-01-07 16:44 -------- d-----w- c:\program files (x86)\Foxit Software
2012-01-02 11:32 . 2012-01-04 10:22 -------- d-----r- c:\users\Rastik\Virtual Machines
2012-01-02 11:25 . 2010-11-20 13:34 194944 ----a-w- c:\windows\system32\drivers\vpchbus.sys
2012-01-02 11:25 . 2010-11-20 13:27 15872 ----a-w- c:\windows\system32\vpchbuspipe.dll
2012-01-02 11:25 . 2010-11-20 11:35 95232 ----a-w- c:\windows\system32\drivers\vpcusb.sys
2012-01-02 10:20 . 2012-01-06 09:34 -------- d-----w- c:\users\Rastik\AppData\Local\Google
2012-01-01 09:22 . 2012-01-01 09:22 632064 ----a-w- c:\windows\SysWow64\msvcr80.dll
2012-01-01 09:22 . 2012-01-01 09:22 554240 ----a-w- c:\windows\SysWow64\msvcp80.dll
2012-01-01 09:22 . 2012-01-01 09:22 572928 ----a-w- c:\windows\SysWow64\msvcp90.dll
2012-01-01 09:22 . 2012-01-01 09:22 655872 ----a-w- c:\windows\SysWow64\msvcr90.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-19 11:25 . 2011-12-25 08:21 637848 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-01-19 11:25 . 2011-09-02 07:24 567184 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-12-25 08:22 . 2011-12-13 12:12 750488 ----a-w- c:\windows\system32\npdeployJava1.dll
2011-12-25 08:22 . 2011-09-02 07:26 660368 ----a-w- c:\windows\system32\deployJava1.dll
2011-12-23 09:28 . 2011-12-23 09:28 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2011-12-23 09:28 . 2011-12-23 09:28 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
2011-12-23 09:28 . 2011-12-23 09:28 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll
2011-12-10 14:24 . 2011-12-24 09:25 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-24 04:52 . 2011-12-14 12:03 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-17 06:35 . 2012-01-11 07:19 340992 ----a-w- c:\windows\system32\schannel.dll
2011-11-17 05:34 . 2012-01-11 07:19 224768 ----a-w- c:\windows\SysWow64\schannel.dll
2011-11-13 13:23 . 2011-09-02 07:23 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-05 05:32 . 2011-12-14 12:03 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 04:26 . 2011-12-14 12:03 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-11-04 01:53 . 2011-12-14 12:07 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-11-04 01:44 . 2011-12-14 12:07 1390080 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 01:44 . 2011-12-14 12:07 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 01:34 . 2011-12-14 12:07 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-03 22:47 . 2011-12-14 12:07 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-11-03 22:40 . 2011-12-14 12:07 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-11-03 22:39 . 2011-12-14 12:07 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2011-11-03 22:31 . 2011-12-14 12:07 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-24 202296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SynchronousMachineGroupPolicy"= 1 (0x1)
"SynchronousUserGroupPolicy"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336]
R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-02-05 2320920]
R3 BlackBox;BlackBox SR2; [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
R4 PretonClientService;PretonSaver;c:\program files\Preton\PretonSaver\PretonClientService.exe [2011-09-21 91136]
R4 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [x]
S3 EloMTUsb;Elo mt usb serv desc;c:\windows\system32\DRIVERS\EloMTUsb.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 VIACRX64;VIACRX64;c:\windows\system32\DRIVERS\viacr64.sys [x]
S3 VMC412;Vimicro Camera Service VMC412;c:\windows\system32\Drivers\VMC412.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2000-01-01 11855976]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2000-01-01 2226280]
.
------- Supplementary Scan -------
.
ustart page = about:blank
uLocal Page = c:\windows\SYSTEM32\blank.htm
mStart Page = about:blank
mLocal Page = c:\windows\SYSTEM32\blank.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Rastik\AppData\Roaming\Mozilla\Firefox\Profiles\35jlybnw.profil\
FF - prefs.js: browser.startup.homepage - about:blank
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\services\BFE]
"ImagePath"="NADA"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
.
**************************************************************************
.
Completion time: 2012-01-24 19:54:20 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-24 18:54
.
Pre-Run: 968 292 556 800 bytes free
Post-Run: 968 102 383 616 bytes free
.
- - End Of File - - FC9ECB4B1DA53A1B48D45634F5F58ECC

aswMBR version 0.9.9.1509 Copyright© 2011 AVAST Software
Run date: 2012-01-24 19:54:33
-----------------------------
19:54:33.030 OS Version: Windows x64 6.1.7601 Service Pack 1
19:54:33.030 Number of processors: 8 586 0x1E05
19:54:33.030 ComputerName: RASTIK-PC UserName: Rastik
19:54:53.965 Initialize success
19:56:56.720 AVAST engine defs: 12012400
19:57:15.674 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:57:15.674 Disk 0 Vendor: ST310005 CC67 Size: 953869MB BusType: 3
19:57:15.690 Disk 0 MBR read successfully
19:57:15.690 Disk 0 MBR scan
19:57:15.706 Disk 0 Windows 7 default MBR code
19:57:15.706 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
19:57:15.721 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848
19:57:15.737 Service scanning
19:57:18.108 Service KL1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 5
19:57:18.108 Service kl2 C:\Windows\system32\DRIVERS\kl2.sys **LOCKED** 5
19:57:18.124 Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 5
19:57:18.124 Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5
19:57:18.748 Modules scanning
19:57:19.262 Disk 0 trace - called modules:
19:57:19.294 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
19:57:19.309 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004de0790]
19:57:19.325 3 CLASSPNP.SYS[fffff88001c1743f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004b2b050]
19:57:25.268 AVAST engine scan C:\Windows
19:58:02.225 AVAST engine scan C:\Windows\system32
19:59:28.306 AVAST engine scan C:\Windows\system32\drivers
19:59:56.043 AVAST engine scan C:\Users\Rastik
20:00:52.699 AVAST engine scan C:\ProgramData
20:01:47.689 Scan finished successfully
20:01:53.133 Disk 0 MBR has been saved successfully to "C:\Users\Rastik\Desktop\MBR.dat"
20:01:53.133 The log file has been saved successfully to "C:\Users\Rastik\Desktop\aswMBR.txt"

Farbar Service Scanner Version: 18-01-2012 01
Ran by Rastik (administrator) on 24-01-2012 at 20:02:23
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.

Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.

bfe Service is not running. Checking service configuration:
The start type of bfe service is set to Demand. The default start type is Auto.
The ImagePath of bfe: "NADA".
Checking ServiceDll: Attention! Unable to open bfe registry key. The service key does not exist.

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=DWORD:0

System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.

System Restore Disabled Policy:
========================

Security Center:
============

Windows Update:
===========
BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

#7
Gammo

Posted 24 January 2012 - 02:05 PM

Member 2k

Malware Removal
2,299 posts

Your logs are clean, so your problems are probably not caused by malware.

Please start a new topic here: http://www.geekstogo...-and-windows-7/
(After following the cleanup instructions below)

Remove Combofix now that we're done with it.

Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
Please follow the prompts to uninstall Combofix.
You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Download OTC to your desktop and run it
A list of tool components used in the Cleanup of malware will be downloaded.
If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
Click Yes to begin the Cleanup process and remove these components, including this application.
You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.