[kybe]

Hi,

Last two days I am having Avast notifying me about this infection:

Name: [email protected] and 800000032.$
Virus: Win32:DNSChanger-VJ [Trj]
Location: C:\windows\assembly\temp\U

So far I did not find anything unusual happening to my computer, no slow down or any unwanted pop-ups.

I managed to find almost identical post about the same infection here.

I went through all the steps suggested by RKinner and result logs are enclosed in zip file.

Thank you in advance for your help!

Attached Files

•  logs.zip   282.51KB   63 downloads

[Advertisements]

Hello and welcome to Geekstogo!

We apologize for the delay in responding to your request for help.
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

If you haven't done so yet, please go to Malware and Spyware Cleaning Guide and follow the steps instructed there. If you have already done this, we still need a new log to see what has changed since you originally posted your problem.

We need to create an OTL Report
Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Check the box that says Scan All Users.
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

[Gammo]

Hello and welcome to Geekstogo!

We apologize for the delay in responding to your request for help.
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

If you haven't done so yet, please go to Malware and Spyware Cleaning Guide and follow the steps instructed there. If you have already done this, we still need a new log to see what has changed since you originally posted your problem.

We need to create an OTL Report
Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Check the box that says Scan All Users.
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

[kybe]

Hello,

thank you very much for your reply. As I have mentioned in my previous post apart from Avast notifications I did not have any other symptoms on my computer. It´s been 3 days since Avast last time notified me about aforementioned DNSChanger. So don´t know if the threat is gone or just "hiding".

Here is log from OTL (extras.txt was not generated, don´t know why, I followed instructions exactly):


OTL logfile created on: 5/31/2012 8:36:13 AM - Run 2
OTL by OldTimer - Version 3.2.44.0 Folder = T:\DW
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.92 Gb Total Physical Memory | 13.83 Gb Available Physical Memory | 86.85% Memory free
21.78 Gb Paging File | 19.59 Gb Available in Paging File | 89.95% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.79 Gb Total Space | 66.98 Gb Free Space | 59.92% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 70.25 Gb Free Space | 7.54% Space Free | Partition Type: NTFS
Drive E: | 2794.39 Gb Total Space | 1289.41 Gb Free Space | 46.14% Space Free | Partition Type: NTFS
Drive F: | 118.57 Gb Total Space | 64.54 Gb Free Space | 54.43% Space Free | Partition Type: NTFS
Drive P: | 1862.89 Gb Total Space | 474.54 Gb Free Space | 25.47% Space Free | Partition Type: NTFS
Drive T: | 477.59 Gb Total Space | 75.70 Gb Free Space | 15.85% Space Free | Partition Type: NTFS
Drive W: | 465.76 Gb Total Space | 107.44 Gb Free Space | 23.07% Space Free | Partition Type: NTFS
Drive X: | 240.16 Gb Total Space | 170.08 Gb Free Space | 70.82% Space Free | Partition Type: NTFS

Computer Name: KUBAIS-PC | User Name: kubais | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/31 08:34:39 | 000,595,968 | ---- | M] (OldTimer Tools) -- T:\DW\OTL (1).exe
PRC - [2012/05/11 14:28:17 | 000,880,496 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/03/14 17:38:14 | 000,913,752 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
PRC - [2012/03/07 01:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/03/06 18:39:50 | 000,574,296 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe
PRC - [2012/03/01 02:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/02/01 07:24:42 | 004,137,112 | ---- | M] (H.D.S. Hungary) -- C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe
PRC - [2012/01/14 12:56:42 | 000,248,832 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
PRC - [2012/01/04 15:26:46 | 001,606,488 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
PRC - [2012/01/03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/28 16:29:18 | 000,218,112 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razertra.exe
PRC - [2011/11/25 16:28:46 | 003,246,040 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2011/09/14 15:48:20 | 000,230,696 | ---- | M] (CyberLink Corp.) -- T:\PROGS\PowerDVD11\PDVD11Serv.exe
PRC - [2011/09/02 06:13:49 | 000,292,136 | ---- | M] (CyberLink) -- T:\PROGS\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe
PRC - [2011/09/02 06:13:47 | 000,075,048 | ---- | M] (CyberLink) -- T:\PROGS\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
PRC - [2011/08/24 03:13:43 | 000,083,240 | ---- | M] () -- T:\PROGS\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
PRC - [2011/08/08 18:39:32 | 002,656,536 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/08/08 18:39:26 | 000,325,912 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2011/05/18 08:14:40 | 000,390,736 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2011/05/18 08:13:52 | 005,550,792 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2011/05/11 04:57:28 | 002,536,440 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
PRC - [2011/04/14 11:48:32 | 001,758,208 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\vdDaemon.exe
PRC - [2011/03/07 15:33:08 | 000,089,456 | ---- | M] (Elaborate Bytes AG) -- T:\PROGS\VirtualCloneDrive\VCDDaemon.exe
PRC - [2010/11/29 16:56:00 | 003,709,856 | ---- | M] (Ghisler Software GmbH) -- C:\Program Files\Total Commander\TOTALCMD.EXE
PRC - [2010/11/21 05:24:27 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2007/12/19 11:58:24 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe
PRC - [2005/07/15 23:48:33 | 000,479,232 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/14 12:56:42 | 000,248,832 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
MOD - [2011/12/28 16:29:18 | 000,218,112 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razertra.exe
MOD - [2011/08/19 17:33:28 | 000,047,960 | ---- | M] () -- C:\Program Files (x86)\IObit\Smart Defrag 2\NtfsData.dll
MOD - [2011/04/14 11:48:32 | 001,758,208 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\vdDaemon.exe
MOD - [2011/03/17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/11/29 16:56:00 | 000,123,536 | ---- | M] () -- C:\Program Files\Total Commander\WCMZIP32.DLL
MOD - [2010/11/29 16:56:00 | 000,120,184 | ---- | M] () -- C:\Program Files\Total Commander\TCUNZLIB.DLL


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011/11/17 08:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\lsass.exe -- (Netlogon)
SRV:64bit: - [2011/09/08 17:48:36 | 006,583,160 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen)
SRV:64bit: - [2011/09/08 17:48:36 | 000,528,760 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen)
SRV:64bit: - [2010/12/13 15:37:16 | 000,194,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2010/11/21 05:25:10 | 000,092,672 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\TabSvc.dll -- (TabletInputService)
SRV:64bit: - [2010/11/21 05:24:52 | 000,117,248 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\wpdbusenum.dll -- (WPDBusEnum)
SRV:64bit: - [2010/11/21 05:24:41 | 000,692,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2010/11/21 05:24:36 | 001,743,360 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\sysmain.dll -- (SysMain)
SRV:64bit: - [2010/11/21 05:24:35 | 000,258,560 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\WebClnt.dll -- (WebClient)
SRV:64bit: - [2010/11/21 05:24:34 | 000,114,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\AxInstSv.dll -- (AxInstSV)
SRV:64bit: - [2010/11/21 05:24:24 | 002,018,304 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\WsmSvc.dll -- (WinRM)
SRV:64bit: - [2010/11/21 05:24:09 | 000,080,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\certprop.dll -- (SCPolicySvc)
SRV:64bit: - [2010/11/21 05:24:09 | 000,080,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\certprop.dll -- (CertPropSvc)
SRV:64bit: - [2010/11/21 05:23:48 | 000,476,160 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\QAGENTRT.DLL -- (napagent)
SRV:64bit: - [2009/07/14 03:41:56 | 000,076,800 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\wersvc.dll -- (WerSvc)
SRV:64bit: - [2009/07/14 03:41:54 | 000,029,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\sensrsvc.dll -- (SensrSvc)
SRV:64bit: - [2009/07/14 03:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009/07/14 03:41:53 | 000,438,784 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\p2psvc.dll -- (p2psvc)
SRV:64bit: - [2009/07/14 03:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\pnrpsvc.dll -- (PNRPsvc)
SRV:64bit: - [2009/07/14 03:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\pnrpsvc.dll -- (p2pimsvc)
SRV:64bit: - [2009/07/14 03:41:53 | 000,159,232 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\regsvc.dll -- (RemoteRegistry)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 03:41:27 | 000,097,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\mprdim.dll -- (RemoteAccess)
SRV:64bit: - [2009/07/14 03:41:11 | 000,156,672 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\iscsiexe.dll -- (MSiSCSI)
SRV:64bit: - [2009/07/14 03:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2009/07/14 03:40:52 | 000,034,816 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\FDResPub.dll -- (FDResPub)
SRV:64bit: - [2009/07/14 03:40:52 | 000,016,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\fdPHost.dll -- (fdPHost)
SRV:64bit: - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/14 03:39:41 | 000,014,336 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\snmptrap.exe -- (SNMPTRAP)
SRV - [2012/05/03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/19 23:44:20 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) Intel®
SRV - [2012/03/14 17:38:14 | 000,913,752 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe -- (AdvancedSystemCareService5)
SRV - [2012/03/01 02:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/01/03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/11/25 16:28:46 | 003,246,040 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2011/09/02 06:13:49 | 000,292,136 | ---- | M] (CyberLink) [Auto | Running] -- T:\PROGS\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe -- (CyberLink PowerDVD 11.0 Service)
SRV - [2011/09/02 06:13:47 | 000,075,048 | ---- | M] (CyberLink) [Auto | Running] -- T:\PROGS\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe -- (CyberLink PowerDVD 11.0 Monitor Service)
SRV - [2011/08/24 03:13:43 | 000,083,240 | ---- | M] () [Auto | Running] -- T:\PROGS\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe -- (CLHNServiceForPowerDVD)
SRV - [2011/08/08 18:39:32 | 002,656,536 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2011/08/08 18:39:26 | 000,325,912 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2011/05/18 08:16:20 | 001,113,784 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2010/12/28 00:50:30 | 031,124,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- T:\PROGS\Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/11/21 05:24:49 | 000,204,800 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\WebClnt.dll -- (WebClient)
SRV - [2010/11/21 05:24:32 | 001,175,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\WsmSvc.dll -- (WinRM)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/07/14 03:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess)
SRV - [2009/07/14 03:14:53 | 000,149,504 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\appmgmts.dll -- (AppMgmt)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/10 22:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/19 23:32:04 | 014,745,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/03/07 01:04:06 | 000,819,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/03/07 01:04:04 | 000,337,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/03/07 01:02:20 | 000,053,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/03/07 01:01:57 | 000,059,224 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/03/07 01:01:52 | 000,069,976 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/03/07 01:01:32 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/17 14:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/11/25 16:28:47 | 000,285,280 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2011/11/25 16:28:44 | 001,263,200 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm273.sys -- (tdrpman273) Acronis Try&Decide and Restore Points filter (build 273)
DRV:64bit: - [2011/11/25 16:28:43 | 000,970,336 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2011/11/25 16:28:38 | 000,277,088 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2011/09/29 11:30:34 | 000,646,248 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/09/21 08:22:36 | 000,025,904 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91cons.sys -- (mv91cons)
DRV:64bit: - [2011/09/08 17:49:26 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV:64bit: - [2011/09/08 17:49:24 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/15 18:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010/12/17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/12/13 15:37:18 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)
DRV:64bit: - [2010/11/26 19:02:18 | 000,017,720 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV:64bit: - [2010/11/21 05:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 05:23:55 | 000,328,192 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\udfs.sys -- (udfs)
DRV:64bit: - [2010/11/21 05:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010/11/21 05:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010/11/21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/21 05:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010/11/21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2010/10/01 01:16:34 | 000,013,312 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VKbms.sys -- (VKbms)
DRV:64bit: - [2010/04/19 17:04:44 | 000,012,032 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dadder.sys -- (DAdderFltr)
DRV:64bit: - [2010/03/15 12:38:46 | 000,161,904 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039mdm.sys -- (s1039mdm)
DRV:64bit: - [2010/03/15 12:38:46 | 000,158,320 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039unic.sys -- (s1039unic) Sony Ericsson Device 1039 USB Ethernet Emulation (WDM)
DRV:64bit: - [2010/03/15 12:38:46 | 000,141,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039mgmt.sys -- (s1039mgmt) Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2010/03/15 12:38:46 | 000,137,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039obex.sys -- (s1039obex)
DRV:64bit: - [2010/03/15 12:38:46 | 000,034,416 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039nd5.sys -- (s1039nd5) Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS)
DRV:64bit: - [2010/03/15 12:38:46 | 000,019,568 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039mdfl.sys -- (s1039mdfl)
DRV:64bit: - [2010/03/15 12:38:38 | 000,127,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039bus.sys -- (s1039bus) Sony Ericsson Device 1039 driver (WDM)
DRV:64bit: - [2009/08/10 16:25:32 | 000,047,104 | ---- | M] (Cypress Semiconductor) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CYUSB.sys -- (CYUSB)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:19:47 | 000,092,160 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cdfs.sys -- (cdfs)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/02/24 19:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2008/10/21 10:22:44 | 000,145,960 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017unic.sys -- (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM)
DRV:64bit: - [2008/10/21 10:22:44 | 000,128,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017obex.sys -- (s0017obex)
DRV:64bit: - [2008/10/21 10:22:44 | 000,034,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017nd5.sys -- (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS)
DRV:64bit: - [2008/10/21 10:22:42 | 000,152,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017mdm.sys -- (s0017mdm)
DRV:64bit: - [2008/10/21 10:22:42 | 000,133,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017mgmt.sys -- (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2008/10/21 10:22:42 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017mdfl.sys -- (s0017mdfl)
DRV:64bit: - [2008/10/21 10:22:40 | 000,113,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017bus.sys -- (s0017bus) Sony Ericsson Device 0017 driver (WDM)
DRV - [2012/05/18 12:56:26 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2011/09/02 12:08:46 | 000,148,976 | ---- | M] (CyberLink Corp.) [2012/05/18 10:39:41] [Kernel | Auto | Running] -- T:\PROGS\PowerDVD11\Common\NavFilter\000.fcl -- ({329F96B6-DF1E-4328-BFDA-39EA953C1312})
DRV - [2011/08/24 03:13:44 | 000,075,248 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- T:\PROGS\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys -- (ntk_PowerDVD)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3144134840-3746970530-3815568789-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3144134840-3746970530-3815568789-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-3144134840-3746970530-3815568789-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AD E4 3E A1 2B F5 CC 01 [binary data]
IE - HKU\S-1-5-21-3144134840-3746970530-3815568789-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3144134840-3746970530-3815568789-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-3144134840-3746970530-3815568789-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: T:\PROGS\Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: T:\PROGS\Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.1: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\kubais\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\kubais\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\kubais\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\kubais\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\kubais\AppData\Local\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\kubais\AppData\Local\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\kubais\AppData\Local\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\kubais\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\kubais\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\kubais\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: WacomTabletPlugin (Enabled) = C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll
CHR - plugin: Wacom Dynamic Link Library (Enabled) = C:\Program Files (x86)\TabletPlugins\npwacom.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\kubais\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = T:\PROGS\Office\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = T:\PROGS\Office\Office14\NPSPWRAP.DLL
CHR - Extension: Entanglement = C:\Users\kubais\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: YouTube = C:\Users\kubais\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\kubais\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Screen Capture (by Google) = C:\Users\kubais\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpngackimfmofbokmjmljamhdncknpmg\5.0.4_0\
CHR - Extension: AdBlock = C:\Users\kubais\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.33_0\
CHR - Extension: LastPass = C:\Users\kubais\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\1.90.6_0\
CHR - Extension: Table Capture = C:\Users\kubais\AppData\Local\Google\Chrome\User Data\Default\Extensions\iebpjdmgckacbodjpijphcplhebcmeop\1.9_0\
CHR - Extension: StumbleUpon = C:\Users\kubais\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcahibnffhnnjcedflmchmokndkjnhpg\4.4.25.2_0\
CHR - Extension: Linkclump = C:\Users\kubais\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfpjkncokllnfokkgpkobnkbkmelfefj\2.3.2_0\
CHR - Extension: Poppit = C:\Users\kubais\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: FastestChrome - Browse Faster = C:\Users\kubais\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\6.2.0_0\
CHR - Extension: Hover Zoom = C:\Users\kubais\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl\4.3.5_0\
CHR - Extension: Gmail = C:\Users\kubais\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2011/11/25 16:49:14 | 000,002,015 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
O1 - Hosts: 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - T:\PROGS\Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - T:\PROGS\Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe ()
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RemoteControl11] T:\PROGS\PowerDVD11\PDVD11Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SAOB Monitor] C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [VirtualCloneDrive] T:\PROGS\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKU\S-1-5-21-3144134840-3746970530-3815568789-1000..\Run: [Advanced SystemCare 5] C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
O4 - HKU\S-1-5-21-3144134840-3746970530-3815568789-1000..\Run: [AIMP3] C:\Program Files (x86)\AIMP3\AIMP3.exe (AIMP DevTeam)
O4 - HKU\S-1-5-21-3144134840-3746970530-3815568789-1000..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-3144134840-3746970530-3815568789-1009..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3144134840-3746970530-3815568789-1009..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\S-1-5-21-3144134840-3746970530-3815568789-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: mojebanka.cz ([*] https in Trusted sites)
O15 - HKU\S-1-5-21-3144134840-3746970530-3815568789-1000\..Trusted Domains: mojebanka.cz ([*] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 78.156.128.10 81.31.33.19
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{637BE103-4310-4431-BEF1-27AD838BA682}: DhcpNameServer = 78.156.128.10 81.31.33.19
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - T:\PROGS\Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - X:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{d2935ffe-75bc-11e1-95ab-50e549518339}\Shell - "" = AutoRun
O33 - MountPoints2\{d2935ffe-75bc-11e1-95ab-50e549518339}\Shell\AutoRun\command - "" = H:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/29 17:47:19 | 000,012,032 | ---- | C] (Razer (Asia-Pacific) Pte Ltd) -- C:\Windows\SysNative\drivers\dadder.sys
[2012/05/29 17:47:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
[2012/05/29 17:47:02 | 000,000,000 | ---D | C] -- C:\Users\kubais\AppData\Roaming\InstallShield
[2012/05/29 14:11:45 | 000,000,000 | ---D | C] -- C:\ProgramData\RELOADED
[2012/05/28 07:56:00 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\NV
[2012/05/28 07:56:00 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\NV
[2012/05/28 07:54:25 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012/05/28 07:54:14 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2012/05/28 07:54:14 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2012/05/25 11:38:07 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/05/25 11:38:07 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/05/25 11:38:07 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/05/25 11:38:04 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/05/25 11:38:04 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/05/25 11:38:03 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/24 18:54:01 | 000,000,000 | ---D | C] -- C:\Users\kubais\AppData\Local\SniperV2
[2012/05/24 17:54:00 | 000,000,000 | ---D | C] -- C:\Windows\system64
[2012/05/24 17:31:26 | 000,000,000 | ---D | C] -- C:\Users\kubais\Documents\Gamepires
[2012/05/22 18:32:45 | 000,000,000 | ---D | C] -- C:\Users\kubais\AppData\Local\Ubisoft Game Launcher
[2012/05/22 17:51:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/05/22 17:51:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012/05/22 17:51:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012/05/22 17:51:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2012/05/20 11:39:00 | 000,000,000 | ---D | C] -- C:\Users\kubais\Documents\BotaniculaSaves
[2012/05/19 18:24:04 | 000,000,000 | ---D | C] -- C:\Users\kubais\AppData\Roaming\Mozilla
[2012/05/19 09:34:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Machinarium
[2012/05/18 18:39:32 | 000,819,032 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/05/18 18:39:32 | 000,337,240 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/05/18 18:39:32 | 000,069,976 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/05/18 18:39:32 | 000,059,224 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/05/18 18:39:32 | 000,053,080 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/05/18 18:39:32 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/05/18 18:39:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/05/18 18:39:27 | 000,201,352 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/05/18 18:39:27 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/05/18 11:16:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Geeks3D
[2012/05/18 10:57:20 | 000,000,000 | ---D | C] -- C:\Users\kubais\AppData\Local\ElevatedDiagnostics
[2012/05/18 10:39:38 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 11
[2012/05/16 19:33:50 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2012/05/16 19:33:50 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2012/05/16 16:45:59 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012/05/16 16:45:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/05/16 16:45:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/05/16 13:35:14 | 000,646,248 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2012/05/16 13:34:16 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2012/05/16 13:34:13 | 002,603,864 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2012/05/16 13:34:13 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2012/05/16 13:34:13 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2012/05/16 13:34:13 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2012/05/16 13:34:13 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2012/05/16 13:34:12 | 002,528,832 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2012/05/16 13:34:12 | 002,131,288 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2012/05/16 13:34:12 | 000,958,296 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll
[2012/05/16 13:34:12 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2012/05/16 13:34:12 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2012/05/16 13:34:12 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2012/05/16 13:34:12 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2012/05/16 13:34:12 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2012/05/16 13:34:12 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2012/05/16 13:34:12 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2012/05/16 11:31:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/05/15 22:25:54 | 000,000,000 | ---D | C] -- C:\Users\kubais\Documents\Adobe Scripts
[2012/05/15 17:46:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Marvell
[2012/05/10 11:55:55 | 000,000,000 | ---D | C] -- C:\Users\kubais\New folder
[2012/05/06 10:34:43 | 000,000,000 | ---D | C] -- C:\Users\kubais\AppData\Roaming\Paddy
[2012/05/06 10:33:20 | 000,000,000 | ---D | C] -- C:\Users\kubais\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Paddy for Lightroom
[2012/05/02 23:09:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012/05/02 23:09:43 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2012/05/01 14:16:41 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2012/05/01 14:08:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/31 08:30:22 | 000,000,292 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2012/05/31 08:30:14 | 000,151,552 | ---- | M] () -- C:\Windows\KMSEmulator.exe
[2012/05/31 08:30:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/30 21:18:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3144134840-3746970530-3815568789-1000UA.job
[2012/05/30 19:16:05 | 000,155,502 | ---- | M] () -- C:\Users\kubais\Documents\sekera.jpg
[2012/05/30 08:25:09 | 001,569,452 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/30 08:25:09 | 000,664,114 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2012/05/30 08:25:09 | 000,657,732 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/30 08:25:09 | 000,138,424 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2012/05/30 08:25:09 | 000,119,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/30 08:18:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3144134840-3746970530-3815568789-1000Core.job
[2012/05/29 18:10:46 | 000,023,680 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/29 18:10:46 | 000,023,680 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/29 18:10:29 | 000,293,511 | RHS- | M] () -- C:\IOJXU
[2012/05/29 18:09:42 | 000,057,654 | ---- | M] () -- C:\Windows\OEMLogo.bmp
[2012/05/29 17:46:40 | 000,001,156 | ---- | M] () -- C:\Users\kubais\Desktop\WarGame - Shortcut.lnk
[2012/05/29 13:08:44 | 000,013,013 | ---- | M] () -- C:\Users\kubais\Desktop\Uninstall a program - Shortcut.lnk
[2012/05/27 10:19:32 | 000,154,712 | ---- | M] () -- C:\Users\kubais\Documents\ignis1.jpg
[2012/05/27 10:02:26 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\Intel_C_CVCV204603R6120BGN.job
[2012/05/24 13:42:09 | 000,129,749 | ---- | M] () -- C:\Users\kubais\Documents\uraz.jpg
[2012/05/18 18:39:32 | 000,001,841 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/05/18 18:39:32 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/05/18 11:16:13 | 000,001,315 | ---- | M] () -- C:\Users\kubais\Desktop\FurMark.lnk
[2012/05/18 10:39:38 | 000,000,807 | ---- | M] () -- C:\Users\Public\Desktop\CyberLink PowerDVD 11.lnk
[2012/05/16 19:24:11 | 002,606,504 | ---- | M] () -- C:\Users\kubais\Documents\montaz.jpg
[2012/05/16 19:23:31 | 000,122,146 | ---- | M] () -- C:\Users\kubais\Documents\mpr.jpg
[2012/05/16 19:00:04 | 000,167,668 | ---- | M] () -- C:\Users\kubais\Documents\kytka.jpg
[2012/05/16 16:45:59 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/05/16 11:31:42 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/16 10:18:26 | 000,007,587 | ---- | M] () -- C:\Users\kubais\AppData\Local\Resmon.ResmonCfg
[2012/05/12 11:43:12 | 000,000,421 | ---- | M] () -- C:\Users\kubais\AppData\Roaming\Drives Monitor_Settings.ini
[2012/05/11 19:31:38 | 000,117,032 | ---- | M] () -- C:\Users\kubais\Documents\blava.jpg
[2012/05/10 10:47:17 | 000,000,044 | ---- | M] () -- C:\Users\kubais\Documents\blue milk.axt
[2012/05/09 11:23:41 | 004,897,752 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/05/05 11:50:22 | 000,457,522 | ---- | M] () -- C:\Users\kubais\Documents\jpgvideo.zip
[2012/05/05 11:14:54 | 000,316,105 | ---- | M] () -- C:\Users\kubais\Documents\katka.jpg
[2012/05/05 11:02:01 | 000,013,684 | ---- | M] () -- C:\Users\kubais\Documents\sky.jpg
[2012/05/04 17:54:05 | 000,133,982 | ---- | M] () -- C:\Users\kubais\Documents\MM.jpg
[2012/05/04 17:14:15 | 026,820,608 | ---- | M] () -- C:\Users\kubais\Documents\JPGVideo.avi
[2012/05/04 16:31:59 | 000,186,266 | ---- | M] () -- C:\Users\kubais\Documents\_DSC505.jpg
[2012/05/04 08:30:45 | 000,000,971 | ---- | M] () -- C:\Users\kubais\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/05/04 08:30:45 | 000,000,947 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/30 19:54:43 | 000,002,075 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 4.1 64-bit.lnk
[2012/05/30 19:15:59 | 000,155,502 | ---- | C] () -- C:\Users\kubais\Documents\sekera.jpg
[2012/05/29 18:10:29 | 000,293,511 | RHS- | C] () -- C:\IOJXU
[2012/05/29 18:09:42 | 000,057,654 | ---- | C] () -- C:\Windows\OEMLogo.bmp
[2012/05/29 17:46:40 | 000,001,156 | ---- | C] () -- C:\Users\kubais\Desktop\WarGame - Shortcut.lnk
[2012/05/29 13:08:44 | 000,013,013 | ---- | C] () -- C:\Users\kubais\Desktop\Uninstall a program - Shortcut.lnk
[2012/05/28 07:54:32 | 002,515,790 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin
[2012/05/28 07:54:14 | 000,011,770 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2012/05/27 10:19:28 | 000,154,712 | ---- | C] () -- C:\Users\kubais\Documents\ignis1.jpg
[2012/05/25 11:38:07 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/05/25 11:38:07 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/05/25 11:38:07 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/05/25 11:38:07 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/05/25 11:38:07 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/05/24 13:41:59 | 000,129,749 | ---- | C] () -- C:\Users\kubais\Documents\uraz.jpg
[2012/05/22 17:51:37 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/05/18 18:39:32 | 000,001,841 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/05/18 11:16:13 | 000,001,315 | ---- | C] () -- C:\Users\kubais\Desktop\FurMark.lnk
[2012/05/18 10:39:38 | 000,000,807 | ---- | C] () -- C:\Users\Public\Desktop\CyberLink PowerDVD 11.lnk
[2012/05/16 19:23:10 | 000,122,146 | ---- | C] () -- C:\Users\kubais\Documents\mpr.jpg
[2012/05/16 19:22:30 | 002,606,504 | ---- | C] () -- C:\Users\kubais\Documents\montaz.jpg
[2012/05/16 18:59:50 | 000,167,668 | ---- | C] () -- C:\Users\kubais\Documents\kytka.jpg
[2012/05/16 16:45:59 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/05/16 13:35:14 | 000,074,272 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll
[2012/05/16 13:34:12 | 000,215,644 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT
[2012/05/16 11:31:42 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/12 11:43:12 | 000,000,421 | ---- | C] () -- C:\Users\kubais\AppData\Roaming\Drives Monitor_Settings.ini
[2012/05/11 19:31:35 | 000,117,032 | ---- | C] () -- C:\Users\kubais\Documents\blava.jpg
[2012/05/10 10:47:17 | 000,000,044 | ---- | C] () -- C:\Users\kubais\Documents\blue milk.axt
[2012/05/09 18:42:52 | 000,001,075 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6 (64 Bit).lnk
[2012/05/09 18:42:43 | 000,001,037 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk
[2012/05/09 18:42:32 | 000,001,357 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk
[2012/05/09 18:42:31 | 000,001,523 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk
[2012/05/05 11:50:13 | 000,457,522 | ---- | C] () -- C:\Users\kubais\Documents\jpgvideo.zip
[2012/05/05 11:14:40 | 000,316,105 | ---- | C] () -- C:\Users\kubais\Documents\katka.jpg
[2012/05/05 11:01:32 | 000,013,684 | ---- | C] () -- C:\Users\kubais\Documents\sky.jpg
[2012/05/04 17:53:58 | 000,133,982 | ---- | C] () -- C:\Users\kubais\Documents\MM.jpg
[2012/05/04 17:05:53 | 026,820,608 | ---- | C] () -- C:\Users\kubais\Documents\JPGVideo.avi
[2012/05/04 16:31:54 | 000,186,266 | ---- | C] () -- C:\Users\kubais\Documents\_DSC505.jpg
[2012/05/04 08:30:45 | 000,000,947 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2012/05/03 13:58:52 | 000,000,000 | ---- | C] () -- C:\mc1234
[2012/04/28 13:00:39 | 000,001,660 | ---- | C] () -- C:\Users\kubais\AppData\Roaming\System Monitor II_Settings.ini
[2012/03/25 18:08:37 | 000,151,552 | ---- | C] () -- C:\Windows\KMSEmulator.exe
[2012/03/24 14:52:17 | 000,000,079 | ---- | C] () -- C:\Users\kubais\AppData\Local\CrystalDiskMark30.ini
[2012/03/19 23:25:58 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/03/19 22:21:14 | 013,212,672 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012/02/29 14:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012/02/14 19:47:06 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/02/14 19:47:06 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/01/08 14:47:57 | 000,007,587 | ---- | C] () -- C:\Users\kubais\AppData\Local\Resmon.ResmonCfg
[2012/01/04 16:36:11 | 000,003,584 | ---- | C] () -- C:\Users\kubais\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/30 19:35:56 | 001,563,126 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/11/25 17:46:31 | 000,009,682 | ---- | C] () -- C:\Program Files\wincmd.ini
[2011/11/25 17:46:31 | 000,003,102 | ---- | C] () -- C:\Program Files\wcx_ftp.ini
[2011/08/31 20:51:16 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin

========== LOP Check ==========

[2012/04/24 22:29:29 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\IObit
[2012/04/24 22:29:29 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\IObit
[2012/01/28 15:33:34 | 000,000,000 | ---D | M] -- C:\Users\kubais\AppData\Roaming\602Installer
[2012/01/28 15:34:19 | 000,000,000 | ---D | M] -- C:\Users\kubais\AppData\Roaming\602XML
[2011/11/28 13:55:01 | 000,000,000 | ---D | M] -- C:\Users\kubais\AppData\Roaming\ACD Systems
[2011/11/28 21:13:48 | 000,000,000 | ---D | M] -- C:\Users\kubais\AppData\Roaming\Acronis
[2012/05/31 08:30:31 | 000,000,000 | ---D | M] -- C:\Users\kubais\AppData\Roaming\AIMP3
[2012/04/26 17:34:15 | 000,000,000 | ---D | M] -- C:\Users\kubais\AppData\Roaming\Ashampoo
[2011/11/25 20:05:13 | 000,000,000 | ---D | M] -- C:\Users\kubais\AppData\Roaming\BSplayer
[2012/03/27 08:45:38 | 000,000,000 | ---D | M] -- C:\Users\kubais\AppData\Roaming\eazign
[2011/11/28 12:59:01 | 000,000,000 | ---D | M] -- C:\Users\kubais\AppData\Roaming\Gmail Notifier Plus
[2012/03/30 11:27:20 | 000,000,000 | ---D | M] -- C:\Users\kubais\AppData\Roaming\Hard Disk Sentinel
[2012/03/27 14:18:26 | 000,000,000 | ---D | M] -- C:\Users\kubais\AppData\Roaming\HD Tune Pro
[2012/04/16 07:51:10 | 000,000,000 | ---D | M] -- C:\Users\kubais\AppData\Roaming\IObit
[2011/11/25 20:05:17 | 000,000,000 | ---D | M] -- C:\Users\kubais\AppData\Roaming\JAlbum
[2011/12/21 12:53:36 | 000,000,000 | ---D | M] -- C:\Users\kubais\AppData\Roaming\Mobile Atlas Creator
[2011/12/27 20:51:26 | 000,000,000 | ---D | M] -- C:\Users\kubais\AppData\Roaming\MyPhoneExplorer
[2012/03/25 10:46:50 | 000,000,000 | ---D | M] -- C:\Users\kubais\AppData\Roaming\NCH Swift Sound
[2012/01/01 15:19:49 | 000,000,000 | ---D | M] -- C:\Users\kubais\AppData\Roaming\Opera
[2012/05/06 10:34:43 | 000,000,000 | ---D | M] -- C:\Users\kubais\AppData\Roaming\Paddy
[2012/04/21 12:54:00 | 000,000,000 | ---D | M] -- C:\Users\kubais\AppData\Roaming\PDAppFlex
[2011/12/13 20:02:03 | 000,000,000 | ---D | M] -- C:\Users\kubais\AppData\Roaming\PDF Writer
[2011/11/25 19:08:00 | 000,000,000 | ---D | M] -- C:\Users\kubais\AppData\Roaming\Razer
[2011/12/27 15:17:09 | 000,000,000 | ---D | M] -- C:\Users\kubais\AppData\Roaming\Sony
[2011/12/27 15:13:02 | 000,000,000 | ---D | M] -- C:\Users\kubais\AppData\Roaming\Sony Setup
[2012/04/19 18:09:32 | 000,000,000 | ---D | M] -- C:\Users\kubais\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/11/29 18:23:58 | 000,000,000 | ---D | M] -- C:\Users\kubais\AppData\Roaming\Ubisoft
[2012/05/31 08:37:47 | 000,000,000 | ---D | M] -- C:\Users\kubais\AppData\Roaming\uTorrent
[2011/11/28 13:52:10 | 000,000,000 | ---D | M] -- C:\Users\kubais\AppData\Roaming\XnView
[2011/11/25 20:05:13 | 000,000,000 | ---D | M] -- C:\Users\kubais\AppData\Roaming\ZereneStacker
[2012/04/24 22:29:29 | 000,000,000 | ---D | M] -- C:\Users\UpdatusUser\AppData\Roaming\IObit
[2012/05/31 08:30:22 | 000,000,292 | ---- | M] () -- C:\Windows\Tasks\AutoKMS.job
[2012/05/18 07:44:36 | 000,032,604 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

Thank you again for your help!

[Gammo]

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  [2012/05/24 17:54:00 | 000,000,000 | ---D | C] -- C:\Windows\system64
  [4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
  [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
  
  :Services
  
  :Reg
  
  :Files
  ipconfig /flushdns /c
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [emptyflash]
  [createrestorepoint]
  [reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

• Double click on ComboFix.exe & follow the prompts.
• Accept the disclaimer and allow to update if it asks
  
  
  
  
  
• When finished, it shall produce a log for you.
• Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

[kybe]

Hi,

I don´t know if that´s normal combofix behaviour but after running it lot´s of important software was deleted from my system: graphic driver, mouse driver, adobe files, AVAST, printer driver, quicktime, acronis true image, etc. Sounds a bit strange to me...

here are OTL and ComboFix logs:


All processes killed
========== OTL ==========
C:\Windows\system64 folder moved successfully.
C:\Windows\SysNative\SET3E66.tmp deleted successfully.
C:\Windows\SysNative\SET3EBB.tmp deleted successfully.
C:\Windows\SysNative\SET3F3B.tmp deleted successfully.
C:\Windows\SysNative\SET4023.tmp deleted successfully.
C:\Windows\DA909E623B454BA18B58FCAEBA4BCEC9.TMP\WiseCustomCalla.dll deleted successfully.
C:\Windows\DA909E623B454BA18B58FCAEBA4BCEC9.TMP folder deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
T:\DW\cmd.bat deleted successfully.
T:\DW\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: kubais
->Temp folder emptied: 5549113 bytes
->Temporary Internet Files folder emptied: 465959 bytes
->Java cache emptied: 4053064 bytes
->Google Chrome cache emptied: 412241455 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 65411 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 91641 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 403.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: kubais
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.44.0 log created on 06012012_125543

Files\Folders moved on Reboot...
C:\Users\kubais\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...










ComboFix 12-06-01.01 - kubais 06/01/2012 13:03:03.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.16301.14001 [GMT 2:00]
Running from: c:\users\kubais\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\a
c:\a\payloads\AdobeLinguistics_4_0_All\Assets1_1.sig
c:\a\payloads\AdobeLinguistics_4_0_All\Assets1_1.zip
c:\a\payloads\AdobeLinguistics_4_0_All\Assets2_1.sig
c:\a\payloads\AdobeLinguistics_4_0_All\Assets2_1.zip
c:\a\payloads\AdobeLinguistics_4_0_All\Install.db
c:\a\payloads\AdobeLinguistics_4_0_All\Install.sig
c:\a\payloads\AdobeLinguistics_4_0_All\media.sql
c:\a\payloads\AdobeLinguistics_4_0_All\Media_db.db
c:\a\payloads\AdobeLinguistics_4_0_All_x64\AdobeLinguistics_4_0_All_x64.boot.xml
c:\a\payloads\AdobeLinguistics_4_0_All_x64\AdobeLinguistics_4_0_All_x64.proxy.xml
c:\a\payloads\AdobeLinguistics_4_0_All_x64\Assets2_1.sig
c:\a\payloads\AdobeLinguistics_4_0_All_x64\Assets2_1.zip
c:\a\payloads\AdobeLinguistics_4_0_All_x64\Install.db
c:\a\payloads\AdobeLinguistics_4_0_All_x64\Install.sig
c:\a\payloads\AdobeLinguistics_4_0_All_x64\media.sql
c:\a\payloads\AdobeLinguistics_4_0_All_x64\Media_db.db
c:\a\payloads\AdobeMiniBridge2-mul\AdobeMiniBridge2-mul.boot.xml
c:\a\payloads\AdobeMiniBridge2-mul\AdobeMiniBridge2-mul.proxy.xml
c:\a\payloads\AdobeMiniBridge2-mul\Assets1_1.sig
c:\a\payloads\AdobeMiniBridge2-mul\Assets1_1.zip
c:\a\payloads\AdobeMiniBridge2-mul\Install.db
c:\a\payloads\AdobeMiniBridge2-mul\Install.sig
c:\a\payloads\AdobeMiniBridge2-mul\media.sql
c:\a\payloads\AdobeMiniBridge2-mul\Media_db.db
c:\a\payloads\AdobePDFL10.9-mul\AdobePDFL10.9-mul.boot.xml
c:\a\payloads\AdobePDFL10.9-mul\AdobePDFL10.9-mul.proxy.xml
c:\a\payloads\AdobePDFL10.9-mul\Assets2_1.sig
c:\a\payloads\AdobePDFL10.9-mul\Assets2_1.zip
c:\a\payloads\AdobePDFL10.9-mul\Install.db
c:\a\payloads\AdobePDFL10.9-mul\Install.sig
c:\a\payloads\AdobePDFL10.9-mul\media.sql
c:\a\payloads\AdobePDFL10.9-mul\Media_db.db
c:\a\payloads\AdobePDFL10.9_x64-mul\AdobePDFL10.9_x64-mul.boot.xml
c:\a\payloads\AdobePDFL10.9_x64-mul\AdobePDFL10.9_x64-mul.proxy.xml
c:\a\payloads\AdobePDFL10.9_x64-mul\Assets2_1.sig
c:\a\payloads\AdobePDFL10.9_x64-mul\Assets2_1.zip
c:\a\payloads\AdobePDFL10.9_x64-mul\Install.db
c:\a\payloads\AdobePDFL10.9_x64-mul\Install.sig
c:\a\payloads\AdobePDFL10.9_x64-mul\media.sql
c:\a\payloads\AdobePDFL10.9_x64-mul\Media_db.db
c:\a\payloads\AdobePDFSettings11-ja_JP\AdobePDFSettings11-ja_JP.boot.xml
c:\a\payloads\AdobePDFSettings11-ja_JP\AdobePDFSettings11-ja_JP.msi
c:\a\payloads\AdobePDFSettings11-ja_JP\AdobePDFSettings11-ja_JP.proxy.xml
c:\a\payloads\AdobePDFSettings11-ja_JP\media.sql
c:\a\payloads\AdobePDFSettings11-ja_JP\Media_db.db
c:\a\payloads\AdobePDFSettings11-mul\AdobePDFSettings11-mul.boot.xml
c:\a\payloads\AdobePDFSettings11-mul\AdobePDFSettings11-mul.msi
c:\a\payloads\AdobePDFSettings11-mul\AdobePDFSettings11-mul.proxy.xml
c:\a\payloads\AdobePDFSettings11-mul\media.sql
c:\a\payloads\AdobePDFSettings11-mul\Media_db.db
c:\a\payloads\AdobePhotoshop13-Core\AdobePhotoshop13-Core.boot.xml
c:\a\payloads\AdobePhotoshop13-Core\AdobePhotoshop13-Core.proxy.xml
c:\a\payloads\AdobePhotoshop13-Core\Assets1_1.sig
c:\a\payloads\AdobePhotoshop13-Core\Assets1_1.zip
c:\a\payloads\AdobePhotoshop13-Core\Assets2_1.sig
c:\a\payloads\AdobePhotoshop13-Core\Assets2_1.zip
c:\a\payloads\AdobePhotoshop13-Core\Install.db
c:\a\payloads\AdobePhotoshop13-Core\Install.sig
c:\a\payloads\AdobePhotoshop13-Core\media.sql
c:\a\payloads\AdobePhotoshop13-Core\Media_db.db
c:\a\payloads\AdobePhotoshop13-Core_x64\AdobePhotoshop13-Core_x64.boot.xml
c:\a\payloads\AdobePhotoshop13-Core_x64\AdobePhotoshop13-Core_x64.proxy.xml
c:\a\payloads\AdobePhotoshop13-Core_x64\Assets1_1.sig
c:\a\payloads\AdobePhotoshop13-Core_x64\Assets1_1.zip
c:\a\payloads\AdobePhotoshop13-Core_x64\Assets2_1.sig
c:\a\payloads\AdobePhotoshop13-Core_x64\Assets2_1.zip
c:\a\payloads\AdobePhotoshop13-Core_x64\Install.db
c:\a\payloads\AdobePhotoshop13-Core_x64\Install.sig
c:\a\payloads\AdobePhotoshop13-Core_x64\media.sql
c:\a\payloads\AdobePhotoshop13-Core_x64\Media_db.db
c:\a\payloads\AdobePhotoshop13-Driver\AdobePhotoshop13-Driver.boot.xml
c:\a\payloads\AdobePhotoshop13-Driver\AdobePhotoshop13-Driver.proxy.xml
c:\a\payloads\AdobePhotoshop13-Driver\Assets1_1.sig
c:\a\payloads\AdobePhotoshop13-Driver\Assets1_1.zip
c:\a\payloads\AdobePhotoshop13-Driver\Assets2_1.sig
c:\a\payloads\AdobePhotoshop13-Driver\Assets2_1.zip
c:\a\payloads\AdobePhotoshop13-Driver\Install.db
c:\a\payloads\AdobePhotoshop13-Driver\Install.sig
c:\a\payloads\AdobePhotoshop13-Driver\media.sql
c:\a\payloads\AdobePhotoshop13-Driver\Media_db.db
c:\a\payloads\AdobePhotoshop13-en_GB\AdobePhotoshop13-en_GB.boot.xml
c:\a\payloads\AdobePhotoshop13-en_GB\AdobePhotoshop13-en_GB.proxy.xml
c:\a\payloads\AdobePhotoshop13-en_GB\Assets1_1.sig
c:\a\payloads\AdobePhotoshop13-en_GB\Assets1_1.zip
c:\a\payloads\AdobePhotoshop13-en_GB\Install.db
c:\a\payloads\AdobePhotoshop13-en_GB\Install.sig
c:\a\payloads\AdobePhotoshop13-en_GB\media.sql
c:\a\payloads\AdobePhotoshop13-en_GB\Media_db.db
c:\a\payloads\AdobePhotoshop13-en_GB_x64\AdobePhotoshop13-en_GB_x64.boot.xml
c:\a\payloads\AdobePhotoshop13-en_GB_x64\AdobePhotoshop13-en_GB_x64.proxy.xml
c:\a\payloads\AdobePhotoshop13-en_GB_x64\Assets1_1.sig
c:\a\payloads\AdobePhotoshop13-en_GB_x64\Assets1_1.zip
c:\a\payloads\AdobePhotoshop13-en_GB_x64\Install.db
c:\a\payloads\AdobePhotoshop13-en_GB_x64\Install.sig
c:\a\payloads\AdobePhotoshop13-en_GB_x64\media.sql
c:\a\payloads\AdobePhotoshop13-en_GB_x64\Media_db.db
c:\a\payloads\AdobePhotoshop13-en_US\AdobePhotoshop13-en_US.boot.xml
c:\a\payloads\AdobePhotoshop13-en_US\AdobePhotoshop13-en_US.proxy.xml
c:\a\payloads\AdobePhotoshop13-en_US\Assets1_1.sig
c:\a\payloads\AdobePhotoshop13-en_US\Assets1_1.zip
c:\a\payloads\AdobePhotoshop13-en_US\Install.db
c:\a\payloads\AdobePhotoshop13-en_US\Install.sig
c:\a\payloads\AdobePhotoshop13-en_US\media.sql
c:\a\payloads\AdobePhotoshop13-en_US\Media_db.db
c:\a\payloads\AdobePhotoshop13-en_US_x64\AdobePhotoshop13-en_US_x64.boot.xml
c:\a\payloads\AdobePhotoshop13-en_US_x64\AdobePhotoshop13-en_US_x64.proxy.xml
c:\a\payloads\AdobePhotoshop13-en_US_x64\Assets1_1.sig
c:\a\payloads\AdobePhotoshop13-en_US_x64\Assets1_1.zip
c:\a\payloads\AdobePhotoshop13-en_US_x64\Install.db
c:\a\payloads\AdobePhotoshop13-en_US_x64\Install.sig
c:\a\payloads\AdobePhotoshop13-en_US_x64\media.sql
c:\a\payloads\AdobePhotoshop13-en_US_x64\Media_db.db
c:\a\payloads\AdobePhotoshop13-ja_JP\AdobePhotoshop13-ja_JP.boot.xml
c:\a\payloads\AdobePhotoshop13-ja_JP\AdobePhotoshop13-ja_JP.proxy.xml
c:\a\payloads\AdobePhotoshop13-ja_JP\Assets1_1.sig
c:\a\payloads\AdobePhotoshop13-ja_JP\Assets1_1.zip
c:\a\payloads\AdobePhotoshop13-ja_JP\Install.db
c:\a\payloads\AdobePhotoshop13-ja_JP\Install.sig
c:\a\payloads\AdobePhotoshop13-ja_JP\media.sql
c:\a\payloads\AdobePhotoshop13-ja_JP\Media_db.db
c:\a\payloads\AdobePhotoshop13-ja_JP_x64\AdobePhotoshop13-ja_JP_x64.boot.xml
c:\a\payloads\AdobePhotoshop13-ja_JP_x64\AdobePhotoshop13-ja_JP_x64.proxy.xml
c:\a\payloads\AdobePhotoshop13-ja_JP_x64\Assets1_1.sig
c:\a\payloads\AdobePhotoshop13-ja_JP_x64\Assets1_1.zip
c:\a\payloads\AdobePhotoshop13-ja_JP_x64\Install.db
c:\a\payloads\AdobePhotoshop13-ja_JP_x64\Install.sig
c:\a\payloads\AdobePhotoshop13-ja_JP_x64\media.sql
c:\a\payloads\AdobePhotoshop13-ja_JP_x64\Media_db.db
c:\a\payloads\AdobePhotoshop13-Support\AdobePhotoshop13-Support.boot.xml
c:\a\payloads\AdobePhotoshop13-Support\AdobePhotoshop13-Support.proxy.xml
c:\a\payloads\AdobePhotoshop13-Support\Assets2_1.sig
c:\a\payloads\AdobePhotoshop13-Support\Assets2_1.zip
c:\a\payloads\AdobePhotoshop13-Support\Install.db
c:\a\payloads\AdobePhotoshop13-Support\Install.sig
c:\a\payloads\AdobePhotoshop13-Support\media.sql
c:\a\payloads\AdobePhotoshop13-Support\Media_db.db
c:\a\payloads\AdobeSuiteSharedConfiguration3-mul\AdobeSuiteSharedConfiguration3-mul.boot.xml
c:\a\payloads\AdobeSuiteSharedConfiguration3-mul\AdobeSuiteSharedConfiguration3-mul.proxy.xml
c:\a\payloads\AdobeSuiteSharedConfiguration3-mul\Assets2_1.sig
c:\a\payloads\AdobeSuiteSharedConfiguration3-mul\Assets2_1.zip
c:\a\payloads\AdobeSuiteSharedConfiguration3-mul\Install.db
c:\a\payloads\AdobeSuiteSharedConfiguration3-mul\Install.sig
c:\a\payloads\AdobeSuiteSharedConfiguration3-mul\media.sql
c:\a\payloads\AdobeSuiteSharedConfiguration3-mul\Media_db.db
c:\a\payloads\AdobeSuiteSharedConfiguration3-mul\version.txt
c:\a\payloads\AdobeTypeSupport11-mul\AdobeTypeSupport11-mul.boot.xml
c:\a\payloads\AdobeTypeSupport11-mul\AdobeTypeSupport11-mul.proxy.xml
c:\a\payloads\AdobeTypeSupport11-mul\Assets2_1.sig
c:\a\payloads\AdobeTypeSupport11-mul\Assets2_1.zip
c:\a\payloads\AdobeTypeSupport11-mul\Install.db
c:\a\payloads\AdobeTypeSupport11-mul\Install.sig
c:\a\payloads\AdobeTypeSupport11-mul\media.sql
c:\a\payloads\AdobeTypeSupport11-mul\Media_db.db
c:\a\payloads\AdobeTypeSupport11_x64-mul\AdobeTypeSupport11_x64-mul.boot.xml
c:\a\payloads\AdobeTypeSupport11_x64-mul\AdobeTypeSupport11_x64-mul.proxy.xml
c:\a\payloads\AdobeTypeSupport11_x64-mul\Assets2_1.sig
c:\a\payloads\AdobeTypeSupport11_x64-mul\Assets2_1.zip
c:\a\payloads\AdobeTypeSupport11_x64-mul\Install.db
c:\a\payloads\AdobeTypeSupport11_x64-mul\Install.sig
c:\a\payloads\AdobeTypeSupport11_x64-mul\media.sql
c:\a\payloads\AdobeTypeSupport11_x64-mul\Media_db.db
c:\a\payloads\AdobeVideoProfilesCS4_0-mul\AdobeVideoProfilesCS4_0-mul.boot.xml
c:\a\payloads\AdobeVideoProfilesCS4_0-mul\AdobeVideoProfilesCS4_0-mul.proxy.xml
c:\a\payloads\AdobeVideoProfilesCS4_0-mul\Assets2_1.sig
c:\a\payloads\AdobeVideoProfilesCS4_0-mul\Assets2_1.zip
c:\a\payloads\AdobeVideoProfilesCS4_0-mul\Install.db
c:\a\payloads\AdobeVideoProfilesCS4_0-mul\Install.sig
c:\a\payloads\AdobeVideoProfilesCS4_0-mul\media.sql
c:\a\payloads\AdobeVideoProfilesCS4_0-mul\Media_db.db
c:\a\payloads\AdobeWinSoftLinguisticsPluginAll\AdobeWinSoftLinguisticsPluginAll.boot.xml
c:\a\payloads\AdobeWinSoftLinguisticsPluginAll\AdobeWinSoftLinguisticsPluginAll.proxy.xml
c:\a\payloads\AdobeWinSoftLinguisticsPluginAll\Assets2_1.sig
c:\a\payloads\AdobeWinSoftLinguisticsPluginAll\Assets2_1.zip
c:\a\payloads\AdobeWinSoftLinguisticsPluginAll\Install.db
c:\a\payloads\AdobeWinSoftLinguisticsPluginAll\Install.sig
c:\a\payloads\AdobeWinSoftLinguisticsPluginAll\media.sql
c:\a\payloads\AdobeWinSoftLinguisticsPluginAll\Media_db.db
c:\a\payloads\AdobeWinSoftLinguisticsPluginAll_x64\AdobeWinSoftLinguisticsPluginAll_x64.boot.xml
c:\a\payloads\AdobeWinSoftLinguisticsPluginAll_x64\AdobeWinSoftLinguisticsPluginAll_x64.proxy.xml
c:\a\payloads\AdobeWinSoftLinguisticsPluginAll_x64\Assets2_1.sig
c:\a\payloads\AdobeWinSoftLinguisticsPluginAll_x64\Assets2_1.zip
c:\a\payloads\AdobeWinSoftLinguisticsPluginAll_x64\Install.db
c:\a\payloads\AdobeWinSoftLinguisticsPluginAll_x64\Install.sig
c:\a\payloads\AdobeWinSoftLinguisticsPluginAll_x64\media.sql
c:\a\payloads\AdobeWinSoftLinguisticsPluginAll_x64\Media_db.db
c:\a\payloads\AdobeXMPPanelsAll\AdobeXMPPanelsAll.boot.xml
c:\a\payloads\AdobeXMPPanelsAll\AdobeXMPPanelsAll.proxy.xml
c:\a\payloads\AdobeXMPPanelsAll\Assets2_1.sig
c:\a\payloads\AdobeXMPPanelsAll\Assets2_1.zip
c:\a\payloads\AdobeXMPPanelsAll\Install.db
c:\a\payloads\AdobeXMPPanelsAll\Install.sig
c:\a\payloads\AdobeXMPPanelsAll\media.sql
c:\a\payloads\AdobeXMPPanelsAll\Media_db.db
c:\a\payloads\Media_db.db
c:\a\payloads\Media_db.sig
c:\a\payloads\Microsoft VC 2005 Redist (x64)\media.sql
c:\a\payloads\Microsoft VC 2005 Redist (x64)\Media_db.db
c:\a\payloads\Microsoft VC 2005 Redist (x64)\Microsoft VC 2005 Redist (x64).proxy.xml
c:\a\payloads\Microsoft VC 2005 Redist (x64)\vcredist_x64.EXE
c:\a\payloads\Microsoft VC 2005 Redist (x86)\media.sql
c:\a\payloads\Microsoft VC 2005 Redist (x86)\Media_db.db
c:\a\payloads\Microsoft VC 2005 Redist (x86)\Microsoft VC 2005 Redist (x86).proxy.xml
c:\a\payloads\Microsoft VC 2005 Redist (x86)\vcredist_x86.exe
c:\a\payloads\Microsoft VC 2008 Redist (x64)\media.sql
c:\a\payloads\Microsoft VC 2008 Redist (x64)\Media_db.db
c:\a\payloads\Microsoft VC 2008 Redist (x64)\Microsoft VC 2008 Redist (x64).proxy.xml
c:\a\payloads\Microsoft VC 2008 Redist (x64)\vcredist_x64.exe
c:\a\payloads\Microsoft VC 2008 Redist (x86)\media.sql
c:\a\payloads\Microsoft VC 2008 Redist (x86)\Media_db.db
c:\a\payloads\Microsoft VC 2008 Redist (x86)\Microsoft VC 2008 Redist (x86).proxy.xml
c:\a\payloads\Microsoft VC 2008 Redist (x86)\vcredist_x86.exe
c:\a\payloads\Microsoft VC 2010 Redist (x64)\media.sql
c:\a\payloads\Microsoft VC 2010 Redist (x64)\Media_db.db
c:\a\payloads\Microsoft VC 2010 Redist (x64)\Microsoft VC 2010 Redist (x64).proxy.xml
c:\a\payloads\Microsoft VC 2010 Redist (x64)\vcredist_x64.exe
c:\a\payloads\Microsoft VC 2010 Redist (x86)\media.sql
c:\a\payloads\Microsoft VC 2010 Redist (x86)\Media_db.db
c:\a\payloads\Microsoft VC 2010 Redist (x86)\Microsoft VC 2010 Redist (x86).proxy.xml
c:\a\payloads\Microsoft VC 2010 Redist (x86)\vcredist_x86.exe
c:\a\payloads\Microsoft_VC80_CRT_x86\media.sql
c:\a\payloads\Microsoft_VC80_CRT_x86\Media_db.db
c:\a\payloads\Microsoft_VC80_CRT_x86\Microsoft_VC80_CRT_x86.msi
c:\a\payloads\Microsoft_VC80_CRT_x86\Microsoft_VC80_CRT_x86.proxy.xml
c:\a\payloads\Microsoft_VC90_CRT_x86\media.sql
c:\a\payloads\Microsoft_VC90_CRT_x86\Media_db.db
c:\a\payloads\Microsoft_VC90_CRT_x86\Microsoft_VC90_CRT_x86.msi
c:\a\payloads\Microsoft_VC90_CRT_x86\Microsoft_VC90_CRT_x86.proxy.xml
c:\a\payloads\setup.xml
c:\a\payloads\SwitchBoard2.0All\Assets1_1.zip
c:\a\payloads\SwitchBoard2.0All\Assets2_1.zip
c:\a\payloads\SwitchBoard2.0All\Install.db
c:\a\payloads\SwitchBoard2.0All\media.sql
c:\a\payloads\SwitchBoard2.0All\Media_db.db
c:\a\payloads\SwitchBoard2.0All\SwitchBoard2.0All.boot.xml
c:\a\payloads\SwitchBoard2.0All\SwitchBoard2.0All.proxy.xml
c:\a\resources\AdobePIM.dll
c:\a\resources\Dictionary\cs_CZ\stringTable.zdct
c:\a\resources\Dictionary\da_DK\stringTable.zdct
c:\a\resources\Dictionary\de_DE\stringTable.zdct
c:\a\resources\Dictionary\en_AE\stringTable.zdct
c:\a\resources\Dictionary\en_GB\stringTable.zdct
c:\a\resources\Dictionary\en_IL\stringTable.zdct
c:\a\resources\Dictionary\en_US\stringTable.zdct
c:\a\resources\Dictionary\en_XM\stringTable.zdct
c:\a\resources\Dictionary\es_ES\stringTable.zdct
c:\a\resources\Dictionary\es_LA\stringTable.zdct
c:\a\resources\Dictionary\es_MX\stringTable.zdct
c:\a\resources\Dictionary\es_NA\stringTable.zdct
c:\a\resources\Dictionary\fi_FI\stringTable.zdct
c:\a\resources\Dictionary\fr_CA\stringTable.zdct
c:\a\resources\Dictionary\fr_FR\stringTable.zdct
c:\a\resources\Dictionary\fr_MA\stringTable.zdct
c:\a\resources\Dictionary\fr_XM\stringTable.zdct
c:\a\resources\Dictionary\hu_HU\stringTable.zdct
c:\a\resources\Dictionary\it_IT\stringTable.zdct
c:\a\resources\Dictionary\ja_JP\stringTable.zdct
c:\a\resources\Dictionary\ko_KR\stringTable.zdct
c:\a\resources\Dictionary\nb_NO\stringTable.zdct
c:\a\resources\Dictionary\nl_NL\stringTable.zdct
c:\a\resources\Dictionary\pl_PL\stringTable.zdct
c:\a\resources\Dictionary\pt_BR\stringTable.zdct
c:\a\resources\Dictionary\ru_RU\stringTable.zdct
c:\a\resources\Dictionary\sv_SE\stringTable.zdct
c:\a\resources\Dictionary\tr_TR\stringTable.zdct
c:\a\resources\Dictionary\uk_UA\stringTable.zdct
c:\a\resources\Dictionary\zh_CN\stringTable.zdct
c:\a\resources\Dictionary\zh_TW\stringTable.zdct
c:\a\resources\setup.xml
c:\a\resources\updaterinventory.dll
c:\a\Set-up.exe
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\assembly\temp\@
c:\windows\assembly\temp\cfg.ini
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
.
.
((((((((((((((((((((((((( Files Created from 2012-05-01 to 2012-06-01 )))))))))))))))))))))))))))))))
.
.
2012-06-01 11:06 . 2012-06-01 11:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-01 07:43 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DF8F6ADC-7B99-49F8-BB14-A948EE6EC33F}\mpengine.dll
2012-05-29 15:47 . 2010-04-19 15:04 12032 ----a-w- c:\windows\system32\drivers\dadder.sys
2012-05-29 15:47 . 2012-05-29 15:47 -------- d-----w- c:\users\kubais\AppData\Roaming\InstallShield
2012-05-29 12:11 . 2012-05-29 12:11 -------- d-----w- c:\programdata\RELOADED
2012-05-28 05:56 . 2012-05-29 05:31 -------- d-----w- c:\windows\SysWow64\NV
2012-05-28 05:56 . 2012-05-29 05:31 -------- d-----w- c:\windows\system32\NV
2012-05-24 16:54 . 2012-05-24 16:56 -------- d-----w- c:\users\kubais\AppData\Local\SniperV2
2012-05-23 05:36 . 2012-02-10 03:07 2561856 ----a-w- c:\windows\system32\nvsvcr.dll
2012-05-22 16:32 . 2012-05-22 18:03 -------- d-----w- c:\users\kubais\AppData\Local\Ubisoft Game Launcher
2012-05-22 15:51 . 2012-05-22 15:51 -------- d-----w- c:\program files (x86)\QuickTime
2012-05-22 15:51 . 2012-05-22 15:51 -------- d-----w- c:\programdata\Apple Computer
2012-05-22 15:51 . 2012-05-22 15:51 -------- d-----w- c:\program files (x86)\Apple Software Update
2012-05-18 16:39 . 2012-03-06 23:04 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-05-18 16:39 . 2012-03-06 23:04 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-05-18 16:39 . 2012-03-06 23:02 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-05-18 16:39 . 2012-03-06 23:01 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-05-18 16:39 . 2012-03-06 23:01 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-05-18 16:39 . 2012-03-06 23:01 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-05-18 16:39 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-05-18 16:39 . 2012-03-06 23:15 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-05-18 09:16 . 2012-05-18 09:16 -------- d-----w- c:\program files (x86)\Geeks3D
2012-05-18 08:57 . 2012-05-18 13:01 -------- d-----w- c:\users\kubais\AppData\Local\ElevatedDiagnostics
2012-05-16 17:33 . 2012-05-16 17:33 -------- d-----w- c:\windows\SysWow64\Wat
2012-05-16 17:33 . 2012-05-16 17:33 -------- d-----w- c:\windows\system32\Wat
2012-05-16 14:45 . 2012-05-16 14:45 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-05-16 14:45 . 2012-05-16 14:45 -------- d-----r- c:\program files (x86)\Skype
2012-05-16 11:35 . 2011-09-29 09:30 74272 ----a-w- c:\windows\system32\RtNicProp64.dll
2012-05-16 11:35 . 2011-09-29 09:30 646248 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2012-05-16 11:35 . 2011-09-29 09:30 107552 ----a-w- c:\windows\system32\RTNUninst64.dll
2012-05-16 09:31 . 2012-05-16 09:31 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-15 15:46 . 2012-05-15 15:46 -------- d-----w- c:\program files (x86)\Marvell
2012-05-10 09:55 . 2012-05-10 09:55 -------- d-----w- c:\users\kubais\New folder
2012-05-09 08:19 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-09 08:19 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-09 08:19 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-09 08:19 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-09 08:19 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-09 08:19 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-09 08:19 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-09 08:19 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-09 08:19 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-09 08:19 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-09 08:18 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-09 08:18 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-09 08:18 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-06 08:34 . 2012-05-06 08:34 -------- d-----w- c:\users\kubais\AppData\Roaming\Paddy
2012-05-02 21:09 . 2012-05-02 21:09 -------- d-----w- c:\program files\7-Zip
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-01 11:07 . 2012-03-25 16:08 151552 ----a-w- c:\windows\KMSEmulator.exe
2012-05-24 08:47 . 2012-03-12 11:02 24448 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-05-18 10:56 . 2001-10-05 21:56 25640 ----a-w- c:\windows\gdrv.sys
2012-05-01 12:08 . 2011-11-29 15:02 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-27 08:31 . 2012-04-27 08:31 119808 ----a-r- c:\users\kubais\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
2012-04-18 18:56 . 2012-04-18 18:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-18 18:56 . 2012-04-18 18:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-04-04 13:56 . 2011-11-25 14:42 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-19 21:44 . 2012-03-19 21:44 5888792 ----a-w- c:\windows\system32\GfxUI.exe
2012-03-19 21:44 . 2012-03-19 21:44 509720 ----a-w- c:\windows\system32\igfxsrvc.exe
2012-03-19 21:44 . 2012-03-19 21:44 439064 ----a-w- c:\windows\system32\igfxpers.exe
2012-03-19 21:44 . 2012-03-19 21:44 398616 ----a-w- c:\windows\system32\hkcmd.exe
2012-03-19 21:44 . 2012-03-19 21:44 276248 ----a-w- c:\windows\SysWow64\IntelCpHeciSvc.exe
2012-03-19 21:44 . 2012-03-19 21:44 250136 ----a-w- c:\windows\system32\igfxext.exe
2012-03-19 21:44 . 2012-03-19 21:44 184600 ----a-w- c:\windows\system32\difx64.exe
2012-03-19 21:42 . 2012-03-19 21:42 90112 ----a-w- c:\windows\system32\igfxCoIn_v2696.dll
2012-03-19 21:32 . 2012-03-19 21:32 14745600 ----a-w- c:\windows\system32\drivers\igdkmd64.sys
2012-03-19 21:31 . 2012-03-19 21:31 8087040 ----a-w- c:\windows\system32\igdumd64.dll
2012-03-19 21:31 . 2012-03-19 21:31 79360 ----a-w- c:\windows\system32\igdde64.dll
2012-03-19 21:26 . 2012-03-19 21:26 6120960 ----a-w- c:\windows\SysWow64\igdumd32.dll
2012-03-19 21:25 . 2012-03-19 21:25 58880 ----a-w- c:\windows\SysWow64\igdde32.dll
2012-03-19 21:22 . 2012-03-19 21:22 9605632 ----a-w- c:\windows\system32\igd10umd64.dll
2012-03-19 21:11 . 2012-03-19 21:11 7795200 ----a-w- c:\windows\SysWow64\igd10umd32.dll
2012-03-19 20:31 . 2012-03-19 20:31 18137088 ----a-w- c:\windows\system32\ig4icd64.dll
2012-03-19 20:21 . 2012-03-19 20:21 13212672 ----a-w- c:\windows\SysWow64\ig4icd32.dll
2012-03-19 20:18 . 2012-03-19 20:18 439296 ----a-w- c:\windows\system32\igfxrrom.lrc
2012-03-19 20:18 . 2012-03-19 20:18 438784 ----a-w- c:\windows\system32\igfxrhrv.lrc
2012-03-19 20:18 . 2012-03-19 20:18 438272 ----a-w- c:\windows\system32\igfxrsky.lrc
2012-03-19 20:18 . 2012-03-19 20:18 437760 ----a-w- c:\windows\system32\igfxrslv.lrc
2012-03-19 20:18 . 2012-03-19 20:18 439808 ----a-w- c:\windows\system32\igfxresn.lrc
2012-03-19 20:18 . 2012-03-19 20:18 439296 ----a-w- c:\windows\system32\igfxrrus.lrc
2012-03-19 20:18 . 2012-03-19 20:18 438784 ----a-w- c:\windows\system32\igfxrptg.lrc
2012-03-19 20:18 . 2012-03-19 20:18 438784 ----a-w- c:\windows\system32\igfxrplk.lrc
2012-03-19 20:18 . 2012-03-19 20:18 437760 ----a-w- c:\windows\system32\igfxrtrk.lrc
2012-03-19 20:18 . 2012-03-19 20:18 437760 ----a-w- c:\windows\system32\igfxrsve.lrc
2012-03-19 20:18 . 2012-03-19 20:18 437760 ----a-w- c:\windows\system32\igfxrptb.lrc
2012-03-19 20:18 . 2012-03-19 20:18 437248 ----a-w- c:\windows\system32\igfxrtha.lrc
2012-03-19 20:18 . 2012-03-19 20:18 440320 ----a-w- c:\windows\system32\igfxrell.lrc
2012-03-19 20:18 . 2012-03-19 20:18 438784 ----a-w- c:\windows\system32\igfxrita.lrc
2012-03-19 20:18 . 2012-03-19 20:18 438272 ----a-w- c:\windows\system32\igfxrhun.lrc
2012-03-19 20:18 . 2012-03-19 20:18 437760 ----a-w- c:\windows\system32\igfxrnor.lrc
2012-03-19 20:18 . 2012-03-19 20:18 435712 ----a-w- c:\windows\system32\igfxrheb.lrc
2012-03-19 20:18 . 2012-03-19 20:18 432128 ----a-w- c:\windows\system32\igfxrjpn.lrc
2012-03-19 20:18 . 2012-03-19 20:18 430592 ----a-w- c:\windows\system32\igfxrkor.lrc
2012-03-19 20:18 . 2012-03-19 20:18 439808 ----a-w- c:\windows\system32\igfxrfra.lrc
2012-03-19 20:18 . 2012-03-19 20:18 438784 ----a-w- c:\windows\system32\igfxrnld.lrc
2012-03-19 20:18 . 2012-03-19 20:18 438784 ----a-w- c:\windows\system32\igfxrdeu.lrc
2012-03-19 20:18 . 2012-03-19 20:18 438272 ----a-w- c:\windows\system32\igfxrfin.lrc
2012-03-19 20:18 . 2012-03-19 20:18 438272 ----a-w- c:\windows\system32\igfxrcsy.lrc
2012-03-19 20:18 . 2012-03-19 20:18 437248 ----a-w- c:\windows\system32\igfxrdan.lrc
2012-03-19 20:18 . 2012-03-19 20:18 429056 ----a-w- c:\windows\system32\igfxrcht.lrc
2012-03-19 20:18 . 2012-03-19 20:18 435712 ----a-w- c:\windows\system32\igfxrara.lrc
2012-03-19 20:18 . 2012-03-19 20:18 428544 ----a-w- c:\windows\system32\igfxrchs.lrc
2012-03-19 20:18 . 2012-03-19 20:18 126976 ----a-w- c:\windows\system32\igfxcpl.cpl
2012-03-19 20:18 . 2012-03-19 20:18 386560 ----a-w- c:\windows\system32\igfxpph.dll
2012-03-19 20:18 . 2012-03-19 20:18 410624 ----a-w- c:\windows\system32\igfxTMM.dll
2012-03-19 20:17 . 2012-03-19 20:17 28672 ----a-w- c:\windows\system32\igfxexps.dll
2012-03-19 20:17 . 2012-03-19 20:17 63488 ----a-w- c:\windows\system32\igfxsrvc.dll
2012-03-19 20:17 . 2011-08-31 18:20 110592 ----a-w- c:\windows\system32\hccutils.dll
2012-03-19 20:17 . 2012-03-19 20:17 9216 ----a-w- c:\windows\system32\IGFXDEVLib.dll
2012-03-19 20:17 . 2012-03-19 20:17 434688 ----a-w- c:\windows\system32\igfxdev.dll
2012-03-19 20:17 . 2012-03-19 20:17 172032 ----a-w- c:\windows\system32\gfxSrvc.dll
2012-03-19 20:16 . 2012-03-19 20:16 142336 ----a-w- c:\windows\system32\igfxdo.dll
2012-03-19 20:16 . 2011-08-31 18:20 9007616 ----a-w- c:\windows\system32\igfxress.dll
2012-03-19 20:12 . 2012-03-19 20:12 25088 ----a-w- c:\windows\SysWow64\igfxexps32.dll
2012-03-19 20:11 . 2012-03-19 20:11 325120 ----a-w- c:\windows\SysWow64\igfxdv32.dll
2012-03-18 18:32 . 2012-03-18 18:32 21712 ----a-w- c:\windows\SysWow64\drivers\DrvAgent64.SYS
2012-03-12 18:56 . 2012-03-12 18:56 947472 ----a-w- c:\windows\SysWow64\msjava.dll
2012-03-06 23:15 . 2001-10-05 22:09 258520 ----a-w- c:\windows\system32\aswBoot.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-05-28 288128]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"AIMP3"="c:\program files (x86)\AIMP3\AIMP3.exe" [2011-11-25 1510912]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-05-03 17355912]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-05-11 880496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SAOB Monitor"="c:\program files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe" [2011-05-11 2536440]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2011-05-18 5550792]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files (x86)\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]
"VirtualCloneDrive"="t:\progs\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"RemoteControl11"="t:\progs\PowerDVD11\PDVD11Serv.exe" [2011-09-14 230696]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"DeathAdder"="c:\program files (x86)\Razer\DeathAdder\razerhid.exe" [2012-01-14 248832]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Canon LBP2900 Status Window.lnk - c:\windows\System32\spool\drivers\x64\3\CNAB4LAD.EXE [2011-11-26 60384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R0 mvs91xx;mvs91xx;c:\windows\system32\DRIVERS\mvs91xx.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-08-08 2656536]
R3 cphs;Intel® Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-03-19 276248]
R3 CYUSB;Cypress Generic USB Driver;c:\windows\system32\Drivers\CYUSB.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [x]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;t:\progs\Office\Office14\GROOVE.EXE [2010-12-27 31124344]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys [x]
R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0017mdfl.sys [x]
R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0017mdm.sys [x]
R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys [x]
R3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\DRIVERS\s0017nd5.sys [x]
R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys [x]
R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys [x]
R3 s1039bus;Sony Ericsson Device 1039 driver (WDM);c:\windows\system32\DRIVERS\s1039bus.sys [x]
R3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1039mdfl.sys [x]
R3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1039mdm.sys [x]
R3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1039mgmt.sys [x]
R3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1039nd5.sys [x]
R3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1039obex.sys [x]
R3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1039unic.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 mv91cons;Marvell 91xx Config Device Driver;c:\windows\system32\DRIVERS\mv91cons.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]
S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2012/05/18 10:39];t:\progs\PowerDVD11\Common\NavFilter\000.fcl [2011-09-02 10:08 148976]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-05-26 913792]
S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-11-25 3246040]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;t:\progs\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [2011-08-24 83240]
S2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;t:\progs\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [2011-09-02 75048]
S2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;t:\progs\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe [2011-09-02 292136]
S2 ntk_PowerDVD;ntk_PowerDVD;t:\progs\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys [2011-08-24 75248]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]
S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2011-09-08 6583160]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2011-09-08 528760]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]
S3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 VKbms;Razer Gaming Device;c:\windows\system32\DRIVERS\VKbms.sys [x]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\kubais\AppData\Local\Temp\tmp9108.tmp [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WINRING0_1_2_0
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-01 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS\AutoKMS.exe [2012-03-25 16:14]
.
2012-06-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3144134840-3746970530-3815568789-1000Core.job
- c:\users\kubais\AppData\Local\Google\Update\GoogleUpdate.exe [2001-10-05 21:59]
.
2012-06-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3144134840-3746970530-3815568789-1000UA.job
- c:\users\kubais\AppData\Local\Google\Update\GoogleUpdate.exe [2001-10-05 21:59]
.
2012-05-27 c:\windows\Tasks\Intel_C_CVCV204603R6120BGN.job
- t:\progs\SSD toolbox\Intel SSD Toolbox.exe [2012-03-24 07:03]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2011-05-18 390736]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-02-14 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-19 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-19 439064]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-01-16 12445288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
Trusted Zone: mojebanka.cz\*
Trusted Zone: mojebanka.cz\*
TCP: DhcpNameServer = 78.156.128.10 81.31.33.19
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WinRing0_1_2_0]
"ImagePath"="\??\c:\users\kubais\AppData\Local\Temp\tmp9108.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]
"ImagePath"="\??\t:\progs\PowerDVD11\Common\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3144134840-3746970530-3815568789-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.032"
.
[HKEY_USERS\S-1-5-21-3144134840-3746970530-3815568789-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.apd"
.
[HKEY_USERS\S-1-5-21-3144134840-3746970530-3815568789-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.arw"
.
[HKEY_USERS\S-1-5-21-3144134840-3746970530-3815568789-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.bay"
.
[HKEY_USERS\S-1-5-21-3144134840-3746970530-3815568789-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.bw"
.
[HKEY_USERS\S-1-5-21-3144134840-3746970530-3815568789-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.cs1"
.
[HKEY_USERS\S-1-5-21-3144134840-3746970530-3815568789-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.dcx"
.
[HKEY_USERS\S-1-5-21-3144134840-3746970530-3815568789-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.djv"
.
[HKEY_USERS\S-1-5-21-3144134840-3746970530-3815568789-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.djvu"
.
[HKEY_USERS\S-1-5-21-3144134840-3746970530-3815568789-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.eps"
.
[HKEY_USERS\S-1-5-21-3144134840-3746970530-3815568789-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.fff"
.
[HKEY_USERS\S-1-5-21-3144134840-3746970530-3815568789-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.fpx"
.
[HKEY_USERS\S-1-5-21-3144134840-3746970530-3815568789-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.icn"
.
[HKEY_USERS\S-1-5-21-3144134840-3746970530-3815568789-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.iff"
.
[HKEY_USERS\S-1-5-21-3144134840-3746970530-3815568789-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.ilbm"
.
[HKEY_USERS\S-1-5-21-3144134840-3746970530-3815568789-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.int"
.
[HKEY_USERS\S-1-5-21-3144134840-3746970530-3815568789-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.inta"
.
[HKEY_USERS\S-1-5-21-3144134840-3746970530-3815568789-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.iw4"
.
[HKEY_USERS\S-1-5-21-3144134840-3746970530-3815568789-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.j2c"
.
[HKEY_USERS\S-1-5-21-3144134840-3746970530-3815568789-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.j2k"
.
[HKEY_USERS\S-1-5-21-3144134840-3746970530-3815568789-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.jbr"
.
[HKEY_USERS\S-1-5-21-3144134840-3746970530-3815568789-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.jif"
.
[HKEY_USERS\S-1-5-21-3144134840-3746970530-3815568789-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.jp2"
.
[HKEY_USERS\S-1-5-21-3144134840-3746970530-3815568789-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.jpc"
.
[HKEY_USERS\S-1-5-21-3144134840-3746970530-3815568789-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.jpk"
.
[HKEY_USERS\S-1-5-21-3144134840-3746970530-3815568789-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.jpx"
.
[HKEY_USERS\S-1-5-21-3144134840-3746970530-3815568789-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.kdc"
.
[HKEY_USERS\S-1-5-21-3144134840-3746970530-3815568789-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.lbm"
.
[HKEY_USERS\S-1-5-21-3144134840-3746970530-3815568789-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.mef"
.
[HKEY_USERS\S-1-5-21-3144134840-3746970530-3815568789-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.nrw"
.
[HKEY_USERS\S-1-5-21-3144134840-3746970530-3815568789-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.pbr"
.
[HKEY_USERS\S-1-5-21-3144134840-3746970530-3815568789-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.pgm"
.
[HKEY_USERS\S-1-5-21-3144134840-3746970530-3815568789-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.pix"
.
[HKEY_USERS\S-1-5-21-3144134840-3746970530-3815568789-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.ppm"
.
[HKEY_USERS\S-1-5-21-3144134840-3746970530-3815568789-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.pspbrush"
.
[HKEY_USERS\S-1-5-21-3144134840-3746970530-3815568789-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.pspimage"
.
[HKEY_USERS\S-1-5-21-3144134840-3746970530-3815568789-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.ras"
.
[HKEY_USERS\S-1-5-21-3144134840-3746970530-3815568789-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.rgb"
.
[HKEY_USERS\S-1-5-21-3144134840-3746970530-3815568789-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.rgba"
.
[HKEY_USERS\S-1-5-21-3144134840-3746970530-3815568789-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.rsb"
.
[HKEY_USERS\S-1-5-21-3144134840-3746970530-3815568789-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.rw2"
.
[HKEY_USERS\S-1-5-21-3144134840-3746970530-3815568789-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.rwl"
.
[HKEY_USERS\S-1-5-21-3144134840-3746970530-3815568789-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.sgi"
.
[HKEY_USERS\S-1-5-21-3144134840-3746970530-3815568789-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.sr2"
.
[HKEY_USERS\S-1-5-21-3144134840-3746970530-3815568789-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.srw"
.
[HKEY_USERS\S-1-5-21-3144134840-3746970530-3815568789-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.thm"
.
[HKEY_USERS\S-1-5-21-3144134840-3746970530-3815568789-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.wbm"
.
[HKEY_USERS\S-1-5-21-3144134840-3746970530-3815568789-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.wbmp"
.
[HKEY_USERS\S-1-5-21-3144134840-3746970530-3815568789-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.xbm"
.
[HKEY_USERS\S-1-5-21-3144134840-3746970530-3815568789-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.xif"
.
[HKEY_USERS\S-1-5-21-3144134840-3746970530-3815568789-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.xpm"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Hard Disk Sentinel\HDSentinel.exe
c:\program files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
.
**************************************************************************
.
Completion time: 2012-06-01 13:08:26 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-01 11:08
.
Pre-Run: 72,042,131,456 bytes free
Post-Run: 71,242,932,224 bytes free
.
- - End Of File - - 7685CE5698E73B1488611763B9D0CFEE

[Gammo]

Your logs appear to be clean now. There is only a bit of cleanup that we will deal with in this post, as well as prevention from future infections. ^_^

Remove Combofix now that we're done with it.

• Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
• Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
  
• Please follow the prompts to uninstall Combofix.
• You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

• Download OTC to your desktop and run it
• A list of tool components used in the Cleanup of malware will be downloaded.
• If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
• Click Yes to begin the Cleanup process and remove these components, including this application.
• You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep a backup of your important files
Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Make proper use of your anti-virus and firewall
You should keep your anti-virus and firewall guard enabled at all times, don't shut them off unless there's a specific reason to do so.

Also, regularly performing a full system scan with your anti-virus program is a good idea to make sure nothing has slipped through your protection. Once every two weeks works well for many people. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

Keep in mind that anti-virus programs are far from perfect. They don't protect you against every piece of malware that's out there, so don't trust them blindly. If an anti-virus reports a file as 'clean' then it's doesn't necessarily has to mean it is.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep all your software updated
It is important to keep up on system updates from Microsoft by regularly checking their website at: http://windowsupdate.microsoft.com/, as these patch critical security vulnerabilities and help to keep you safe.

It's also important to keep programs up to date so that malware doesn't exploit any old security flaws. FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Java and Adobe Reader are two of the main security vulnerabilities. You can find the latest version of Java here, you will want the Java SE Runtime Environment (JRE) one. You can find the latest version of Adobe Reader here.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Use a safer web browser
Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a couple good free alternatives: Google Chrome and Opera. Both are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these.

The WOT add-on will nicely help to enhance your security, no matter which web browser you use. This add-on tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Some other security programs

It is wise these days to have a few security programs installed and running on your machine except from just an anti-virus and a firewall. I will list some of them.

• A good anti-spyware program installed on your pc is very important to help remove any spyware that may have gotten on your computer. I highly recommend Malwarebytes' Anti-Malware.
• MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites in the future.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Be careful
Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to exercise common sense. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully to make sure that you know what you're getting.

Using peer-to-peer programs (eg: LimeWire, BitTorrent, uTorrent, Kazaa) or downloading cracks and keygens is something else to avoid. These are the most common way to get infected. Malware writers use these programs to spread infections as it is the easiest way for them. The majority of infections we see in the Malware Removal forum are due to people using p2p programs to download cracks/keygens/warez. These are not only illegal, but will always contain some form of malware. You have no way of verifying that the things you download are legitimate or that they don't contain malware. Even with an up to date anti-virus and firewall, some of these things will still infect you. It is highly recommend that you uninstall all peer-to-peer programs. It just isn't worth it.

Other common ways of getting infected are dis-reputable sites forcing you to download and install a codec. Or viruses using Instant Messaging programs (Windows Live Messenger, MSN Messenger, AIM) to send a file claiming it to be "photos" from a friend, only for it to turn out to be a virus.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Slow computer?
If your computer begins to slow down in the future for no particular reason, your first step should not be to come to the malware forum. As your computer ages and is used, it's parts wear, files and programs accumulate, and its performance can decrease. To restore your computer's performance to its best possible level, follow the steps in this page written by malware expert Miekiemoes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I'll leave this thread open for a couple days in case you come across any lingering problems that need fixing, then I'll close it up. If you need it reopened for any reason just shoot me a PM. It's been a pleasure working with you, now best of luck!

Cheers,
Gammo

[kybe]

Thank you once again. Everything seems to be ok now, just before I uninstalled combofix, I had really hard times with my computer. Few hours after running combofix my computer started freezing dead with loop sound in any 3D game (only hard reset helped). I was trying everything, even rolling system back before combofix but the problem disappeared after unistalling combofix. Sounds weird, I know, just reporting for future generations