Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan Cockroaches [Solved]


  • This topic is locked This topic is locked

#1
[email protected]

[email protected]

    Member

  • Member
  • PipPip
  • 25 posts
TR/ATRAPS.gen2

TR/Sirefef.AG.35

TR/Small.FI

In this case "3 riders of apocalypse" ^^

Nah, i`m joking, its not that catastrophic, just trying to relax everyone looking @ my post...

So my story begins today afternoon, around idk ... 17pm? Not really sure...

Since i`m kind of semi-geek (at least) i tried everything in the last 6 hrs to remove these suckers.

But seems i`m not geek enough, so that`s why i came here ^^

Anyhow, ill be short.

I infected my computer by clicking on some guys signature, which led me to some site of "new signature creators" or something like that (i don`t really want to re-visit the site lol)

1. Tried few kinds of "Trojan removing software" which obviously did not work.

2. First problem was the error while installing Trojan Remover "Internal error: Failed to expand shell folder constant "userdocs" so i could not install the Trojan Remover 6.8.2.2598

3. Solution on the Microsoft site with the registry didn`t work. That was to remove "recent" file in the registry from the "user" folder. That is as i remember it, i`m sorry if i need to be more descriptive than that.

4. List of programs i used today:

CCleaner 3.1.9

Spybot - Search & Destroy 1.6.2

CWShredder 2.19 - Popular name - CoolWebSearch

TDSS rootkit

Remove Fake Antivirus 1.68


And the pop-up window from AntiVira just wont go away...

With all the restarting, safe modes and all, i am getting sick of this...


And i have to add, i installed "new" antivirus few days ago and i think that is also the prob, since it does not have the firewall, (at least i think so, since in options stays "not installed" by the firewall settings) so i had to turn the Microsoft one... Did not have the time to install another one last few days. Also have Spybot S&D 1.6.2.


I really need your help.

Thanks in forward. :-)



Oh, and an OTL log file:

OTL logfile created on: 6/1/2012 22:35:28 - Run 2
OTL by OldTimer - Version 3.2.45.0 Folder = C:\Users\Administrator\Desktop
Windows Vista Ultimate Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16386)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.85 Gb Available Physical Memory | 61.54% Memory free
6.17 Gb Paging File | 5.03 Gb Available in Paging File | 81.46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 78.13 Gb Total Space | 51.11 Gb Free Space | 65.42% Space Free | Partition Type: NTFS
Drive D: | 78.13 Gb Total Space | 24.35 Gb Free Space | 31.16% Space Free | Partition Type: NTFS

Computer Name: EXPERIENCE | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/01 22:35:08 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
PRC - [2012/05/28 21:32:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012/05/28 21:32:19 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2012/05/28 21:32:19 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
PRC - [2012/05/28 21:32:19 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/05/28 21:32:19 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/05/28 21:32:19 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012/04/25 09:59:23 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/02/28 08:45:45 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/07/19 18:34:14 | 000,050,568 | ---- | M] () -- C:\Program Files\Smart PDF Creator Pro\SmartSoft PDF Printer Agent.exe
PRC - [2011/07/12 16:29:00 | 000,552,960 | ---- | M] (ROCCAT GmbH) -- C:\Program Files\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe
PRC - [2011/04/15 11:43:20 | 002,280,312 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2009/05/26 12:35:32 | 002,528,584 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2009/05/07 14:58:24 | 000,308,552 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2009/03/17 15:36:12 | 000,144,752 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/23 16:50:00 | 000,423,200 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
PRC - [2009/01/07 12:23:32 | 000,357,704 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2008/12/31 22:03:43 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/09 12:17:46 | 000,708,608 | ---- | M] (Mirco-Star International CO., LTD.) -- C:\Program Files\System Control Manager\MGSysCtrl.exe
PRC - [2008/08/26 18:52:14 | 000,159,744 | ---- | M] () -- C:\Program Files\System Control Manager\MSIService.exe
PRC - [2008/07/24 12:24:24 | 000,083,272 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
PRC - [2008/07/22 19:03:50 | 006,253,088 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/06/11 20:16:12 | 001,454,080 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
PRC - [2007/02/12 17:43:44 | 000,065,536 | ---- | M] (O2Micro International) -- C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/06 00:53:16 | 008,797,856 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_2_202_235.dll
MOD - [2012/04/25 09:59:22 | 001,952,696 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/02/01 21:58:06 | 000,043,520 | ---- | M] () -- C:\Windows\System32\CmdLineExt03.dll
MOD - [2011/07/19 18:34:14 | 000,050,568 | ---- | M] () -- C:\Program Files\Smart PDF Creator Pro\SmartSoft PDF Printer Agent.exe
MOD - [2010/06/22 14:50:52 | 000,061,440 | ---- | M] () -- C:\Program Files\ROCCAT\Kone[+] Mouse\hiddriver.dll
MOD - [2010/03/15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2008/08/25 13:47:16 | 000,192,512 | ---- | M] () -- C:\Program Files\System Control Manager\MSIWmiAcpi.dll
MOD - [2008/07/18 15:39:04 | 000,053,248 | ---- | M] () -- C:\Program Files\System Control Manager\MGKBHook.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2012/05/28 21:32:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/28 21:32:19 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012/05/28 21:32:19 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2012/05/28 21:32:19 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/05/06 00:53:16 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/05/13 01:04:40 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2011/04/15 11:43:20 | 002,280,312 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010/06/14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/03/17 15:36:12 | 000,144,752 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2008/12/31 22:03:43 | 000,542,720 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\sysmain.dll -- (SysMain)
SRV - [2008/08/26 18:52:14 | 000,159,744 | ---- | M] () [Auto | Running] -- C:\Program Files\System Control Manager\MSIService.exe -- (Micro Star SCM)
SRV - [2007/02/12 17:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe -- (o2flash)
SRV - [2006/11/02 14:32:28 | 000,560,640 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\emdmgmt.dll -- (EMDMgmt)
SRV - [2006/11/02 11:46:13 | 000,127,488 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\wersvc.dll -- (WerSvc)
SRV - [2006/11/02 11:46:12 | 000,105,984 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\regsvc.dll -- (RemoteRegistry)
SRV - [2006/11/02 11:46:05 | 000,065,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\mprdim.dll -- (RemoteAccess)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (aszfy54y)
DRV - [2012/05/28 21:32:20 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/05/28 21:32:20 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/09/15 23:55:04 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010/08/31 21:32:21 | 000,697,328 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010/07/15 08:44:20 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv)
DRV - [2010/07/15 08:44:20 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/04/12 10:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2010/04/09 13:16:50 | 000,016,472 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdrvio.sys -- (pwdrvio)
DRV - [2010/04/09 13:16:46 | 000,011,104 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdspio.sys -- (pwdspio)
DRV - [2010/02/26 14:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010/02/26 14:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009/08/19 12:47:46 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009/08/19 12:47:46 | 000,100,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009/06/09 18:29:22 | 001,177,600 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/05/14 10:50:56 | 000,054,400 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2009/05/12 12:12:34 | 000,036,992 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2009/03/19 15:07:32 | 000,043,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2009/03/12 12:33:08 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2009/03/05 12:03:16 | 000,074,368 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2009/02/19 17:20:10 | 000,063,872 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2008/12/15 13:17:50 | 000,074,752 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive)
DRV - [2008/11/11 14:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008/11/11 14:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008/11/11 14:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2008/10/06 18:56:38 | 000,137,984 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (Tosrfbd)
DRV - [2008/08/28 12:30:03 | 000,033,792 | ---- | M] (Sentelic Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fspad_wlh32.sys -- (fspad_wlh32)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/08/19 12:58:00 | 007,545,824 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/08/19 12:58:00 | 000,044,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008/07/22 17:42:34 | 000,123,904 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/07/15 17:38:36 | 000,051,288 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2008/06/12 10:28:56 | 000,043,608 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2sd.sys -- (O2SDRDR)
DRV - [2008/06/11 20:23:12 | 001,097,856 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2008/04/29 02:54:58 | 000,054,784 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV - [2008/03/25 14:54:02 | 000,041,472 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)
DRV - [2006/11/02 11:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 11:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 11:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 11:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 11:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iaStorV.sys -- (iaStorV)
DRV - [2006/11/02 11:51:12 | 000,167,528 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\pcmcia.sys -- (pcmcia)
DRV - [2006/11/02 11:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 11:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 11:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 11:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 11:50:24 | 000,047,208 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\isapnp.sys -- (isapnp)
DRV - [2006/11/02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 11:50:17 | 000,080,488 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\msdsm.sys -- (msdsm)
DRV - [2006/11/02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 11:50:16 | 000,078,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\mpio.sys -- (mpio)
DRV - [2006/11/02 11:50:16 | 000,076,392 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sbp2port.sys -- (sbp2port)
DRV - [2006/11/02 11:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 11:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 11:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 11:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 11:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\HpCISSs.sys -- (HpCISSs)
DRV - [2006/11/02 11:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 11:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 11:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\Mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 11:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 11:49:49 | 000,027,752 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\i2omp.sys -- (i2omp)
DRV - [2006/11/02 11:49:44 | 000,023,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\msahci.sys -- (msahci)
DRV - [2006/11/02 11:49:38 | 000,019,560 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\wd.sys -- (Wd)
DRV - [2006/11/02 11:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 11:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 11:49:26 | 000,015,464 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\amdide.sys -- (amdide)
DRV - [2006/11/02 11:49:24 | 000,014,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\intelide.sys -- (intelide)
DRV - [2006/11/02 11:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 11:15:23 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2006/11/02 10:55:23 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\bthmodem.sys -- (BTHMODEM)
DRV - [2006/11/02 10:55:22 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\hidbth.sys -- (HidBth)
DRV - [2006/11/02 10:55:05 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\usbohci.sys -- (usbohci)
DRV - [2006/11/02 10:52:52 | 000,020,608 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\wacompen.sys -- (WacomPen)
DRV - [2006/11/02 10:51:40 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sfloppy.sys -- (sfloppy)
DRV - [2006/11/02 10:51:38 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sffdisk.sys -- (sffdisk)
DRV - [2006/11/02 10:51:33 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\fdc.sys -- (fdc)
DRV - [2006/11/02 10:51:32 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\flpydisk.sys -- (flpydisk)
DRV - [2006/11/02 10:51:30 | 000,079,360 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\parport.sys -- (Parport)
DRV - [2006/11/02 10:51:11 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sermouse.sys -- (sermouse)
DRV - [2006/11/02 10:42:03 | 000,065,536 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\IPMIDrv.sys -- (IPMIDRV)
DRV - [2006/11/02 10:30:57 | 000,225,280 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\udfs.sys -- (udfs)
DRV - [2006/11/02 10:30:19 | 000,039,424 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\viac7.sys -- (ViaC7)
DRV - [2006/11/02 10:30:18 | 000,040,960 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\amdk8.sys -- (AmdK8)
DRV - [2006/11/02 10:30:18 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\crusoe.sys -- (Crusoe)
DRV - [2006/11/02 10:30:18 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\amdk7.sys -- (AmdK7)
DRV - [2006/11/02 10:30:18 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\processr.sys -- (Processor)
DRV - [2006/11/02 10:27:22 | 001,083,520 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ph3xIB32.sys -- (Ph3xIB32)
DRV - [2006/11/02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\BrSerId.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2006/11/02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2004/02/09 13:06:22 | 000,015,360 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NetMotCM.sys -- (ndiscm)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\prxtbsof1.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2431245

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.telekom.at/suche
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.rs/
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\prxtbsof1.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...8-0B001966BCC8
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2431245
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "softonic-de3 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ncr"
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
FF - prefs.js..extensions.enabledItems: [email protected]:3.0.28.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.732
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:3.2.5.2
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:2.7.2.0
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.9: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010/09/19 05:56:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/02/28 08:46:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/25 09:59:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/03/02 17:47:07 | 000,000,000 | ---D | M]

[2010/08/11 01:59:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions
[2012/05/22 03:39:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\w153cjvt.default\extensions
[2012/05/22 03:39:49 | 000,000,000 | ---D | M] (ST-de3 Community Toolbar) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\w153cjvt.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2010/08/24 12:20:49 | 000,000,000 | ---D | M] (20-20 3D Viewer) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\w153cjvt.default\extensions\[email protected]
[2012/05/16 12:12:55 | 000,000,000 | ---D | M] (FlashFirebug) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\w153cjvt.default\extensions\[email protected]
[2011/11/17 20:25:44 | 000,002,333 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\w153cjvt.default\searchplugins\askcom.xml
[2010/10/19 21:28:08 | 000,000,927 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\w153cjvt.default\searchplugins\conduit.xml
[2012/01/04 01:21:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/04/16 20:26:57 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/05/04 23:22:21 | 000,096,925 | ---- | M] () (No name found) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W153CJVT.DEFAULT\EXTENSIONS\{C6F77964-B0B5-4953-A144-93051184EC0C}.XPI
[2012/01/07 17:50:20 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W153CJVT.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/01/07 17:53:28 | 000,118,971 | ---- | M] () (No name found) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W153CJVT.DEFAULT\EXTENSIONS\[email protected]
[2012/05/12 02:28:14 | 000,015,611 | ---- | M] () (No name found) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W153CJVT.DEFAULT\EXTENSIONS\[email protected]
[2012/04/25 09:59:23 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/24 06:40:07 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/24 06:40:07 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Bing ()
CHR - default_search_provider: search_url = http://www.bing.com/...q={searchTerms}
CHR - default_search_provider: suggest_url = http://api.bing.com/...uage={language}

O1 HOSTS File: ([2012/06/01 19:44:42 | 000,442,820 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15216 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\prxtbsof1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\prxtbsof1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files\softonic-de3\prxtbsof1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ContentTransferWMDetector.exe] C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)
O4 - HKLM..\Run: [fspuip] C:\Program Files\FSP\fspuip.exe (Sentelic Corporation)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe (Mirco-Star International CO., LTD.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RoccatKone+] C:\Program Files\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.EXE (ROCCAT GmbH)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmartSoft PDF Printer Agent] C:\Program Files\Smart PDF Creator Pro\SmartSoft PDF Printer Agent.exe ()
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Start_ShowMyMusic = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: verbosestatus = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.34.133.21 212.186.211.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3BFBBB70-818E-45B1-865E-D6BE456B4D01}: DhcpNameServer = 195.34.133.21 212.186.211.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7B35CA7A-EA94-4ED9-808E-4688E6AFFC07}: NameServer = 195.34.133.21,212.186.211.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8198C355-A851-4B3E-A49A-FFC2AD11C705}: DhcpNameServer = 212.62.32.1 212.62.32.5
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/12/27 14:08:35 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{2b288a56-83fb-11de-a51d-00218554d1d2}\Shell\Auto\command - "" = H:\RavMonE.exe e
O33 - MountPoints2\{2b288a56-83fb-11de-a51d-00218554d1d2}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\RavMonE.exe e
O33 - MountPoints2\{37cb3853-1129-11df-aeed-00218554d1d2}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{3ba64ff5-6118-11df-92d2-00218554d1d2}\Shell\Option1\Command - "" = H:\HBCD\Wintools\HBCDMenu.exe
O33 - MountPoints2\{42de6d65-1ec6-11de-905d-806e6f6e6963}\Shell\AutoRun\command - "" = H:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\RemovableDriveHelper.exe
O33 - MountPoints2\{42de6d65-1ec6-11de-905d-806e6f6e6963}\Shell\open\command - "" = H:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\RemovableDriveHelper.exe
O33 - MountPoints2\{435c0664-0910-11de-9341-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{435c0664-0910-11de-9341-806e6f6e6963}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{435c06a8-0910-11de-9341-97caaa212a33}\Shell - "" = AutoRun
O33 - MountPoints2\{435c06a8-0910-11de-9341-97caaa212a33}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{5f37cc4a-421a-11de-add8-86b36394e336}\Shell - "" = AutoRun
O33 - MountPoints2\{5f37cc4a-421a-11de-add8-86b36394e336}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{cda85029-d78b-11dd-b70a-deeea542ad32}\Shell - "" = AutoRun
O33 - MountPoints2\{cda85029-d78b-11dd-b70a-deeea542ad32}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/01 22:35:07 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2012/06/01 22:33:11 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Administrator\Desktop\HiJackThis.exe
[2012/06/01 18:56:26 | 003,879,712 | ---- | C] (AVG Technologies) -- C:\Users\Administrator\Desktop\avg_free_stb_all_2012_2178_cnet.exe
[2012/06/01 18:28:19 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\ZoneAlarm Free Antivirus + Firewall 2013 By York Mw
[2012/06/01 18:22:53 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/06/01 18:22:04 | 003,862,112 | ---- | C] (Piriform Ltd) -- C:\Users\Administrator\Desktop\ccsetup319.exe
[2012/05/26 00:02:02 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Avira
[2012/05/25 23:50:18 | 000,000,000 | ---D | C] -- C:\Users\Administrator\{3ab03e36-9577-44eb-b9ac-aa3aef5780bf}
[2012/05/25 23:49:51 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012/05/25 23:49:42 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012/05/25 23:49:42 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012/05/25 23:49:42 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012/05/25 23:49:41 | 000,112,032 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avfwot.sys
[2012/05/25 23:49:41 | 000,091,968 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avfwim.sys
[2012/05/25 23:49:26 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012/05/22 03:06:13 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Damfon
[2012/05/19 17:11:31 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\O
[2012/05/19 01:06:30 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\lua-5.2.0
[2012/05/05 18:31:11 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Youtube
[2012/05/04 15:09:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium
[2012/05/04 15:08:32 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2011/03/30 20:46:27 | 113,505,840 | ---- | C] (Macromedia ) -- C:\Users\Administrator\AppData\Local\flash8es.exe
[5 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Administrator\Desktop\*.tmp files -> C:\Users\Administrator\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/01 22:35:08 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2012/06/01 22:33:13 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Administrator\Desktop\HiJackThis.exe
[2012/06/01 22:27:26 | 000,043,239 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012/06/01 22:27:26 | 000,043,239 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012/06/01 22:27:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/01 22:27:09 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/01 22:27:09 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/01 21:07:10 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/01 20:49:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/01 19:51:53 | 000,621,552 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/01 19:51:53 | 000,104,868 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/01 19:47:25 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/01 19:44:42 | 000,442,820 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/06/01 19:33:20 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/06/01 18:58:39 | 074,761,776 | ---- | M] () -- C:\Users\Administrator\Desktop\avast_free_antivirus_setup.exe
[2012/06/01 18:56:29 | 003,879,712 | ---- | M] (AVG Technologies) -- C:\Users\Administrator\Desktop\avg_free_stb_all_2012_2178_cnet.exe
[2012/06/01 18:46:00 | 004,679,672 | ---- | M] () -- C:\Users\Administrator\Desktop\THN-May2012.pdf
[2012/06/01 18:43:27 | 000,025,549 | ---- | M] () -- C:\Users\Administrator\Desktop\Respect.jpg
[2012/06/01 18:27:49 | 000,273,692 | ---- | M] () -- C:\Users\Administrator\Desktop\cc_20120601_182738 backup registry.reg
[2012/06/01 18:22:53 | 000,000,807 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/06/01 18:22:06 | 003,862,112 | ---- | M] (Piriform Ltd) -- C:\Users\Administrator\Desktop\ccsetup319.exe
[2012/06/01 15:52:22 | 000,165,467 | ---- | M] () -- C:\Users\Administrator\Desktop\Trojan Remover doesnt work.jpg
[2012/06/01 15:46:07 | 000,219,048 | ---- | M] () -- C:\Users\Administrator\Desktop\Trojan 1.jpg
[2012/06/01 01:19:13 | 000,033,049 | ---- | M] () -- C:\Users\Administrator\Desktop\Lik sho hoce da kupi armour.htm
[2012/06/01 00:23:55 | 000,015,942 | ---- | M] () -- C:\Users\Administrator\Desktop\Rich kid with creds 1 or stoned one.htm
[2012/05/31 06:54:54 | 000,000,083 | ---- | M] () -- C:\Users\Administrator\Desktop\Fajront republika Nick Sloter 3 - YouTube.URL
[2012/05/31 06:54:45 | 000,202,927 | ---- | M] () -- C:\Users\Administrator\Desktop\Atheist Rap Bolja Lista.jpg
[2012/05/30 20:13:12 | 000,180,569 | ---- | M] () -- C:\Users\Administrator\Desktop\Lista atheist rap.jpg
[2012/05/30 18:09:01 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2012/05/29 04:04:51 | 000,000,084 | ---- | M] () -- C:\Users\Administrator\Desktop\Blind (2011) eng sub HD - YouTube.URL
[2012/05/28 21:32:20 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012/05/28 21:32:20 | 000,112,032 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avfwot.sys
[2012/05/28 21:32:20 | 000,091,968 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avfwim.sys
[2012/05/28 21:32:20 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012/05/22 03:14:00 | 000,162,304 | ---- | M] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/19 01:05:41 | 000,246,377 | ---- | M] () -- C:\Users\Administrator\Desktop\lua-5.2.0.tar.gz
[2012/05/16 12:13:52 | 000,000,070 | ---- | M] () -- C:\Users\Administrator\Desktop\O-Minds FlashFirebug, a Firefox extension that allows you to debug Flash or Flex SWF files on the web.URL
[2012/05/13 12:26:39 | 000,000,117 | ---- | M] () -- C:\Users\Administrator\Desktop\Microsoft Windows 7 SP1 AIO Integrated April 2012 - Demonoid.URL
[2012/05/10 01:40:18 | 000,000,104 | ---- | M] () -- C:\Users\Administrator\Desktop\Accessing a website blocked by Avira Web Protection.URL
[2012/05/08 05:10:06 | 000,000,083 | ---- | M] () -- C:\Users\Administrator\Desktop\Honey, I Shrunk the Kids. - YouTube.URL
[2012/05/06 00:52:36 | 000,000,084 | ---- | M] () -- C:\Users\Administrator\Desktop\Dreamer - Inspired By A True Story - YouTube.URL
[2012/05/06 00:52:30 | 000,000,084 | ---- | M] () -- C:\Users\Administrator\Desktop\Finding A Family 2011 - YouTube.URL
[2012/05/03 09:43:48 | 000,211,984 | ---- | M] () -- C:\Users\Administrator\Desktop\Blue Screen Error 2-2.jpg
[2012/05/03 09:42:55 | 000,212,726 | ---- | M] () -- C:\Users\Administrator\Desktop\Blue Screen Error.jpg
[5 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Administrator\Desktop\*.tmp files -> C:\Users\Administrator\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/01 18:57:58 | 074,761,776 | ---- | C] () -- C:\Users\Administrator\Desktop\avast_free_antivirus_setup.exe
[2012/06/01 18:46:00 | 004,679,672 | ---- | C] () -- C:\Users\Administrator\Desktop\THN-May2012.pdf
[2012/06/01 18:43:26 | 000,025,549 | ---- | C] () -- C:\Users\Administrator\Desktop\Respect.jpg
[2012/06/01 18:27:43 | 000,273,692 | ---- | C] () -- C:\Users\Administrator\Desktop\cc_20120601_182738 backup registry.reg
[2012/06/01 18:22:53 | 000,000,807 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/06/01 15:52:21 | 000,165,467 | ---- | C] () -- C:\Users\Administrator\Desktop\Trojan Remover doesnt work.jpg
[2012/06/01 15:46:07 | 000,219,048 | ---- | C] () -- C:\Users\Administrator\Desktop\Trojan 1.jpg
[2012/06/01 01:19:13 | 000,033,049 | ---- | C] () -- C:\Users\Administrator\Desktop\Lik sho hoce da kupi armour.htm
[2012/06/01 00:23:54 | 000,015,942 | ---- | C] () -- C:\Users\Administrator\Desktop\Rich kid with creds 1 or stoned one.htm
[2012/05/31 06:54:54 | 000,000,083 | ---- | C] () -- C:\Users\Administrator\Desktop\Fajront republika Nick Sloter 3 - YouTube.URL
[2012/05/31 06:54:45 | 000,202,927 | ---- | C] () -- C:\Users\Administrator\Desktop\Atheist Rap Bolja Lista.jpg
[2012/05/30 20:13:11 | 000,180,569 | ---- | C] () -- C:\Users\Administrator\Desktop\Lista atheist rap.jpg
[2012/05/29 04:04:51 | 000,000,084 | ---- | C] () -- C:\Users\Administrator\Desktop\Blind (2011) eng sub HD - YouTube.URL
[2012/05/19 01:05:41 | 000,246,377 | ---- | C] () -- C:\Users\Administrator\Desktop\lua-5.2.0.tar.gz
[2012/05/16 12:13:52 | 000,000,070 | ---- | C] () -- C:\Users\Administrator\Desktop\O-Minds FlashFirebug, a Firefox extension that allows you to debug Flash or Flex SWF files on the web.URL
[2012/05/13 12:26:39 | 000,000,117 | ---- | C] () -- C:\Users\Administrator\Desktop\Microsoft Windows 7 SP1 AIO Integrated April 2012 - Demonoid.URL
[2012/05/10 01:40:18 | 000,000,104 | ---- | C] () -- C:\Users\Administrator\Desktop\Accessing a website blocked by Avira Web Protection.URL
[2012/05/08 05:10:06 | 000,000,083 | ---- | C] () -- C:\Users\Administrator\Desktop\Honey, I Shrunk the Kids. - YouTube.URL
[2012/05/06 00:52:36 | 000,000,084 | ---- | C] () -- C:\Users\Administrator\Desktop\Dreamer - Inspired By A True Story - YouTube.URL
[2012/05/06 00:52:30 | 000,000,084 | ---- | C] () -- C:\Users\Administrator\Desktop\Finding A Family 2011 - YouTube.URL
[2012/05/03 09:43:47 | 000,211,984 | ---- | C] () -- C:\Users\Administrator\Desktop\Blue Screen Error 2-2.jpg
[2012/05/03 09:42:55 | 000,212,726 | ---- | C] () -- C:\Users\Administrator\Desktop\Blue Screen Error.jpg
[2011/12/29 00:48:52 | 000,002,443 | ---- | C] () -- C:\Windows\MDVDP.Ini
[2011/11/02 00:26:35 | 000,017,408 | ---- | C] () -- C:\Users\Administrator\AppData\Local\WebpageIcons.db
[2011/05/14 21:35:05 | 000,000,010 | ---- | C] () -- C:\Windows\popcinfo.dat
[2011/05/13 21:19:16 | 000,000,477 | ---- | C] () -- C:\Windows\hegames.ini
[2011/04/06 03:03:58 | 001,774,720 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2011/04/06 03:03:58 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2011/04/06 03:03:58 | 000,014,848 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2011/04/06 03:03:58 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2011/04/06 03:03:58 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2011/04/06 01:08:57 | 000,535,624 | ---- | C] () -- C:\Windows\System32\pwNative.exe
[2011/04/06 01:08:57 | 000,016,472 | ---- | C] () -- C:\Windows\System32\pwdrvio.sys
[2011/04/06 01:08:56 | 000,011,104 | ---- | C] () -- C:\Windows\System32\pwdspio.sys
[2011/01/10 22:00:33 | 000,360,448 | ---- | C] ( ) -- C:\Windows\System32\lxdocfg.exe
[2010/12/24 19:37:18 | 000,000,120 | ---- | C] () -- C:\Windows\System32\enbconvertor.ini
[2010/11/13 12:14:46 | 000,062,648 | ---- | C] () -- C:\Users\Administrator\AppData\Local\toolbar3.bmp
[2010/11/12 12:09:56 | 000,195,108 | ---- | C] () -- C:\Users\Administrator\AppData\Local\lateral3.bmp
[2010/11/12 11:44:14 | 000,193,744 | ---- | C] () -- C:\Users\Administrator\AppData\Local\lateral1.bmp
[2010/11/12 11:10:58 | 000,193,744 | ---- | C] () -- C:\Users\Administrator\AppData\Local\lateral2.bmp
[2010/10/21 22:36:20 | 000,203,264 | ---- | C] () -- C:\Users\Administrator\AppData\Local\GetToolbar.exe
[2010/09/08 20:10:27 | 000,158,356 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010/09/05 03:19:29 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2010/08/11 01:59:37 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

========== LOP Check ==========

[2011/03/25 00:49:30 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\.ProjectViewer
[2011/10/30 12:26:41 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\COWON
[2012/06/01 19:38:55 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DAEMON Tools Lite
[2010/09/19 05:43:47 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Datalayer
[2011/11/01 19:11:31 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Duyly
[2011/03/30 20:44:37 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\GetRightToGo
[2008/12/31 22:16:05 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\GHISLER
[2010/11/15 03:04:06 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\LG Electronics
[2011/02/06 20:36:24 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Mount&Blade
[2011/07/04 01:49:24 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Mount&Blade Warband
[2010/12/02 15:35:22 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mquadr.at
[2010/09/19 13:33:34 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Nokia
[2010/09/19 13:33:35 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PC Suite
[2011/07/31 05:17:51 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PDF Software
[2011/12/12 17:51:31 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PFStaticIP
[2011/09/08 16:53:34 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Qokut
[2010/04/07 02:31:35 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\RadLight Company
[2012/02/20 04:23:22 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\RapidTyping
[2011/02/10 02:11:43 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ROCCAT
[2011/05/01 22:46:31 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Rovio
[2012/03/04 20:04:39 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\runic games
[2011/11/12 19:09:09 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Smart PDF Creator Pro
[2011/04/20 22:40:17 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TeamViewer
[2011/09/10 15:16:32 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Thinstall
[2011/07/31 13:09:23 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Trillian
[2011/10/10 02:07:17 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Unity
[2010/04/11 02:20:22 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\VistaCodecs
[2012/06/01 19:33:21 | 000,032,644 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2012/03/12 12:41:36 | 000,000,000 | ---D | M](C:\Users\Administrator\Desktop\??? ? 7 - NOVAK) -- C:\Users\Administrator\Desktop\НПС № 7 - NOVAK
[2012/03/12 12:31:06 | 000,000,000 | ---D | C](C:\Users\Administrator\Desktop\??? ? 7 - NOVAK) -- C:\Users\Administrator\Desktop\НПС № 7 - NOVAK

< End of report >
  • 0

Advertisements


#2
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hello [email protected] and welcome to GeeksToGo :)

My nickname is WhiteHat and I'm going to help you fix your problem.

Please note that I'm currently in training and my posts have to be approved by an expert before I reply.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
  • Please do not try to fix anything without being asked
  • I suggest you print or save any instructions I give you for easy reference. We may be using Safe mode and you will not always be able to access this thread.
  • I am currently reviewing your logs.

  • 0

#3
[email protected]

[email protected]

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Hello WhiteHat and welcome to my humble post. ^^

I must say i tried to fix something already, so if you need another log, please say so, i will post another.

I am waiting for your review.

Take your time, i will be patient now, since you are here. :happy:
  • 0

#4
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
# Step 1 #

Please, go to Start > Control Panel > and click in Add or Remove Programs. The remove these softwares below:
  • Ask Toolbar
  • Softonic Toolbar
  • Conduit Engine
# Step 2 #

Please reopen Posted Image on your desktop.
  • Under the Posted Image box at the bottom, paste in the following

    :Commands
    [CREATERESTOREPOINT]
    
    :OTL
    DRV - File not found [Kernel | On_Demand | Unknown] -- -- (aszfy54y)
    IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\prxtbsof1.dll (Conduit Ltd.)
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2431245
    IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\prxtbsof1.dll (Conduit Ltd.)
    IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...8-0B001966BCC8
    IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2431245
    IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...8-0B001966BCC8
    IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2431245
    FF - prefs.js..browser.search.defaultthis.engineName: "softonic-de3 Customized Web Search"
    FF - prefs.js..browser.search.defaulturl:  "http://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}"
    FF - prefs.js..extensions.enabledItems: [email protected]:3.2.5.2
    [2012/05/22 03:39:49 | 000,000,000 | ---D | M] (ST-de3 Community  Toolbar) --  C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\w153cjvt.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
    [2011/11/17 20:25:44 | 000,002,333 | ---- | M] () --  C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\w153cjvt.default\searchplugins\askcom.xml
    [2010/10/19 21:28:08 | 000,000,927 | ---- | M] () --  C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\w153cjvt.default\searchplugins\conduit.xml
    O2 - BHO: (softonic-de3 Toolbar) -  {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program  Files\softonic-de3\prxtbsof1.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) -  {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program  Files\softonic-de3\prxtbsof1.dll (Conduit Ltd.)
    O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) -  {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program  Files\softonic-de3\prxtbsof1.dll (Conduit Ltd.)
    O33 - MountPoints2\{2b288a56-83fb-11de-a51d-00218554d1d2}\Shell\Auto\command - "" = H:\RavMonE.exe e
    O33 -  MountPoints2\{2b288a56-83fb-11de-a51d-00218554d1d2}\Shell\AutoRun\command  - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL  H:\RavMonE.exe e
    O33 -  MountPoints2\{37cb3853-1129-11df-aeed-00218554d1d2}\Shell\AutoRun\command  - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL  RuNdLl32.EXE  .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
    O33 -  MountPoints2\{42de6d65-1ec6-11de-905d-806e6f6e6963}\Shell\AutoRun\command  - "" =  H:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\RemovableDriveHelper.exe
    O33 -  MountPoints2\{42de6d65-1ec6-11de-905d-806e6f6e6963}\Shell\open\command -  "" =  H:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\RemovableDriveHelper.exe
    O33 - MountPoints2\{435c0664-0910-11de-9341-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{435c0664-0910-11de-9341-806e6f6e6963}\Shell\AutoRun\command - "" = H:\AutoRun.exe
    O33 - MountPoints2\{435c06a8-0910-11de-9341-97caaa212a33}\Shell - "" = AutoRun
    O33 - MountPoints2\{435c06a8-0910-11de-9341-97caaa212a33}\Shell\AutoRun\command - "" = H:\AutoRun.exe
    O33 - MountPoints2\{5f37cc4a-421a-11de-add8-86b36394e336}\Shell - "" = AutoRun
    O33 - MountPoints2\{5f37cc4a-421a-11de-add8-86b36394e336}\Shell\AutoRun\command - "" = H:\AutoRun.exe
    O33 - MountPoints2\{cda85029-d78b-11dd-b70a-deeea542ad32}\Shell - "" = AutoRun
    O33 - MountPoints2\{cda85029-d78b-11dd-b70a-deeea542ad32}\Shell\AutoRun\command - "" = H:\AutoRun.exe
    [2011/03/30 20:46:27 | 113,505,840 | ---- | C] (Macromedia ) -- C:\Users\Administrator\AppData\Local\flash8es.exe
    
    :Commands
    [EMPTYTEMP]
    [EMPTYFLASH]
    
  • Then click the Posted Image button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


# Step 3 #

Please download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:


Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.

The report has the following format: MBRCheck_Date_Time.
For example: MBRCheck_05.13.12_22.35.11


# Step 4 #

Please download Farbar Service Scanner and run it on the computer.
Posted Image
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

# Step 5 #

  • Run OTL
  • Copy the lines in red
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    C:\Windows\assembly\tmp\U\*.* /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
  • Back to the program and paste the text inside the CodeBox in the text box "Custom Scan / Fixes"
  • Select the option All Users
  • Click on Quick Scan button
  • The examination takes a while, be patient.
  • Copy the entire contents of the log OTL.txt and post in your next reply


# Step 6 #

I want the see the logs in your next reply:
  • OTL Fix result
  • MBRCheck log.
  • Farbar Service Scanner log.
  • OTL.txt log.

  • 0

#5
[email protected]

[email protected]

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Hello there :happy:

Step #5

2nd line "copy the lines in red" is a little confusing.

There are no "lines in red"... or anything red, therez only gray and 2 words in purple...

So i will copy all in the box there because i do not have time now to wait for your answer, must get out soon, already running late.


Also, you did not wrote the step (between 2. 3. and/or 4.) to click in the OTL the "fix" button with the lines i copy. I hope that is not necessary.

Log files follow:

OTL Fix result


All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Error: No service named aszfy54y was found to stop!
Service\Driver key aszfy54y not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
File C:\Program Files\softonic-de3\prxtbsof1.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
File C:\Program Files\softonic-de3\prxtbsof1.dll not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Prefs.js: "softonic-de3 Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "http://search.condui...={searchTerms}" removed from browser.search.defaulturl
Prefs.js: [email protected]:3.2.5.2 removed from extensions.enabledItems
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\w153cjvt.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\searchplugin folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\w153cjvt.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\Plugins folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\w153cjvt.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\modules folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\w153cjvt.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\META-INF folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\w153cjvt.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\defaults folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\w153cjvt.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\components folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\w153cjvt.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\chrome folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\w153cjvt.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\w153cjvt.default\searchplugins\askcom.xml moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\w153cjvt.default\searchplugins\conduit.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
File C:\Program Files\softonic-de3\prxtbsof1.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
File de3\prxtbsof1.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}\ not found.
File de3\prxtbsof1.dll not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2b288a56-83fb-11de-a51d-00218554d1d2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2b288a56-83fb-11de-a51d-00218554d1d2}\ not found.
File H:\RavMonE.exe e not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2b288a56-83fb-11de-a51d-00218554d1d2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2b288a56-83fb-11de-a51d-00218554d1d2}\ not found.
File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\RavMonE.exe e not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{37cb3853-1129-11df-aeed-00218554d1d2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37cb3853-1129-11df-aeed-00218554d1d2}\ not found.
File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{42de6d65-1ec6-11de-905d-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42de6d65-1ec6-11de-905d-806e6f6e6963}\ not found.
File H:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\RemovableDriveHelper.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{42de6d65-1ec6-11de-905d-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42de6d65-1ec6-11de-905d-806e6f6e6963}\ not found.
File H:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\RemovableDriveHelper.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{435c0664-0910-11de-9341-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{435c0664-0910-11de-9341-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{435c0664-0910-11de-9341-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{435c0664-0910-11de-9341-806e6f6e6963}\ not found.
File H:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{435c06a8-0910-11de-9341-97caaa212a33}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{435c06a8-0910-11de-9341-97caaa212a33}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{435c06a8-0910-11de-9341-97caaa212a33}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{435c06a8-0910-11de-9341-97caaa212a33}\ not found.
File H:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5f37cc4a-421a-11de-add8-86b36394e336}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5f37cc4a-421a-11de-add8-86b36394e336}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5f37cc4a-421a-11de-add8-86b36394e336}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5f37cc4a-421a-11de-add8-86b36394e336}\ not found.
File H:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cda85029-d78b-11dd-b70a-deeea542ad32}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cda85029-d78b-11dd-b70a-deeea542ad32}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cda85029-d78b-11dd-b70a-deeea542ad32}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cda85029-d78b-11dd-b70a-deeea542ad32}\ not found.
File H:\AutoRun.exe not found.
C:\Users\Administrator\AppData\Local\flash8es.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 6405331 bytes
->Temporary Internet Files folder emptied: 3077330 bytes
->Java cache emptied: 3686119 bytes
->FireFox cache emptied: 164980753 bytes
->Google Chrome cache emptied: 6439140 bytes
->Flash cache emptied: 1199 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 82128 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10766 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 176.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.45.0 log created on 06062012_040940

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


MBRCheck log.


MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Ultimate Edition
Windows Information: (build 6000), 32-bit
Base Board Manufacturer: MSI
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: Micro-Star International
System Product Name: MEGA BOOK EX720
Logical Drives Mask: 0x000001cc

Kernel Drivers (total 158):
0x82400000 \SystemRoot\system32\ntoskrnl.exe
0x82795000 \SystemRoot\system32\hal.dll
0x8A6C6000 \SystemRoot\system32\kdcom.dll
0x8A677000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8A66E000 \SystemRoot\system32\PSHED.dll
0x8A666000 \SystemRoot\system32\BOOTVID.dll
0x8A62B000 \SystemRoot\system32\CLFS.SYS
0x8A54A000 \SystemRoot\system32\CI.dll
0x8A4D9000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8A4CB000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8AB07000 \SystemRoot\System32\Drivers\spka.sys
0x8A4C2000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x8A49C000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x8A459000 \SystemRoot\system32\drivers\acpi.sys
0x8A451000 \SystemRoot\system32\drivers\msisadrv.sys
0x8A442000 \SystemRoot\system32\drivers\volmgr.sys
0x8A41D000 \SystemRoot\system32\drivers\pci.sys
0x8A41A000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8A410000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8A400000 \SystemRoot\System32\drivers\mountmgr.sys
0x8AB00000 \SystemRoot\system32\drivers\pciide.sys
0x8AAF2000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8AAA8000 \SystemRoot\System32\drivers\volmgrx.sys
0x8AAA0000 \SystemRoot\system32\drivers\atapi.sys
0x8AA82000 \SystemRoot\system32\drivers\ataport.SYS
0x8AA51000 \SystemRoot\system32\drivers\fltmgr.sys
0x8AA41000 \SystemRoot\system32\drivers\fileinfo.sys
0x8A93D000 \SystemRoot\system32\drivers\ndis.sys
0x8A912000 \SystemRoot\system32\drivers\msrpc.sys
0x8A8D9000 \SystemRoot\system32\drivers\NETIO.SYS
0x8AEF8000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8A86F000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8A839000 \SystemRoot\system32\drivers\volsnap.sys
0x8A831000 \SystemRoot\System32\Drivers\spldr.sys
0x8A822000 \SystemRoot\System32\drivers\partmgr.sys
0x8A813000 \SystemRoot\System32\Drivers\mup.sys
0x8AED3000 \SystemRoot\System32\drivers\ecache.sys
0x8A802000 \SystemRoot\system32\drivers\disk.sys
0x8AEB2000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8AEA9000 \SystemRoot\system32\drivers\crcdisk.sys
0x8BCAA000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8E4CD000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8BC0E000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8DB30000 \SystemRoot\System32\drivers\watchdog.sys
0x8BC03000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8DAF3000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8BCE5000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8DAE1000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8DABF000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x8D99C000 \SystemRoot\system32\DRIVERS\athr.sys
0x8ACBE000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8BD76000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8D982000 \SystemRoot\system32\DRIVERS\o2sd.sys
0x8BCC3000 \SystemRoot\system32\DRIVERS\o2media.sys
0x8D8AF000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8D8A4000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8D896000 \SystemRoot\system32\DRIVERS\fspad_wlh32.sys
0x8D88B000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8D887000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8ACE5000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8D86F000 \SystemRoot\system32\DRIVERS\enecir.sys
0x8D857000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8E494000 \SystemRoot\System32\Drivers\aj32yx5g.SYS
0x8BF20000 \SystemRoot\System32\Drivers\tosrfcom.sys
0x8D808000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8E454000 \SystemRoot\system32\DRIVERS\storport.sys
0x8E449000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8E432000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8E427000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8E404000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8BE10000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8EFED000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8EF66000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0x8BE1F000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8D837000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8EEFC000 \SystemRoot\system32\DRIVERS\ks.sys
0x8EEEE000 \SystemRoot\system32\DRIVERS\circlass.sys
0x8EEE4000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8DB3D000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8EEB0000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8EE8F000 \SystemRoot\system32\DRIVERS\tosporte.sys
0x8BF60000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8EC11000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8F7D3000 \SystemRoot\system32\drivers\portcls.sys
0x8F7AE000 \SystemRoot\system32\drivers\drmk.sys
0x8F6A1000 \SystemRoot\system32\DRIVERS\smserial.sys
0x8DB4A000 \SystemRoot\system32\drivers\modem.sys
0x8EC03000 \SystemRoot\system32\drivers\nvhda32v.sys
0x8EE84000 \SystemRoot\system32\DRIVERS\hidir.sys
0x8BF00000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8EE1F000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8F692000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8F649000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8EE26000 \SystemRoot\System32\Drivers\Null.SYS
0x8EE2D000 \SystemRoot\System32\Drivers\Beep.SYS
0x8D8C2000 \SystemRoot\System32\drivers\vga.sys
0x8F628000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8BD43000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8BD4B000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8F5FD000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8F5EF000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8F5E6000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8F515000 \SystemRoot\System32\drivers\tcpip.sys
0x8F4FC000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8F4E7000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8F4D3000 \SystemRoot\system32\DRIVERS\smb.sys
0x8F48C000 \SystemRoot\system32\drivers\afd.sys
0x8F45A000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8F451000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x8F43B000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8F42D000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8F41A000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8F414000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x8F406000 \SystemRoot\System32\Drivers\SCDEmu.SYS
0x8FF9E000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0x8F400000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x8FF63000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8FF19000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8FF02000 \??\C:\Program Files\UltraISO\drivers\ISODrive.sys
0x8FEAF000 \SystemRoot\system32\drivers\csc.sys
0x8FE98000 \SystemRoot\System32\Drivers\dfsc.sys
0x8D8CE000 \SystemRoot\system32\DRIVERS\avkmgr.sys
0x8FE73000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x8DB57000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8BCB8000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8BD63000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x97A00000 \SystemRoot\System32\win32k.sys
0x8FD3F000 \SystemRoot\System32\drivers\Dxapi.sys
0x8BE2E000 \SystemRoot\system32\DRIVERS\monitor.sys
0x97800000 \SystemRoot\System32\TSDDD.dll
0x97810000 \SystemRoot\System32\cdd.dll
0x9A685000 \SystemRoot\system32\drivers\luafv.sys
0x9A66A000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x9A650000 \SystemRoot\system32\drivers\WudfPf.sys
0x8BFD0000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9BAA3000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x9A415000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9A402000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9B9B1000 \SystemRoot\system32\drivers\spsys.sys
0x9B85E000 \SystemRoot\system32\drivers\HTTP.sys
0x9ECF5000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9EC96000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9EC77000 \SystemRoot\system32\drivers\mrxdav.sys
0x9EEC9000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9EC3E000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9EEB7000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9EE93000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9EE47000 \SystemRoot\System32\DRIVERS\srv.sys
0xA0652000 \SystemRoot\system32\drivers\peauth.sys
0x9B802000 \SystemRoot\System32\Drivers\secdrv.SYS
0x8FD79000 \SystemRoot\System32\drivers\tcpipreg.sys
0x8FDE7000 \SystemRoot\system32\drivers\tdtcp.sys
0x8D946000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
0x9BB12000 \SystemRoot\System32\Drivers\RDPWD.SYS
0xA53AA000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xA82DC000 \??\C:\Windows\system32\drivers\mbam.sys
0x77560000 \Windows\System32\ntdll.dll
0x10000000 \Program Files\DAEMON Tools Lite\Engine.dll

Processes (total 69):
0 System Idle Process
4 System
528 C:\Windows\System32\smss.exe
604 csrss.exe
660 csrss.exe
668 C:\Windows\System32\wininit.exe
708 C:\Windows\System32\services.exe
720 C:\Windows\System32\lsass.exe
728 C:\Windows\System32\lsm.exe
752 C:\Windows\System32\winlogon.exe
916 C:\Windows\System32\svchost.exe
964 C:\Windows\System32\nvvsvc.exe
996 C:\Windows\System32\svchost.exe
1092 C:\Windows\System32\svchost.exe
1124 C:\Windows\System32\svchost.exe
1136 C:\Windows\System32\svchost.exe
1248 C:\Windows\System32\audiodg.exe
1288 C:\Windows\System32\SLsvc.exe
1372 C:\Windows\System32\svchost.exe
1432 C:\Windows\System32\rundll32.exe
1568 C:\Windows\System32\svchost.exe
1736 C:\Windows\System32\dwm.exe
1776 C:\Windows\explorer.exe
1784 C:\Windows\System32\wlanext.exe
1912 C:\Windows\System32\taskeng.exe
1948 C:\Windows\System32\spoolsv.exe
1988 C:\Program Files\Avira\AntiVir Desktop\sched.exe
2012 C:\Windows\System32\taskeng.exe
256 C:\Program Files\Google\Update\GoogleUpdate.exe
1724 C:\Program Files\SUPERAntiSpyware\SASCore.exe
1860 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
984 C:\Windows\System32\svchost.exe
284 C:\Windows\System32\svchost.exe
1824 C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
1352 C:\Program Files\System Control Manager\MSIService.exe
2104 C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
2208 C:\Windows\System32\svchost.exe
2272 C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
2324 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
2372 C:\Windows\System32\SearchIndexer.exe
2796 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
2812 C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
2824 C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
3532 C:\Windows\System32\rundll32.exe
3584 C:\Program Files\System Control Manager\MGSysCtrl.exe
3600 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
3640 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
3648 C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
3700 C:\Windows\RtHDVCpl.exe
3816 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3824 C:\Windows\System32\wbem\unsecapp.exe
3836 C:\Program Files\Smart PDF Creator Pro\SmartSoft PDF Printer Agent.exe
3896 WmiPrvSE.exe
3924 C:\Program Files\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe
4004 C:\Program Files\Real\RealPlayer\Update\realsched.exe
4032 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
4052 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
4060 C:\Program Files\Windows Media Player\wmpnscfg.exe
4072 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
4080 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
612 C:\Program Files\Windows Media Player\wmpnetwk.exe
2616 C:\Program Files\Mozilla Firefox\firefox.exe
3672 C:\Program Files\Mozilla Firefox\plugin-container.exe
3804 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
2956 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
3468 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
4028 C:\Windows\System32\mobsync.exe
3212 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
3268 C:\Users\Administrator\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000013`8836ac00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: FUJITSUMHZ2320BHG2, Rev: 00000009

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!

Farbar Service Scanner log.


Farbar Service Scanner Version: 05-06-2012
Ran by Administrator (administrator) on 06-06-2012 at 04:16:54
Running from "C:\Users\Administrator\Desktop"
Microsoft® Windows Vista™ Ultimate (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll
[2006-11-02 10:56] - [2006-11-02 11:46] - 0204800 ____A (Microsoft Corporation) 17210D8064EC116A3FC6B5E45E577D43

C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2006-11-02 10:58] - [2006-11-02 10:58] - 0802816 ____A (Microsoft Corporation) D944522B048A5FEB7700B5170D3D9423

C:\Windows\system32\dnsrslvr.dll
[2006-11-02 10:46] - [2006-11-02 11:46] - 0083968 ____A (Microsoft Corporation) 7EF78529439683570884F9308A02EC11

C:\Windows\system32\mpssvc.dll
[2006-11-02 10:56] - [2006-11-02 11:46] - 0395264 ____A (Microsoft Corporation) 370248683BDF5FE36BD06C6416E6CE83

C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys
[2006-11-02 10:56] - [2006-11-02 10:56] - 0063488 ____A (Microsoft Corporation) 8D326E8B321685D4784AFA1C55169D73

C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit

ATTENTION!=====> C:\Windows\system32\wscsvc.dll FILE IS MISSING AND SHOULD BE RESTORED.

C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll
[2008-12-31 22:01] - [2008-12-31 22:01] - 1712984 ____A (Microsoft Corporation) 3EEC20E41F5F331B94002970CEAEC92F

C:\Windows\system32\qmgr.dll
[2006-11-02 10:40] - [2006-11-02 11:46] - 0749568 ____A (Microsoft Corporation) 733FB484A06B9D6A44DD9CA1D3BE937B

C:\Windows\system32\es.dll
[2006-11-02 10:51] - [2006-11-02 11:46] - 0259584 ____A (Microsoft Corporation) DFB250BAC1A9108ABD777EA181E32015

C:\Windows\system32\cryptsvc.dll => MD5 is legit

ATTENTION!=====> C:\Program Files\Windows Defender\MpSvc.dll FILE IS MISSING AND SHOULD BE RESTORED.

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll
[2006-11-02 10:50] - [2006-11-02 11:46] - 0545792 ____A (Microsoft Corporation) B46D8EA6DD30BAA49F674DACDC4C491F



**** End of log ****

OTL.txt log


OTL logfile created on: 6/6/2012 4:26:03 - Run 1
OTL by OldTimer - Version 3.2.45.0 Folder = C:\Users\Administrator\Desktop
Windows Vista Ultimate Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16386)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.95 Gb Available Physical Memory | 65.07% Memory free
6.17 Gb Paging File | 4.86 Gb Available in Paging File | 78.78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 78.13 Gb Total Space | 50.29 Gb Free Space | 64.37% Space Free | Partition Type: NTFS
Drive D: | 78.13 Gb Total Space | 10.63 Gb Free Space | 13.60% Space Free | Partition Type: NTFS

Computer Name: EXPERIENCE | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/02 01:29:53 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
PRC - [2012/05/28 21:32:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012/05/28 21:32:19 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2012/05/28 21:32:19 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
PRC - [2012/05/28 21:32:19 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/05/28 21:32:19 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/05/28 21:32:19 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012/05/21 22:38:02 | 003,905,920 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2012/04/25 09:59:23 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/02/28 08:45:45 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/08/12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/07/19 18:34:14 | 000,050,568 | ---- | M] () -- C:\Program Files\Smart PDF Creator Pro\SmartSoft PDF Printer Agent.exe
PRC - [2011/07/12 16:29:00 | 000,552,960 | ---- | M] (ROCCAT GmbH) -- C:\Program Files\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe
PRC - [2011/04/15 11:43:20 | 002,280,312 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2009/05/26 12:35:32 | 002,528,584 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2009/05/07 14:58:24 | 000,308,552 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2009/03/17 15:36:12 | 000,144,752 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2009/01/23 16:50:00 | 000,423,200 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
PRC - [2009/01/07 12:23:32 | 000,357,704 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2008/12/31 22:03:43 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/09 12:17:46 | 000,708,608 | ---- | M] (Mirco-Star International CO., LTD.) -- C:\Program Files\System Control Manager\MGSysCtrl.exe
PRC - [2008/08/26 18:52:14 | 000,159,744 | ---- | M] () -- C:\Program Files\System Control Manager\MSIService.exe
PRC - [2008/07/24 12:24:24 | 000,083,272 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
PRC - [2008/07/22 19:03:50 | 006,253,088 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/02/12 17:43:44 | 000,065,536 | ---- | M] (O2Micro International) -- C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/06 04:14:37 | 000,065,024 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012/06/06 04:14:37 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012/06/02 00:09:03 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012/06/02 00:09:03 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2012/05/06 00:53:16 | 008,797,856 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_2_202_235.dll
MOD - [2012/04/25 09:59:22 | 001,952,696 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/07/19 18:34:14 | 000,050,568 | ---- | M] () -- C:\Program Files\Smart PDF Creator Pro\SmartSoft PDF Printer Agent.exe
MOD - [2010/06/22 14:50:52 | 000,061,440 | ---- | M] () -- C:\Program Files\ROCCAT\Kone[+] Mouse\hiddriver.dll
MOD - [2008/08/25 13:47:16 | 000,192,512 | ---- | M] () -- C:\Program Files\System Control Manager\MSIWmiAcpi.dll
MOD - [2008/07/18 15:39:04 | 000,053,248 | ---- | M] () -- C:\Program Files\System Control Manager\MGKBHook.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/05/28 21:32:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/28 21:32:19 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012/05/28 21:32:19 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2012/05/28 21:32:19 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/05/06 00:53:16 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/08/12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011/05/13 01:04:40 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2011/04/15 11:43:20 | 002,280,312 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010/06/14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/03/17 15:36:12 | 000,144,752 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2008/12/31 22:03:43 | 000,542,720 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\sysmain.dll -- (SysMain)
SRV - [2008/08/26 18:52:14 | 000,159,744 | ---- | M] () [Auto | Running] -- C:\Program Files\System Control Manager\MSIService.exe -- (Micro Star SCM)
SRV - [2007/02/12 17:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe -- (o2flash)
SRV - [2006/11/02 14:32:28 | 000,560,640 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\emdmgmt.dll -- (EMDMgmt)
SRV - [2006/11/02 11:46:13 | 000,127,488 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\wersvc.dll -- (WerSvc)
SRV - [2006/11/02 11:46:12 | 000,105,984 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\regsvc.dll -- (RemoteRegistry)
SRV - [2006/11/02 11:46:05 | 000,065,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\mprdim.dll -- (RemoteAccess)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (aj32yx5g)
DRV - [2012/05/28 21:32:20 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/05/28 21:32:20 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/09/15 23:55:04 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/07/22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/08/31 21:32:21 | 000,697,328 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010/07/15 08:44:20 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv)
DRV - [2010/07/15 08:44:20 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/04/12 10:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2010/04/09 13:16:50 | 000,016,472 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdrvio.sys -- (pwdrvio)
DRV - [2010/04/09 13:16:46 | 000,011,104 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdspio.sys -- (pwdspio)
DRV - [2010/02/26 14:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010/02/26 14:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009/08/19 12:47:46 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009/08/19 12:47:46 | 000,100,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009/06/09 18:29:22 | 001,177,600 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/05/14 10:50:56 | 000,054,400 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2009/05/12 12:12:34 | 000,036,992 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2009/03/19 15:07:32 | 000,043,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2009/03/12 12:33:08 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2009/03/05 12:03:16 | 000,074,368 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2009/02/19 17:20:10 | 000,063,872 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2008/12/15 13:17:50 | 000,074,752 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive)
DRV - [2008/11/11 14:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008/11/11 14:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008/11/11 14:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2008/10/06 18:56:38 | 000,137,984 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (Tosrfbd)
DRV - [2008/08/28 12:30:03 | 000,033,792 | ---- | M] (Sentelic Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fspad_wlh32.sys -- (fspad_wlh32)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/08/19 12:58:00 | 007,545,824 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/08/19 12:58:00 | 000,044,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008/07/22 17:42:34 | 000,123,904 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/07/15 17:38:36 | 000,051,288 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2008/06/12 10:28:56 | 000,043,608 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2sd.sys -- (O2SDRDR)
DRV - [2008/06/11 20:23:12 | 001,097,856 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2008/04/29 02:54:58 | 000,054,784 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV - [2008/03/25 14:54:02 | 000,041,472 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)
DRV - [2006/11/02 11:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 11:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 11:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 11:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 11:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iaStorV.sys -- (iaStorV)
DRV - [2006/11/02 11:51:12 | 000,167,528 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\pcmcia.sys -- (pcmcia)
DRV - [2006/11/02 11:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 11:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 11:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 11:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 11:50:24 | 000,047,208 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\isapnp.sys -- (isapnp)
DRV - [2006/11/02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 11:50:17 | 000,080,488 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\msdsm.sys -- (msdsm)
DRV - [2006/11/02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 11:50:16 | 000,078,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\mpio.sys -- (mpio)
DRV - [2006/11/02 11:50:16 | 000,076,392 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sbp2port.sys -- (sbp2port)
DRV - [2006/11/02 11:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 11:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 11:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 11:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 11:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\HpCISSs.sys -- (HpCISSs)
DRV - [2006/11/02 11:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 11:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 11:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\Mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 11:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 11:49:49 | 000,027,752 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\i2omp.sys -- (i2omp)
DRV - [2006/11/02 11:49:44 | 000,023,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\msahci.sys -- (msahci)
DRV - [2006/11/02 11:49:38 | 000,019,560 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\wd.sys -- (Wd)
DRV - [2006/11/02 11:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 11:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 11:49:26 | 000,015,464 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\amdide.sys -- (amdide)
DRV - [2006/11/02 11:49:24 | 000,014,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\intelide.sys -- (intelide)
DRV - [2006/11/02 11:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 11:15:23 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2006/11/02 10:55:23 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\bthmodem.sys -- (BTHMODEM)
DRV - [2006/11/02 10:55:22 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\hidbth.sys -- (HidBth)
DRV - [2006/11/02 10:55:05 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\usbohci.sys -- (usbohci)
DRV - [2006/11/02 10:52:52 | 000,020,608 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\wacompen.sys -- (WacomPen)
DRV - [2006/11/02 10:51:40 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sfloppy.sys -- (sfloppy)
DRV - [2006/11/02 10:51:38 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sffdisk.sys -- (sffdisk)
DRV - [2006/11/02 10:51:33 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\fdc.sys -- (fdc)
DRV - [2006/11/02 10:51:32 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\flpydisk.sys -- (flpydisk)
DRV - [2006/11/02 10:51:30 | 000,079,360 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\parport.sys -- (Parport)
DRV - [2006/11/02 10:51:11 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sermouse.sys -- (sermouse)
DRV - [2006/11/02 10:42:03 | 000,065,536 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\IPMIDrv.sys -- (IPMIDRV)
DRV - [2006/11/02 10:30:57 | 000,225,280 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\udfs.sys -- (udfs)
DRV - [2006/11/02 10:30:19 | 000,039,424 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\viac7.sys -- (ViaC7)
DRV - [2006/11/02 10:30:18 | 000,040,960 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\amdk8.sys -- (AmdK8)
DRV - [2006/11/02 10:30:18 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\crusoe.sys -- (Crusoe)
DRV - [2006/11/02 10:30:18 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\amdk7.sys -- (AmdK7)
DRV - [2006/11/02 10:30:18 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\processr.sys -- (Processor)
DRV - [2006/11/02 10:27:22 | 001,083,520 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ph3xIB32.sys -- (Ph3xIB32)
DRV - [2006/11/02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\BrSerId.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2006/11/02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2004/02/09 13:06:22 | 000,015,360 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NetMotCM.sys -- (ndiscm)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2899288009-97569274-2756643056-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.telekom.at/suche
IE - HKU\S-1-5-21-2899288009-97569274-2756643056-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.rs/
IE - HKU\S-1-5-21-2899288009-97569274-2756643056-500\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKU\S-1-5-21-2899288009-97569274-2756643056-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKU\S-1-5-21-2899288009-97569274-2756643056-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ncr"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.9: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010/09/19 05:56:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/02/28 08:46:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/25 09:59:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/03/02 17:47:07 | 000,000,000 | ---D | M]

[2010/08/11 01:59:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions
[2012/06/06 04:18:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\w153cjvt.default\extensions
[2010/08/24 12:20:49 | 000,000,000 | ---D | M] (20-20 3D Viewer) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\w153cjvt.default\extensions\[email protected]
[2012/05/16 12:12:55 | 000,000,000 | ---D | M] (FlashFirebug) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\w153cjvt.default\extensions\[email protected]
[2012/01/04 01:21:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/04/16 20:26:57 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/05/04 23:22:21 | 000,096,925 | ---- | M] () (No name found) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W153CJVT.DEFAULT\EXTENSIONS\{C6F77964-B0B5-4953-A144-93051184EC0C}.XPI
[2012/01/07 17:50:20 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W153CJVT.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/01/07 17:53:28 | 000,118,971 | ---- | M] () (No name found) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W153CJVT.DEFAULT\EXTENSIONS\[email protected]
[2012/05/12 02:28:14 | 000,015,611 | ---- | M] () (No name found) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W153CJVT.DEFAULT\EXTENSIONS\[email protected]
[2012/04/25 09:59:23 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/24 06:40:07 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/24 06:40:07 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Bing ()
CHR - default_search_provider: search_url = http://www.bing.com/...q={searchTerms}
CHR - default_search_provider: suggest_url = http://api.bing.com/...uage={language}

O1 HOSTS File: ([2012/06/01 19:44:42 | 000,442,820 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15216 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKU\S-1-5-21-2899288009-97569274-2756643056-500\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ContentTransferWMDetector.exe] C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)
O4 - HKLM..\Run: [fspuip] C:\Program Files\FSP\fspuip.exe (Sentelic Corporation)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe (Mirco-Star International CO., LTD.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RoccatKone+] C:\Program Files\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.EXE (ROCCAT GmbH)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmartSoft PDF Printer Agent] C:\Program Files\Smart PDF Creator Pro\SmartSoft PDF Printer Agent.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter File not found
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter File not found
O4 - HKU\S-1-5-21-2899288009-97569274-2756643056-500..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Start_ShowMyMusic = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: verbosestatus = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-21-2899288009-97569274-2756643056-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-21-2899288009-97569274-2756643056-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95
O7 - HKU\S-1-5-21-2899288009-97569274-2756643056-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKU\S-1-5-21-2899288009-97569274-2756643056-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.34.133.21 212.186.211.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3BFBBB70-818E-45B1-865E-D6BE456B4D01}: DhcpNameServer = 195.34.133.21 212.186.211.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7B35CA7A-EA94-4ED9-808E-4688E6AFFC07}: NameServer = 195.34.133.21,212.186.211.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8198C355-A851-4B3E-A49A-FFC2AD11C705}: DhcpNameServer = 212.62.32.1 212.62.32.5
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\klogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/12/27 14:08:35 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{3ba64ff5-6118-11df-92d2-00218554d1d2}\Shell\Option1\Command - "" = H:\HBCD\Wintools\HBCDMenu.exe
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Sharedaccess - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/06/06 04:09:40 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/06/02 01:54:29 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/06/02 01:52:37 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/06/02 01:29:50 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2012/06/02 01:21:31 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\backups
[2012/06/02 00:08:44 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\SUPERAntiSpyware.com
[2012/06/02 00:07:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/06/02 00:07:53 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/06/02 00:07:53 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/06/01 23:51:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2012/06/01 23:51:10 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2012/06/01 23:43:39 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes
[2012/06/01 23:43:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/01 23:43:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/01 23:43:34 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/06/01 23:43:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/06/01 22:33:11 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Administrator\Desktop\HiJackThis.exe
[2012/06/01 18:22:53 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/05/26 00:02:02 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Avira
[2012/05/25 23:50:18 | 000,000,000 | ---D | C] -- C:\Users\Administrator\{3ab03e36-9577-44eb-b9ac-aa3aef5780bf}
[2012/05/25 23:49:51 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012/05/25 23:49:42 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012/05/25 23:49:42 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012/05/25 23:49:42 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012/05/25 23:49:41 | 000,112,032 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avfwot.sys
[2012/05/25 23:49:41 | 000,091,968 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avfwim.sys
[2012/05/25 23:49:26 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012/05/22 03:06:13 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Damfon
[2012/05/19 17:11:31 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\O
[2012/05/19 01:06:30 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\lua-5.2.0
[1 C:\Users\Administrator\Desktop\*.tmp files -> C:\Users\Administrator\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/06 04:16:48 | 000,621,552 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/06 04:16:48 | 000,104,868 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/06 04:16:23 | 000,338,059 | ---- | M] () -- C:\Users\Administrator\Desktop\FSS.exe
[2012/06/06 04:14:49 | 000,080,384 | ---- | M] () -- C:\Users\Administrator\Desktop\MBRCheck.exe
[2012/06/06 04:14:02 | 000,043,239 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012/06/06 04:12:51 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/06 04:12:51 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/06 04:12:02 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/06 04:11:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/06 04:10:43 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/06/06 04:07:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/06 03:48:59 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/05 15:23:47 | 000,043,239 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012/06/05 04:59:04 | 000,164,864 | ---- | M] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/04 00:38:01 | 000,031,192 | ---- | M] () -- C:\Users\Administrator\Desktop\LOL sta znace ovi izrazi na nemackom ....htm
[2012/06/03 23:11:08 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2012/06/02 01:29:53 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2012/06/02 01:17:40 | 000,346,608 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/06/02 00:07:58 | 000,001,803 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/06/01 23:51:10 | 000,000,879 | ---- | M] () -- C:\Users\Administrator\Desktop\SpywareBlaster.lnk
[2012/06/01 23:43:35 | 000,000,909 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/01 22:33:13 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Administrator\Desktop\HiJackThis.exe
[2012/06/01 19:44:42 | 000,442,820 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/06/01 18:46:00 | 004,679,672 | ---- | M] () -- C:\Users\Administrator\Desktop\THN-May2012.pdf
[2012/06/01 18:43:27 | 000,025,549 | ---- | M] () -- C:\Users\Administrator\Desktop\Respect.jpg
[2012/06/01 18:27:49 | 000,273,692 | ---- | M] () -- C:\Users\Administrator\Desktop\cc_20120601_182738 backup registry.reg
[2012/06/01 18:22:53 | 000,000,807 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/06/01 15:52:22 | 000,165,467 | ---- | M] () -- C:\Users\Administrator\Desktop\Trojan Remover doesnt work.jpg
[2012/06/01 15:46:07 | 000,219,048 | ---- | M] () -- C:\Users\Administrator\Desktop\Trojan 1.jpg
[2012/06/01 01:19:13 | 000,033,049 | ---- | M] () -- C:\Users\Administrator\Desktop\Lik sho hoce da kupi armour.htm
[2012/06/01 00:23:55 | 000,015,942 | ---- | M] () -- C:\Users\Administrator\Desktop\Rich kid with creds 1 or stoned one.htm
[2012/05/31 06:54:54 | 000,000,083 | ---- | M] () -- C:\Users\Administrator\Desktop\Fajront republika Nick Sloter 3 - YouTube.URL
[2012/05/31 06:54:45 | 000,202,927 | ---- | M] () -- C:\Users\Administrator\Desktop\Atheist Rap Bolja Lista.jpg
[2012/05/30 20:13:12 | 000,180,569 | ---- | M] () -- C:\Users\Administrator\Desktop\Lista atheist rap.jpg
[2012/05/29 04:04:51 | 000,000,084 | ---- | M] () -- C:\Users\Administrator\Desktop\Blind (2011) eng sub HD - YouTube.URL
[2012/05/28 21:32:20 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012/05/28 21:32:20 | 000,112,032 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avfwot.sys
[2012/05/28 21:32:20 | 000,091,968 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avfwim.sys
[2012/05/28 21:32:20 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012/05/19 01:05:41 | 000,246,377 | ---- | M] () -- C:\Users\Administrator\Desktop\lua-5.2.0.tar.gz
[2012/05/16 12:13:52 | 000,000,070 | ---- | M] () -- C:\Users\Administrator\Desktop\O-Minds FlashFirebug, a Firefox extension that allows you to debug Flash or Flex SWF files on the web.URL
[2012/05/13 12:26:39 | 000,000,117 | ---- | M] () -- C:\Users\Administrator\Desktop\Microsoft Windows 7 SP1 AIO Integrated April 2012 - Demonoid.URL
[2012/05/10 01:40:18 | 000,000,104 | ---- | M] () -- C:\Users\Administrator\Desktop\Accessing a website blocked by Avira Web Protection.URL
[2012/05/08 05:10:06 | 000,000,083 | ---- | M] () -- C:\Users\Administrator\Desktop\Honey, I Shrunk the Kids. - YouTube.URL
[1 C:\Users\Administrator\Desktop\*.tmp files -> C:\Users\Administrator\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/06 04:16:22 | 000,338,059 | ---- | C] () -- C:\Users\Administrator\Desktop\FSS.exe
[2012/06/06 04:14:47 | 000,080,384 | ---- | C] () -- C:\Users\Administrator\Desktop\MBRCheck.exe
[2012/06/04 00:37:58 | 000,031,192 | ---- | C] () -- C:\Users\Administrator\Desktop\LOL sta znace ovi izrazi na nemackom ....htm
[2012/06/02 00:07:58 | 000,001,803 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/06/01 23:51:10 | 000,000,879 | ---- | C] () -- C:\Users\Administrator\Desktop\SpywareBlaster.lnk
[2012/06/01 23:43:35 | 000,000,909 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/01 18:46:00 | 004,679,672 | ---- | C] () -- C:\Users\Administrator\Desktop\THN-May2012.pdf
[2012/06/01 18:43:26 | 000,025,549 | ---- | C] () -- C:\Users\Administrator\Desktop\Respect.jpg
[2012/06/01 18:27:43 | 000,273,692 | ---- | C] () -- C:\Users\Administrator\Desktop\cc_20120601_182738 backup registry.reg
[2012/06/01 18:22:53 | 000,000,807 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/06/01 15:52:21 | 000,165,467 | ---- | C] () -- C:\Users\Administrator\Desktop\Trojan Remover doesnt work.jpg
[2012/06/01 15:46:07 | 000,219,048 | ---- | C] () -- C:\Users\Administrator\Desktop\Trojan 1.jpg
[2012/06/01 01:19:13 | 000,033,049 | ---- | C] () -- C:\Users\Administrator\Desktop\Lik sho hoce da kupi armour.htm
[2012/06/01 00:23:54 | 000,015,942 | ---- | C] () -- C:\Users\Administrator\Desktop\Rich kid with creds 1 or stoned one.htm
[2012/05/31 06:54:54 | 000,000,083 | ---- | C] () -- C:\Users\Administrator\Desktop\Fajront republika Nick Sloter 3 - YouTube.URL
[2012/05/31 06:54:45 | 000,202,927 | ---- | C] () -- C:\Users\Administrator\Desktop\Atheist Rap Bolja Lista.jpg
[2012/05/30 20:13:11 | 000,180,569 | ---- | C] () -- C:\Users\Administrator\Desktop\Lista atheist rap.jpg
[2012/05/29 04:04:51 | 000,000,084 | ---- | C] () -- C:\Users\Administrator\Desktop\Blind (2011) eng sub HD - YouTube.URL
[2012/05/19 01:05:41 | 000,246,377 | ---- | C] () -- C:\Users\Administrator\Desktop\lua-5.2.0.tar.gz
[2012/05/16 12:13:52 | 000,000,070 | ---- | C] () -- C:\Users\Administrator\Desktop\O-Minds FlashFirebug, a Firefox extension that allows you to debug Flash or Flex SWF files on the web.URL
[2012/05/13 12:26:39 | 000,000,117 | ---- | C] () -- C:\Users\Administrator\Desktop\Microsoft Windows 7 SP1 AIO Integrated April 2012 - Demonoid.URL
[2012/05/10 01:40:18 | 000,000,104 | ---- | C] () -- C:\Users\Administrator\Desktop\Accessing a website blocked by Avira Web Protection.URL
[2012/05/08 05:10:06 | 000,000,083 | ---- | C] () -- C:\Users\Administrator\Desktop\Honey, I Shrunk the Kids. - YouTube.URL
[2011/12/29 00:48:52 | 000,002,443 | ---- | C] () -- C:\Windows\MDVDP.Ini
[2011/11/02 00:26:35 | 000,017,408 | ---- | C] () -- C:\Users\Administrator\AppData\Local\WebpageIcons.db
[2011/05/14 21:35:05 | 000,000,010 | ---- | C] () -- C:\Windows\popcinfo.dat
[2011/05/13 21:19:16 | 000,000,477 | ---- | C] () -- C:\Windows\hegames.ini
[2011/04/06 03:03:58 | 001,774,720 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2011/04/06 03:03:58 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2011/04/06 03:03:58 | 000,014,848 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2011/04/06 03:03:58 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2011/04/06 03:03:58 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2011/04/06 01:08:57 | 000,535,624 | ---- | C] () -- C:\Windows\System32\pwNative.exe
[2011/04/06 01:08:57 | 000,016,472 | ---- | C] () -- C:\Windows\System32\pwdrvio.sys
[2011/04/06 01:08:56 | 000,011,104 | ---- | C] () -- C:\Windows\System32\pwdspio.sys
[2011/01/10 22:00:33 | 000,360,448 | ---- | C] ( ) -- C:\Windows\System32\lxdocfg.exe
[2010/12/24 19:37:18 | 000,000,120 | ---- | C] () -- C:\Windows\System32\enbconvertor.ini
[2010/11/13 12:14:46 | 000,062,648 | ---- | C] () -- C:\Users\Administrator\AppData\Local\toolbar3.bmp
[2010/11/12 12:09:56 | 000,195,108 | ---- | C] () -- C:\Users\Administrator\AppData\Local\lateral3.bmp
[2010/11/12 11:44:14 | 000,193,744 | ---- | C] () -- C:\Users\Administrator\AppData\Local\lateral1.bmp
[2010/11/12 11:10:58 | 000,193,744 | ---- | C] () -- C:\Users\Administrator\AppData\Local\lateral2.bmp
[2010/10/21 22:36:20 | 000,203,264 | ---- | C] () -- C:\Users\Administrator\AppData\Local\GetToolbar.exe
[2010/09/08 20:10:27 | 000,158,356 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010/09/05 03:19:29 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2010/08/11 01:59:37 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

========== LOP Check ==========

[2011/03/25 00:49:30 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\.ProjectViewer
[2011/10/30 12:26:41 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\COWON
[2012/06/01 23:14:31 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DAEMON Tools Lite
[2010/09/19 05:43:47 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Datalayer
[2011/11/01 19:11:31 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Duyly
[2011/03/30 20:44:37 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\GetRightToGo
[2008/12/31 22:16:05 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\GHISLER
[2010/11/15 03:04:06 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\LG Electronics
[2011/02/06 20:36:24 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Mount&Blade
[2011/07/04 01:49:24 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Mount&Blade Warband
[2010/12/02 15:35:22 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mquadr.at
[2010/09/19 13:33:34 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Nokia
[2010/09/19 13:33:35 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PC Suite
[2011/07/31 05:17:51 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PDF Software
[2011/12/12 17:51:31 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PFStaticIP
[2011/09/08 16:53:34 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Qokut
[2010/04/07 02:31:35 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\RadLight Company
[2012/02/20 04:23:22 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\RapidTyping
[2011/02/10 02:11:43 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ROCCAT
[2011/05/01 22:46:31 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Rovio
[2012/03/04 20:04:39 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\runic games
[2011/11/12 19:09:09 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Smart PDF Creator Pro
[2011/04/20 22:40:17 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TeamViewer
[2011/09/10 15:16:32 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Thinstall
[2011/07/31 13:09:23 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Trillian
[2011/10/10 02:07:17 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Unity
[2010/04/11 02:20:22 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\VistaCodecs
[2012/06/06 04:10:44 | 000,032,644 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/07/03 13:38:24 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=2BB75B7F548D82A099125D0C5971DE7D -- C:\Intel\WINDOWS\explorer.exe
[2008/12/31 22:03:43 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\explorer.exe
[2008/12/31 22:03:43 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2008/12/31 22:03:43 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2006/11/02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe

< MD5 for: SVCHOST.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2006/11/02 11:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\System32\svchost.exe
[2006/11/02 11:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe

< MD5 for: USERINIT.EXE >
[2006/11/02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\System32\userinit.exe
[2006/11/02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2006/11/02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\System32\winlogon.exe
[2006/11/02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/04/25 09:59:22 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/04/25 09:59:22 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/04/25 09:59:22 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/04/25 09:59:23 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/04/25 09:59:23 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/04/25 09:59:23 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2006/11/02 11:45:13 | 000,056,832 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2006/11/02 11:45:13 | 000,056,832 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2006/11/02 11:45:13 | 000,056,832 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2006/11/02 11:45:14 | 000,623,616 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/04/25 09:59:22 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/04/25 09:59:22 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/04/25 09:59:22 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/04/25 09:59:23 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/04/25 09:59:23 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/04/25 09:59:23 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2006/11/02 11:45:13 | 000,056,832 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2006/11/02 11:45:13 | 000,056,832 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2006/11/02 11:45:13 | 000,056,832 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2006/11/02 11:45:14 | 000,623,616 | ---- | M] (Microsoft Corporation)

========== Files - Unicode (All) ==========
[2012/03/12 12:41:36 | 000,000,000 | ---D | M](C:\Users\Administrator\Desktop\??? ? 7 - NOVAK) -- C:\Users\Administrator\Desktop\НПС № 7 - NOVAK
[2012/03/12 12:31:06 | 000,000,000 | ---D | C](C:\Users\Administrator\Desktop\??? ? 7 - NOVAK) -- C:\Users\Administrator\Desktop\НПС № 7 - NOVAK

========== Alternate Data Streams ==========

@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >
  • 0

#6
[email protected]

[email protected]

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
I forgot.

I am going on a trip today and i wont be able to reply again in the next 20 hours, so i`ll reply tomorrow.

Gl with your work :happy:
  • 0

#7
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi,

# Step 1 #


Download Vista.zip from here: http://www.smartestc...y-network-keys/

Unzip the download folder and you will find several regfiles (*.reg).

  • Double-click mpssvc.reg and confirm the prompt.
  • Double-click bfe.reg and confirm the prompt.
  • Double-click wscsvc.reg and confirm the prompt.
  • Double-click Windefend.reg and confirm the prompt.

# Step 2 #



Please reopen Posted Image on your desktop.
  • Under the Posted Image box at the bottom, paste in the following

    :Commands
    [CREATERESTOREPOINT]
    
    :OTL
    DRV - File not found [Kernel | On_Demand | Unknown] --  -- (aj32yx5g)
    [2012/05/25 23:50:18 | 000,000,000 | ---D | C] -- C:\Users\Administrator\{3ab03e36-9577-44eb-b9ac-aa3aef5780bf}
    
    :Files
    net start mpsdrv /c
    net start MpsSvc /c
    net start bfe /c
    net start WinDefend /c
    
    :Reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=dword:00000000
  • Then click the Posted Image button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

# Step 3 #



  • Run OTL
  • Copy the lines under the Code
    /MD5Start
    wscsvc.*
    MpSvc.*
    sptd.*
    /MD5Stop
  • Back to the program and paste the text in red in the text box "Custom Scan / Fixes"
  • Click in the button Posted Image
  • Click on Run Scan button
  • The examination takes a while, be patient.
  • Copy the entire contents of the log OTL.txt and post in your next reply



# Step 4 #

Please run Farbar Service Scanner again.
Posted Image
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

# Step 5 #
Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and douBleclick on TDSSKiller.exe to run the application, then on Start Scan.
    Posted Image
  • If an infected file is detected, the default action will Be Cure, click on Continue.
    Posted Image
  • If a suspicious file is detected, the default action will Be Skip, click on Continue.
    Posted Image
  • It may ask you to reBoot the computer to complete the process. Click on ReBoot Now.
    Posted Image
  • If no reBoot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reBoot is required, the report can also Be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.



# Step 6 #


I want the see the logs in your next reply:

  • OTL Fix result
  • OTL.txt log.
  • Farbar Service Scanner log.
  • TDSSKiller log.

  • 0

#8
[email protected]

[email protected]

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts

OTL Fix result


========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Error: No service named aj32yx5g was found to stop!
Service\Driver key aj32yx5g not found.
C:\Users\Administrator\{3ab03e36-9577-44eb-b9ac-aa3aef5780bf} folder moved successfully.
========== FILES ==========
< net start mpsdrv /c >
The Windows Firewall Authorization Driver service was started successfully.
C:\Users\Administrator\Desktop\cmd.bat deleted successfully.
C:\Users\Administrator\Desktop\cmd.txt deleted successfully.
< net start MpsSvc /c >
C:\Users\Administrator\Desktop\cmd.bat deleted successfully.
C:\Users\Administrator\Desktop\cmd.txt deleted successfully.
< net start bfe /c >
C:\Users\Administrator\Desktop\cmd.bat deleted successfully.
C:\Users\Administrator\Desktop\cmd.txt deleted successfully.
< net start WinDefend /c >
C:\Users\Administrator\Desktop\cmd.bat deleted successfully.
C:\Users\Administrator\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiSpyware"|dword:00000000 /E : value set successfully!

OTL by OldTimer - Version 3.2.45.0 log created on 06092012_150400


OTL.txt log.


OTL logfile created on: 6/9/2012 15:07:00 - Run 2
OTL by OldTimer - Version 3.2.45.0 Folder = C:\Users\Administrator\Desktop
Windows Vista Ultimate Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16386)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.93 Gb Available Physical Memory | 64.28% Memory free
6.17 Gb Paging File | 4.85 Gb Available in Paging File | 78.63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 78.13 Gb Total Space | 50.25 Gb Free Space | 64.32% Space Free | Partition Type: NTFS
Drive D: | 78.13 Gb Total Space | 3.26 Gb Free Space | 4.17% Space Free | Partition Type: NTFS

Computer Name: EXPERIENCE | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/08 04:56:02 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/06/02 01:29:53 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
PRC - [2012/05/28 21:32:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012/05/28 21:32:19 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2012/05/28 21:32:19 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
PRC - [2012/05/28 21:32:19 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/05/28 21:32:19 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/05/28 21:32:19 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012/05/21 22:38:02 | 003,905,920 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/02/28 08:45:45 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/08/12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/07/19 18:34:14 | 000,050,568 | ---- | M] () -- C:\Program Files\Smart PDF Creator Pro\SmartSoft PDF Printer Agent.exe
PRC - [2011/07/12 16:29:00 | 000,552,960 | ---- | M] (ROCCAT GmbH) -- C:\Program Files\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe
PRC - [2011/04/15 11:43:20 | 002,280,312 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2010/03/15 11:26:37 | 001,039,360 | ---- | M] () -- C:\Program Files\WinRAR\WinRAR.exe
PRC - [2009/05/26 12:35:32 | 002,528,584 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2009/05/07 14:58:24 | 000,308,552 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2009/03/17 15:36:12 | 000,144,752 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2009/01/23 16:50:00 | 000,423,200 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
PRC - [2009/01/07 12:23:32 | 000,357,704 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2008/12/31 22:03:43 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/09 12:17:46 | 000,708,608 | ---- | M] (Mirco-Star International CO., LTD.) -- C:\Program Files\System Control Manager\MGSysCtrl.exe
PRC - [2008/08/26 18:52:14 | 000,159,744 | ---- | M] () -- C:\Program Files\System Control Manager\MSIService.exe
PRC - [2008/07/24 12:24:24 | 000,083,272 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
PRC - [2008/07/22 19:03:50 | 006,253,088 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/02/12 17:43:44 | 000,065,536 | ---- | M] (O2Micro International) -- C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/09 14:50:47 | 000,065,024 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012/06/09 14:50:47 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012/06/08 04:56:01 | 002,042,848 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/06/02 00:09:03 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012/06/02 00:09:03 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2012/05/06 00:53:16 | 008,797,856 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_2_202_235.dll
MOD - [2011/07/19 18:34:14 | 000,050,568 | ---- | M] () -- C:\Program Files\Smart PDF Creator Pro\SmartSoft PDF Printer Agent.exe
MOD - [2010/06/22 14:50:52 | 000,061,440 | ---- | M] () -- C:\Program Files\ROCCAT\Kone[+] Mouse\hiddriver.dll
MOD - [2010/03/15 11:26:37 | 001,039,360 | ---- | M] () -- C:\Program Files\WinRAR\WinRAR.exe
MOD - [2008/08/25 13:47:16 | 000,192,512 | ---- | M] () -- C:\Program Files\System Control Manager\MSIWmiAcpi.dll
MOD - [2008/07/18 15:39:04 | 000,053,248 | ---- | M] () -- C:\Program Files\System Control Manager\MGKBHook.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Unknown] -- %SystemRoot%\System32\wscsvc.dll -- (wscsvc)
SRV - File not found [Disabled | Unknown] -- %ProgramFiles%\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2012/06/08 04:56:01 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/28 21:32:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/28 21:32:19 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012/05/28 21:32:19 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2012/05/28 21:32:19 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/05/06 00:53:16 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/08/12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011/05/13 01:04:40 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2011/04/15 11:43:20 | 002,280,312 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010/06/14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/03/17 15:36:12 | 000,144,752 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2008/12/31 22:03:43 | 000,542,720 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\sysmain.dll -- (SysMain)
SRV - [2008/08/26 18:52:14 | 000,159,744 | ---- | M] () [Auto | Running] -- C:\Program Files\System Control Manager\MSIService.exe -- (Micro Star SCM)
SRV - [2007/02/12 17:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe -- (o2flash)
SRV - [2006/11/02 14:32:28 | 000,560,640 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\emdmgmt.dll -- (EMDMgmt)
SRV - [2006/11/02 11:46:13 | 000,127,488 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\wersvc.dll -- (WerSvc)
SRV - [2006/11/02 11:46:12 | 000,105,984 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\regsvc.dll -- (RemoteRegistry)
SRV - [2006/11/02 11:46:05 | 000,065,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\mprdim.dll -- (RemoteAccess)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (a3rgem9a)
DRV - [2012/05/28 21:32:20 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/05/28 21:32:20 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/09/15 23:55:04 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/07/22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/08/31 21:32:21 | 000,697,328 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010/07/15 08:44:20 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv)
DRV - [2010/07/15 08:44:20 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/04/12 10:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2010/04/09 13:16:50 | 000,016,472 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdrvio.sys -- (pwdrvio)
DRV - [2010/04/09 13:16:46 | 000,011,104 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdspio.sys -- (pwdspio)
DRV - [2010/02/26 14:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010/02/26 14:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009/08/19 12:47:46 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009/08/19 12:47:46 | 000,100,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009/06/09 18:29:22 | 001,177,600 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/05/14 10:50:56 | 000,054,400 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2009/05/12 12:12:34 | 000,036,992 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2009/03/19 15:07:32 | 000,043,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2009/03/12 12:33:08 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2009/03/05 12:03:16 | 000,074,368 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2009/02/19 17:20:10 | 000,063,872 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2008/12/15 13:17:50 | 000,074,752 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive)
DRV - [2008/11/11 14:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008/11/11 14:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008/11/11 14:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2008/10/06 18:56:38 | 000,137,984 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (Tosrfbd)
DRV - [2008/08/28 12:30:03 | 000,033,792 | ---- | M] (Sentelic Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fspad_wlh32.sys -- (fspad_wlh32)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/08/19 12:58:00 | 007,545,824 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/08/19 12:58:00 | 000,044,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008/07/22 17:42:34 | 000,123,904 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/07/15 17:38:36 | 000,051,288 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2008/06/12 10:28:56 | 000,043,608 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2sd.sys -- (O2SDRDR)
DRV - [2008/06/11 20:23:12 | 001,097,856 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2008/04/29 02:54:58 | 000,054,784 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV - [2008/03/25 14:54:02 | 000,041,472 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)
DRV - [2006/11/02 11:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 11:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 11:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 11:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 11:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iaStorV.sys -- (iaStorV)
DRV - [2006/11/02 11:51:12 | 000,167,528 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\pcmcia.sys -- (pcmcia)
DRV - [2006/11/02 11:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 11:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 11:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 11:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 11:50:24 | 000,047,208 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\isapnp.sys -- (isapnp)
DRV - [2006/11/02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 11:50:17 | 000,080,488 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\msdsm.sys -- (msdsm)
DRV - [2006/11/02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 11:50:16 | 000,078,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\mpio.sys -- (mpio)
DRV - [2006/11/02 11:50:16 | 000,076,392 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sbp2port.sys -- (sbp2port)
DRV - [2006/11/02 11:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 11:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 11:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 11:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 11:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\HpCISSs.sys -- (HpCISSs)
DRV - [2006/11/02 11:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 11:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 11:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\Mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 11:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 11:49:49 | 000,027,752 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\i2omp.sys -- (i2omp)
DRV - [2006/11/02 11:49:44 | 000,023,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\msahci.sys -- (msahci)
DRV - [2006/11/02 11:49:38 | 000,019,560 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\wd.sys -- (Wd)
DRV - [2006/11/02 11:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 11:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 11:49:26 | 000,015,464 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\amdide.sys -- (amdide)
DRV - [2006/11/02 11:49:24 | 000,014,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\intelide.sys -- (intelide)
DRV - [2006/11/02 11:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 11:15:23 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2006/11/02 10:55:23 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\bthmodem.sys -- (BTHMODEM)
DRV - [2006/11/02 10:55:22 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\hidbth.sys -- (HidBth)
DRV - [2006/11/02 10:55:05 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\usbohci.sys -- (usbohci)
DRV - [2006/11/02 10:52:52 | 000,020,608 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\wacompen.sys -- (WacomPen)
DRV - [2006/11/02 10:51:40 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sfloppy.sys -- (sfloppy)
DRV - [2006/11/02 10:51:38 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sffdisk.sys -- (sffdisk)
DRV - [2006/11/02 10:51:33 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\fdc.sys -- (fdc)
DRV - [2006/11/02 10:51:32 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\flpydisk.sys -- (flpydisk)
DRV - [2006/11/02 10:51:30 | 000,079,360 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\parport.sys -- (Parport)
DRV - [2006/11/02 10:51:11 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sermouse.sys -- (sermouse)
DRV - [2006/11/02 10:42:03 | 000,065,536 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\IPMIDrv.sys -- (IPMIDRV)
DRV - [2006/11/02 10:30:57 | 000,225,280 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\udfs.sys -- (udfs)
DRV - [2006/11/02 10:30:19 | 000,039,424 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\viac7.sys -- (ViaC7)
DRV - [2006/11/02 10:30:18 | 000,040,960 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\amdk8.sys -- (AmdK8)
DRV - [2006/11/02 10:30:18 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\crusoe.sys -- (Crusoe)
DRV - [2006/11/02 10:30:18 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\amdk7.sys -- (AmdK7)
DRV - [2006/11/02 10:30:18 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\processr.sys -- (Processor)
DRV - [2006/11/02 10:27:22 | 001,083,520 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ph3xIB32.sys -- (Ph3xIB32)
DRV - [2006/11/02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\BrSerId.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2006/11/02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2004/02/09 13:06:22 | 000,015,360 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NetMotCM.sys -- (ndiscm)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2899288009-97569274-2756643056-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.telekom.at/suche
IE - HKU\S-1-5-21-2899288009-97569274-2756643056-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.rs/
IE - HKU\S-1-5-21-2899288009-97569274-2756643056-500\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKU\S-1-5-21-2899288009-97569274-2756643056-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKU\S-1-5-21-2899288009-97569274-2756643056-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ncr"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.9: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010/09/19 05:56:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/02/28 08:46:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/08 04:56:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/03/02 17:47:07 | 000,000,000 | ---D | M]

[2010/08/11 01:59:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions
[2012/06/06 04:18:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\w153cjvt.default\extensions
[2010/08/24 12:20:49 | 000,000,000 | ---D | M] (20-20 3D Viewer) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\w153cjvt.default\extensions\[email protected]
[2012/05/16 12:12:55 | 000,000,000 | ---D | M] (FlashFirebug) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\w153cjvt.default\extensions\[email protected]
[2012/01/04 01:21:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/04/16 20:26:57 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/05/04 23:22:21 | 000,096,925 | ---- | M] () (No name found) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W153CJVT.DEFAULT\EXTENSIONS\{C6F77964-B0B5-4953-A144-93051184EC0C}.XPI
[2012/01/07 17:50:20 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W153CJVT.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/01/07 17:53:28 | 000,118,971 | ---- | M] () (No name found) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W153CJVT.DEFAULT\EXTENSIONS\[email protected]
[2012/05/12 02:28:14 | 000,015,611 | ---- | M] () (No name found) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W153CJVT.DEFAULT\EXTENSIONS\[email protected]
[2012/06/08 04:56:02 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/06/08 04:55:59 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/08 04:55:59 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Bing ()
CHR - default_search_provider: search_url = http://www.bing.com/...q={searchTerms}
CHR - default_search_provider: suggest_url = http://api.bing.com/...uage={language}

O1 HOSTS File: ([2012/06/01 19:44:42 | 000,442,820 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15216 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKU\S-1-5-21-2899288009-97569274-2756643056-500\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ContentTransferWMDetector.exe] C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)
O4 - HKLM..\Run: [fspuip] C:\Program Files\FSP\fspuip.exe (Sentelic Corporation)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe (Mirco-Star International CO., LTD.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RoccatKone+] C:\Program Files\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.EXE (ROCCAT GmbH)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmartSoft PDF Printer Agent] C:\Program Files\Smart PDF Creator Pro\SmartSoft PDF Printer Agent.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter File not found
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter File not found
O4 - HKU\S-1-5-21-2899288009-97569274-2756643056-500..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Start_ShowMyMusic = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: verbosestatus = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-21-2899288009-97569274-2756643056-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-21-2899288009-97569274-2756643056-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95
O7 - HKU\S-1-5-21-2899288009-97569274-2756643056-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKU\S-1-5-21-2899288009-97569274-2756643056-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3BFBBB70-818E-45B1-865E-D6BE456B4D01}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7B35CA7A-EA94-4ED9-808E-4688E6AFFC07}: NameServer = 195.34.133.21,212.186.211.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8198C355-A851-4B3E-A49A-FFC2AD11C705}: DhcpNameServer = 212.62.32.1 212.62.32.5
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\klogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/12/27 14:08:35 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{3ba64ff5-6118-11df-92d2-00218554d1d2}\Shell\Option1\Command - "" = H:\HBCD\Wintools\HBCDMenu.exe
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/08 04:56:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/06/08 04:56:06 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/06/07 23:37:07 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Failed Mp3
[2012/06/06 04:09:40 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/06/02 01:54:29 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/06/02 01:52:37 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/06/02 01:29:50 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2012/06/02 01:21:31 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\backups
[2012/06/02 00:08:44 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\SUPERAntiSpyware.com
[2012/06/02 00:07:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/06/02 00:07:53 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/06/02 00:07:53 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/06/01 23:51:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2012/06/01 23:51:10 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2012/06/01 23:43:39 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes
[2012/06/01 23:43:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/01 23:43:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/01 23:43:34 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/06/01 23:43:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/06/01 22:33:11 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Administrator\Desktop\HiJackThis.exe
[2012/06/01 18:22:53 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/05/26 00:02:02 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Avira
[2012/05/25 23:49:51 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012/05/25 23:49:42 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012/05/25 23:49:42 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012/05/25 23:49:42 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012/05/25 23:49:41 | 000,112,032 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avfwot.sys
[2012/05/25 23:49:41 | 000,091,968 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avfwim.sys
[2012/05/25 23:49:26 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012/05/22 03:06:13 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Damfon
[2012/05/19 17:11:31 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\O
[2012/05/19 01:06:30 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\lua-5.2.0
[1 C:\Users\Administrator\Desktop\*.tmp files -> C:\Users\Administrator\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/09 15:07:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/09 14:53:09 | 000,043,239 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012/06/09 14:50:26 | 000,043,239 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012/06/09 14:50:25 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/09 14:50:12 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/09 14:50:12 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/09 14:48:56 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/09 14:48:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/08 07:50:51 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/06/08 03:27:12 | 006,105,942 | ---- | M] () -- C:\Users\Administrator\Desktop\Rise Against - Prayer Of The Refugee.mp3
[2012/06/08 03:27:12 | 000,245,760 | ---- | M] () -- C:\Users\Administrator\Desktop\Rise Against - Heaven Knows.mp3
[2012/06/08 01:35:05 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2012/06/07 23:32:07 | 003,007,260 | ---- | M] () -- C:\Users\Administrator\Desktop\Rise Against - 1000 Good Intentions.mp3
[2012/06/07 23:23:44 | 001,485,983 | ---- | M] () -- C:\Users\Administrator\Desktop\Rise Against - Under The Knife.mp3
[2012/06/07 23:22:11 | 003,423,711 | ---- | M] () -- C:\Users\Administrator\Desktop\Rise Against - The Approaching Curve.mp3
[2012/06/07 23:22:09 | 001,392,935 | ---- | M] () -- C:\Users\Administrator\Desktop\Rise Against - Sometimes Selling Out Is Giving Up.mp3
[2012/06/07 23:21:36 | 000,010,678 | -HS- | M] () -- C:\Users\Administrator\Desktop\Folder.jpg
[2012/06/07 23:21:36 | 000,010,678 | -HS- | M] () -- C:\Users\Administrator\Desktop\AlbumArt_{B445FC15-286A-454A-9344-82DBB37FFD01}_Large.jpg
[2012/06/07 23:21:24 | 000,002,754 | -HS- | M] () -- C:\Users\Administrator\Desktop\AlbumArtSmall.jpg
[2012/06/07 23:21:24 | 000,002,754 | -HS- | M] () -- C:\Users\Administrator\Desktop\AlbumArt_{B445FC15-286A-454A-9344-82DBB37FFD01}_Small.jpg
[2012/06/07 23:20:46 | 000,012,933 | -HS- | M] () -- C:\Users\Administrator\Desktop\AlbumArt_{04570E1A-E4F3-4E7E-B5AD-4A1CA8B9F168}_Large.jpg
[2012/06/07 23:20:45 | 000,001,172 | ---- | M] () -- C:\Users\Administrator\Desktop\Rise Against - Ready To Fall.mp3
[2012/06/07 23:20:42 | 000,003,192 | -HS- | M] () -- C:\Users\Administrator\Desktop\AlbumArt_{04570E1A-E4F3-4E7E-B5AD-4A1CA8B9F168}_Small.jpg
[2012/06/07 23:20:39 | 000,011,025 | -HS- | M] () -- C:\Users\Administrator\Desktop\AlbumArt_{08850096-8594-4D72-8D9C-955C4B62DFA6}_Large.jpg
[2012/06/07 23:20:38 | 003,325,753 | ---- | M] () -- C:\Users\Administrator\Desktop\Rise Against - Voice Of Dissent.mp3
[2012/06/07 23:20:38 | 000,002,739 | -HS- | M] () -- C:\Users\Administrator\Desktop\AlbumArt_{08850096-8594-4D72-8D9C-955C4B62DFA6}_Small.jpg
[2012/06/07 23:20:31 | 000,006,440 | -HS- | M] () -- C:\Users\Administrator\Desktop\AlbumArt_{65AEC0B6-1BEA-4550-BFF1-49AAFDA948DC}_Large.jpg
[2012/06/07 23:20:31 | 000,001,932 | -HS- | M] () -- C:\Users\Administrator\Desktop\AlbumArt_{65AEC0B6-1BEA-4550-BFF1-49AAFDA948DC}_Small.jpg
[2012/06/07 23:20:11 | 000,000,255 | ---- | M] () -- C:\Users\Administrator\Desktop\Rise Against - Sight Unseen.mp3
[2012/06/07 22:37:09 | 000,014,499 | ---- | M] () -- C:\Users\Administrator\Desktop\Vista.zip
[2012/06/07 22:07:14 | 004,835,382 | ---- | M] () -- C:\Users\Administrator\Desktop\Rise Against - Injection.mp3
[2012/06/07 21:24:40 | 000,379,645 | ---- | M] () -- C:\Users\Administrator\Desktop\Rise Against - Swing Life Away.mp3
[2012/06/07 21:24:11 | 000,014,873 | -HS- | M] () -- C:\Users\Administrator\Desktop\AlbumArt_{8285DE2F-5E74-4CF8-A306-F199BC17A75A}_Large.jpg
[2012/06/07 21:24:10 | 000,003,163 | -HS- | M] () -- C:\Users\Administrator\Desktop\AlbumArt_{8285DE2F-5E74-4CF8-A306-F199BC17A75A}_Small.jpg
[2012/06/07 21:23:12 | 000,132,181 | ---- | M] () -- C:\Users\Administrator\Desktop\Rise Against - Like The Angel.mp3
[2012/06/07 21:21:53 | 000,001,172 | ---- | M] () -- C:\Users\Administrator\Desktop\Rise Against - Prayer Of The R.mp3
[2012/06/07 21:21:48 | 000,021,819 | ---- | M] () -- C:\Users\Administrator\Desktop\Rise Against - Roadside.mp3
[2012/06/07 21:18:06 | 003,801,895 | ---- | M] () -- C:\Users\Administrator\Desktop\Rise Against - Help Is On The Way.mp3
[2012/06/07 21:14:18 | 004,689,767 | ---- | M] () -- C:\Users\Administrator\Desktop\Rise Against - WEP.mp3
[2012/06/07 21:06:32 | 000,007,017 | -HS- | M] () -- C:\Users\Administrator\Desktop\AlbumArt_{7D8C15C1-B3E3-40AF-9D85-3DBA32069E60}_Large.jpg
[2012/06/07 21:06:28 | 000,001,954 | -HS- | M] () -- C:\Users\Administrator\Desktop\AlbumArt_{7D8C15C1-B3E3-40AF-9D85-3DBA32069E60}_Small.jpg
[2012/06/07 21:03:45 | 000,049,313 | ---- | M] () -- C:\Users\Administrator\Desktop\Rise Against - Injection.htm
[2012/06/07 21:03:31 | 003,561,606 | ---- | M] () -- C:\Users\Administrator\Desktop\Conchadors - Rise Against Love.mp3
[2012/06/07 21:03:10 | 000,001,172 | ---- | M] () -- C:\Users\Administrator\Desktop\Rise Against - Re-Education.mp3
[2012/06/07 21:02:35 | 000,012,083 | -HS- | M] () -- C:\Users\Administrator\Desktop\AlbumArt_{B4156B7B-B357-4ACB-9795-6222BA7A9CA5}_Large.jpg
[2012/06/07 21:02:34 | 000,002,926 | -HS- | M] () -- C:\Users\Administrator\Desktop\AlbumArt_{B4156B7B-B357-4ACB-9795-6222BA7A9CA5}_Small.jpg
[2012/06/07 16:26:31 | 000,621,552 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/07 16:26:31 | 000,104,868 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/06 17:31:02 | 001,348,464 | ---- | M] () -- C:\Users\Administrator\Desktop\Atheist Rap - Jebes Fabrike.mp3
[2012/06/06 14:28:10 | 002,496,132 | ---- | M] () -- C:\Users\Administrator\Desktop\Atheist Rap - Nivo (Podnivo1).mp3
[2012/06/06 14:27:36 | 003,349,367 | ---- | M] () -- C:\Users\Administrator\Desktop\Atheist Rap - Revansizam.mp3
[2012/06/06 04:16:23 | 000,338,059 | ---- | M] () -- C:\Users\Administrator\Desktop\FSS.exe
[2012/06/06 04:14:49 | 000,080,384 | ---- | M] () -- C:\Users\Administrator\Desktop\MBRCheck.exe
[2012/06/05 04:59:04 | 000,164,864 | ---- | M] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/04 00:38:01 | 000,031,192 | ---- | M] () -- C:\Users\Administrator\Desktop\LOL sta znace ovi izrazi na nemackom ....htm
[2012/06/02 01:29:53 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2012/06/02 01:17:40 | 000,346,608 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/06/02 00:07:58 | 000,001,803 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/06/01 23:51:10 | 000,000,879 | ---- | M] () -- C:\Users\Administrator\Desktop\SpywareBlaster.lnk
[2012/06/01 23:43:35 | 000,000,909 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/01 22:33:13 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Administrator\Desktop\HiJackThis.exe
[2012/06/01 19:44:42 | 000,442,820 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/06/01 18:46:00 | 004,679,672 | ---- | M] () -- C:\Users\Administrator\Desktop\THN-May2012.pdf
[2012/06/01 18:43:27 | 000,025,549 | ---- | M] () -- C:\Users\Administrator\Desktop\Respect.jpg
[2012/06/01 18:27:49 | 000,273,692 | ---- | M] () -- C:\Users\Administrator\Desktop\cc_20120601_182738 backup registry.reg
[2012/06/01 18:22:53 | 000,000,807 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/06/01 15:52:22 | 000,165,467 | ---- | M] () -- C:\Users\Administrator\Desktop\Trojan Remover doesnt work.jpg
[2012/06/01 15:46:07 | 000,219,048 | ---- | M] () -- C:\Users\Administrator\Desktop\Trojan 1.jpg
[2012/06/01 01:19:13 | 000,033,049 | ---- | M] () -- C:\Users\Administrator\Desktop\Lik sho hoce da kupi armour.htm
[2012/06/01 00:23:55 | 000,015,942 | ---- | M] () -- C:\Users\Administrator\Desktop\Rich kid with creds 1 or stoned one.htm
[2012/05/31 06:54:54 | 000,000,083 | ---- | M] () -- C:\Users\Administrator\Desktop\Fajront republika Nick Sloter 3 - YouTube.URL
[2012/05/31 06:54:45 | 000,202,927 | ---- | M] () -- C:\Users\Administrator\Desktop\Atheist Rap Bolja Lista.jpg
[2012/05/30 20:13:12 | 000,180,569 | ---- | M] () -- C:\Users\Administrator\Desktop\Lista atheist rap.jpg
[2012/05/29 04:04:51 | 000,000,084 | ---- | M] () -- C:\Users\Administrator\Desktop\Blind (2011) eng sub HD - YouTube.URL
[2012/05/28 21:32:20 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012/05/28 21:32:20 | 000,112,032 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avfwot.sys
[2012/05/28 21:32:20 | 000,091,968 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avfwim.sys
[2012/05/28 21:32:20 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012/05/19 01:05:41 | 000,246,377 | ---- | M] () -- C:\Users\Administrator\Desktop\lua-5.2.0.tar.gz
[2012/05/16 12:13:52 | 000,000,070 | ---- | M] () -- C:\Users\Administrator\Desktop\O-Minds FlashFirebug, a Firefox extension that allows you to debug Flash or Flex SWF files on the web.URL
[2012/05/13 12:26:39 | 000,000,117 | ---- | M] () -- C:\Users\Administrator\Desktop\Microsoft Windows 7 SP1 AIO Integrated April 2012 - Demonoid.URL
[1 C:\Users\Administrator\Desktop\*.tmp files -> C:\Users\Administrator\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/07 23:20:55 | 001,485,983 | ---- | C] () -- C:\Users\Administrator\Desktop\Rise Against - Under The Knife.mp3
[2012/06/07 23:20:45 | 000,001,172 | ---- | C] () -- C:\Users\Administrator\Desktop\Rise Against - Ready To Fall.mp3
[2012/06/07 23:20:41 | 000,011,025 | -HS- | C] () -- C:\Users\Administrator\Desktop\AlbumArt_{08850096-8594-4D72-8D9C-955C4B62DFA6}_Large.jpg
[2012/06/07 23:20:41 | 000,002,739 | -HS- | C] () -- C:\Users\Administrator\Desktop\AlbumArt_{08850096-8594-4D72-8D9C-955C4B62DFA6}_Small.jpg
[2012/06/07 23:20:31 | 000,006,440 | -HS- | C] () -- C:\Users\Administrator\Desktop\AlbumArt_{65AEC0B6-1BEA-4550-BFF1-49AAFDA948DC}_Large.jpg
[2012/06/07 23:20:31 | 000,001,932 | -HS- | C] () -- C:\Users\Administrator\Desktop\AlbumArt_{65AEC0B6-1BEA-4550-BFF1-49AAFDA948DC}_Small.jpg
[2012/06/07 23:20:24 | 003,325,753 | ---- | C] () -- C:\Users\Administrator\Desktop\Rise Against - Voice Of Dissent.mp3
[2012/06/07 23:20:11 | 000,000,255 | ---- | C] () -- C:\Users\Administrator\Desktop\Rise Against - Sight Unseen.mp3
[2012/06/07 23:19:47 | 001,392,935 | ---- | C] () -- C:\Users\Administrator\Desktop\Rise Against - Sometimes Selling Out Is Giving Up.mp3
[2012/06/07 23:19:33 | 003,423,711 | ---- | C] () -- C:\Users\Administrator\Desktop\Rise Against - The Approaching Curve.mp3
[2012/06/07 22:37:09 | 000,014,499 | ---- | C] () -- C:\Users\Administrator\Desktop\Vista.zip
[2012/06/07 22:33:18 | 003,007,260 | ---- | C] () -- C:\Users\Administrator\Desktop\Rise Against - 1000 Good Intentions.mp3
[2012/06/07 22:29:44 | 006,105,942 | ---- | C] () -- C:\Users\Administrator\Desktop\Rise Against - Prayer Of The Refugee.mp3
[2012/06/07 22:23:40 | 000,245,760 | ---- | C] () -- C:\Users\Administrator\Desktop\Rise Against - Heaven Knows.mp3
[2012/06/07 22:06:41 | 000,012,933 | -HS- | C] () -- C:\Users\Administrator\Desktop\AlbumArt_{04570E1A-E4F3-4E7E-B5AD-4A1CA8B9F168}_Large.jpg
[2012/06/07 22:06:41 | 000,003,192 | -HS- | C] () -- C:\Users\Administrator\Desktop\AlbumArt_{04570E1A-E4F3-4E7E-B5AD-4A1CA8B9F168}_Small.jpg
[2012/06/07 21:24:11 | 000,014,873 | -HS- | C] () -- C:\Users\Administrator\Desktop\AlbumArt_{8285DE2F-5E74-4CF8-A306-F199BC17A75A}_Large.jpg
[2012/06/07 21:24:11 | 000,003,163 | -HS- | C] () -- C:\Users\Administrator\Desktop\AlbumArt_{8285DE2F-5E74-4CF8-A306-F199BC17A75A}_Small.jpg
[2012/06/07 21:23:09 | 000,132,181 | ---- | C] () -- C:\Users\Administrator\Desktop\Rise Against - Like The Angel.mp3
[2012/06/07 21:22:06 | 004,835,382 | ---- | C] () -- C:\Users\Administrator\Desktop\Rise Against - Injection.mp3
[2012/06/07 21:21:53 | 000,001,172 | ---- | C] () -- C:\Users\Administrator\Desktop\Rise Against - Prayer Of The R.mp3
[2012/06/07 21:21:48 | 000,021,819 | ---- | C] () -- C:\Users\Administrator\Desktop\Rise Against - Roadside.mp3
[2012/06/07 21:21:04 | 000,379,645 | ---- | C] () -- C:\Users\Administrator\Desktop\Rise Against - Swing Life Away.mp3
[2012/06/07 21:06:33 | 000,007,017 | -HS- | C] () -- C:\Users\Administrator\Desktop\AlbumArt_{7D8C15C1-B3E3-40AF-9D85-3DBA32069E60}_Large.jpg
[2012/06/07 21:06:33 | 000,001,954 | -HS- | C] () -- C:\Users\Administrator\Desktop\AlbumArt_{7D8C15C1-B3E3-40AF-9D85-3DBA32069E60}_Small.jpg
[2012/06/07 21:03:44 | 000,049,313 | ---- | C] () -- C:\Users\Administrator\Desktop\Rise Against - Injection.htm
[2012/06/07 21:03:09 | 000,001,172 | ---- | C] () -- C:\Users\Administrator\Desktop\Rise Against - Re-Education.mp3
[2012/06/07 21:02:52 | 003,561,606 | ---- | C] () -- C:\Users\Administrator\Desktop\Conchadors - Rise Against Love.mp3
[2012/06/07 21:02:36 | 000,012,083 | -HS- | C] () -- C:\Users\Administrator\Desktop\AlbumArt_{B4156B7B-B357-4ACB-9795-6222BA7A9CA5}_Large.jpg
[2012/06/07 21:02:36 | 000,002,926 | -HS- | C] () -- C:\Users\Administrator\Desktop\AlbumArt_{B4156B7B-B357-4ACB-9795-6222BA7A9CA5}_Small.jpg
[2012/06/07 21:02:31 | 000,010,678 | -HS- | C] () -- C:\Users\Administrator\Desktop\Folder.jpg
[2012/06/07 21:02:31 | 000,010,678 | -HS- | C] () -- C:\Users\Administrator\Desktop\AlbumArt_{B445FC15-286A-454A-9344-82DBB37FFD01}_Large.jpg
[2012/06/07 21:02:31 | 000,002,754 | -HS- | C] () -- C:\Users\Administrator\Desktop\AlbumArtSmall.jpg
[2012/06/07 21:02:31 | 000,002,754 | -HS- | C] () -- C:\Users\Administrator\Desktop\AlbumArt_{B445FC15-286A-454A-9344-82DBB37FFD01}_Small.jpg
[2012/06/07 21:02:30 | 003,801,895 | ---- | C] () -- C:\Users\Administrator\Desktop\Rise Against - Help Is On The Way.mp3
[2012/06/07 21:02:05 | 004,689,767 | ---- | C] () -- C:\Users\Administrator\Desktop\Rise Against - WEP.mp3
[2012/06/06 14:27:33 | 003,349,367 | ---- | C] () -- C:\Users\Administrator\Desktop\Atheist Rap - Revansizam.mp3
[2012/06/06 14:25:54 | 002,496,132 | ---- | C] () -- C:\Users\Administrator\Desktop\Atheist Rap - Nivo (Podnivo1).mp3
[2012/06/06 14:22:13 | 001,348,464 | ---- | C] () -- C:\Users\Administrator\Desktop\Atheist Rap - Jebes Fabrike.mp3
[2012/06/06 04:16:22 | 000,338,059 | ---- | C] () -- C:\Users\Administrator\Desktop\FSS.exe
[2012/06/06 04:14:47 | 000,080,384 | ---- | C] () -- C:\Users\Administrator\Desktop\MBRCheck.exe
[2012/06/04 00:37:58 | 000,031,192 | ---- | C] () -- C:\Users\Administrator\Desktop\LOL sta znace ovi izrazi na nemackom ....htm
[2012/06/02 00:07:58 | 000,001,803 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/06/01 23:51:10 | 000,000,879 | ---- | C] () -- C:\Users\Administrator\Desktop\SpywareBlaster.lnk
[2012/06/01 23:43:35 | 000,000,909 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/01 18:46:00 | 004,679,672 | ---- | C] () -- C:\Users\Administrator\Desktop\THN-May2012.pdf
[2012/06/01 18:43:26 | 000,025,549 | ---- | C] () -- C:\Users\Administrator\Desktop\Respect.jpg
[2012/06/01 18:27:43 | 000,273,692 | ---- | C] () -- C:\Users\Administrator\Desktop\cc_20120601_182738 backup registry.reg
[2012/06/01 18:22:53 | 000,000,807 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/06/01 15:52:21 | 000,165,467 | ---- | C] () -- C:\Users\Administrator\Desktop\Trojan Remover doesnt work.jpg
[2012/06/01 15:46:07 | 000,219,048 | ---- | C] () -- C:\Users\Administrator\Desktop\Trojan 1.jpg
[2012/06/01 01:19:13 | 000,033,049 | ---- | C] () -- C:\Users\Administrator\Desktop\Lik sho hoce da kupi armour.htm
[2012/06/01 00:23:54 | 000,015,942 | ---- | C] () -- C:\Users\Administrator\Desktop\Rich kid with creds 1 or stoned one.htm
[2012/05/31 06:54:54 | 000,000,083 | ---- | C] () -- C:\Users\Administrator\Desktop\Fajront republika Nick Sloter 3 - YouTube.URL
[2012/05/31 06:54:45 | 000,202,927 | ---- | C] () -- C:\Users\Administrator\Desktop\Atheist Rap Bolja Lista.jpg
[2012/05/30 20:13:11 | 000,180,569 | ---- | C] () -- C:\Users\Administrator\Desktop\Lista atheist rap.jpg
[2012/05/29 04:04:51 | 000,000,084 | ---- | C] () -- C:\Users\Administrator\Desktop\Blind (2011) eng sub HD - YouTube.URL
[2012/05/19 01:05:41 | 000,246,377 | ---- | C] () -- C:\Users\Administrator\Desktop\lua-5.2.0.tar.gz
[2012/05/16 12:13:52 | 000,000,070 | ---- | C] () -- C:\Users\Administrator\Desktop\O-Minds FlashFirebug, a Firefox extension that allows you to debug Flash or Flex SWF files on the web.URL
[2012/05/13 12:26:39 | 000,000,117 | ---- | C] () -- C:\Users\Administrator\Desktop\Microsoft Windows 7 SP1 AIO Integrated April 2012 - Demonoid.URL
[2011/12/29 00:48:52 | 000,002,443 | ---- | C] () -- C:\Windows\MDVDP.Ini
[2011/11/02 00:26:35 | 000,017,408 | ---- | C] () -- C:\Users\Administrator\AppData\Local\WebpageIcons.db
[2011/05/14 21:35:05 | 000,000,010 | ---- | C] () -- C:\Windows\popcinfo.dat
[2011/05/13 21:19:16 | 000,000,477 | ---- | C] () -- C:\Windows\hegames.ini
[2011/04/06 03:03:58 | 001,774,720 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2011/04/06 03:03:58 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2011/04/06 03:03:58 | 000,014,848 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2011/04/06 03:03:58 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2011/04/06 03:03:58 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2011/04/06 01:08:57 | 000,535,624 | ---- | C] () -- C:\Windows\System32\pwNative.exe
[2011/04/06 01:08:57 | 000,016,472 | ---- | C] () -- C:\Windows\System32\pwdrvio.sys
[2011/04/06 01:08:56 | 000,011,104 | ---- | C] () -- C:\Windows\System32\pwdspio.sys
[2011/01/10 22:00:33 | 000,360,448 | ---- | C] ( ) -- C:\Windows\System32\lxdocfg.exe
[2010/12/24 19:37:18 | 000,000,120 | ---- | C] () -- C:\Windows\System32\enbconvertor.ini
[2010/11/13 12:14:46 | 000,062,648 | ---- | C] () -- C:\Users\Administrator\AppData\Local\toolbar3.bmp
[2010/11/12 12:09:56 | 000,195,108 | ---- | C] () -- C:\Users\Administrator\AppData\Local\lateral3.bmp
[2010/11/12 11:44:14 | 000,193,744 | ---- | C] () -- C:\Users\Administrator\AppData\Local\lateral1.bmp
[2010/11/12 11:10:58 | 000,193,744 | ---- | C] () -- C:\Users\Administrator\AppData\Local\lateral2.bmp
[2010/10/21 22:36:20 | 000,203,264 | ---- | C] () -- C:\Users\Administrator\AppData\Local\GetToolbar.exe
[2010/09/08 20:10:27 | 000,158,356 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010/09/05 03:19:29 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2010/08/11 01:59:37 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

========== Custom Scans ==========

< MD5 for: SPTD.SYS >
[2010/08/31 21:32:21 | 000,697,328 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys

< MD5 for: WSCSVC.REG >
[2012/01/01 17:06:06 | 000,005,572 | ---- | M] () MD5=E152EAE177E04BDDCA3D3007466DEF43 -- C:\Users\Administrator\AppData\Local\Temp\Rar$DI03.337\wscsvc.reg

========== Files - Unicode (All) ==========
[2012/03/12 12:41:36 | 000,000,000 | ---D | M](C:\Users\Administrator\Desktop\??? ? 7 - NOVAK) -- C:\Users\Administrator\Desktop\НПС № 7 - NOVAK
[2012/03/12 12:31:06 | 000,000,000 | ---D | C](C:\Users\Administrator\Desktop\??? ? 7 - NOVAK) -- C:\Users\Administrator\Desktop\НПС № 7 - NOVAK

========== Alternate Data Streams ==========

@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >


Farbar Service Scanner log.


Farbar Service Scanner Version: 05-06-2012
Ran by Administrator (administrator) on 09-06-2012 at 15:43:01
Running from "C:\Users\Administrator\Desktop"
Microsoft® Windows Vista™ Ultimate (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Attempt to access Google.com returned error: Other errors
Yahoo IP is accessible.
Attempt to access Yahoo.com returned error: Yahoo.com is offline


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.

bfe Service is not running. Checking service configuration:
The start type of bfe service is OK.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Disabled. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll
[2006-11-02 10:56] - [2006-11-02 11:46] - 0204800 ____A (Microsoft Corporation) 17210D8064EC116A3FC6B5E45E577D43

C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2006-11-02 10:58] - [2006-11-02 10:58] - 0802816 ____A (Microsoft Corporation) D944522B048A5FEB7700B5170D3D9423

C:\Windows\system32\dnsrslvr.dll
[2006-11-02 10:46] - [2006-11-02 11:46] - 0083968 ____A (Microsoft Corporation) 7EF78529439683570884F9308A02EC11

C:\Windows\system32\mpssvc.dll
[2006-11-02 10:56] - [2006-11-02 11:46] - 0395264 ____A (Microsoft Corporation) 370248683BDF5FE36BD06C6416E6CE83

C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys
[2006-11-02 10:56] - [2006-11-02 10:56] - 0063488 ____A (Microsoft Corporation) 8D326E8B321685D4784AFA1C55169D73

C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit

ATTENTION!=====> C:\Windows\system32\wscsvc.dll FILE IS MISSING AND SHOULD BE RESTORED.

C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll
[2008-12-31 22:01] - [2008-12-31 22:01] - 1712984 ____A (Microsoft Corporation) 3EEC20E41F5F331B94002970CEAEC92F

C:\Windows\system32\qmgr.dll
[2006-11-02 10:40] - [2006-11-02 11:46] - 0749568 ____A (Microsoft Corporation) 733FB484A06B9D6A44DD9CA1D3BE937B

C:\Windows\system32\es.dll
[2006-11-02 10:51] - [2006-11-02 11:46] - 0259584 ____A (Microsoft Corporation) DFB250BAC1A9108ABD777EA181E32015

C:\Windows\system32\cryptsvc.dll => MD5 is legit

ATTENTION!=====> C:\Program Files\Windows Defender\MpSvc.dll FILE IS MISSING AND SHOULD BE RESTORED.

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll
[2006-11-02 10:50] - [2006-11-02 11:46] - 0545792 ____A (Microsoft Corporation) B46D8EA6DD30BAA49F674DACDC4C491F



**** End of log ****

TDSSKiller log.


16:15:51.0146 5872 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
16:15:51.0864 5872 ============================================================
16:15:51.0864 5872 Current date / time: 2012/06/09 16:15:51.0864
16:15:51.0864 5872 SystemInfo:
16:15:51.0864 5872
16:15:51.0864 5872 OS Version: 6.0.6000 ServicePack: 0.0
16:15:51.0864 5872 Product type: Workstation
16:15:51.0864 5872 ComputerName: EXPERIENCE
16:15:51.0864 5872 UserName: Administrator
16:15:51.0864 5872 Windows directory: C:\Windows
16:15:51.0864 5872 System windows directory: C:\Windows
16:15:51.0864 5872 Processor architecture: Intel x86
16:15:51.0864 5872 Number of processors: 2
16:15:51.0864 5872 Page size: 0x1000
16:15:51.0864 5872 Boot type: Normal boot
16:15:51.0864 5872 ============================================================
16:15:52.0971 5872 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:15:52.0971 5872 ============================================================
16:15:52.0971 5872 \Device\Harddisk0\DR0:
16:15:52.0971 5872 MBR partitions:
16:15:52.0971 5872 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x9C41AD8
16:15:52.0987 5872 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x9C41B56, BlocksNum 0x9C41AD8
16:15:52.0987 5872 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1388366D, BlocksNum 0x99257CD
16:15:53.0002 5872 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1D1A8E79, BlocksNum 0x8284848
16:15:53.0002 5872 ============================================================
16:15:53.0049 5872 C: <-> \Device\Harddisk0\DR0\Partition1
16:15:53.0080 5872 D: <-> \Device\Harddisk0\DR0\Partition0
16:15:53.0096 5872 ============================================================
16:15:53.0096 5872 Initialize success
16:15:53.0096 5872 ============================================================
16:16:13.0392 5576 ============================================================
16:16:13.0392 5576 Scan started
16:16:13.0392 5576 Mode: Manual;
16:16:13.0392 5576 ============================================================
16:16:13.0922 5576 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
16:16:13.0922 5576 !SASCORE - ok
16:16:14.0062 5576 ACPI (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys
16:16:14.0062 5576 ACPI - ok
16:16:14.0156 5576 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:16:14.0156 5576 AdobeFlashPlayerUpdateSvc - ok
16:16:14.0203 5576 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
16:16:14.0218 5576 adp94xx - ok
16:16:14.0265 5576 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
16:16:14.0265 5576 adpahci - ok
16:16:14.0265 5576 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
16:16:14.0265 5576 adpu160m - ok
16:16:14.0281 5576 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
16:16:14.0281 5576 adpu320 - ok
16:16:14.0312 5576 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
16:16:14.0312 5576 AeLookupSvc - ok
16:16:14.0343 5576 AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys
16:16:14.0343 5576 AFD - ok
16:16:14.0359 5576 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
16:16:14.0359 5576 agp440 - ok
16:16:14.0374 5576 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
16:16:14.0374 5576 aic78xx - ok
16:16:14.0390 5576 ALG (e69fb0e3112c40fdc0ef7d21a52dc951) C:\Windows\System32\alg.exe
16:16:14.0390 5576 ALG - ok
16:16:14.0390 5576 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
16:16:14.0390 5576 aliide - ok
16:16:14.0390 5576 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
16:16:14.0406 5576 amdagp - ok
16:16:14.0406 5576 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
16:16:14.0421 5576 amdide - ok
16:16:14.0421 5576 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
16:16:14.0421 5576 AmdK7 - ok
16:16:14.0437 5576 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
16:16:14.0437 5576 AmdK8 - ok
16:16:14.0702 5576 AntiVirMailService (b089c306d4df73a28cef5240d0142cb3) C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
16:16:14.0702 5576 AntiVirMailService - ok
16:16:14.0749 5576 AntiVirSchedulerService (45879699881c9fd3fb53bde187163661) C:\Program Files\Avira\AntiVir Desktop\sched.exe
16:16:14.0749 5576 AntiVirSchedulerService - ok
16:16:14.0796 5576 AntiVirService (ec5cbedd47bae12e7d369c3b5b857964) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
16:16:14.0796 5576 AntiVirService - ok
16:16:14.0858 5576 AntiVirWebService (f7c781c4c098fc3f8e2e4dfb48ee019d) C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
16:16:14.0858 5576 AntiVirWebService - ok
16:16:14.0874 5576 Appinfo (cfa455816879f06f1c4e5bbf9e8aef7d) C:\Windows\System32\appinfo.dll
16:16:14.0874 5576 Appinfo - ok
16:16:14.0889 5576 AppMgmt (051e86735b71e8402aebc1d662f26ba2) C:\Windows\System32\appmgmts.dll
16:16:14.0889 5576 AppMgmt - ok
16:16:14.0905 5576 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
16:16:14.0905 5576 arc - ok
16:16:14.0920 5576 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
16:16:14.0920 5576 arcsas - ok
16:16:14.0920 5576 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys
16:16:14.0920 5576 AsyncMac - ok
16:16:14.0920 5576 atapi (4f4fcb8b6ea06784fb6d475b7ec7300f) C:\Windows\system32\drivers\atapi.sys
16:16:14.0936 5576 atapi - ok
16:16:15.0030 5576 athr (4d9d710254410a7caef269819ea7b53c) C:\Windows\system32\DRIVERS\athr.sys
16:16:15.0061 5576 athr - ok
16:16:15.0108 5576 AudioEndpointBuilder (e760fc1bd68f7f6f1b17eb4e8d9480b0) C:\Windows\System32\Audiosrv.dll
16:16:15.0108 5576 AudioEndpointBuilder - ok
16:16:15.0123 5576 Audiosrv (e760fc1bd68f7f6f1b17eb4e8d9480b0) C:\Windows\System32\Audiosrv.dll
16:16:15.0123 5576 Audiosrv - ok
16:16:15.0279 5576 avgntflt (d5541f0afb767e85fc412fc609d96a74) C:\Windows\system32\DRIVERS\avgntflt.sys
16:16:15.0279 5576 avgntflt - ok
16:16:15.0342 5576 avipbb (7d967a682d4694df7fa57d63a2db01fe) C:\Windows\system32\DRIVERS\avipbb.sys
16:16:15.0342 5576 avipbb - ok
16:16:15.0357 5576 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
16:16:15.0357 5576 avkmgr - ok
16:16:15.0388 5576 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys
16:16:15.0388 5576 Beep - ok
16:16:15.0435 5576 BFE (98ebdffb824a7c265337d68dd480e45c) C:\Windows\System32\bfe.dll
16:16:15.0435 5576 BFE - ok
16:16:15.0498 5576 BITS (733fb484a06b9d6a44dd9ca1d3be937b) C:\Windows\System32\qmgr.dll
16:16:15.0498 5576 BITS - ok
16:16:15.0513 5576 blbdrive - ok
16:16:15.0513 5576 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys
16:16:15.0513 5576 bowser - ok
16:16:15.0529 5576 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
16:16:15.0529 5576 BrFiltLo - ok
16:16:15.0529 5576 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
16:16:15.0529 5576 BrFiltUp - ok
16:16:15.0544 5576 Browser (beb6470532b7461d7bb426e3facb424f) C:\Windows\System32\browser.dll
16:16:15.0544 5576 Browser - ok
16:16:15.0591 5576 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
16:16:15.0591 5576 Brserid - ok
16:16:15.0591 5576 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
16:16:15.0591 5576 BrSerWdm - ok
16:16:15.0591 5576 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
16:16:15.0591 5576 BrUsbMdm - ok
16:16:15.0607 5576 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
16:16:15.0607 5576 BrUsbSer - ok
16:16:15.0654 5576 BthEnum (a820438255f37ab8baa2bd59753a8d81) C:\Windows\system32\DRIVERS\BthEnum.sys
16:16:15.0654 5576 BthEnum - ok
16:16:15.0669 5576 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
16:16:15.0669 5576 BTHMODEM - ok
16:16:15.0685 5576 BthPan (b8c3d9ddf85fd197c3e5f849fef71144) C:\Windows\system32\DRIVERS\bthpan.sys
16:16:15.0685 5576 BthPan - ok
16:16:15.0716 5576 BTHPORT (4a74bbb2b6761789f42a6613479bdb1d) C:\Windows\system32\Drivers\BTHport.sys
16:16:15.0716 5576 BTHPORT - ok
16:16:15.0732 5576 BthServ (58ee7f5e68310bc8d4e7cebd8358c12e) C:\Windows\System32\bthserv.dll
16:16:15.0732 5576 BthServ - ok
16:16:15.0747 5576 BTHUSB (1a407f9b707a06f55aa150f9aa072b09) C:\Windows\system32\Drivers\BTHUSB.sys
16:16:15.0747 5576 BTHUSB - ok
16:16:15.0763 5576 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys
16:16:15.0763 5576 cdfs - ok
16:16:15.0778 5576 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys
16:16:15.0778 5576 cdrom - ok
16:16:15.0810 5576 CertPropSvc (0600e04315fe543802a379d5d23c8be0) C:\Windows\System32\certprop.dll
16:16:15.0810 5576 CertPropSvc - ok
16:16:15.0810 5576 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\DRIVERS\circlass.sys
16:16:15.0810 5576 circlass - ok
16:16:15.0841 5576 CLFS (51b4b82560e49c415ae5b1337d635c3f) C:\Windows\system32\CLFS.sys
16:16:15.0841 5576 CLFS - ok
16:16:15.0919 5576 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:16:15.0919 5576 clr_optimization_v2.0.50727_32 - ok
16:16:15.0966 5576 CmBatt (ed97ad3df1b9005989eaf149bf06c821) C:\Windows\system32\DRIVERS\CmBatt.sys
16:16:15.0966 5576 CmBatt - ok
16:16:15.0966 5576 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
16:16:15.0966 5576 cmdide - ok
16:16:15.0997 5576 Compbatt (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\DRIVERS\compbatt.sys
16:16:15.0997 5576 Compbatt - ok
16:16:15.0997 5576 COMSysApp - ok
16:16:16.0028 5576 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
16:16:16.0028 5576 crcdisk - ok
16:16:16.0028 5576 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
16:16:16.0028 5576 Crusoe - ok
16:16:16.0059 5576 CryptSvc (1c26fb097170a2a91066d1e3a24366e3) C:\Windows\system32\cryptsvc.dll
16:16:16.0059 5576 CryptSvc - ok
16:16:16.0137 5576 CSC (398f8c5e8de793f01139b1fe5746aad1) C:\Windows\system32\drivers\csc.sys
16:16:16.0137 5576 CSC - ok
16:16:16.0184 5576 CscService (68131a9a8e3f0ab5136bf386f02a3fc7) C:\Windows\System32\cscsvc.dll
16:16:16.0200 5576 CscService - ok
16:16:16.0340 5576 DcomLaunch (b46d8ea6dd30baa49f674dacdc4c491f) C:\Windows\system32\rpcss.dll
16:16:16.0356 5576 DcomLaunch - ok
16:16:16.0371 5576 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
16:16:16.0371 5576 DfsC - ok
16:16:16.0496 5576 DFSR (e0d584aa76c7d845ba9f3a788260528f) C:\Windows\system32\DFSR.exe
16:16:16.0543 5576 DFSR - ok
16:16:16.0668 5576 Dhcp (17210d8064ec116a3fc6b5e45e577d43) C:\Windows\System32\dhcpcsvc.dll
16:16:16.0668 5576 Dhcp - ok
16:16:16.0714 5576 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys
16:16:16.0714 5576 disk - ok
16:16:16.0746 5576 Dnscache (7ef78529439683570884f9308a02ec11) C:\Windows\System32\dnsrslvr.dll
16:16:16.0746 5576 Dnscache - ok
16:16:16.0761 5576 dot3svc (1f795d214820e496bf1124434a6db546) C:\Windows\System32\dot3svc.dll
16:16:16.0761 5576 dot3svc - ok
16:16:16.0777 5576 DPS (8ef243e3baf1ab4f6202edeb8890319b) C:\Windows\system32\dps.dll
16:16:16.0777 5576 DPS - ok
16:16:16.0824 5576 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys
16:16:16.0824 5576 drmkaud - ok
16:16:16.0870 5576 DXGKrnl (f032a2f91287a0b800891c7bef9ca7a8) C:\Windows\System32\drivers\dxgkrnl.sys
16:16:16.0886 5576 DXGKrnl - ok
16:16:16.0902 5576 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
16:16:16.0902 5576 E1G60 - ok
16:16:16.0933 5576 EapHost (90a0a875642e18618010645311b4e89e) C:\Windows\System32\eapsvc.dll
16:16:16.0933 5576 EapHost - ok
16:16:16.0948 5576 Ecache (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys
16:16:16.0948 5576 Ecache - ok
16:16:16.0980 5576 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
16:16:16.0980 5576 elxstor - ok
16:16:17.0042 5576 EMDMgmt (3226fda08988526e819e364e8cce4cee) C:\Windows\system32\emdmgmt.dll
16:16:17.0058 5576 EMDMgmt - ok
16:16:17.0089 5576 enecir (6c74035909b31f873d85b25e00beb984) C:\Windows\system32\DRIVERS\enecir.sys
16:16:17.0089 5576 enecir - ok
16:16:17.0136 5576 epmntdrv (539ca34fbc74ec366a0d751028c32a08) C:\Windows\system32\epmntdrv.sys
16:16:17.0136 5576 epmntdrv - ok
16:16:17.0167 5576 EuGdiDrv (1f2f4ab15ce03ecc257feb2f6dc5a013) C:\Windows\system32\EuGdiDrv.sys
16:16:17.0167 5576 EuGdiDrv - ok
16:16:17.0214 5576 EventSystem (dfb250bac1a9108abd777ea181e32015) C:\Windows\system32\es.dll
16:16:17.0229 5576 EventSystem - ok
16:16:17.0245 5576 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys
16:16:17.0260 5576 fastfat - ok
16:16:17.0307 5576 Fax (93f75490b02033df8edf4d7089c7e1d8) C:\Windows\system32\fxssvc.exe
16:16:17.0323 5576 Fax - ok
16:16:17.0323 5576 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
16:16:17.0323 5576 fdc - ok
16:16:17.0338 5576 fdPHost (e43bce1a77d6fd4ed5f8e0482b9e7df1) C:\Windows\system32\fdPHost.dll
16:16:17.0338 5576 fdPHost - ok
16:16:17.0338 5576 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
16:16:17.0354 5576 FDResPub - ok
16:16:17.0354 5576 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys
16:16:17.0354 5576 FileInfo - ok
16:16:17.0370 5576 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys
16:16:17.0370 5576 Filetrace - ok
16:16:17.0370 5576 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
16:16:17.0370 5576 flpydisk - ok
16:16:17.0385 5576 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys
16:16:17.0385 5576 FltMgr - ok
16:16:17.0479 5576 FontCache3.0.0.0 (c9be08664611ddaf98e2331e9288b00b) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:16:17.0479 5576 FontCache3.0.0.0 - ok
16:16:17.0541 5576 fspad_wlh32 (92d62d68e48d1cdf25287b42c66e4f27) C:\Windows\system32\DRIVERS\fspad_wlh32.sys
16:16:17.0541 5576 fspad_wlh32 - ok
16:16:17.0541 5576 Fs_Rec (1ed8599e1e08ba40f2b7301f0b83583a) C:\Windows\system32\drivers\Fs_Rec.sys
16:16:17.0541 5576 Fs_Rec - ok
16:16:17.0572 5576 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
16:16:17.0572 5576 gagp30kx - ok
16:16:17.0619 5576 gpsvc (bcf6589c42d8f6a20f33ef133ffe0524) C:\Windows\System32\gpsvc.dll
16:16:17.0635 5576 gpsvc - ok
16:16:17.0728 5576 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
16:16:17.0728 5576 gupdate - ok
16:16:17.0728 5576 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
16:16:17.0744 5576 gupdatem - ok
16:16:17.0775 5576 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
16:16:17.0775 5576 HdAudAddService - ok
16:16:17.0791 5576 HDAudBus (5fd053f305b77ebe97f284b20d89dc1c) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:16:17.0791 5576 HDAudBus - ok
16:16:17.0791 5576 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
16:16:17.0791 5576 HidBth - ok
16:16:17.0806 5576 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\DRIVERS\hidir.sys
16:16:17.0806 5576 HidIr - ok
16:16:17.0822 5576 hidserv (8fa640195279ace21bea91396a0054fc) C:\Windows\system32\hidserv.dll
16:16:17.0822 5576 hidserv - ok
16:16:17.0838 5576 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\DRIVERS\hidusb.sys
16:16:17.0838 5576 HidUsb - ok
16:16:17.0869 5576 hkmsvc (d40aa05e29bf6ed29b139f044b461e9b) C:\Windows\system32\kmsvc.dll
16:16:17.0869 5576 hkmsvc - ok
16:16:17.0869 5576 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
16:16:17.0869 5576 HpCISSs - ok
16:16:17.0916 5576 HTTP (f31d27ccf514549a17e79bebe01b40b6) C:\Windows\system32\drivers\HTTP.sys
16:16:17.0916 5576 HTTP - ok
16:16:17.0947 5576 hwdatacard (348c3a9d01e68a0222a246346924aa55) C:\Windows\system32\DRIVERS\ewusbmdm.sys
16:16:17.0947 5576 hwdatacard - ok
16:16:17.0962 5576 hwusbdev (460b1945c3e6b0419a76e1b507b90b71) C:\Windows\system32\DRIVERS\ewusbdev.sys
16:16:17.0962 5576 hwusbdev - ok
16:16:17.0978 5576 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
16:16:17.0978 5576 i2omp - ok
16:16:18.0009 5576 i8042prt (1060f1377f395a242e27719440ece602) C:\Windows\system32\DRIVERS\i8042prt.sys
16:16:18.0009 5576 i8042prt - ok
16:16:18.0025 5576 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
16:16:18.0040 5576 iaStorV - ok
16:16:18.0196 5576 idsvc (7b630acaed64fef0c3e1cf255cb56686) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:16:18.0212 5576 idsvc - ok
16:16:18.0228 5576 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
16:16:18.0228 5576 iirsp - ok
16:16:18.0274 5576 IKEEXT (35662fe4d8622f667aa5a5568f7f1b40) C:\Windows\System32\ikeext.dll
16:16:18.0274 5576 IKEEXT - ok
16:16:18.0430 5576 IntcAzAudAddService (3c0e1c89079d48abba5fbf54626dc9e2) C:\Windows\system32\drivers\RTKVHDA.sys
16:16:18.0446 5576 IntcAzAudAddService - ok
16:16:18.0586 5576 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
16:16:18.0586 5576 intelide - ok
16:16:18.0586 5576 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
16:16:18.0586 5576 intelppm - ok
16:16:18.0633 5576 IPBusEnum (88cf5281ed9880d74dc9011cf8b5262d) C:\Windows\system32\ipbusenum.dll
16:16:18.0633 5576 IPBusEnum - ok
16:16:18.0633 5576 IpFilterDriver (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:16:18.0633 5576 IpFilterDriver - ok
16:16:18.0649 5576 IpInIp - ok
16:16:18.0649 5576 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
16:16:18.0649 5576 IPMIDRV - ok
16:16:18.0664 5576 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys
16:16:18.0664 5576 IPNAT - ok
16:16:18.0680 5576 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys
16:16:18.0680 5576 IRENUM - ok
16:16:18.0680 5576 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
16:16:18.0680 5576 isapnp - ok
16:16:18.0711 5576 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys
16:16:18.0711 5576 iScsiPrt - ok
16:16:18.0758 5576 ISODrive (7a3490dd60aadf5ea22a3088740dd9a1) C:\Program Files\UltraISO\drivers\ISODrive.sys
16:16:18.0758 5576 ISODrive - ok
16:16:18.0774 5576 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
16:16:18.0774 5576 iteatapi - ok
16:16:18.0774 5576 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
16:16:18.0774 5576 iteraid - ok
16:16:18.0774 5576 kbdclass (1a48765f92ba1a88445fc25c9c9d94fc) C:\Windows\system32\DRIVERS\kbdclass.sys
16:16:18.0774 5576 kbdclass - ok
16:16:18.0789 5576 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\DRIVERS\kbdhid.sys
16:16:18.0789 5576 kbdhid - ok
16:16:18.0805 5576 KeyIso (6a0e382e74280e4cc0df17fe2661d003) C:\Windows\system32\lsass.exe
16:16:18.0805 5576 KeyIso - ok
16:16:18.0836 5576 KSecDD (11d0bc1f2afd8abbb5a3dc47a042de54) C:\Windows\system32\Drivers\ksecdd.sys
16:16:18.0836 5576 KSecDD - ok
16:16:18.0867 5576 KtmRm (45c537fe5dde9a0146aeff76e615737d) C:\Windows\system32\msdtckrm.dll
16:16:18.0883 5576 KtmRm - ok
16:16:18.0898 5576 LanmanServer (53d1482fc1aa36ac015a85e6cf2146bd) C:\Windows\system32\srvsvc.dll
16:16:18.0914 5576 LanmanServer - ok
16:16:18.0945 5576 LanmanWorkstation (a6a0dff37bc17ecd6705fbdb90eecd92) C:\Windows\System32\wkssvc.dll
16:16:18.0945 5576 LanmanWorkstation - ok
16:16:18.0992 5576 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys
16:16:18.0992 5576 lltdio - ok
16:16:19.0008 5576 lltdsvc (7450dbcf754391dd6363fffd5ef0e789) C:\Windows\System32\lltdsvc.dll
16:16:19.0023 5576 lltdsvc - ok
16:16:19.0023 5576 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
16:16:19.0023 5576 lmhosts - ok
16:16:19.0039 5576 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
16:16:19.0039 5576 LSI_FC - ok
16:16:19.0054 5576 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
16:16:19.0054 5576 LSI_SAS - ok
16:16:19.0070 5576 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
16:16:19.0070 5576 LSI_SCSI - ok
16:16:19.0070 5576 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys
16:16:19.0070 5576 luafv - ok
16:16:19.0086 5576 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
16:16:19.0101 5576 MBAMProtector - ok
16:16:19.0195 5576 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
16:16:19.0195 5576 MBAMService - ok
16:16:19.0320 5576 MDM (7cf1b716372b89568ae4c0fe769f5869) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
16:16:19.0320 5576 MDM - ok
16:16:19.0335 5576 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
16:16:19.0335 5576 megasas - ok
16:16:19.0413 5576 Micro Star SCM (7e0506bf8148d74d2823e0a418e4ad31) C:\Program Files\System Control Manager\MSIService.exe
16:16:19.0413 5576 Micro Star SCM - ok
16:16:19.0476 5576 Microsoft Office Groove Audit Service (fafe367d032ed82e9332b4c741a20216) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
16:16:19.0476 5576 Microsoft Office Groove Audit Service - ok
16:16:19.0507 5576 MMCSS (9dfa3a459af0954aa85b4f7622ad87bb) C:\Windows\system32\mmcss.dll
16:16:19.0507 5576 MMCSS - ok
16:16:19.0522 5576 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys
16:16:19.0522 5576 Modem - ok
16:16:19.0522 5576 monitor (ec839ba91e45cce6eadafc418fff8206) C:\Windows\system32\DRIVERS\monitor.sys
16:16:19.0538 5576 monitor - ok
16:16:19.0538 5576 mouclass (3c9469dfb3440555dab070716d768b1e) C:\Windows\system32\DRIVERS\mouclass.sys
16:16:19.0538 5576 mouclass - ok
16:16:19.0538 5576 mouhid (a3a6dff7e9e757db3df51a833bc28885) C:\Windows\system32\DRIVERS\mouhid.sys
16:16:19.0538 5576 mouhid - ok
16:16:19.0554 5576 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys
16:16:19.0554 5576 MountMgr - ok
16:16:19.0600 5576 MozillaMaintenance (6380ff81dd4d78b23398752d2f46ea43) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
16:16:19.0600 5576 MozillaMaintenance - ok
16:16:19.0600 5576 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
16:16:19.0616 5576 mpio - ok
16:16:19.0632 5576 mpsdrv (8d326e8b321685d4784afa1c55169d73) C:\Windows\system32\drivers\mpsdrv.sys
16:16:19.0632 5576 mpsdrv - ok
16:16:19.0678 5576 MpsSvc (370248683bdf5fe36bd06c6416e6ce83) C:\Windows\system32\mpssvc.dll
16:16:19.0678 5576 MpsSvc - ok
16:16:19.0694 5576 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
16:16:19.0694 5576 Mraid35x - ok
16:16:19.0694 5576 MRxDAV (93224014a418b72356462b8f7de6e8c9) C:\Windows\system32\drivers\mrxdav.sys
16:16:19.0694 5576 MRxDAV - ok
16:16:19.0710 5576 mrxsmb (fca7563d87f71c6db0182ca67cc19aa7) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:16:19.0710 5576 mrxsmb - ok
16:16:19.0725 5576 mrxsmb10 (58a9ab5754fa4cabede7401283b5a771) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:16:19.0725 5576 mrxsmb10 - ok
16:16:19.0741 5576 mrxsmb20 (79b09504e4a790104683722cd04f76b4) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:16:19.0741 5576 mrxsmb20 - ok
16:16:19.0741 5576 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
16:16:19.0741 5576 msahci - ok
16:16:19.0756 5576 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
16:16:19.0756 5576 msdsm - ok
16:16:19.0772 5576 MSDTC (bc64a92d821efea8bab8e8caf1b668bc) C:\Windows\System32\msdtc.exe
16:16:19.0772 5576 MSDTC - ok
16:16:19.0772 5576 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys
16:16:19.0772 5576 Msfs - ok
16:16:19.0788 5576 msisadrv (5f454a16a5146cd91a176d70f0cfa3ec) C:\Windows\system32\drivers\msisadrv.sys
16:16:19.0788 5576 msisadrv - ok
16:16:19.0819 5576 MSiSCSI (8acf956d9154e893e789881430c12632) C:\Windows\system32\iscsiexe.dll
16:16:19.0819 5576 MSiSCSI - ok
16:16:19.0834 5576 msiserver - ok
16:16:19.0850 5576 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys
16:16:19.0850 5576 MSKSSRV - ok
16:16:19.0866 5576 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys
16:16:19.0866 5576 MSPCLOCK - ok
16:16:19.0866 5576 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys
16:16:19.0881 5576 MSPQM - ok
16:16:19.0881 5576 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys
16:16:19.0897 5576 MsRPC - ok
16:16:19.0912 5576 mssmbios (4385c80ede885e25492d408cad91bd6f) C:\Windows\system32\DRIVERS\mssmbios.sys
16:16:19.0912 5576 mssmbios - ok
16:16:19.0912 5576 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys
16:16:19.0912 5576 MSTEE - ok
16:16:19.0928 5576 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys
16:16:19.0928 5576 Mup - ok
16:16:19.0959 5576 napagent (1cdbb5d002fe2bc5300aa20550d8a52e) C:\Windows\system32\qagentRT.dll
16:16:19.0959 5576 napagent - ok
16:16:19.0990 5576 NativeWifiP (497de786240303ee67ab01f5690c24c2) C:\Windows\system32\DRIVERS\nwifi.sys
16:16:19.0990 5576 NativeWifiP - ok
16:16:20.0146 5576 NBService (89844c3d3a7aae8999e229c88e452633) C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
16:16:20.0162 5576 NBService - ok
16:16:20.0209 5576 NDIS (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys
16:16:20.0224 5576 NDIS - ok
16:16:20.0256 5576 ndiscm (b797ee2ef919c95561dee78b72b33e5b) C:\Windows\system32\DRIVERS\NetMotCM.sys
16:16:20.0256 5576 ndiscm - ok
16:16:20.0271 5576 NdisTapi (7584f1794b23b83d63cc124a8c56d103) C:\Windows\system32\DRIVERS\ndistapi.sys
16:16:20.0271 5576 NdisTapi - ok
16:16:20.0271 5576 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys
16:16:20.0271 5576 Ndisuio - ok
16:16:20.0287 5576 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys
16:16:20.0287 5576 NdisWan - ok
16:16:20.0302 5576 NDProxy (874c12e3ad1431cabc854697d302c563) C:\Windows\system32\drivers\NDProxy.sys
16:16:20.0302 5576 NDProxy - ok
16:16:20.0318 5576 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys
16:16:20.0318 5576 NetBIOS - ok
16:16:20.0318 5576 netbt (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys
16:16:20.0334 5576 netbt - ok
16:16:20.0334 5576 Netlogon (6a0e382e74280e4cc0df17fe2661d003) C:\Windows\system32\lsass.exe
16:16:20.0334 5576 Netlogon - ok
16:16:20.0380 5576 Netman (90a4dae28b94497f83bea0f2a3b77092) C:\Windows\System32\netman.dll
16:16:20.0380 5576 Netman - ok
16:16:20.0412 5576 netprofm (7c5c3d9ceee838856b828ab6f98a2857) C:\Windows\System32\netprofm.dll
16:16:20.0412 5576 netprofm - ok
16:16:20.0630 5576 NetTcpPortSharing (0ad5876ef4e9eb77c8f93eb5b2fff386) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:16:20.0630 5576 NetTcpPortSharing - ok
16:16:20.0646 5576 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
16:16:20.0646 5576 nfrd960 - ok
16:16:20.0677 5576 NlaSvc (c424117a562f2de37a42266894c79aeb) C:\Windows\System32\nlasvc.dll
16:16:20.0677 5576 NlaSvc - ok
16:16:20.0770 5576 NMIndexingService (8dd0cdb0c700992d10169d8769ef5f43) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
16:16:20.0786 5576 NMIndexingService - ok
16:16:20.0802 5576 nmwcd (c3963d85b721a7f80d8a55f4e2867a3a) C:\Windows\system32\drivers\ccdcmb.sys
16:16:20.0802 5576 nmwcd - ok
16:16:20.0833 5576 nmwcdc (3859c69a77793180548802dac9f34a38) C:\Windows\system32\drivers\ccdcmbo.sys
16:16:20.0833 5576 nmwcdc - ok
16:16:20.0848 5576 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys
16:16:20.0848 5576 Npfs - ok
16:16:20.0880 5576 nsi (23b8201a363de0e649fc75ee9874dee2) C:\Windows\system32\nsisvc.dll
16:16:20.0880 5576 nsi - ok
16:16:20.0895 5576 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys
16:16:20.0895 5576 nsiproxy - ok
16:16:20.0989 5576 Ntfs (3f379380a4a2637f559444e338cf1b51) C:\Windows\system32\drivers\Ntfs.sys
16:16:21.0004 5576 Ntfs - ok
16:16:21.0020 5576 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
16:16:21.0020 5576 ntrigdigi - ok
16:16:21.0036 5576 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys
16:16:21.0036 5576 Null - ok
16:16:21.0082 5576 NVHDA (a103162c62c336c2cb3c5e1e2773d17b) C:\Windows\system32\drivers\nvhda32v.sys
16:16:21.0082 5576 NVHDA - ok
16:16:21.0519 5576 nvlddmkm (cb0d6f8f65b8766ff2aaaa78881fd9f8) C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:16:21.0706 5576 nvlddmkm - ok
16:16:21.0831 5576 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
16:16:21.0831 5576 nvraid - ok
16:16:21.0847 5576 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
16:16:21.0847 5576 nvstor - ok
16:16:21.0878 5576 nvsvc (15315bb51e9025fe41b482681c6e7ba2) C:\Windows\system32\nvvsvc.exe
16:16:21.0894 5576 nvsvc - ok
16:16:21.0894 5576 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
16:16:21.0894 5576 nv_agp - ok
16:16:21.0894 5576 NwlnkFlt - ok
16:16:21.0909 5576 NwlnkFwd - ok
16:16:21.0987 5576 o2flash (d955d5de998db2476bf0892be3a96c26) C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
16:16:21.0987 5576 o2flash - ok
16:16:22.0003 5576 O2MDRDR (a073a97d6c9f2e3921062fce7f22331b) C:\Windows\system32\DRIVERS\o2media.sys
16:16:22.0003 5576 O2MDRDR - ok
16:16:22.0034 5576 O2SDRDR (6e590c91f97ae5e3408453c8ae9a3000) C:\Windows\system32\DRIVERS\o2sd.sys
16:16:22.0034 5576 O2SDRDR - ok
16:16:22.0143 5576 odserv (84de1dd996b48b05ace31ad015fa108a) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:16:22.0159 5576 odserv - ok
16:16:22.0190 5576 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys
16:16:22.0190 5576 ohci1394 - ok
16:16:22.0221 5576 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:16:22.0221 5576 ose - ok
16:16:22.0299 5576 p2pimsvc (016d01d3b8fb976a193c7434bed8dccf) C:\Windows\system32\p2psvc.dll
16:16:22.0315 5576 p2pimsvc - ok
16:16:22.0315 5576 p2psvc (016d01d3b8fb976a193c7434bed8dccf) C:\Windows\system32\p2psvc.dll
16:16:22.0330 5576 p2psvc - ok
16:16:22.0346 5576 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
16:16:22.0346 5576 Parport - ok
16:16:22.0346 5576 partmgr (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys
16:16:22.0346 5576 partmgr - ok
16:16:22.0362 5576 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
16:16:22.0362 5576 Parvdm - ok
16:16:22.0377 5576 PcaSvc (d8c5c215c932233a4f1d7f368f4e4e65) C:\Windows\System32\pcasvc.dll
16:16:22.0377 5576 PcaSvc - ok
16:16:22.0424 5576 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys
16:16:22.0424 5576 pccsmcfd - ok
16:16:22.0440 5576 pci (1085d75657807e0e8b32f9e19a1647c3) C:\Windows\system32\drivers\pci.sys
16:16:22.0440 5576 pci - ok
16:16:22.0455 5576 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
16:16:22.0455 5576 pciide - ok
16:16:22.0502 5576 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
16:16:22.0502 5576 pcmcia - ok
16:16:22.0549 5576 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
16:16:22.0580 5576 PEAUTH - ok
16:16:22.0674 5576 Ph3xIB32 (514fadd940a5ee06d6caa5cd0f6725d6) C:\Windows\system32\DRIVERS\Ph3xIB32.sys
16:16:22.0705 5576 Ph3xIB32 - ok
16:16:22.0830 5576 pla (cd05a38d166beade18030bafc0c0a939) C:\Windows\system32\pla.dll
16:16:22.0861 5576 pla - ok
16:16:22.0986 5576 PlugPlay (99f45ff202a0c8f2c948557fa404af4c) C:\Windows\system32\umpnpmgr.dll
16:16:22.0986 5576 PlugPlay - ok
16:16:23.0048 5576 PNRPAutoReg (016d01d3b8fb976a193c7434bed8dccf) C:\Windows\system32\p2psvc.dll
16:16:23.0048 5576 PNRPAutoReg - ok
16:16:23.0064 5576 PNRPsvc (016d01d3b8fb976a193c7434bed8dccf) C:\Windows\system32\p2psvc.dll
16:16:23.0064 5576 PNRPsvc - ok
16:16:23.0126 5576 PolicyAgent (05ab8cbd7056b6ea16e5fab14326aaee) C:\Windows\System32\ipsecsvc.dll
16:16:23.0142 5576 PolicyAgent - ok
16:16:23.0188 5576 PptpMiniport (6c359ac71d7b550a0d41f9db4563ce05) C:\Windows\system32\DRIVERS\raspptp.sys
16:16:23.0188 5576 PptpMiniport - ok
16:16:23.0204 5576 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
16:16:23.0220 5576 Processor - ok
16:16:23.0251 5576 ProfSvc (213112e152e68f0e4705e36f052a2880) C:\Windows\system32\profsvc.dll
16:16:23.0251 5576 ProfSvc - ok
16:16:23.0251 5576 ProtectedStorage (6a0e382e74280e4cc0df17fe2661d003) C:\Windows\system32\lsass.exe
16:16:23.0266 5576 ProtectedStorage - ok
16:16:23.0282 5576 PSched (b74edf14453c9987e99e66535047ebee) C:\Windows\system32\DRIVERS\pacer.sys
16:16:23.0282 5576 PSched - ok
16:16:23.0329 5576 pwdrvio (297e2746df41528a0950f3af80cedb2d) C:\Windows\system32\pwdrvio.sys
16:16:23.0329 5576 pwdrvio - ok
16:16:23.0391 5576 pwdspio (bc7d54cdbe3bbfe52f09cb7b20c3d365) C:\Windows\system32\pwdspio.sys
16:16:23.0391 5576 pwdspio - ok
16:16:23.0454 5576 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
16:16:23.0485 5576 ql2300 - ok
16:16:23.0500 5576 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
16:16:23.0500 5576 ql40xx - ok
16:16:23.0641 5576 QWAVE (ca61bdfd3713a7ce75f2812afc431594) C:\Windows\system32\qwave.dll
16:16:23.0656 5576 QWAVE - ok
16:16:23.0656 5576 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys
16:16:23.0656 5576 QWAVEdrv - ok
16:16:23.0656 5576 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys
16:16:23.0656 5576 RasAcd - ok
16:16:23.0672 5576 RasAuto (f14f4aab9f54d099fe99192bdb100ac9) C:\Windows\System32\rasauto.dll
16:16:23.0672 5576 RasAuto - ok
16:16:23.0703 5576 Rasl2tp (88587dd843e2059848995b407b67f6cf) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:16:23.0703 5576 Rasl2tp - ok
16:16:23.0719 5576 RasMan (11d65e29bc9d1e4114d18fe68194394c) C:\Windows\System32\rasmans.dll
16:16:23.0734 5576 RasMan - ok
16:16:23.0734 5576 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys
16:16:23.0734 5576 RasPppoe - ok
16:16:23.0766 5576 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys
16:16:23.0766 5576 rdbss - ok
16:16:23.0766 5576 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:16:23.0766 5576 RDPCDD - ok
16:16:23.0797 5576 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\DRIVERS\rdpdr.sys
16:16:23.0797 5576 rdpdr - ok
16:16:23.0797 5576 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys
16:16:23.0797 5576 RDPENCDD - ok
16:16:23.0828 5576 RDPWD (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys
16:16:23.0828 5576 RDPWD - ok
16:16:23.0859 5576 RemoteAccess (6c1a43c589ee8011a1ebfd51c01b77ce) C:\Windows\System32\mprdim.dll
16:16:23.0859 5576 RemoteAccess - ok
16:16:23.0875 5576 RemoteRegistry (9a043808667c8c1893da7275af373f0e) C:\Windows\system32\regsvc.dll
16:16:23.0875 5576 RemoteRegistry - ok
16:16:23.0906 5576 RFCOMM (7ec90c316177ba3f1bce92005264b447) C:\Windows\system32\DRIVERS\rfcomm.sys
16:16:23.0906 5576 RFCOMM - ok
16:16:23.0922 5576 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
16:16:23.0922 5576 RpcLocator - ok
16:16:23.0953 5576 RpcSs (b46d8ea6dd30baa49f674dacdc4c491f) C:\Windows\system32\rpcss.dll
16:16:23.0968 5576 RpcSs - ok
16:16:23.0984 5576 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys
16:16:23.0984 5576 rspndr - ok
16:16:24.0031 5576 RTL8169 (125c504a34d0a2e152517e342e7e432c) C:\Windows\system32\DRIVERS\Rtlh86.sys
16:16:24.0031 5576 RTL8169 - ok
16:16:24.0046 5576 SamSs (6a0e382e74280e4cc0df17fe2661d003) C:\Windows\system32\lsass.exe
16:16:24.0046 5576 SamSs - ok
16:16:24.0109 5576 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
16:16:24.0109 5576 SASDIFSV - ok
16:16:24.0124 5576 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
16:16:24.0124 5576 SASKUTIL - ok
16:16:24.0140 5576 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
16:16:24.0140 5576 sbp2port - ok
16:16:24.0171 5576 SCardSvr (565b4b9e5ad2f2f18a4f8aafa6c06bbb) C:\Windows\System32\SCardSvr.dll
16:16:24.0171 5576 SCardSvr - ok
16:16:24.0218 5576 SCDEmu (20b2751cd4c8f3fd989739ca661b9f30) C:\Windows\system32\drivers\SCDEmu.sys
16:16:24.0218 5576 SCDEmu - ok
16:16:24.0265 5576 Schedule (5c72614e6625d39cc1504bf078fdc4ca) C:\Windows\system32\schedsvc.dll
16:16:24.0296 5576 Schedule - ok
16:16:24.0312 5576 SCPolicySvc (0600e04315fe543802a379d5d23c8be0) C:\Windows\System32\certprop.dll
16:16:24.0312 5576 SCPolicySvc - ok
16:16:24.0327 5576 sdbus (4339a2585708c7d9b0c0ce5aad3dd6ff) C:\Windows\system32\DRIVERS\sdbus.sys
16:16:24.0343 5576 sdbus - ok
16:16:24.0358 5576 SDRSVC (f7b6bf02240d0a764adf8c8966735552) C:\Windows\System32\SDRSVC.dll
16:16:24.0358 5576 SDRSVC - ok
16:16:24.0390 5576 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
16:16:24.0390 5576 secdrv - ok
16:16:24.0405 5576 seclogon (8388c4133ddbe62ad7bc3ec9f14271ed) C:\Windows\system32\seclogon.dll
16:16:24.0405 5576 seclogon - ok
16:16:24.0421 5576 SENS (34350ae2c1d33d21c7305f861bd8dad8) C:\Windows\System32\sens.dll
16:16:24.0421 5576 SENS - ok
16:16:24.0421 5576 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
16:16:24.0421 5576 Serenum - ok
16:16:24.0436 5576 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
16:16:24.0436 5576 Serial - ok
16:16:24.0452 5576 sermouse (fd06895f55c0bec3cbd84bda14e1c6b7) C:\Windows\system32\drivers\sermouse.sys
16:16:24.0452 5576 sermouse - ok
16:16:24.0577 5576 ServiceLayer (2d841b7b7f6dec32162edfcc69d61f42) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
16:16:24.0592 5576 ServiceLayer - ok
16:16:24.0639 5576 SessionEnv (78878235da4df0d116e86837a0a21df8) C:\Windows\system32\sessenv.dll
16:16:24.0639 5576 SessionEnv - ok
16:16:24.0639 5576 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
16:16:24.0639 5576 sffdisk - ok
16:16:24.0655 5576 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
16:16:24.0655 5576 sffp_mmc - ok
16:16:24.0655 5576 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
16:16:24.0655 5576 sffp_sd - ok
16:16:24.0670 5576 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
16:16:24.0670 5576 sfloppy - ok
16:16:24.0702 5576 ShellHWDetection (b264dfa21677728613267fe63802b332) C:\Windows\System32\shsvcs.dll
16:16:24.0702 5576 ShellHWDetection - ok
16:16:24.0717 5576 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
16:16:24.0717 5576 sisagp - ok
16:16:24.0733 5576 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
16:16:24.0733 5576 SiSRaid2 - ok
16:16:24.0748 5576 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
16:16:24.0748 5576 SiSRaid4 - ok
16:16:24.0811 5576 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files\Skype\Updater\Updater.exe
16:16:24.0811 5576 SkypeUpdate - ok
16:16:24.0951 5576 slsvc (7610645679bb5994210d21a347e0c479) C:\Windows\system32\SLsvc.exe
16:16:25.0029 5576 slsvc - ok
16:16:25.0138 5576 SLUINotify (49670f3e42a0178a0ab425ae15d88e7c) C:\Windows\system32\SLUINotify.dll
16:16:25.0138 5576 SLUINotify - ok
16:16:25.0185 5576 Smb (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys
16:16:25.0185 5576 Smb - ok
16:16:25.0263 5576 smserial (5e62ba073c90e6c9d4ea199d6080f919) C:\Windows\system32\DRIVERS\smserial.sys
16:16:25.0294 5576 smserial - ok
16:16:25.0326 5576 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
16:16:25.0326 5576 SNMPTRAP - ok
16:16:25.0341 5576 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys
16:16:25.0341 5576 spldr - ok
16:16:25.0357 5576 Spooler (da612ef2556776df2630b68bf2d48935) C:\Windows\System32\spoolsv.exe
16:16:25.0372 5576 Spooler - ok
16:16:25.0466 5576 sptd (c4bb8a12843d9cbb65f5ff617f389bbd) C:\Windows\system32\Drivers\sptd.sys
16:16:25.0466 5576 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: c4bb8a12843d9cbb65f5ff617f389bbd
16:16:25.0466 5576 sptd ( LockedFile.Multi.Generic ) - warning
16:16:25.0466 5576 sptd - detected LockedFile.Multi.Generic (1)
16:16:25.0497 5576 srv (2c677528b24d64d22886ecbe5cd97f20) C:\Windows\system32\DRIVERS\srv.sys
16:16:25.0497 5576 srv - ok
16:16:25.0513 5576 srv2 (382baf4dcbd7648ced6c64a8a1e335b2) C:\Windows\system32\DRIVERS\srv2.sys
16:16:25.0513 5576 srv2 - ok
16:16:25.0528 5576 srvnet (f8e47a77e1690d8574962b69cb22beb3) C:\Windows\system32\DRIVERS\srvnet.sys
16:16:25.0528 5576 srvnet - ok
16:16:25.0575 5576 SSDPSRV (8d3e4baff8b3997138c38eb1b600519a) C:\Windows\System32\ssdpsrv.dll
16:16:25.0575 5576 SSDPSRV - ok
16:16:25.0606 5576 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
16:16:25.0606 5576 ssmdrv - ok
16:16:25.0653 5576 stisvc (a941e099ef46e3cc12f898cbe1c39910) C:\Windows\System32\wiaservc.dll
16:16:25.0669 5576 stisvc - ok
16:16:25.0684 5576 swenum (1379bdb336f8158c176a465e30759f57) C:\Windows\system32\DRIVERS\swenum.sys
16:16:25.0684 5576 swenum - ok
16:16:25.0731 5576 swprv (749ada8d6c18a08adfede69cbf5db2e0) C:\Windows\System32\swprv.dll
16:16:25.0731 5576 swprv - ok
16:16:25.0747 5576 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
16:16:25.0747 5576 Symc8xx - ok
16:16:25.0747 5576 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
16:16:25.0747 5576 Sym_hi - ok
16:16:25.0762 5576 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
16:16:25.0762 5576 Sym_u3 - ok
16:16:25.0809 5576 SysMain (8f2b5fede18bd3c4c926cbf88e6f1264) C:\Windows\system32\sysmain.dll
16:16:25.0825 5576 SysMain - ok
16:16:25.0840 5576 TapiSrv (ef3dd33c740fc2f82e7e4622f1c49289) C:\Windows\System32\tapisrv.dll
16:16:25.0856 5576 TapiSrv - ok
16:16:25.0872 5576 TBS (68fa52794ae9acc61bde16fe0956b414) C:\Windows\System32\tbssvc.dll
16:16:25.0887 5576 TBS - ok
16:16:25.0934 5576 Tcpip (d944522b048a5feb7700b5170d3d9423) C:\Windows\system32\drivers\tcpip.sys
16:16:25.0934 5576 Tcpip - ok
16:16:25.0950 5576 Tcpip6 (d944522b048a5feb7700b5170d3d9423) C:\Windows\system32\DRIVERS\tcpip.sys
16:16:25.0950 5576 Tcpip6 - ok
16:16:25.0981 5576 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys
16:16:25.0981 5576 tcpipreg - ok
16:16:25.0981 5576 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys
16:16:25.0981 5576 TDPIPE - ok
16:16:25.0996 5576 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys
16:16:25.0996 5576 TDTCP - ok
16:16:26.0012 5576 tdx (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys
16:16:26.0012 5576 tdx - ok
16:16:26.0215 5576 TeamViewer6 (efd6843c137991cd253ca959e300e886) C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
16:16:26.0230 5576 TeamViewer6 - ok
16:16:26.0355 5576 TermDD (2c549bd9dd091fbfaa0a2a48e82ec2fb) C:\Windows\system32\DRIVERS\termdd.sys
16:16:26.0355 5576 TermDD - ok
16:16:26.0402 5576 TermService (fad71c1e8e4047b154e899ae31eb8caa) C:\Windows\System32\termsrv.dll
16:16:26.0418 5576 TermService - ok
16:16:26.0449 5576 Themes (b264dfa21677728613267fe63802b332) C:\Windows\system32\shsvcs.dll
16:16:26.0449 5576 Themes - ok
16:16:26.0480 5576 THREADORDER (9dfa3a459af0954aa85b4f7622ad87bb) C:\Windows\system32\mmcss.dll
16:16:26.0480 5576 THREADORDER - ok
16:16:26.0605 5576 TOSHIBA Bluetooth Service (e44759cb4ac9f43464d8780501cc0470) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
16:16:26.0605 5576 TOSHIBA Bluetooth Service - ok
16:16:26.0620 5576 tosporte (2c15b4856f929ac7dd144044d8334b54) C:\Windows\system32\DRIVERS\tosporte.sys
16:16:26.0620 5576 tosporte - ok
16:16:26.0667 5576 Tosrfbd (6750328ab04ae5faf01403a575d66978) C:\Windows\system32\DRIVERS\tosrfbd.sys
16:16:26.0667 5576 Tosrfbd - ok
16:16:26.0683 5576 tosrfbnp (e5e34cd8848742cdc946f589f802630f) C:\Windows\system32\Drivers\tosrfbnp.sys
16:16:26.0683 5576 tosrfbnp - ok
16:16:26.0698 5576 Tosrfcom (c281d231ba7bc7955d39ea9e21374eff) C:\Windows\system32\Drivers\tosrfcom.sys
16:16:26.0714 5576 Tosrfcom - ok
16:16:26.0714 5576 Tosrfhid (592cd9c8ab08ef02ea53905d30fb157e) C:\Windows\system32\DRIVERS\Tosrfhid.sys
16:16:26.0730 5576 Tosrfhid - ok
16:16:26.0730 5576 tosrfnds (0f3fd4f55175caeddce9efd6c5ca45d3) C:\Windows\system32\DRIVERS\tosrfnds.sys
16:16:26.0745 5576 tosrfnds - ok
16:16:26.0761 5576 TosRfSnd (f21031c35fe340a948ffdca6de74d333) C:\Windows\system32\drivers\tosrfsnd.sys
16:16:26.0761 5576 TosRfSnd - ok
16:16:26.0761 5576 Tosrfusb (c4245835d4fac0494ed616f3bfe9ee0a) C:\Windows\system32\DRIVERS\tosrfusb.sys
16:16:26.0776 5576 Tosrfusb - ok
16:16:26.0792 5576 TrkWks (6bba0582c0025d43729a1112d3b57897) C:\Windows\System32\trkwks.dll
16:16:26.0792 5576 TrkWks - ok
16:16:26.0839 5576 TrustedInstaller (cd987375605e6f9c3230e99eda9d9c6d) C:\Windows\servicing\TrustedInstaller.exe
16:16:26.0839 5576 TrustedInstaller - ok
16:16:26.0870 5576 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:16:26.0870 5576 tssecsrv - ok
16:16:26.0870 5576 tunnel (52daa1fa3b5a40d6a6627b44c60a9b78) C:\Windows\system32\DRIVERS\tunnel.sys
16:16:26.0870 5576 tunnel - ok
16:16:26.0886 5576 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
16:16:26.0886 5576 uagp35 - ok
16:16:26.0901 5576 udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys
16:16:26.0901 5576 udfs - ok
16:16:26.0917 5576 UI0Detect (24a333f4f14dcfb6ff6d5a1b9e5d79dd) C:\Windows\system32\UI0Detect.exe
16:16:26.0932 5576 UI0Detect - ok
16:16:26.0948 5576 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
16:16:26.0948 5576 uliagpkx - ok
16:16:26.0964 5576 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
16:16:26.0979 5576 uliahci - ok
16:16:26.0979 5576 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
16:16:26.0979 5576 UlSata - ok
16:16:26.0995 5576 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
16:16:26.0995 5576 ulsata2 - ok
16:16:26.0995 5576 umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys
16:16:26.0995 5576 umbus - ok
16:16:27.0026 5576 UmRdpService (cfbb746c889b9223d2ac268cf283a93e) C:\Windows\System32\umrdp.dll
16:16:27.0026 5576 UmRdpService - ok
16:16:27.0057 5576 upnphost (8eb871a3deb6b3d5a85eb6ddfc390b59) C:\Windows\System32\upnphost.dll
16:16:27.0057 5576 upnphost - ok
16:16:27.0088 5576 usbbus (9419faac6552a51542dbba02971c841c) C:\Windows\system32\DRIVERS\lgusbbus.sys
16:16:27.0088 5576 usbbus - ok
16:16:27.0104 5576 usbccgp (8bd3ae150d97ba4e633c6c5c51b41ae1) C:\Windows\system32\DRIVERS\usbccgp.sys
16:16:27.0104 5576 usbccgp - ok
16:16:27.0120 5576 UsbDiag (c0a466fa4ffec464320e159bc1bbdc0c) C:\Windows\system32\DRIVERS\lgusbdiag.sys
16:16:27.0120 5576 UsbDiag - ok
16:16:27.0135 5576 usbehci (63fe924d8a1113c3ba6750693fbec7d3) C:\Windows\system32\DRIVERS\usbehci.sys
16:16:27.0135 5576 usbehci - ok
16:16:27.0151 5576 usbhub (5edec5510592c905e91817707dce62a2) C:\Windows\system32\DRIVERS\usbhub.sys
16:16:27.0151 5576 usbhub - ok
16:16:27.0354 5576 USBModem (f74a54774a9b0afeb3c40adec68aa600) C:\Windows\system32\DRIVERS\lgusbmodem.sys
16:16:27.0354 5576 USBModem - ok
16:16:27.0385 5576 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
16:16:27.0385 5576 usbohci - ok
16:16:27.0400 5576 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys
16:16:27.0400 5576 usbprint - ok
16:16:27.0416 5576 USBSTOR (fdbaabf07244c60b0f4e0a6e71a107c6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:16:27.0416 5576 USBSTOR - ok
16:16:27.0432 5576 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
16:16:27.0432 5576 usbuhci - ok
16:16:27.0478 5576 usbvideo (0a6b81f01bc86399482e27e6fda7b33b) C:\Windows\system32\Drivers\usbvideo.sys
16:16:27.0478 5576 usbvideo - ok
16:16:27.0525 5576 UxSms (f79d0d7c9004474cb42746d9b2c30a2b) C:\Windows\System32\uxsms.dll
16:16:27.0525 5576 UxSms - ok
16:16:27.0556 5576 vds (c9d0bafee0d0a2681f048ca61bc0da96) C:\Windows\System32\vds.exe
16:16:27.0556 5576 vds - ok
16:16:27.0572 5576 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
16:16:27.0572 5576 vga - ok
16:16:27.0572 5576 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys
16:16:27.0572 5576 VgaSave - ok
16:16:27.0588 5576 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
16:16:27.0588 5576 viaagp - ok
16:16:27.0603 5576 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
16:16:27.0603 5576 ViaC7 - ok
16:16:27.0603 5576 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
16:16:27.0603 5576 viaide - ok
16:16:27.0619 5576 volmgr (103e84c95832d0ed93507997cc7b54e8) C:\Windows\system32\drivers\volmgr.sys
16:16:27.0619 5576 volmgr - ok
16:16:27.0650 5576 volmgrx (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys
16:16:27.0650 5576 volmgrx - ok
16:16:27.0666 5576 volsnap (11ef6c1caef76b685233450a126125d6) C:\Windows\system32\drivers\volsnap.sys
16:16:27.0666 5576 volsnap - ok
16:16:27.0681 5576 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
16:16:27.0681 5576 vsmraid - ok
16:16:27.0744 5576 VSS (e0e29d9ef2524abd11749c7c2fd7f607) C:\Windows\system32\vssvc.exe
16:16:27.0744 5576 VSS - ok
16:16:27.0790 5576 W32Time (62b0d0f6f5580d9d0dfa5e0b466ff2ed) C:\Windows\system32\w32time.dll
16:16:27.0806 5576 W32Time - ok
16:16:27.0806 5576 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
16:16:27.0822 5576 WacomPen - ok
16:16:27.0822 5576 Wanarp (6e1a5be9a0605f3d932ff35fba2b22b3) C:\Windows\system32\DRIVERS\wanarp.sys
16:16:27.0822 5576 Wanarp - ok
16:16:27.0822 5576 Wanarpv6 (6e1a5be9a0605f3d932ff35fba2b22b3) C:\Windows\system32\DRIVERS\wanarp.sys
16:16:27.0822 5576 Wanarpv6 - ok
16:16:27.0868 5576 wbengine (6d2f099d4ce88777e46cb1808c87b132) C:\Windows\system32\wbengine.exe
16:16:27.0884 5576 wbengine - ok
16:16:27.0900 5576 wcncsvc (c1b19162e0509ceab4cdf664e139d956) C:\Windows\System32\wcncsvc.dll
16:16:27.0900 5576 wcncsvc - ok
16:16:27.0915 5576 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
16:16:27.0915 5576 WcsPlugInService - ok
16:16:27.0931 5576 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
16:16:27.0931 5576 Wd - ok
16:16:27.0978 5576 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
16:16:27.0993 5576 Wdf01000 - ok
16:16:28.0009 5576 WdiServiceHost (2a424b89b14ef17a3d06bcb5a8f79601) C:\Windows\system32\wdi.dll
16:16:28.0009 5576 WdiServiceHost - ok
16:16:28.0024 5576 WdiSystemHost (2a424b89b14ef17a3d06bcb5a8f79601) C:\Windows\system32\wdi.dll
16:16:28.0024 5576 WdiSystemHost - ok
16:16:28.0056 5576 WebClient (5bb7dce05889a1fe2e0db1cdf451412b) C:\Windows\System32\webclnt.dll
16:16:28.0056 5576 WebClient - ok
16:16:28.0087 5576 Wecsvc (9cf67ff7f8d34cbf115d0c278b9f74aa) C:\Windows\system32\wecsvc.dll
16:16:28.0087 5576 Wecsvc - ok
16:16:28.0102 5576 wercplsupport (b68cab45db1dab59d92acadfad6364a8) C:\Windows\System32\wercplsupport.dll
16:16:28.0118 5576 wercplsupport - ok
16:16:28.0134 5576 WerSvc (36ba0707680ef4236fd752bee982cc25) C:\Windows\System32\WerSvc.dll
16:16:28.0134 5576 WerSvc - ok
16:16:28.0165 5576 WinDefend - ok
16:16:28.0165 5576 WinHttpAutoProxySvc - ok
16:16:28.0227 5576 Winmgmt (38a7b89de4e3417c122317949667fdd8) C:\Windows\system32\wbem\WMIsvc.dll
16:16:28.0227 5576 Winmgmt - ok
16:16:28.0290 5576 WinRM (3f6823040030c3e4da1cf11cd40b7534) C:\Windows\system32\WsmSvc.dll
16:16:28.0305 5576 WinRM - ok
16:16:28.0368 5576 Wlansvc (3e30ce504f8e10ee9d3b20c708540a2d) C:\Windows\System32\wlansvc.dll
16:16:28.0383 5576 Wlansvc - ok
16:16:28.0430 5576 WmiAcpi (17eac0d023a65fa9b02114cc2baacad5) C:\Windows\system32\DRIVERS\wmiacpi.sys
16:16:28.0430 5576 WmiAcpi - ok
16:16:28.0446 5576 wmiApSrv (a279323bee5fffafda222910bce92132) C:\Windows\system32\wbem\WmiApSrv.exe
16:16:28.0446 5576 wmiApSrv - ok
16:16:28.0555 5576 WMPNetworkSvc (acb2e63d50157e3ea7140f29d9e76a48) C:\Program Files\Windows Media Player\wmpnetwk.exe
16:16:28.0570 5576 WMPNetworkSvc - ok
16:16:28.0586 5576 WPCSvc (3d3b3b80c12abe506f56930c46422c28) C:\Windows\System32\wpcsvc.dll
16:16:28.0586 5576 WPCSvc - ok
16:16:28.0602 5576 WPDBusEnum (c24844a1d0d9528b19d5bc266b8cd572) C:\Windows\system32\wpdbusenum.dll
16:16:28.0602 5576 WPDBusEnum - ok
16:16:28.0648 5576 WpdUsb (2d27171b16a577ef14c1273668753485) C:\Windows\system32\DRIVERS\wpdusb.sys
16:16:28.0648 5576 WpdUsb - ok
16:16:28.0680 5576 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys
16:16:28.0680 5576 ws2ifsl - ok
16:16:28.0680 5576 wscsvc - ok
16:16:28.0742 5576 WSDPrintDevice (f01f25b4227ad8d717c21f25f62b43c8) C:\Windows\system32\DRIVERS\WSDPrint.sys
16:16:28.0742 5576 WSDPrintDevice - ok
16:16:28.0742 5576 WSearch - ok
16:16:28.0882 5576 wuauserv (3eec20e41f5f331b94002970ceaec92f) C:\Windows\system32\wuaueng.dll
16:16:28.0882 5576 wuauserv - ok
16:16:29.0070 5576 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
16:16:29.0070 5576 WudfPf - ok
16:16:29.0085 5576 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:16:29.0085 5576 WUDFRd - ok
16:16:29.0101 5576 wudfsvc (fe0b93b28089c79e9d635434a92995c0) C:\Windows\System32\WUDFSvc.dll
16:16:29.0101 5576 wudfsvc - ok
16:16:29.0148 5576 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
16:16:29.0350 5576 \Device\Harddisk0\DR0 - ok
16:16:29.0366 5576 Boot (0x1200) (f57a1b0cd21a6710b3a9090826786e9f) \Device\Harddisk0\DR0\Partition0
16:16:29.0366 5576 \Device\Harddisk0\DR0\Partition0 - ok
16:16:29.0382 5576 Boot (0x1200) (6c25e9e8601f2d5b698fe838df6187d9) \Device\Harddisk0\DR0\Partition1
16:16:29.0382 5576 \Device\Harddisk0\DR0\Partition1 - ok
16:16:29.0397 5576 Boot (0x1200) (e7c10186e80d6277ab1f9f31a21196ed) \Device\Harddisk0\DR0\Partition2
16:16:29.0397 5576 \Device\Harddisk0\DR0\Partition2 - ok
16:16:29.0428 5576 Boot (0x1200) (3e4d53e6223c6ef1c52fbacf2b6c6285) \Device\Harddisk0\DR0\Partition3
16:16:29.0428 5576 \Device\Harddisk0\DR0\Partition3 - ok
16:16:29.0428 5576 ============================================================
16:16:29.0428 5576 Scan finished
16:16:29.0428 5576 ============================================================
16:16:29.0444 6068 Detected object count: 1
16:16:29.0444 6068 Actual detected object count: 1
16:18:06.0866 6068 sptd ( LockedFile.Multi.Generic ) - skipped by user
16:18:06.0866 6068 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
  • 0

#9
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi,

Do you have the Windows Vista CD/DVD?

# Step 1 #

Please go to: VirusTotal
Posted Image
  • Click the Choose File button and search for the following file (one by one):

    C:\Windows\System32\Drivers\sptd.sys

  • Click Open > Scan It!.
  • Please be patient while the file is scanned.
  • Copy and past the Link (URL) with the results.


# Step 2 #

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks

Posted Image

Posted Image

When finished, it produces a log for you.
Please include the C:\ComboFix.txt in your next reply.



Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

After the run you may have internet problems or access to somethng problems. Simply reboot the computer.
  • 0

#10
[email protected]

[email protected]

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Hi there!

No, i do not have the original CD\DVD from Windows Vista Ultimate, my dad didnt make the Windows CD when he bought the laptop, so some friend installed this Vista Ultimate Light version.

I have Vista Home Premium (ISO) if that`s what we need...

Anyhow, Step 1 failed.

When i browse and click on the file, it says:

"sptd.sys
This file is in use.
Enter a new name or close the file that`s open in another program."

And the only option is "ok".

So I cannot move forward from that point on.

Tried to find it in task menu, but it`s not there, or i just don`t recognize it...

Anyway, the Malwarebytes Anti-Malware keeps finding the [email protected] file - Trojan SMALL last few days and gives me the warning when i restart computer.

What should i do next?


P.S.
I will check your answers on a daily basis now, my exams lessen after tomorrow.
  • 0

Advertisements


#11
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts

Hi,

Anyway, the Malwarebytes Anti-Malware keeps finding the [email protected] file - Trojan SMALL last few days and gives me the warning when i restart computer.

Thanks for the information.

# Step 1 #

Please, delete the OTL.exe that is locate in your Desktop.

# Step 2 #

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • Defogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running Defogger, please post the log defogger_disable which will appear on your desktop.

# Step 3 #

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • In Extra Registry, select Use SafeList
  • Under the Custom Scan box paste this in
    netsvcs
    msconfig
    drives
    %SYSTEMDRIVE%\*.*
    %systemdrive%\drivers\*.exe
    %systemroot%\system32\drivers\*.* /90
    %PROGRAMFILES%\*.*
    HKLM\SOFTWARE\CLIENTS\Startmenuinternet|command /rs
    HKLM\SOFTWARE\CLIENTS\Startmenuinternet|command /64 /rs
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

  • 0

#12
[email protected]

[email protected]

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
You`re welcome. :happy:

Since i thought that kind of information will help, have few others that might do as well.

I`ll mention things chronologically from last that happened:

1. "plugin container stopped to work" on closing the last Mozilla window before scan - sounds important... or not ?

2. Installed the AVG free antivirus, since the Avira Security 2012 expired...

3. Downloaded some small program - "fast download" from the site - ht tp://www.free-tv-video-online.me/internet/the_walking_dead/ (ht tp://wxdownloadmanager.com/vop/) - after that few popups followed even though i did not finish the install so it must be some kind of malware...

Yeah i know it all, DO NOT DOWNLOAD SUCH FILES EVER !!! I just liked the show and wanted it downloaded fast because i was on some tight schedule... I never do such things, it just slipped through! ^^


Anyway, wont go off the subject too much... (sorry, i`m just a guy who enjoys conversation... or sometimes a monologue :grin:) :rolleyes:


OTL.Txt


OTL logfile created on: 6/15/2012 12:40:37 - Run 3
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Administrator\Desktop
Windows Vista Ultimate Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16386)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.09 Gb Available Physical Memory | 69.71% Memory free
6.19 Gb Paging File | 5.03 Gb Available in Paging File | 81.23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 78.13 Gb Total Space | 41.70 Gb Free Space | 53.37% Space Free | Partition Type: NTFS
Drive D: | 78.13 Gb Total Space | 2.85 Gb Free Space | 3.65% Space Free | Partition Type: NTFS

Computer Name: EXPERIENCE | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/15 12:37:35 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
PRC - [2012/06/15 00:46:24 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2012/05/30 13:56:52 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/05/21 22:38:02 | 003,905,920 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe
PRC - [2012/04/19 04:51:54 | 001,254,992 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/03/19 05:18:12 | 000,979,840 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/02/14 04:53:14 | 000,758,112 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2012/02/14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/07/19 18:34:14 | 000,050,568 | ---- | M] () -- C:\Program Files\Smart PDF Creator Pro\SmartSoft PDF Printer Agent.exe
PRC - [2011/07/12 16:29:00 | 000,552,960 | ---- | M] (ROCCAT GmbH) -- C:\Program Files\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe
PRC - [2011/04/15 11:43:20 | 002,280,312 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2009/05/26 12:35:32 | 002,528,584 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2009/05/07 14:58:24 | 000,308,552 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2009/03/17 15:36:12 | 000,144,752 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2009/01/23 16:50:00 | 000,423,200 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
PRC - [2009/01/07 12:23:32 | 000,357,704 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2008/12/31 22:03:43 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/09 12:17:46 | 000,708,608 | ---- | M] (Mirco-Star International CO., LTD.) -- C:\Program Files\System Control Manager\MGSysCtrl.exe
PRC - [2008/08/26 18:52:14 | 000,159,744 | ---- | M] () -- C:\Program Files\System Control Manager\MSIService.exe
PRC - [2008/07/24 12:24:24 | 000,083,272 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
PRC - [2008/07/22 19:03:50 | 006,253,088 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/02/12 17:43:44 | 000,065,536 | ---- | M] (O2Micro International) -- C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/15 12:31:54 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012/06/15 12:31:53 | 000,065,024 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012/06/02 00:09:03 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012/06/02 00:09:03 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2011/07/19 18:34:14 | 000,050,568 | ---- | M] () -- C:\Program Files\Smart PDF Creator Pro\SmartSoft PDF Printer Agent.exe
MOD - [2010/06/22 14:50:52 | 000,061,440 | ---- | M] () -- C:\Program Files\ROCCAT\Kone[+] Mouse\hiddriver.dll
MOD - [2008/08/25 13:47:16 | 000,192,512 | ---- | M] () -- C:\Program Files\System Control Manager\MSIWmiAcpi.dll
MOD - [2008/07/18 15:39:04 | 000,053,248 | ---- | M] () -- C:\Program Files\System Control Manager\MGKBHook.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- %SystemRoot%\System32\wscsvc.dll -- (wscsvc)
SRV - File not found [Disabled | Stopped] -- %ProgramFiles%\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2012/06/14 02:02:22 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/08 04:56:01 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/30 13:56:52 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/08/12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011/04/15 11:43:20 | 002,280,312 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010/06/14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/03/17 15:36:12 | 000,144,752 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2008/08/26 18:52:14 | 000,159,744 | ---- | M] () [Auto | Running] -- C:\Program Files\System Control Manager\MSIService.exe -- (Micro Star SCM)
SRV - [2007/02/12 17:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe -- (o2flash)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/03/19 05:17:28 | 000,301,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/02/22 05:25:32 | 000,235,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/01/31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/12/23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/12/23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011/12/23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011/12/23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2011/07/22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/08/31 21:32:21 | 000,697,328 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010/07/15 08:44:20 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv)
DRV - [2010/07/15 08:44:20 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2010/04/12 10:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2010/04/09 13:16:50 | 000,016,472 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdrvio.sys -- (pwdrvio)
DRV - [2010/04/09 13:16:46 | 000,011,104 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdspio.sys -- (pwdspio)
DRV - [2010/02/26 14:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010/02/26 14:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009/08/19 12:47:46 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009/08/19 12:47:46 | 000,100,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009/06/09 18:29:22 | 001,177,600 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/05/14 10:50:56 | 000,054,400 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2009/05/12 12:12:34 | 000,036,992 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2009/03/19 15:07:32 | 000,043,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2009/03/12 12:33:08 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2009/03/05 12:03:16 | 000,074,368 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2009/02/19 17:20:10 | 000,063,872 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2008/12/15 13:17:50 | 000,074,752 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive)
DRV - [2008/11/11 14:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008/11/11 14:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008/11/11 14:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2008/10/06 18:56:38 | 000,137,984 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (Tosrfbd)
DRV - [2008/08/28 12:30:03 | 000,033,792 | ---- | M] (Sentelic Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fspad_wlh32.sys -- (fspad_wlh32)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/08/19 12:58:00 | 007,545,824 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/08/19 12:58:00 | 000,044,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008/07/22 17:42:34 | 000,123,904 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/07/15 17:38:36 | 000,051,288 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2008/06/12 10:28:56 | 000,043,608 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2sd.sys -- (O2SDRDR)
DRV - [2008/06/11 20:23:12 | 001,097,856 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2008/04/29 02:54:58 | 000,054,784 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV - [2008/03/25 14:54:02 | 000,041,472 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)
DRV - [2006/11/02 11:15:23 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2006/11/02 10:27:22 | 001,083,520 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ph3xIB32.sys -- (Ph3xIB32)
DRV - [2004/02/09 13:06:22 | 000,015,360 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NetMotCM.sys -- (ndiscm)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2899288009-97569274-2756643056-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.telekom.at/suche
IE - HKU\S-1-5-21-2899288009-97569274-2756643056-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.rs/
IE - HKU\S-1-5-21-2899288009-97569274-2756643056-500\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKU\S-1-5-21-2899288009-97569274-2756643056-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKU\S-1-5-21-2899288009-97569274-2756643056-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ncr"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.9: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010/09/19 05:56:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/06/15 00:47:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/06/11 17:19:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/06/11 02:36:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/06/15 00:47:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/08 04:56:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/15 00:47:27 | 000,000,000 | ---D | M]

[2010/08/11 01:59:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions
[2012/06/06 04:18:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\w153cjvt.default\extensions
[2010/08/24 12:20:49 | 000,000,000 | ---D | M] (20-20 3D Viewer) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\w153cjvt.default\extensions\[email protected]
[2012/05/16 12:12:55 | 000,000,000 | ---D | M] (FlashFirebug) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\w153cjvt.default\extensions\[email protected]
[2012/01/04 01:21:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/12 13:15:53 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/06/15 00:47:00 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2011/05/04 23:22:21 | 000,096,925 | ---- | M] () (No name found) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W153CJVT.DEFAULT\EXTENSIONS\{C6F77964-B0B5-4953-A144-93051184EC0C}.XPI
[2012/01/07 17:50:20 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W153CJVT.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/01/07 17:53:28 | 000,118,971 | ---- | M] () (No name found) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W153CJVT.DEFAULT\EXTENSIONS\[email protected]
[2012/05/12 02:28:14 | 000,015,611 | ---- | M] () (No name found) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W153CJVT.DEFAULT\EXTENSIONS\[email protected]
[2012/06/08 04:56:02 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/06/15 00:46:38 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2012/06/08 04:55:59 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/08 04:55:59 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Bing ()
CHR - default_search_provider: search_url = http://www.bing.com/...q={searchTerms}
CHR - default_search_provider: suggest_url = http://api.bing.com/...uage={language}

O1 HOSTS File: ([2012/06/01 19:44:42 | 000,442,820 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15216 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKU\S-1-5-21-2899288009-97569274-2756643056-500\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ContentTransferWMDetector.exe] C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)
O4 - HKLM..\Run: [fspuip] C:\Program Files\FSP\fspuip.exe (Sentelic Corporation)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe (Mirco-Star International CO., LTD.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RoccatKone+] C:\Program Files\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.EXE (ROCCAT GmbH)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmartSoft PDF Printer Agent] C:\Program Files\Smart PDF Creator Pro\SmartSoft PDF Printer Agent.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter File not found
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter File not found
O4 - HKU\S-1-5-21-2899288009-97569274-2756643056-500..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Start_ShowMyMusic = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: verbosestatus = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-21-2899288009-97569274-2756643056-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-21-2899288009-97569274-2756643056-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95
O7 - HKU\S-1-5-21-2899288009-97569274-2756643056-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKU\S-1-5-21-2899288009-97569274-2756643056-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.34.133.21 212.186.211.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3BFBBB70-818E-45B1-865E-D6BE456B4D01}: DhcpNameServer = 195.34.133.21 212.186.211.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7B35CA7A-EA94-4ED9-808E-4688E6AFFC07}: NameServer = 195.34.133.21,212.186.211.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8198C355-A851-4B3E-A49A-FFC2AD11C705}: DhcpNameServer = 212.62.32.1 212.62.32.5
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\klogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/12/27 14:08:35 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{3ba64ff5-6118-11df-92d2-00218554d1d2}\Shell\Option1\Command - "" = H:\HBCD\Wintools\HBCDMenu.exe
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Sharedaccess - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/06/15 12:37:33 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2012/06/15 00:47:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2012/06/15 00:46:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
[2012/06/14 02:02:44 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Macromedia
[2012/06/14 00:36:29 | 004,557,191 | ---- | C] (Swearware) -- C:\Users\Administrator\Desktop\ComboFix.exe
[2012/06/12 14:32:35 | 000,000,000 | ---D | C] -- C:\Snimi
[2012/06/11 17:19:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/06/11 02:38:50 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\AVG2012
[2012/06/11 02:36:00 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012/06/11 02:36:00 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/06/11 02:36:00 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2012/06/11 02:34:41 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2012/06/09 16:15:30 | 002,127,960 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Administrator\Desktop\TDSSKiller.exe
[2012/06/08 04:56:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/06/08 04:56:06 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/06/07 23:37:07 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Failed Mp3
[2012/06/06 04:09:40 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/06/02 01:54:29 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/06/02 01:52:37 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/06/02 01:21:31 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\backups
[2012/06/02 00:08:44 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\SUPERAntiSpyware.com
[2012/06/02 00:07:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/06/02 00:07:53 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/06/02 00:07:53 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/06/01 23:51:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2012/06/01 23:51:10 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2012/06/01 23:43:39 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes
[2012/06/01 23:43:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/01 23:43:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/01 23:43:34 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/06/01 23:43:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/06/01 22:33:11 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Administrator\Desktop\HiJackThis.exe
[2012/06/01 18:22:53 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/05/22 03:06:13 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Damfon
[2012/05/19 17:11:31 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\O
[2012/05/19 01:06:30 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\lua-5.2.0
[1 C:\Users\Administrator\Desktop\*.tmp files -> C:\Users\Administrator\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/15 12:37:35 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2012/06/15 12:34:02 | 000,043,239 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012/06/15 12:30:54 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/15 12:30:53 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/15 12:30:41 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/15 12:30:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/15 12:29:29 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/06/15 12:29:04 | 000,000,020 | ---- | M] () -- C:\Users\Administrator\defogger_reenable
[2012/06/15 12:28:19 | 100,441,624 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/06/15 12:27:53 | 000,050,477 | ---- | M] () -- C:\Users\Administrator\Desktop\Defogger.exe
[2012/06/15 12:23:15 | 000,043,239 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012/06/15 04:07:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/15 03:48:59 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/15 00:46:52 | 000,198,832 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2012/06/15 00:46:33 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2012/06/15 00:46:33 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2012/06/14 14:36:05 | 000,621,552 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/14 14:36:05 | 000,104,868 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/14 02:39:15 | 000,001,356 | ---- | M] () -- C:\Users\Administrator\AppData\Local\d3d9caps.dat
[2012/06/14 02:13:04 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2012/06/14 02:02:22 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/06/14 02:02:22 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/06/14 00:36:59 | 004,557,191 | ---- | M] (Swearware) -- C:\Users\Administrator\Desktop\ComboFix.exe
[2012/06/13 07:03:47 | 000,005,467 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/06/13 04:16:17 | 000,333,922 | ---- | M] () -- C:\Users\Administrator\Desktop\predvidjanje prodaje - studija izvodljivosti.pdf
[2012/06/13 00:15:12 | 000,168,448 | ---- | M] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/12 13:15:39 | 000,034,764 | ---- | M] () -- C:\Users\Administrator\AppData\Local\dt.dat
[2012/06/11 17:19:19 | 000,000,845 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/06/10 22:51:02 | 000,119,399 | ---- | M] () -- C:\Users\Administrator\Desktop\Trojan Small 1.jpg
[2012/06/09 21:01:36 | 000,179,324 | ---- | M] () -- C:\Users\Administrator\Desktop\Trojan Small.jpg
[2012/06/09 16:01:10 | 002,108,959 | ---- | M] () -- C:\Users\Administrator\Desktop\tdsskiller.zip
[2012/06/08 03:27:12 | 006,105,942 | ---- | M] () -- C:\Users\Administrator\Desktop\Rise Against - Prayer Of The Refugee.mp3
[2012/06/08 03:27:12 | 000,245,760 | ---- | M] () -- C:\Users\Administrator\Desktop\Rise Against - Heaven Knows.mp3
[2012/06/07 23:32:07 | 003,007,260 | ---- | M] () -- C:\Users\Administrator\Desktop\Rise Against - 1000 Good Intentions.mp3
[2012/06/07 23:23:44 | 001,485,983 | ---- | M] () -- C:\Users\Administrator\Desktop\Rise Against - Under The Knife.mp3
[2012/06/07 23:22:11 | 003,423,711 | ---- | M] () -- C:\Users\Administrator\Desktop\Rise Against - The Approaching Curve.mp3
[2012/06/07 23:22:09 | 001,392,935 | ---- | M] () -- C:\Users\Administrator\Desktop\Rise Against - Sometimes Selling Out Is Giving Up.mp3
[2012/06/07 23:21:36 | 000,010,678 | -HS- | M] () -- C:\Users\Administrator\Desktop\Folder.jpg
[2012/06/07 23:21:36 | 000,010,678 | -HS- | M] () -- C:\Users\Administrator\Desktop\AlbumArt_{B445FC15-286A-454A-9344-82DBB37FFD01}_Large.jpg
[2012/06/07 23:21:24 | 000,002,754 | -HS- | M] () -- C:\Users\Administrator\Desktop\AlbumArtSmall.jpg
[2012/06/07 23:21:24 | 000,002,754 | -HS- | M] () -- C:\Users\Administrator\Desktop\AlbumArt_{B445FC15-286A-454A-9344-82DBB37FFD01}_Small.jpg
[2012/06/07 23:20:46 | 000,012,933 | -HS- | M] () -- C:\Users\Administrator\Desktop\AlbumArt_{04570E1A-E4F3-4E7E-B5AD-4A1CA8B9F168}_Large.jpg
[2012/06/07 23:20:45 | 000,001,172 | ---- | M] () -- C:\Users\Administrator\Desktop\Rise Against - Ready To Fall.mp3
[2012/06/07 23:20:42 | 000,003,192 | -HS- | M] () -- C:\Users\Administrator\Desktop\AlbumArt_{04570E1A-E4F3-4E7E-B5AD-4A1CA8B9F168}_Small.jpg
[2012/06/07 23:20:39 | 000,011,025 | -HS- | M] () -- C:\Users\Administrator\Desktop\AlbumArt_{08850096-8594-4D72-8D9C-955C4B62DFA6}_Large.jpg
[2012/06/07 23:20:38 | 003,325,753 | ---- | M] () -- C:\Users\Administrator\Desktop\Rise Against - Voice Of Dissent.mp3
[2012/06/07 23:20:38 | 000,002,739 | -HS- | M] () -- C:\Users\Administrator\Desktop\AlbumArt_{08850096-8594-4D72-8D9C-955C4B62DFA6}_Small.jpg
[2012/06/07 23:20:31 | 000,006,440 | -HS- | M] () -- C:\Users\Administrator\Desktop\AlbumArt_{65AEC0B6-1BEA-4550-BFF1-49AAFDA948DC}_Large.jpg
[2012/06/07 23:20:31 | 000,001,932 | -HS- | M] () -- C:\Users\Administrator\Desktop\AlbumArt_{65AEC0B6-1BEA-4550-BFF1-49AAFDA948DC}_Small.jpg
[2012/06/07 23:20:11 | 000,000,255 | ---- | M] () -- C:\Users\Administrator\Desktop\Rise Against - Sight Unseen.mp3
[2012/06/07 22:37:09 | 000,014,499 | ---- | M] () -- C:\Users\Administrator\Desktop\Vista.zip
[2012/06/07 22:07:14 | 004,835,382 | ---- | M] () -- C:\Users\Administrator\Desktop\Rise Against - Injection.mp3
[2012/06/07 21:24:40 | 000,379,645 | ---- | M] () -- C:\Users\Administrator\Desktop\Rise Against - Swing Life Away.mp3
[2012/06/07 21:24:11 | 000,014,873 | -HS- | M] () -- C:\Users\Administrator\Desktop\AlbumArt_{8285DE2F-5E74-4CF8-A306-F199BC17A75A}_Large.jpg
[2012/06/07 21:24:10 | 000,003,163 | -HS- | M] () -- C:\Users\Administrator\Desktop\AlbumArt_{8285DE2F-5E74-4CF8-A306-F199BC17A75A}_Small.jpg
[2012/06/07 21:23:12 | 000,132,181 | ---- | M] () -- C:\Users\Administrator\Desktop\Rise Against - Like The Angel.mp3
[2012/06/07 21:21:53 | 000,001,172 | ---- | M] () -- C:\Users\Administrator\Desktop\Rise Against - Prayer Of The R.mp3
[2012/06/07 21:21:48 | 000,021,819 | ---- | M] () -- C:\Users\Administrator\Desktop\Rise Against - Roadside.mp3
[2012/06/07 21:18:06 | 003,801,895 | ---- | M] () -- C:\Users\Administrator\Desktop\Rise Against - Help Is On The Way.mp3
[2012/06/07 21:14:18 | 004,689,767 | ---- | M] () -- C:\Users\Administrator\Desktop\Rise Against - WEP.mp3
[2012/06/07 21:06:32 | 000,007,017 | -HS- | M] () -- C:\Users\Administrator\Desktop\AlbumArt_{7D8C15C1-B3E3-40AF-9D85-3DBA32069E60}_Large.jpg
[2012/06/07 21:06:28 | 000,001,954 | -HS- | M] () -- C:\Users\Administrator\Desktop\AlbumArt_{7D8C15C1-B3E3-40AF-9D85-3DBA32069E60}_Small.jpg
[2012/06/07 21:03:45 | 000,049,313 | ---- | M] () -- C:\Users\Administrator\Desktop\Rise Against - Injection.htm
[2012/06/07 21:03:31 | 003,561,606 | ---- | M] () -- C:\Users\Administrator\Desktop\Conchadors - Rise Against Love.mp3
[2012/06/07 21:03:10 | 000,001,172 | ---- | M] () -- C:\Users\Administrator\Desktop\Rise Against - Re-Education.mp3
[2012/06/07 21:02:35 | 000,012,083 | -HS- | M] () -- C:\Users\Administrator\Desktop\AlbumArt_{B4156B7B-B357-4ACB-9795-6222BA7A9CA5}_Large.jpg
[2012/06/07 21:02:34 | 000,002,926 | -HS- | M] () -- C:\Users\Administrator\Desktop\AlbumArt_{B4156B7B-B357-4ACB-9795-6222BA7A9CA5}_Small.jpg
[2012/06/06 17:31:02 | 001,348,464 | ---- | M] () -- C:\Users\Administrator\Desktop\Atheist Rap - Jebes Fabrike.mp3
[2012/06/06 14:28:10 | 002,496,132 | ---- | M] () -- C:\Users\Administrator\Desktop\Atheist Rap - Nivo (Podnivo1).mp3
[2012/06/06 14:27:36 | 003,349,367 | ---- | M] () -- C:\Users\Administrator\Desktop\Atheist Rap - Revansizam.mp3
[2012/06/06 04:16:23 | 000,338,059 | ---- | M] () -- C:\Users\Administrator\Desktop\FSS.exe
[2012/06/06 04:14:49 | 000,080,384 | ---- | M] () -- C:\Users\Administrator\Desktop\MBRCheck.exe
[2012/06/04 00:38:01 | 000,031,192 | ---- | M] () -- C:\Users\Administrator\Desktop\LOL sta znace ovi izrazi na nemackom ....htm
[2012/06/02 01:17:40 | 000,346,608 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/06/02 00:07:58 | 000,001,803 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/06/01 23:51:10 | 000,000,879 | ---- | M] () -- C:\Users\Administrator\Desktop\SpywareBlaster.lnk
[2012/06/01 23:43:35 | 000,000,909 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/01 22:33:13 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Administrator\Desktop\HiJackThis.exe
[2012/06/01 19:44:42 | 000,442,820 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/06/01 18:46:00 | 004,679,672 | ---- | M] () -- C:\Users\Administrator\Desktop\THN-May2012.pdf
[2012/06/01 18:43:27 | 000,025,549 | ---- | M] () -- C:\Users\Administrator\Desktop\Respect.jpg
[2012/06/01 18:27:49 | 000,273,692 | ---- | M] () -- C:\Users\Administrator\Desktop\cc_20120601_182738 backup registry.reg
[2012/06/01 18:22:53 | 000,000,807 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/06/01 15:52:22 | 000,165,467 | ---- | M] () -- C:\Users\Administrator\Desktop\Trojan Remover doesnt work.jpg
[2012/06/01 15:46:07 | 000,219,048 | ---- | M] () -- C:\Users\Administrator\Desktop\Trojan 1.jpg
[2012/06/01 01:19:13 | 000,033,049 | ---- | M] () -- C:\Users\Administrator\Desktop\Lik sho hoce da kupi armour.htm
[2012/06/01 00:23:55 | 000,015,942 | ---- | M] () -- C:\Users\Administrator\Desktop\Rich kid with creds 1 or stoned one.htm
[2012/05/31 06:54:54 | 000,000,083 | ---- | M] () -- C:\Users\Administrator\Desktop\Fajront republika Nick Sloter 3 - YouTube.URL
[2012/05/31 06:54:45 | 000,202,927 | ---- | M] () -- C:\Users\Administrator\Desktop\Atheist Rap Bolja Lista.jpg
[2012/05/30 20:13:12 | 000,180,569 | ---- | M] () -- C:\Users\Administrator\Desktop\Lista atheist rap.jpg
[2012/05/29 04:04:51 | 000,000,084 | ---- | M] () -- C:\Users\Administrator\Desktop\Blind (2011) eng sub HD - YouTube.URL
[2012/05/21 16:40:50 | 002,127,960 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Administrator\Desktop\TDSSKiller.exe
[2012/05/19 01:05:41 | 000,246,377 | ---- | M] () -- C:\Users\Administrator\Desktop\lua-5.2.0.tar.gz
[1 C:\Users\Administrator\Desktop\*.tmp files -> C:\Users\Administrator\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/15 12:28:47 | 000,000,020 | ---- | C] () -- C:\Users\Administrator\defogger_reenable
[2012/06/15 12:28:19 | 100,441,624 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/06/15 12:27:50 | 000,050,477 | ---- | C] () -- C:\Users\Administrator\Desktop\Defogger.exe
[2012/06/13 07:03:47 | 000,005,467 | ---- | C] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/06/13 04:16:17 | 000,333,922 | ---- | C] () -- C:\Users\Administrator\Desktop\predvidjanje prodaje - studija izvodljivosti.pdf
[2012/06/12 13:15:39 | 000,034,764 | ---- | C] () -- C:\Users\Administrator\AppData\Local\dt.dat
[2012/06/11 02:36:56 | 000,000,845 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/06/10 22:51:02 | 000,119,399 | ---- | C] () -- C:\Users\Administrator\Desktop\Trojan Small 1.jpg
[2012/06/09 21:01:36 | 000,179,324 | ---- | C] () -- C:\Users\Administrator\Desktop\Trojan Small.jpg
[2012/06/09 15:58:23 | 002,108,959 | ---- | C] () -- C:\Users\Administrator\Desktop\tdsskiller.zip
[2012/06/07 23:20:55 | 001,485,983 | ---- | C] () -- C:\Users\Administrator\Desktop\Rise Against - Under The Knife.mp3
[2012/06/07 23:20:45 | 000,001,172 | ---- | C] () -- C:\Users\Administrator\Desktop\Rise Against - Ready To Fall.mp3
[2012/06/07 23:20:41 | 000,011,025 | -HS- | C] () -- C:\Users\Administrator\Desktop\AlbumArt_{08850096-8594-4D72-8D9C-955C4B62DFA6}_Large.jpg
[2012/06/07 23:20:41 | 000,002,739 | -HS- | C] () -- C:\Users\Administrator\Desktop\AlbumArt_{08850096-8594-4D72-8D9C-955C4B62DFA6}_Small.jpg
[2012/06/07 23:20:31 | 000,006,440 | -HS- | C] () -- C:\Users\Administrator\Desktop\AlbumArt_{65AEC0B6-1BEA-4550-BFF1-49AAFDA948DC}_Large.jpg
[2012/06/07 23:20:31 | 000,001,932 | -HS- | C] () -- C:\Users\Administrator\Desktop\AlbumArt_{65AEC0B6-1BEA-4550-BFF1-49AAFDA948DC}_Small.jpg
[2012/06/07 23:20:24 | 003,325,753 | ---- | C] () -- C:\Users\Administrator\Desktop\Rise Against - Voice Of Dissent.mp3
[2012/06/07 23:20:11 | 000,000,255 | ---- | C] () -- C:\Users\Administrator\Desktop\Rise Against - Sight Unseen.mp3
[2012/06/07 23:19:47 | 001,392,935 | ---- | C] () -- C:\Users\Administrator\Desktop\Rise Against - Sometimes Selling Out Is Giving Up.mp3
[2012/06/07 23:19:33 | 003,423,711 | ---- | C] () -- C:\Users\Administrator\Desktop\Rise Against - The Approaching Curve.mp3
[2012/06/07 22:37:09 | 000,014,499 | ---- | C] () -- C:\Users\Administrator\Desktop\Vista.zip
[2012/06/07 22:33:18 | 003,007,260 | ---- | C] () -- C:\Users\Administrator\Desktop\Rise Against - 1000 Good Intentions.mp3
[2012/06/07 22:29:44 | 006,105,942 | ---- | C] () -- C:\Users\Administrator\Desktop\Rise Against - Prayer Of The Refugee.mp3
[2012/06/07 22:23:40 | 000,245,760 | ---- | C] () -- C:\Users\Administrator\Desktop\Rise Against - Heaven Knows.mp3
[2012/06/07 22:06:41 | 000,012,933 | -HS- | C] () -- C:\Users\Administrator\Desktop\AlbumArt_{04570E1A-E4F3-4E7E-B5AD-4A1CA8B9F168}_Large.jpg
[2012/06/07 22:06:41 | 000,003,192 | -HS- | C] () -- C:\Users\Administrator\Desktop\AlbumArt_{04570E1A-E4F3-4E7E-B5AD-4A1CA8B9F168}_Small.jpg
[2012/06/07 21:24:11 | 000,014,873 | -HS- | C] () -- C:\Users\Administrator\Desktop\AlbumArt_{8285DE2F-5E74-4CF8-A306-F199BC17A75A}_Large.jpg
[2012/06/07 21:24:11 | 000,003,163 | -HS- | C] () -- C:\Users\Administrator\Desktop\AlbumArt_{8285DE2F-5E74-4CF8-A306-F199BC17A75A}_Small.jpg
[2012/06/07 21:23:09 | 000,132,181 | ---- | C] () -- C:\Users\Administrator\Desktop\Rise Against - Like The Angel.mp3
[2012/06/07 21:22:06 | 004,835,382 | ---- | C] () -- C:\Users\Administrator\Desktop\Rise Against - Injection.mp3
[2012/06/07 21:21:53 | 000,001,172 | ---- | C] () -- C:\Users\Administrator\Desktop\Rise Against - Prayer Of The R.mp3
[2012/06/07 21:21:48 | 000,021,819 | ---- | C] () -- C:\Users\Administrator\Desktop\Rise Against - Roadside.mp3
[2012/06/07 21:21:04 | 000,379,645 | ---- | C] () -- C:\Users\Administrator\Desktop\Rise Against - Swing Life Away.mp3
[2012/06/07 21:06:33 | 000,007,017 | -HS- | C] () -- C:\Users\Administrator\Desktop\AlbumArt_{7D8C15C1-B3E3-40AF-9D85-3DBA32069E60}_Large.jpg
[2012/06/07 21:06:33 | 000,001,954 | -HS- | C] () -- C:\Users\Administrator\Desktop\AlbumArt_{7D8C15C1-B3E3-40AF-9D85-3DBA32069E60}_Small.jpg
[2012/06/07 21:03:44 | 000,049,313 | ---- | C] () -- C:\Users\Administrator\Desktop\Rise Against - Injection.htm
[2012/06/07 21:03:09 | 000,001,172 | ---- | C] () -- C:\Users\Administrator\Desktop\Rise Against - Re-Education.mp3
[2012/06/07 21:02:52 | 003,561,606 | ---- | C] () -- C:\Users\Administrator\Desktop\Conchadors - Rise Against Love.mp3
[2012/06/07 21:02:36 | 000,012,083 | -HS- | C] () -- C:\Users\Administrator\Desktop\AlbumArt_{B4156B7B-B357-4ACB-9795-6222BA7A9CA5}_Large.jpg
[2012/06/07 21:02:36 | 000,002,926 | -HS- | C] () -- C:\Users\Administrator\Desktop\AlbumArt_{B4156B7B-B357-4ACB-9795-6222BA7A9CA5}_Small.jpg
[2012/06/07 21:02:31 | 000,010,678 | -HS- | C] () -- C:\Users\Administrator\Desktop\Folder.jpg
[2012/06/07 21:02:31 | 000,010,678 | -HS- | C] () -- C:\Users\Administrator\Desktop\AlbumArt_{B445FC15-286A-454A-9344-82DBB37FFD01}_Large.jpg
[2012/06/07 21:02:31 | 000,002,754 | -HS- | C] () -- C:\Users\Administrator\Desktop\AlbumArtSmall.jpg
[2012/06/07 21:02:31 | 000,002,754 | -HS- | C] () -- C:\Users\Administrator\Desktop\AlbumArt_{B445FC15-286A-454A-9344-82DBB37FFD01}_Small.jpg
[2012/06/07 21:02:30 | 003,801,895 | ---- | C] () -- C:\Users\Administrator\Desktop\Rise Against - Help Is On The Way.mp3
[2012/06/07 21:02:05 | 004,689,767 | ---- | C] () -- C:\Users\Administrator\Desktop\Rise Against - WEP.mp3
[2012/06/06 14:27:33 | 003,349,367 | ---- | C] () -- C:\Users\Administrator\Desktop\Atheist Rap - Revansizam.mp3
[2012/06/06 14:25:54 | 002,496,132 | ---- | C] () -- C:\Users\Administrator\Desktop\Atheist Rap - Nivo (Podnivo1).mp3
[2012/06/06 14:22:13 | 001,348,464 | ---- | C] () -- C:\Users\Administrator\Desktop\Atheist Rap - Jebes Fabrike.mp3
[2012/06/06 04:16:22 | 000,338,059 | ---- | C] () -- C:\Users\Administrator\Desktop\FSS.exe
[2012/06/06 04:14:47 | 000,080,384 | ---- | C] () -- C:\Users\Administrator\Desktop\MBRCheck.exe
[2012/06/04 00:37:58 | 000,031,192 | ---- | C] () -- C:\Users\Administrator\Desktop\LOL sta znace ovi izrazi na nemackom ....htm
[2012/06/02 05:08:57 | 000,018,944 | ---- | C] () -- C:\Windows\Installer\{0e15582b-9a3d-5cb2-6072-738409e19f28}\U\[email protected]
[2012/06/02 05:08:57 | 000,012,288 | ---- | C] () -- C:\Windows\Installer\{0e15582b-9a3d-5cb2-6072-738409e19f28}\U\[email protected]
[2012/06/02 00:07:58 | 000,001,803 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/06/01 23:51:10 | 000,000,879 | ---- | C] () -- C:\Users\Administrator\Desktop\SpywareBlaster.lnk
[2012/06/01 23:43:35 | 000,000,909 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/01 18:46:00 | 004,679,672 | ---- | C] () -- C:\Users\Administrator\Desktop\THN-May2012.pdf
[2012/06/01 18:43:26 | 000,025,549 | ---- | C] () -- C:\Users\Administrator\Desktop\Respect.jpg
[2012/06/01 18:27:43 | 000,273,692 | ---- | C] () -- C:\Users\Administrator\Desktop\cc_20120601_182738 backup registry.reg
[2012/06/01 18:22:53 | 000,000,807 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/06/01 15:52:21 | 000,165,467 | ---- | C] () -- C:\Users\Administrator\Desktop\Trojan Remover doesnt work.jpg
[2012/06/01 15:46:07 | 000,219,048 | ---- | C] () -- C:\Users\Administrator\Desktop\Trojan 1.jpg
[2012/06/01 01:19:13 | 000,033,049 | ---- | C] () -- C:\Users\Administrator\Desktop\Lik sho hoce da kupi armour.htm
[2012/06/01 00:23:54 | 000,015,942 | ---- | C] () -- C:\Users\Administrator\Desktop\Rich kid with creds 1 or stoned one.htm
[2012/05/31 06:54:54 | 000,000,083 | ---- | C] () -- C:\Users\Administrator\Desktop\Fajront republika Nick Sloter 3 - YouTube.URL
[2012/05/31 06:54:45 | 000,202,927 | ---- | C] () -- C:\Users\Administrator\Desktop\Atheist Rap Bolja Lista.jpg
[2012/05/30 20:13:11 | 000,180,569 | ---- | C] () -- C:\Users\Administrator\Desktop\Lista atheist rap.jpg
[2012/05/29 04:04:51 | 000,000,084 | ---- | C] () -- C:\Users\Administrator\Desktop\Blind (2011) eng sub HD - YouTube.URL
[2012/05/19 01:05:41 | 000,246,377 | ---- | C] () -- C:\Users\Administrator\Desktop\lua-5.2.0.tar.gz
[2011/12/29 00:48:52 | 000,002,443 | ---- | C] () -- C:\Windows\MDVDP.Ini
[2011/11/02 00:26:35 | 000,017,408 | ---- | C] () -- C:\Users\Administrator\AppData\Local\WebpageIcons.db
[2011/05/14 21:35:05 | 000,000,010 | ---- | C] () -- C:\Windows\popcinfo.dat
[2011/05/13 21:19:16 | 000,000,477 | ---- | C] () -- C:\Windows\hegames.ini
[2011/04/06 03:03:58 | 001,774,720 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2011/04/06 03:03:58 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2011/04/06 03:03:58 | 000,014,848 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2011/04/06 03:03:58 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2011/04/06 03:03:58 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2011/04/06 01:08:57 | 000,535,624 | ---- | C] () -- C:\Windows\System32\pwNative.exe
[2011/04/06 01:08:57 | 000,016,472 | ---- | C] () -- C:\Windows\System32\pwdrvio.sys
[2011/04/06 01:08:56 | 000,011,104 | ---- | C] () -- C:\Windows\System32\pwdspio.sys
[2011/01/10 22:00:33 | 000,360,448 | ---- | C] ( ) -- C:\Windows\System32\lxdocfg.exe
[2010/12/24 19:37:18 | 000,000,120 | ---- | C] () -- C:\Windows\System32\enbconvertor.ini
[2010/11/13 12:14:46 | 000,062,648 | ---- | C] () -- C:\Users\Administrator\AppData\Local\toolbar3.bmp
[2010/11/12 12:09:56 | 000,195,108 | ---- | C] () -- C:\Users\Administrator\AppData\Local\lateral3.bmp
[2010/11/12 11:44:14 | 000,193,744 | ---- | C] () -- C:\Users\Administrator\AppData\Local\lateral1.bmp
[2010/11/12 11:10:58 | 000,193,744 | ---- | C] () -- C:\Users\Administrator\AppData\Local\lateral2.bmp
[2010/10/21 22:36:20 | 000,203,264 | ---- | C] () -- C:\Users\Administrator\AppData\Local\GetToolbar.exe
[2010/09/08 20:10:27 | 000,158,356 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010/09/05 03:19:29 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2010/08/11 01:59:37 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2006/11/02 10:31:23 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{0e15582b-9a3d-5cb2-6072-738409e19f28}\@
[2006/11/02 10:31:23 | 000,002,048 | -HS- | C] () -- C:\Users\Administrator\AppData\Local\{0e15582b-9a3d-5cb2-6072-738409e19f28}\@

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: FUJITSU MHZ2320BH G2 ATA Device
Partitions: 4
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 78.00GB
Starting Offset: 32256
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Extended w/Extended Int 13
Bootable: False
BootPartition: False
PrimaryPartition: False
Size: 220.00GB
Starting Offset: 83889630720
Hidden sectors: 0


< %SYSTEMDRIVE%\*.* >
[2006/09/18 23:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2006/09/18 23:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/04/09 23:21:30 | 000,011,345 | ---- | M] () -- C:\deviceInfo.txt
[2012/03/05 10:34:32 | 000,007,208 | ---- | M] () -- C:\[bleep]ING STUPID RETARDED [bleep] BURNING [bleep] FROM DVD COMBO [bleep] YOU YOU WASTED 5 DVDS ALLREADY FOR 1 BURN.txt
[2012/03/03 14:22:24 | 000,000,791 | ---- | M] () -- C:\INSTALL.LOG
[2009/08/09 20:39:58 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/08/09 20:39:58 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012/06/15 12:30:25 | 3534,290,944 | -HS- | M] () -- C:\pagefile.sys
[2012/06/09 16:19:08 | 000,121,708 | ---- | M] () -- C:\TDSSKiller.2.7.36.0_09.06.2012_16.15.51_log.txt

< %systemdrive%\drivers\*.exe >

< %systemroot%\system32\drivers\*.* /90 >
[2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\system32\drivers\avgidshx.sys
[2012/03/19 05:17:28 | 000,301,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\system32\drivers\avgtdix.sys
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\system32\drivers\mbam.sys

< %PROGRAMFILES%\*.* >
[2006/11/02 14:49:43 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< HKLM\SOFTWARE\CLIENTS\Startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/06/08 04:55:59 | 000,867,032 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/06/08 04:55:59 | 000,867,032 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/06/08 04:55:59 | 000,867,032 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/06/08 04:56:02 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/06/08 04:56:02 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/06/08 04:56:02 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2006/11/02 11:45:13 | 000,056,832 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2006/11/02 11:45:13 | 000,056,832 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2006/11/02 11:45:13 | 000,056,832 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2006/11/02 11:45:14 | 000,623,616 | ---- | M] (Microsoft Corporation)

< HKLM\SOFTWARE\CLIENTS\Startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/06/08 04:55:59 | 000,867,032 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/06/08 04:55:59 | 000,867,032 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/06/08 04:55:59 | 000,867,032 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/06/08 04:56:02 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/06/08 04:56:02 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/06/08 04:56:02 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2006/11/02 11:45:13 | 000,056,832 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2006/11/02 11:45:13 | 000,056,832 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2006/11/02 11:45:13 | 000,056,832 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2006/11/02 11:45:14 | 000,623,616 | ---- | M] (Microsoft Corporation)

========== Files - Unicode (All) ==========
[2012/03/12 12:41:36 | 000,000,000 | ---D | M](C:\Users\Administrator\Desktop\??? ? 7 - NOVAK) -- C:\Users\Administrator\Desktop\НПС № 7 - NOVAK
[2012/03/12 12:31:06 | 000,000,000 | ---D | C](C:\Users\Administrator\Desktop\??? ? 7 - NOVAK) -- C:\Users\Administrator\Desktop\НПС № 7 - NOVAK

========== Alternate Data Streams ==========

@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >



Extras.Txt



OTL Extras logfile created on: 6/15/2012 12:40:37 - Run 3
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Administrator\Desktop
Windows Vista Ultimate Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16386)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.09 Gb Available Physical Memory | 69.71% Memory free
6.19 Gb Paging File | 5.03 Gb Available in Paging File | 81.23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 78.13 Gb Total Space | 41.70 Gb Free Space | 53.37% Space Free | Partition Type: NTFS
Drive D: | 78.13 Gb Total Space | 2.85 Gb Free Space | 3.65% Space Free | Partition Type: NTFS

Computer Name: EXPERIENCE | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-2899288009-97569274-2756643056-500\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\PROGRA~1\ACD\ACDSee\ACDSee.exe" "%1" (ACD Systems, Ltd.)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Notepad] -- Reg Error: Key error.
Directory [openNew] -- explorer %1 (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{089DD780-DB3F-4CDB-A0C2-111360247298}" = PC Connectivity Solution
"{0F667427-AD37-4089-A4A2-15AF5E44CACD}" = O2Micro Flash Memory Card Reader Driver (x86)
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1B9B5B3B-28E7-4E59-A80D-D670AA984514}" = Nokia Connectivity Cable Driver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}" = Nokia PC Suite
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 29
"{27711CB0-26B3-4D99-88A9-4E4D60C34850}" = Family Tree Maker 2009
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2C3CE8F0-F4AD-4D54-A520-975309C617E2}" = LG PC Suite III
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3BDDA587-7CDE-430C-90A4-E2C4E48D3AE9}" = Camera Recorder
"{45184324-E8A6-4C38-B020-85D359EDF9FC}" = COWON J3 User's Guide
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E61888C-3D42-4691-AD25-E9AF648EAB63}" = Trivial Pursuit Unhinged
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{83A606F5-BF6F-42ED-9F33-B9F74297CDED}" = Need for Speed™ Hot Pursuit
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{885A63EA-382B-4DD4-A755-14809B8557D6}" = Macromedia Flash Player 8
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{471159EB-BECC-453C-B6F2-FE4FAB29B3F3}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99A4344A-C723-4661-A507-D9D939480358}" = Cisco LEAP Module
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BFD5911-93E3-42BB-BFCD-50E4BA5B8D67}" = Cisco EAP-FAST Module
"{A5C04503-0DD1-4349-99D1-BDE5993D5FC3}" = Zombie Shooter 2 1M Edition
"{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3}" = SweetIM Toolbar for Internet Explorer 4.2
"{A81A974F-8A22-43E6-9243-5198FF758DA1}" = SweetIM for Messenger 3.6
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B99CB207-4704-4C51-9309-0FA90AA26DD4}" = ROCCAT Kone[+] Mouse Driver
"{BCF75973-29C2-4245-80E3-B3C2B7E7548B}" = AVG 2012
"{C0E18DC4-C74A-4889-AE3A-933471023787}" = LG PC Suite III
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C6A09671-93A6-4548-9FAE-3BF21EB9C921}" = AVG 2012
"{CC0B06B4-65AE-43F3-8716-84F96684F614}" = Afinion Project Viewer
"{CD344FA5-6657-47CD-940F-8727EED35595}" = Cisco PEAP Module
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{CFADE4AF-C0CF-4A04-A776-741318F1658F}" = Content Transfer
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{DB0A8A2A-4EA7-4FE3-802E-8A6DEE32696C}_is1" = Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0
"{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = COWON Media Center - jetAudio Basic VX
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E86906FF-C63D-4EAF-ACE7-5F8D55FBEA9A}" = Finger-sensing Pad Driver
"{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager
"{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}" = Microsoft WSE 3.0
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F443F171-B49B-4645-915C-580E7ED79992}" = Macromedia Extension Manager
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FA02ACAC-9E14-4878-A257-92A22A647C2C}" = LG USB Modem Drivers
"{FC717589-84C8-43BA-8905-96075A8C9671}" = Languages of the World V4 Disk 1
"{FC98FBE9-E931-494C-8717-497185371033}" = Nero 7 Ultra Edition
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"34EA302E7F4CBD17A19E33BBCB72363234956D7E" = Windows Driver Package - Nokia Modem (06/09/2010 4.5)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"5D38134BF8A10D640B30E6B014EECDBC5F881E3D" = Windows Driver Package - ENE (enecir) HIDClass (04/29/2008 2.5.0.0)
"7-Zip" = 7-Zip 9.12 beta
"ACDSee" = ACDSee
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVG" = AVG 2012
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 8
"BitLord" = BitLord 1.1
"CCleaner" = CCleaner
"EASEUS Partition Master Professional Edition_is1" = EASEUS Partition Master 6.1.1 Professional
"EAX Unified" = EAX Unified
"EEEE705096F837B7907659F100C9FE6DA001970F" = Windows Driver Package - Nokia Modem (06/09/2010 7.01.0.7)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Family Tree Maker 2009" = Family Tree Maker 2009
"GOM Player" = GOM Player
"KeyTweak" = KeyTweak - Keyboard Remapper (remove only)
"M4V Player_is1" = M4V Player 1.0
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"mIRC" = mIRC
"Mozilla Firefox 13.0 (x86 en-US)" = Mozilla Firefox 13.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPEG2 Codec(libmpeg2/mad)" = MPEG2 Codec(libmpeg2/mad)
"mts mobilni internet" = mts mobilni internet
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"Portforward Static IP Address" = Portforward Static IP Address 1.0.44
"PowerISO" = PowerISO
"RealPlayer 15.0" = RealPlayer
"Smart PDF Creator Pro_is1" = Smart PDF Creator Pro 6.1.0.437
"SMSERIAL" = Motorola SM56 Data Fax Modem
"SpywareBlaster_is1" = SpywareBlaster 4.6
"TeamViewer 6" = TeamViewer 6
"Totalcmd" = Total Commander (Remove or Repair)
"UltraISO_is1" = UltraISO Premium V9.32
"VLC media player" = VLC media player 1.1.9
"Weeny Free Audio Cutter_is1" = Weeny Free Audio Cutter 1.2
"Winamp" = Winamp (remove only)
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2899288009-97569274-2756643056-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 5/26/2012 14:17:41 | Computer Name = eXPerience | Source = VSS | ID = 12289
Description =

Error - 5/26/2012 14:17:41 | Computer Name = eXPerience | Source = System Restore | ID = 8193
Description =

Error - 5/26/2012 14:17:41 | Computer Name = eXPerience | Source = System Restore | ID = 8210
Description =

Error - 5/26/2012 20:55:54 | Computer Name = eXPerience | Source = VSS | ID = 12289
Description =

Error - 5/26/2012 20:55:54 | Computer Name = eXPerience | Source = System Restore | ID = 8193
Description =

Error - 5/26/2012 20:55:54 | Computer Name = eXPerience | Source = System Restore | ID = 8210
Description =

Error - 5/27/2012 7:55:30 | Computer Name = eXPerience | Source = VSS | ID = 12289
Description =

Error - 5/27/2012 7:55:30 | Computer Name = eXPerience | Source = System Restore | ID = 8193
Description =

Error - 5/27/2012 7:55:30 | Computer Name = eXPerience | Source = System Restore | ID = 8210
Description =

Error - 6/1/2012 12:39:44 | Computer Name = eXPerience | Source = Perflib | ID = 1008
Description =

Error - 6/1/2012 12:39:44 | Computer Name = eXPerience | Source = Perflib | ID = 1010
Description =

Error - 6/1/2012 13:34:54 | Computer Name = eXPerience | Source = EventSystem | ID = 4609
Description =

[ System Events ]
Error - 6/15/2012 6:23:05 | Computer Name = eXPerience | Source = Service Control Manager | ID = 7001
Description =

Error - 6/15/2012 6:23:05 | Computer Name = eXPerience | Source = Service Control Manager | ID = 7001
Description =

Error - 6/15/2012 6:23:29 | Computer Name = eXPerience | Source = DCOM | ID = 10016
Description =

Error - 6/15/2012 6:24:49 | Computer Name = eXPerience | Source = Service Control Manager | ID = 7023
Description =

Error - 6/15/2012 6:31:17 | Computer Name = eXPerience | Source = Service Control Manager | ID = 7023
Description =

Error - 6/15/2012 6:31:17 | Computer Name = eXPerience | Source = Service Control Manager | ID = 7001
Description =

Error - 6/15/2012 6:31:17 | Computer Name = eXPerience | Source = Service Control Manager | ID = 7001
Description =

Error - 6/15/2012 6:31:17 | Computer Name = eXPerience | Source = Service Control Manager | ID = 7001
Description =

Error - 6/15/2012 6:31:54 | Computer Name = eXPerience | Source = DCOM | ID = 10016
Description =

Error - 6/15/2012 6:33:11 | Computer Name = eXPerience | Source = Service Control Manager | ID = 7023
Description =


< End of report >
  • 0

#13
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
# Step 1 #

Please reopen Posted Image on your desktop.
  • Under the Posted Image box at the bottom, paste in the following

    :Files
    C:\Windows\Installer\{0e15582b-9a3d-5cb2-6072-738409e19f28}
    C:\Users\Administrator\AppData\Local\{0e15582b-9a3d-5cb2-6072-738409e19f28}
    
    :Commands
    [CREATERESTOREPOINT]
    [REBOOT]
  • Then click the Posted Image button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.



# Step 2 #

  • Put the Cd into the computer and open My Computer.
  • See the letter that Windows assigned to the DVD, in my case the letter is E:\ (usually is D:\ or E:\)
    Posted Image
# Step 3 #
  • Run OTL
  • Copy the lines under the Code
    E:\wscsvc.* /s
    E:\MpSvc.* /s
    PS: Change the E:\ to the letter of the DVD.
  • Back to the program and paste the text in red in the text box "Custom Scan / Fixes"
  • Click in the button Posted Image
  • Click on Run Scan button
  • The examination takes a while, be patient.
  • Copy the entire contents of the log OTL.txt and post in your next reply

  • 0

#14
[email protected]

[email protected]

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Thing to mention:

Some icons appeared on the desktop - odd names and slightly shaded.


OTL_Scan.txt log


========== FILES ==========
C:\Windows\Installer\{0e15582b-9a3d-5cb2-6072-738409e19f28}\U folder moved successfully.
C:\Windows\Installer\{0e15582b-9a3d-5cb2-6072-738409e19f28}\L folder moved successfully.
C:\Windows\Installer\{0e15582b-9a3d-5cb2-6072-738409e19f28} folder moved successfully.
C:\Users\Administrator\AppData\Local\{0e15582b-9a3d-5cb2-6072-738409e19f28}\U folder moved successfully.
C:\Users\Administrator\AppData\Local\{0e15582b-9a3d-5cb2-6072-738409e19f28}\L folder moved successfully.
C:\Users\Administrator\AppData\Local\{0e15582b-9a3d-5cb2-6072-738409e19f28} folder moved successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.48.0 log created on 06162012_003116

OTL_fix.txt log


OTL logfile created on: 6/16/2012 0:40:40 - Run 4
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Administrator\Desktop
Windows Vista Ultimate Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16386)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.88 Gb Available Physical Memory | 62.68% Memory free
6.19 Gb Paging File | 4.86 Gb Available in Paging File | 78.42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 78.13 Gb Total Space | 41.08 Gb Free Space | 52.58% Space Free | Partition Type: NTFS
Drive D: | 78.13 Gb Total Space | 2.79 Gb Free Space | 3.56% Space Free | Partition Type: NTFS
Drive G: | 1.87 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: EXPERIENCE | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========

< G:\wscsvc.* /s >

< G:\MpSvc.* /s >

< End of report >
  • 0

#15
[email protected]

[email protected]

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Hi there.

I got my internet blocked last night.

I got some virus that says i must pay 100 euros to the Police since i sent some criminal malware etc...

Good thing that i called the police and asked about that, and they informed me not to pay, because its a scam... I allready took the paysafe slip for 100 euros though... Idk what do do with it now...

I scanned my system with AVG and Malwarebytes and thx God i`m able to use internet now...

You want me to copy/paste the logs from AVG and Malwarebytes ?


I must say i`m loosing patience here, because this lasts for 16 days now without improvement...
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP